* @uses config_api.php * @uses user_api.php */ if ( !defined( 'CHECK_ANONYMOUS_INC_ALLOW' ) ) { return; } /** * MantisBT Check API */ require_once( 'check_api.php' ); require_api( 'config_api.php' ); require_api( 'user_api.php' ); check_print_section_header_row( 'Anonymous access' ); $t_anonymous_access_enabled = config_get_global( 'allow_anonymous_login' ); check_print_info_row( 'Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No' ); if( !$t_anonymous_access_enabled ) { return; } $t_anonymous_account = config_get_global( 'anonymous_account' ); check_print_test_row( 'anonymous_account configuration option is specified', $t_anonymous_account !== '',
* * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_DISPLAY_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Display'); check_print_test_row('bug_link_tag is not blank/null', config_get_global('bug_link_tag'), array(false => 'The value of the bug_link_tag option cannot be blank/null.')); check_print_test_row('bugnote_link_tag is not blank/null', config_get_global('bugnote_link_tag'), array(false => 'The value of the bugnote_link_tag option cannot be blank/null.')); if (plugin_is_installed('MantisGraph')) { plugin_push_current('MantisGraph'); check_print_test_row('Checking GD library is enabled, and version 2...', get_gd_version() == 2); if (plugin_config_get('eczlibrary', ON) == OFF) { $t_jpgraph_path = plugin_config_get('jpgraph_path'); if ($t_jpgraph_path == '') { $t_jpgraph_path = config_get('absolute_path') . 'library/jpgraph'; } $t_jpgraph_path .= '/jpgraph.php'; $t_jpgraph_found = check_print_test_row('Checking we can find jpgraph library class files', file_exists($t_jpgraph_path), dirname($t_jpgraph_path)); if ($t_jpgraph_found) { require_once $t_jpgraph_path; # Old versions of jpgraph did not define the constant
# # MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_L10N_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Localization'); $t_possible_languages = config_get_global('language_choices_arr'); $t_default_language = config_get_global('default_language'); check_print_test_row('default_language configuration option is set to a valid language', in_array($t_default_language, $t_possible_languages), array(true => 'The default language is currently specified as: ' . htmlentities($t_default_language), false => 'Invalid default language detected: ' . htmlentities($t_default_language))); $t_fallback_language = config_get_global('fallback_language'); check_print_test_row('fallback_language configuration option is set to a valid language', $t_fallback_language != 'auto' && in_array($t_fallback_language, $t_possible_languages), array(true => 'The fallback language is currently specified as: ' . htmlentities($t_fallback_language), false => 'Fallback language can not be set to auto or a non-implemented language. Invalid fallback language detected: ' . htmlentities($t_fallback_language)));
* @uses check_api.php * @uses config_api.php * @uses constant_inc.php * @uses utility_api.php */ if (!defined('CHECK_ATTACHMENTS_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('constant_inc.php'); require_api('utility_api.php'); check_print_section_header_row('Attachments'); $t_file_uploads_allowed = config_get_global('allow_file_upload'); check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No'); if (!$t_file_uploads_allowed) { return; } check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.')); check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes'); check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.')); $t_use_xsendfile = config_get_global('file_download_xsendfile_enabled'); check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No'); if ($t_use_xsendfile) { check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.')); $t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name'); if ($t_xsendfile_header_name !== 'X-Sendfile') { check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name);
* @uses utility_api.php */ if ( !defined( 'CHECK_DATABASE_INC_ALLOW' ) ) { return; } /** * MantisBT Check API */ require_once( 'check_api.php' ); require_api( 'config_api.php' ); require_api( 'database_api.php' ); require_api( 'utility_api.php' ); check_print_section_header_row( 'Database' ); $t_adodb_version_check_ok = false; $t_adodb_version_info = 'No version of ADOdb could be found. This is a compulsory dependency of MantisBT.'; if( isset( $ADODB_vers ) ) { # ADOConnection::Version() is broken as it treats v5.1 the same as v5.10 # Therefore we must extract the correct version ourselves # Upstream bug report: http://phplens.com/lens/lensforum/msgs.php?id=18320 # This bug has been fixed in ADOdb 5.11 (May 5, 2010) but we still # need to use the backwards compatible approach to detect ADOdb <5.11. if( preg_match( '/^[Vv]([0-9\.]+)/', $ADODB_vers, $t_matches ) == 1 ) { $t_adodb_version_check_ok = version_compare( $t_matches[1], '5.10', '>=' ); $t_adodb_version_info = 'ADOdb version ' . htmlentities( $t_matches[1] ) . ' was found.'; } } check_print_test_row(
