Subversion Repositories ggsysinfo

[/] [modules/] [sysinfo/] [lib/] [PhpSecInfo/] [Test/] [Session/] [save_path.php] - Blame information for rev 123

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 123 gg
<?php
2
/**
3
 * Test class for session save_path
4
 *
5
 * @package PhpSecInfo
6
 * @author Thomas CORBIERE <thomas@votre-grandeur-celeste.com>
7
 */
8
 
9
/**
10
 * require the PhpSecInfo_Test_Core class
11
 */
12
require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Session.php');
13
 
14
/**
15
 * Test class for session save_path
16
 *
17
 * @package PhpSecInfo
18
 */
19
class PhpSecInfo_Test_Session_Save_Path extends PhpSecInfo_Test_Session
20
{
21
 
22
        /**
23
         * This should be a <b>unique</b>, human-readable identifier for this test
24
         *
25
         * @var string
26
         */
27
        var $test_name = "save_path";
28
 
29
        var $recommended_value = "A non-world readable/writable directory";
30
 
31
        function _retrieveCurrentValue() {
32
                $this->current_value = ini_get('session.save_path');
33
 
34
                if( empty($this->current_value) ) {
35
                        if (function_exists("sys_get_temp_dir")) {
36
                        $this->current_value = sys_get_temp_dir();
37
                        } else {
38
                                $this->current_value = $this->sys_get_temp_dir();
39
                        }
40
                }
41
 
42
                if( preg_match('/^[0-9]+;(.+)/', $this->current_value, $matches) ) {
43
                        $this->current_value = $matches[1];
44
                }
45
        }
46
 
47
 
48
        /**
49
         * We are disabling this function on Windows OSes right now until
50
         * we can be certain of the proper way to check world-readability
51
         *
52
         * @return unknown
53
         */
54
        function isTestable() {
55
                if ($this->osIsWindows()) {
56
                        return FALSE;
57
                } else {
58
                        return TRUE;
59
                }
60
        }
61
 
62
 
63
        /**
64
         * Check if session.save_path matches PHPSECINFO_TEST_COMMON_TMPDIR, or is word-writable
65
         *
66
         * This is still unix-specific, and it's possible that for now
67
         * this test should be disabled under Windows builds.
68
         *
69
         * @see PHPSECINFO_TEST_COMMON_TMPDIR
70
         */
71
        function _execTest() {
72
 
73
                $perms = @fileperms($this->current_value);
74
                if ($perms === false) {
75
                        return PHPSECINFO_TEST_RESULT_WARN;
76
                } else if ($this->current_value
77
                        && !preg_match("|".PHPSECINFO_TEST_COMMON_TMPDIR."/?|", $this->current_value)
78
                        && ! ($perms & 0x0004)
79
                        && ! ($perms & 0x0002) ) {
80
                        return PHPSECINFO_TEST_RESULT_OK;
81
                }
82
 
83
                // rewrite current_value to display perms
84
                $this->current_value .= " (".substr(sprintf('%o', $perms), -4).")";
85
 
86
                return PHPSECINFO_TEST_RESULT_NOTICE;
87
        }
88
 
89
        /**
90
         * Set the messages specific to this test
91
         *
92
         */
93
        function _setMessages() {
94
                parent::_setMessages();
95
 
96
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', 'Test not run -- currently disabled on Windows OSes');
97
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'save_path is enabled, which is the
98
                                                recommended setting. Make sure your save_path path is not world-readable');
99
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'unable to retrieve file permissions on save_path');
100
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'save_path is disabled, or is set to a
101
                                                common world-writable directory.  This typically allows other users on this server
102
                                                to access session files. You should set save_path to a non-world-readable directory');
103
        }
104
 
105
}