* @uses config_api.php
* @uses user_api.php
*/
if ( !defined( 'CHECK_ANONYMOUS_INC_ALLOW' ) ) {
return;
}
/**
* MantisBT Check API
*/
require_once( 'check_api.php' );
require_api( 'config_api.php' );
require_api( 'user_api.php' );
check_print_section_header_row( 'Anonymous access' );
$t_anonymous_access_enabled = config_get_global( 'allow_anonymous_login' );
check_print_info_row(
'Anonymous access is enabled',
$t_anonymous_access_enabled ? 'Yes' : 'No'
);
if( !$t_anonymous_access_enabled ) {
return;
}
$t_anonymous_account = config_get_global( 'anonymous_account' );
check_print_test_row(
'anonymous_account configuration option is specified',
$t_anonymous_account !== '',
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_DISPLAY_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Display');
check_print_test_row('bug_link_tag is not blank/null', config_get_global('bug_link_tag'), array(false => 'The value of the bug_link_tag option cannot be blank/null.'));
check_print_test_row('bugnote_link_tag is not blank/null', config_get_global('bugnote_link_tag'), array(false => 'The value of the bugnote_link_tag option cannot be blank/null.'));
if (plugin_is_installed('MantisGraph')) {
plugin_push_current('MantisGraph');
check_print_test_row('Checking GD library is enabled, and version 2...', get_gd_version() == 2);
if (plugin_config_get('eczlibrary', ON) == OFF) {
$t_jpgraph_path = plugin_config_get('jpgraph_path');
if ($t_jpgraph_path == '') {
$t_jpgraph_path = config_get('absolute_path') . 'library/jpgraph';
}
$t_jpgraph_path .= '/jpgraph.php';
$t_jpgraph_found = check_print_test_row('Checking we can find jpgraph library class files', file_exists($t_jpgraph_path), dirname($t_jpgraph_path));
if ($t_jpgraph_found) {
require_once $t_jpgraph_path;
# Old versions of jpgraph did not define the constant
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_L10N_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Localization');
$t_possible_languages = config_get_global('language_choices_arr');
$t_default_language = config_get_global('default_language');
check_print_test_row('default_language configuration option is set to a valid language', in_array($t_default_language, $t_possible_languages), array(true => 'The default language is currently specified as: ' . htmlentities($t_default_language), false => 'Invalid default language detected: ' . htmlentities($t_default_language)));
$t_fallback_language = config_get_global('fallback_language');
check_print_test_row('fallback_language configuration option is set to a valid language', $t_fallback_language != 'auto' && in_array($t_fallback_language, $t_possible_languages), array(true => 'The fallback language is currently specified as: ' . htmlentities($t_fallback_language), false => 'Fallback language can not be set to auto or a non-implemented language. Invalid fallback language detected: ' . htmlentities($t_fallback_language)));
* @uses check_api.php
* @uses config_api.php
* @uses constant_inc.php
* @uses utility_api.php
*/
if (!defined('CHECK_ATTACHMENTS_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('constant_inc.php');
require_api('utility_api.php');
check_print_section_header_row('Attachments');
$t_file_uploads_allowed = config_get_global('allow_file_upload');
check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No');
if (!$t_file_uploads_allowed) {
return;
}
check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.'));
check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes');
check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.'));
$t_use_xsendfile = config_get_global('file_download_xsendfile_enabled');
check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No');
if ($t_use_xsendfile) {
check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.'));
$t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name');
if ($t_xsendfile_header_name !== 'X-Sendfile') {
check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name);
* @uses utility_api.php
*/
if ( !defined( 'CHECK_DATABASE_INC_ALLOW' ) ) {
return;
}
/**
* MantisBT Check API
*/
require_once( 'check_api.php' );
require_api( 'config_api.php' );
require_api( 'database_api.php' );
require_api( 'utility_api.php' );
check_print_section_header_row( 'Database' );
$t_adodb_version_check_ok = false;
$t_adodb_version_info = 'No version of ADOdb could be found. This is a compulsory dependency of MantisBT.';