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_PATHS_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Paths'); $t_path_config_names = array('absolute_path', 'core_path', 'class_path', 'library_path', 'language_path'); # Handle file upload default path only if attachments stored on disk if (DISK == config_get_global('file_upload_method')) { $t_path_config_names[] = 'absolute_path_default_upload_folder'; } # Build paths for all configs $t_paths = array(); foreach ($t_path_config_names as $t_path_config_name) { $t_new_path = array(); $t_new_path['config_value'] = config_get_global($t_path_config_name); $t_new_path['real_path'] = realpath($t_new_path['config_value']); $t_paths[$t_path_config_name] = $t_new_path; } # Trailing directory separator foreach ($t_paths as $t_path_config_name => $t_path) {
$t_integrity_info = 'Matches file from release <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=release-' . $t_release_sanitised . '">' . $t_release_sanitised . '</a>.'; } else { $t_commit = get_commit_containing_object_hash($t_file_relative, $t_file_hash); if ($t_commit !== null) { $t_integrity_ok = true; $t_commit_sanitised = htmlentities($t_commit); $t_integrity_info = 'Matches file introduced or modified in commit <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=' . $t_commit_sanitised . '">' . $t_commit_sanitised . '</a>.'; } } check_print_test_warn_row(htmlentities($t_file_absolute), $t_integrity_ok, $t_integrity_info); } } } } } check_print_section_header_row('Integrity'); $t_can_perform_integrity_check = isset($g_integrity_release_blobs) && isset($g_integrity_commit_blobs); check_print_test_warn_row('Reference integrity blob hashes are available for verifying the integrity of this MantisBT installation', $t_can_perform_integrity_check, array(false => 'Ensure integrity_release_blobs.php and/or integrity_commit_blobs.php are available.')); if (!$t_can_perform_integrity_check) { return; } $t_absolute_base_dir = realpath(config_get_global('absolute_path')) . DIRECTORY_SEPARATOR; $t_ignore_files = array('.git/', 'admin/integrity_commit_blobs.php', 'admin/integrity_release_blobs.php', 'core/', 'lang/', 'library/', 'plugins/', 'config/config_inc.php', 'config/custom_constants_inc.php', 'config/custom_functions_inc.php', 'config/custom_relationships_inc.php', 'config/custom_strings_inc.php', 'mantis_offline.php'); check_file_integrity_recursive($t_absolute_base_dir, $t_absolute_base_dir, '', $t_ignore_files); $t_base_dir = realpath(config_get_global('core_path')) . DIRECTORY_SEPARATOR; $t_ignore_files = array('core/classes/'); check_file_integrity_recursive($t_base_dir, $t_base_dir, 'core/', $t_ignore_files); $t_base_dir = realpath(config_get_global('class_path')) . DIRECTORY_SEPARATOR; check_file_integrity_recursive($t_base_dir, $t_base_dir, 'core/classes/'); $t_base_dir = realpath(config_get_global('library_path')) . DIRECTORY_SEPARATOR; $t_ignore_files = array('library/jpgraph/', 'library/FirePHPCore/');
* @uses config_api.php * @uses constant_inc.php */ if ( !defined( 'CHECK_CRYPTO_INC_ALLOW' ) ) { return; } /** * MantisBT Check API */ require_once( 'check_api.php' ); require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); check_print_section_header_row( 'Cryptography' ); check_print_test_row( 'Master salt value has been specified', strlen( config_get_global( 'crypto_master_salt' ) ) >= 16, array( false => 'The crypto_master_salt option needs to be specified in config_inc.php with a minimum string length of 16 characters.' ) ); check_print_test_row( 'login_method is not equal to CRYPT_FULL_SALT', config_get_global( 'login_method' ) != CRYPT_FULL_SALT, array( false => 'Login method CRYPT_FULL_SALT has been deprecated and should not be used.' ) ); if( config_get_global( 'login_method' ) != LDAP ) { check_print_test_warn_row(
# GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses constant_inc.php */ if (!defined('CHECK_WEBSERVICE_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('constant_inc.php'); check_print_section_header_row('Webservice'); $t_library_path = config_get_global('library_path'); $t_library_path = realpath($t_library_path); if ($t_library_path[strlen($t_library_path) - 1] != '/') { $t_library_path .= '/'; } check_print_test_warn_row("Legacy <em>library/nusoap</em> folder must be deleted.", !is_dir($t_library_path . 'nusoap')); check_print_test_warn_row('SOAP Extension Enabled', extension_loaded('soap'), array(false => 'Enable the PHP SOAP extension.'));
# it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php */ if (!defined('CHECK_CONFIG_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; check_print_section_header_row('Configuration'); check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.')); check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use')); check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser')); require_api('obsolete.php');
/** * This file contains configuration checks for internationalization issues * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_I18N_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Internationalization'); $t_config_default_timezone = config_get_global('default_timezone'); if ($t_config_default_timezone) { check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => "Default timezone is '" . htmlentities($t_config_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. " . 'Refer to the <a href="http://php.net/timezones">List of Supported Timezones</a>.')); } else { $t_php_default_timezone = ini_get('date.timezone'); $t_msg = 'No timezone has been specified in config_inc.php (default_timezone option)'; $t_tz_link = '<a href="http://ch1.php.net/datetime.configuration#ini.date.timezone">date.timezone</a>'; if ($t_php_default_timezone) { check_print_test_row($t_msg, in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => "Default timezone (specified by the {$t_tz_link} directive in php.ini) " . "is '" . htmlentities($t_php_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. ")); } else { check_print_test_warn_row($t_msg, !empty($t_php_default_timezone), array(false => "Timezone has been defaulted to 'UTC'.")); } }
