if ( !defined( 'CHECK_ANONYMOUS_INC_ALLOW' ) ) { return; } /** * MantisBT Check API */ require_once( 'check_api.php' ); require_api( 'config_api.php' ); require_api( 'user_api.php' ); check_print_section_header_row( 'Anonymous access' ); $t_anonymous_access_enabled = config_get_global( 'allow_anonymous_login' ); check_print_info_row( 'Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No' ); if( !$t_anonymous_access_enabled ) { return; } $t_anonymous_account = config_get_global( 'anonymous_account' ); check_print_test_row( 'anonymous_account configuration option is specified', $t_anonymous_account !== '', array( true => 'The account currently being used for anonymous access is: ' . htmlentities( $t_anonymous_account ), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.' ) );
'Version of PostgreSQL being used still has <a href="http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy">release support</a>', version_compare( $t_database_server_info['version'], '7.4', '>=' ), array( false => 'The version of PostgreSQL you are using is '. htmlentities( $t_database_server_info['version'] ). '. This version is no longer supported and should not be used as security flaws discovered in this version will not be fixed.' ) ); } $t_table_prefix = config_get_global( 'db_table_prefix' ); check_print_info_row( 'Prefix added to each MantisBT table name', htmlentities( $t_table_prefix ) ); $t_table_suffix = config_get_global( 'db_table_suffix' ); check_print_info_row( 'Suffix added to each MantisBT table name', htmlentities( $t_table_suffix ) ); if( db_is_mysql() ) { $t_table_prefix_regex_safe = preg_quote( $t_table_prefix, '/' ); $t_table_suffix_regex_safe = preg_quote( $t_table_suffix, '/' ); $t_result = db_query_bound( 'SHOW TABLE STATUS' ); while( $t_row = db_fetch_array( $t_result ) ) { if( $t_row['Comment'] !== 'VIEW' && preg_match( "/^$t_table_prefix_regex_safe.+?$t_table_suffix_regex_safe\$/", $t_row['Name'] ) ) { check_print_test_row( 'Table <em>' . htmlentities( $t_row['Name'] ) . '</em> is using UTF-8 collation', substr( $t_row['Collation'], 0, 5 ) === 'utf8_', array( false => 'Table ' . htmlentities( $t_row['Name'] ) . ' is using ' . htmlentities( $t_row['Collation'] ) . ' collation where UTF-8 collation is required.' )
check_print_section_header_row('Attachments'); $t_file_uploads_allowed = config_get_global('allow_file_upload'); check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No'); if (!$t_file_uploads_allowed) { return; } check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.')); check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes'); check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.')); $t_use_xsendfile = config_get_global('file_download_xsendfile_enabled'); check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No'); if ($t_use_xsendfile) { check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.')); $t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name'); if ($t_xsendfile_header_name !== 'X-Sendfile') { check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name); } } $t_finfo_exists = class_exists('finfo'); check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.')); if ($t_finfo_exists) { $t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file'); if ($t_fileinfo_magic_db_file) { check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file')); check_print_test_row('fileinfo_magic_db_file configuration value points to an existing magic.db file', file_exists($t_fileinfo_magic_db_file)); $t_finfo = new finfo(FILEINFO_MIME, $t_fileinfo_magic_db_file); } else { $t_finfo = new finfo(FILEINFO_MIME); } check_print_test_row('Fileinfo extension can find and load a valid magic.db file', $t_finfo !== false, array(false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.')); }
check_print_test_row('memory_limit php.ini directive is at least equal to the post_max_size directive', ini_get_number('memory_limit') >= ini_get_number('post_max_size'), array(false => 'The current value of the memory_limit directive is ' . htmlentities(ini_get_number('memory_limit')) . ' bytes. This value needs to be at least equal to the post_max_size directive value of ' . htmlentities(ini_get_number('post_max_size')) . ' bytes.')); check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No'); check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes'); check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.')); $t_disabled_functions = explode(',', ini_get('disable_functions')); foreach ($t_disabled_functions as $t_disabled_function) { $t_disabled_function = trim($t_disabled_function); if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') { check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.'); } } $t_disabled_classes = explode(',', ini_get('disable_classes')); foreach ($t_disabled_classes as $t_disabled_class) { $t_disabled_class = trim($t_disabled_class); if ($t_disabled_class) { check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.'); } } # Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php) $t_vars = array('open_basedir', 'extension', 'upload_tmp_dir', 'max_file_uploads', 'date.timezone'); while (list($t_foo, $t_var) = each($t_vars)) { $t_value = ini_get($t_var); if ($t_value != '') { check_print_info_row('php.ini directive: ' . $t_var, htmlentities($t_value)); } } if (is_windows_server()) { check_print_test_warn_row('There is a performance issue on windows for PHP versions < 5.4 in openssl_random_pseudo_bytes', version_compare(phpversion(), '5.4.0', '>='), array(false => 'For best performance upgrade to PHP > 5.4.0.')); } check_print_test_warn_row('Check for php bug 61443 - php 5.4.0-5.4.3, trying to use compression with no output handler set', !(ini_get('output_handler') == '' && function_exists('ini_set') && version_compare(PHP_VERSION, '5.4.0', '>=') && version_compare(PHP_VERSION, '5.4.4', '<')), array(false => 'you should consider setting a php output handler, ensuring compression is disabled or upgrading to at least php 5.4.4')); check_print_test_warn_row('webserver: check SCRIPT_NAME is returned to PHP by web server', isset($_SERVER['SCRIPT_NAME']), array(false => 'Please ensure web server configuration sets SCRIPT_NAME'));