if( isset( $ADODB_vers ) ) {
# ADOConnection::Version() is broken as it treats v5.1 the same as v5.10
# Therefore we must extract the correct version ourselves
# Upstream bug report: http://phplens.com/lens/lensforum/msgs.php?id=18320
# This bug has been fixed in ADOdb 5.11 (May 5, 2010) but we still
# need to use the backwards compatible approach to detect ADOdb <5.11.
if( preg_match( '/^[Vv]([0-9\.]+)/', $ADODB_vers, $t_matches ) == 1 ) {
$t_adodb_version_check_ok = version_compare( $t_matches[1], '5.10', '>=' );
$t_adodb_version_info = 'ADOdb version ' . htmlentities( $t_matches[1] ) . ' was found.';
}
}
check_print_test_row(
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_PATHS_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Paths');
$t_path_config_names = array('absolute_path', 'core_path', 'class_path', 'library_path', 'language_path');
# Handle file upload default path only if attachments stored on disk
if (DISK == config_get_global('file_upload_method')) {
$t_path_config_names[] = 'absolute_path_default_upload_folder';
}
# Build paths for all configs
$t_paths = array();
foreach ($t_path_config_names as $t_path_config_name) {
$t_new_path = array();
$t_new_path['config_value'] = config_get_global($t_path_config_name);
$t_new_path['real_path'] = realpath($t_new_path['config_value']);
$t_paths[$t_path_config_name] = $t_new_path;
}
# Trailing directory separator
foreach ($t_paths as $t_path_config_name => $t_path) {
$t_integrity_info = 'Matches file from release <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=release-' . $t_release_sanitised . '">' . $t_release_sanitised . '</a>.';
} else {
$t_commit = get_commit_containing_object_hash($t_file_relative, $t_file_hash);
if ($t_commit !== null) {
$t_integrity_ok = true;
$t_commit_sanitised = htmlentities($t_commit);
$t_integrity_info = 'Matches file introduced or modified in commit <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=' . $t_commit_sanitised . '">' . $t_commit_sanitised . '</a>.';
}
}
check_print_test_warn_row(htmlentities($t_file_absolute), $t_integrity_ok, $t_integrity_info);
}
}
}
}
}
check_print_section_header_row('Integrity');
$t_can_perform_integrity_check = isset($g_integrity_release_blobs) && isset($g_integrity_commit_blobs);
check_print_test_warn_row('Reference integrity blob hashes are available for verifying the integrity of this MantisBT installation', $t_can_perform_integrity_check, array(false => 'Ensure integrity_release_blobs.php and/or integrity_commit_blobs.php are available.'));
if (!$t_can_perform_integrity_check) {
return;
}
$t_absolute_base_dir = realpath(config_get_global('absolute_path')) . DIRECTORY_SEPARATOR;
$t_ignore_files = array('.git/', 'admin/integrity_commit_blobs.php', 'admin/integrity_release_blobs.php', 'core/', 'lang/', 'library/', 'plugins/', 'config/config_inc.php', 'config/custom_constants_inc.php', 'config/custom_functions_inc.php', 'config/custom_relationships_inc.php', 'config/custom_strings_inc.php', 'mantis_offline.php');
check_file_integrity_recursive($t_absolute_base_dir, $t_absolute_base_dir, '', $t_ignore_files);
$t_base_dir = realpath(config_get_global('core_path')) . DIRECTORY_SEPARATOR;
$t_ignore_files = array('core/classes/');
check_file_integrity_recursive($t_base_dir, $t_base_dir, 'core/', $t_ignore_files);
$t_base_dir = realpath(config_get_global('class_path')) . DIRECTORY_SEPARATOR;
check_file_integrity_recursive($t_base_dir, $t_base_dir, 'core/classes/');
$t_base_dir = realpath(config_get_global('library_path')) . DIRECTORY_SEPARATOR;
$t_ignore_files = array('library/jpgraph/', 'library/FirePHPCore/');
* @uses config_api.php
* @uses constant_inc.php
*/
if ( !defined( 'CHECK_CRYPTO_INC_ALLOW' ) ) {
return;
}
/**
* MantisBT Check API
*/
require_once( 'check_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
check_print_section_header_row( 'Cryptography' );
check_print_test_row(
'Master salt value has been specified',
strlen( config_get_global( 'crypto_master_salt' ) ) >= 16,
array( false => 'The crypto_master_salt option needs to be specified in config_inc.php with a minimum string length of 16 characters.' )
);
check_print_test_row(
'login_method is not equal to CRYPT_FULL_SALT',
config_get_global( 'login_method' ) != CRYPT_FULL_SALT,
array( false => 'Login method CRYPT_FULL_SALT has been deprecated and should not be used.' )
);
if( config_get_global( 'login_method' ) != LDAP ) {
check_print_test_warn_row(
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses constant_inc.php
*/
if (!defined('CHECK_WEBSERVICE_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('constant_inc.php');
check_print_section_header_row('Webservice');
$t_library_path = config_get_global('library_path');