* This file contains configuration checks for email issues * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses utility_api.php */ if (!defined('CHECK_EMAIL_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('utility_api.php'); check_print_section_header_row('Email'); $t_email_options = array('webmaster_email', 'from_email', 'return_path_email'); foreach ($t_email_options as $t_email_option) { $t_email = config_get_global($t_email_option); check_print_test_row($t_email_option . ' configuration option has a valid email address specified', !preg_match('/@example\\.com$/', $t_email), array(false => 'You need to specify a valid email address for the ' . $t_email_option . ' configuration option.')); } check_print_test_warn_row('Email addresses are validated', config_get_global('validate_email'), array(false => 'You have disabled email validation checks. For security reasons it is suggested that you enable these validation checks.')); check_print_test_row('send_reset_password = ON requires allow_blank_email = OFF', !config_get_global('send_reset_password') || !config_get_global('allow_blank_email')); check_print_test_row('send_reset_password = ON requires enable_email_notification = ON', !config_get_global('send_reset_password') || config_get_global('enable_email_notification')); check_print_test_row('allow_signup = ON requires enable_email_notification = ON', !config_get_global('allow_signup') || config_get_global('enable_email_notification')); check_print_test_row('allow_signup = ON requires send_reset_password = ON', !config_get_global('allow_signup') || config_get_global('send_reset_password'));
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses utility_api.php */ if (!defined('CHECK_PHP_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; require_api('config_api.php'); require_api('utility_api.php'); check_print_section_header_row('PHP'); check_print_test_row('Version of <a href="http://en.wikipedia.org/wiki/PHP">PHP</a> installed is at least ' . PHP_MIN_VERSION, version_compare(phpversion(), PHP_MIN_VERSION, '>='), 'PHP version ' . phpversion() . ' is currently installed on this server.'); $t_extensions_required = array('date', 'hash', 'pcre', 'Reflection', 'session', 'mbstring'); foreach ($t_extensions_required as $t_extension) { check_print_test_row($t_extension . ' PHP extension is available', extension_loaded($t_extension), array(false => 'MantisBT requires the ' . $t_extension . ' extension to either be compiled into PHP or loaded as an extension.')); } check_print_test_warn_row('<a href="http://en.wikipedia.org/wiki/Xdebug">Xdebug</a> extension is not loaded', !extension_loaded('xdebug'), array(false => 'For security reasons this extension should not be loaded on production and Internet facing servers.')); $t_variables_order = ini_get('variables_order'); check_print_test_row('variables_order php.ini directive contains GPCS', stripos($t_variables_order, 'G') !== false && stripos($t_variables_order, 'P') !== false && stripos($t_variables_order, 'C') !== false && stripos($t_variables_order, 'S') !== false, array(false => 'The value of this directive is currently: ' . $t_variables_order)); check_print_test_row('magic_quotes_gpc php.ini directive is disabled', !(function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.')); check_print_test_row('magic_quotes_runtime php.ini directive is disabled', !(function_exists('get_magic_quotes_runtime') && @get_magic_quotes_runtime()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.')); check_print_test_row('register_globals php.ini directive is disabled', !ini_get_bool('register_globals'), array(false => 'PHP\'s register globals feature is <a href="http://php.net/manual/en/security.globals.php">deprecated in PHP 5.3.0</a> and should not be used.')); check_print_test_warn_row('register_argc_argv php.ini directive is disabled', !ini_get_bool('register_argc_argv'), array(false => 'This directive should be disabled to increase performance (it only affects PHP in CLI mode).')); check_print_test_warn_row('register_long_arrays php.ini directive is disabled', !ini_get_bool('register_long_arrays'), array(false => 'This directive is deprecated in PHP 5.3.0 and should be disabled for performance reasons.')); check_print_test_warn_row('auto_globals_jit php.ini directive is enabled', ini_get_bool('auto_globals_jit'), array(false => 'This directive is currently disabled: enable it for a performance gain.')); check_print_test_warn_row('display_errors php.ini directive is disabled', !ini_get_bool('display_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.'));