Subversion Repositories ggsysinfo

[/] [modules/] [sysinfo/] [lib/] [PhpSecInfo/] [Test/] [Suhosin/] [patch.php] - Blame information for rev 123

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 123 gg
<?php
2
/**
3
 * Test class for Suhosin patch
4
 *
5
 * @package PhpSecInfo
6
 * @author Piwik
7
 */
8
 
9
/**
10
 * require the PhpSecInfo_Test_Suhosin class
11
 */
12
require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Suhosin.php');
13
 
14
/**
15
 * Test class for Suhosin
16
 *
17
 * Checks for Suhosin patch which implements low-level protections against bufferoverflows or format string vulnerabilities
18
 *
19
 * @package PhpSecInfo
20
 * @author Piwik
21
 */
22
class PhpSecInfo_Test_Suhosin_Patch extends PhpSecInfo_Test_Suhosin
23
{
24
        var $test_name = "Suhosin patch";
25
 
26
        var $recommended_value = true;
27
 
28
        function _retrieveCurrentValue() {
29
                if (preg_match('/Suhosin/', $_SERVER['SERVER_SOFTWARE'])) {
30
                        $this->current_value = true;
31
                } else {
32
                        $this->current_value = false;
33
 
34
                        $constants = get_defined_constants();
35
                        if(isset($constants['SUHOSIN_PATCH']) && $constants['SUHOSIN_PATCH'] == 1) {
36
                                $this->current_value = true;
37
                        }
38
                }
39
        }
40
 
41
        function _execTest() {
42
                if ( $this->current_value === true ) {
43
                        return PHPSECINFO_TEST_RESULT_OK;
44
                } else {
45
                        return PHPSECINFO_TEST_RESULT_NOTICE;
46
                }
47
        }
48
 
49
        function _setMessages() {
50
                parent::_setMessages();
51
 
52
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', "You are running PHP with the Suhosin patch applied against the PHP core.  This patch implements various low-level protections against (for example) buffer overflows and format string vulnerabilities.");
53
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', "You are not running PHP with the Suhosin patch applied. We recommend both the patch and extension for low- and high-level protections against (for example) buffer overflows and format string vulnerabilities.");
54
        }
55
}