Subversion Repositories ggsysinfo

[/] [modules/] [sysinfo/] [lib/] [PhpSecInfo/] [Test/] [Core/] [expose_php.php] - Blame information for rev 123

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 123 gg
<?php
2
/**
3
 * Test class for expose_php
4
 *
5
 * @package PhpSecInfo
6
 * @author Ed Finkler <coj@funkatron.com>
7
 */
8
 
9
 
10
/**
11
 * require the PhpSecInfo_Test_Core class
12
 */
13
require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Core.php');
14
 
15
/**
16
 * Test class for expose_php
17
 *
18
 * @package PhpSecInfo
19
 */
20
class PhpSecInfo_Test_Core_Expose_Php extends PhpSecInfo_Test_Core
21
{
22
 
23
        /**
24
         * This should be a <b>unique</b>, human-readable identifier for this test
25
         *
26
         * @var string
27
         */
28
        var $test_name = "expose_php";
29
 
30
        var $recommended_value = FALSE;
31
 
32
        function _retrieveCurrentValue() {
33
                $this->current_value =  $this->returnBytes(ini_get('expose_php'));
34
        }
35
 
36
        /**
37
         * Checks to see if expose_php is enabled
38
         *
39
         */
40
        function _execTest() {
41
 
42
                if ($this->current_value == $this->recommended_value) {
43
                        return PHPSECINFO_TEST_RESULT_OK;
44
                }
45
 
46
                return PHPSECINFO_TEST_RESULT_NOTICE;
47
        }
48
 
49
 
50
        /**
51
         * Set the messages specific to this test
52
         *
53
         */
54
        function _setMessages() {
55
                parent::_setMessages();
56
 
57
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'expose_php is disabled, which is the recommended setting');
58
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'expose_php is enabled.  This adds
59
                                the PHP "signature" to the web server header, including the PHP version number.  This
60
                                could attract attackers looking for vulnerable versions of PHP');
61
        }
62
 
63
 
64
}