Subversion Repositories ggsysinfo

[/] [modules/] [sysinfo/] [lib/] [PhpSecInfo/] [Test/] [Core/] [upload_tmp_dir.php] - Blame information for rev 123

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 123 gg
<?php
2
/**
3
 * Test Class for upload_tmp_dir
4
 *
5
 * @package PhpSecInfo
6
 * @author Ed Finkler <coj@funkatron.com>
7
 */
8
 
9
/**
10
 * require the PhpSecInfo_Test_Core class
11
 */
12
require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Core.php');
13
 
14
/**
15
 * Test Class for upload_tmp_dir
16
 *
17
 * @package PhpSecInfo
18
 */
19
class PhpSecInfo_Test_Core_Upload_Tmp_Dir extends PhpSecInfo_Test_Core
20
{
21
 
22
        /**
23
         * This should be a <b>unique</b>, human-readable identifier for this test
24
         *
25
         * @var string
26
         */
27
        var $test_name = "upload_tmp_dir";
28
 
29
        var $recommended_value = "A non-world readable/writable directory";
30
 
31
        function _retrieveCurrentValue() {
32
                $this->current_value =  ini_get('upload_tmp_dir');
33
 
34
                if( empty($this->current_value) ) {
35
                        if (function_exists("sys_get_temp_dir")) {
36
                        $this->current_value = sys_get_temp_dir();
37
                        } else {
38
                                $this->current_value = $this->sys_get_temp_dir();
39
                        }
40
                }
41
        }
42
 
43
        /**
44
         * We are disabling this function on Windows OSes right now until
45
         * we can be certain of the proper way to check world-readability
46
         *
47
         * @return unknown
48
         */
49
        function isTestable() {
50
                if ($this->osIsWindows()) {
51
                        return FALSE;
52
                } else {
53
                        return TRUE;
54
                }
55
        }
56
 
57
        /**
58
         * Check if upload_tmp_dir matches PHPSECINFO_TEST_COMMON_TMPDIR, or is word-writable
59
         *
60
         * This is still unix-specific, and it's possible that for now
61
         * this test should be disabled under Windows builds.
62
         *
63
         * @see PHPSECINFO_TEST_COMMON_TMPDIR
64
         */
65
        function _execTest() {
66
 
67
                $perms = @fileperms($this->current_value);
68
                if ($perms === false) {
69
                        return PHPSECINFO_TEST_RESULT_WARN;
70
                } else if ($this->current_value
71
                        && !preg_match("|".PHPSECINFO_TEST_COMMON_TMPDIR."/?|", $this->current_value)
72
                        && ! ($perms & 0x0004)
73
                        && ! ($perms & 0x0002) ) {
74
                        return PHPSECINFO_TEST_RESULT_OK;
75
                }
76
 
77
                // rewrite current_value to display perms
78
                $this->current_value .= " (".substr(sprintf('%o', $perms), -4).")";
79
 
80
                return PHPSECINFO_TEST_RESULT_NOTICE;
81
        }
82
 
83
        /**
84
         * Set the messages specific to this test
85
         *
86
         */
87
        function _setMessages() {
88
                parent::_setMessages();
89
 
90
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', 'Test not run -- currently disabled on Windows OSes');
91
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'upload_tmp_dir is enabled, which is the
92
                                                recommended setting. Make sure your upload_tmp_dir path is not world-readable');
93
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'unable to retrieve file permissions on upload_tmp_dir');
94
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'upload_tmp_dir is disabled, or is set to a
95
                                                common world-writable directory.  This typically allows other users on this server
96
                                                to access temporary copies of files uploaded via your PHP scripts.  You should set
97
                                                upload_tmp_dir to a non-world-readable directory');
98
        }
99
 
100
}