$t_library_path = realpath($t_library_path);
if ($t_library_path[strlen($t_library_path) - 1] != '/') {
$t_library_path .= '/';
}
check_print_test_warn_row("Legacy <em>library/nusoap</em> folder must be deleted.", !is_dir($t_library_path . 'nusoap'));
check_print_test_warn_row('SOAP Extension Enabled', extension_loaded('soap'), array(false => 'Enable the PHP SOAP extension.'));
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
*/
if (!defined('CHECK_CONFIG_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
check_print_section_header_row('Configuration');
check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.'));
check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use'));
check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser'));
require_api('obsolete.php');
/**
* This file contains configuration checks for internationalization issues
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_I18N_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Internationalization');
$t_config_default_timezone = config_get_global('default_timezone');
if ($t_config_default_timezone) {
check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => "Default timezone is '" . htmlentities($t_config_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. " . 'Refer to the <a href="http://php.net/timezones">List of Supported Timezones</a>.'));
} else {
$t_php_default_timezone = ini_get('date.timezone');
$t_msg = 'No timezone has been specified in config_inc.php (default_timezone option)';
$t_tz_link = '<a href="http://ch1.php.net/datetime.configuration#ini.date.timezone">date.timezone</a>';
if ($t_php_default_timezone) {
check_print_test_row($t_msg, in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => "Default timezone (specified by the {$t_tz_link} directive in php.ini) " . "is '" . htmlentities($t_php_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. "));
} else {
check_print_test_warn_row($t_msg, !empty($t_php_default_timezone), array(false => "Timezone has been defaulted to 'UTC'."));
}
}
* This file contains configuration checks for email issues
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses utility_api.php
*/
if (!defined('CHECK_EMAIL_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('utility_api.php');
check_print_section_header_row('Email');
$t_email_options = array('webmaster_email', 'from_email', 'return_path_email');
foreach ($t_email_options as $t_email_option) {
$t_email = config_get_global($t_email_option);
check_print_test_row($t_email_option . ' configuration option has a valid email address specified', !preg_match('/@example\\.com$/', $t_email), array(false => 'You need to specify a valid email address for the ' . $t_email_option . ' configuration option.'));
}
check_print_test_warn_row('Email addresses are validated', config_get_global('validate_email'), array(false => 'You have disabled email validation checks. For security reasons it is suggested that you enable these validation checks.'));
check_print_test_row('send_reset_password = ON requires allow_blank_email = OFF', !config_get_global('send_reset_password') || !config_get_global('allow_blank_email'));
check_print_test_row('send_reset_password = ON requires enable_email_notification = ON', !config_get_global('send_reset_password') || config_get_global('enable_email_notification'));
check_print_test_row('allow_signup = ON requires enable_email_notification = ON', !config_get_global('allow_signup') || config_get_global('enable_email_notification'));
check_print_test_row('allow_signup = ON requires send_reset_password = ON', !config_get_global('allow_signup') || config_get_global('send_reset_password'));
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses utility_api.php
*/
if (!defined('CHECK_PHP_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
require_api('config_api.php');
require_api('utility_api.php');
check_print_section_header_row('PHP');
check_print_test_row('Version of <a href="http://en.wikipedia.org/wiki/PHP">PHP</a> installed is at least ' . PHP_MIN_VERSION, version_compare(phpversion(), PHP_MIN_VERSION, '>='), 'PHP version ' . phpversion() . ' is currently installed on this server.');
$t_extensions_required = array('date', 'hash', 'pcre', 'Reflection', 'session', 'mbstring');
foreach ($t_extensions_required as $t_extension) {
check_print_test_row($t_extension . ' PHP extension is available', extension_loaded($t_extension), array(false => 'MantisBT requires the ' . $t_extension . ' extension to either be compiled into PHP or loaded as an extension.'));
}
check_print_test_warn_row('<a href="http://en.wikipedia.org/wiki/Xdebug">Xdebug</a> extension is not loaded', !extension_loaded('xdebug'), array(false => 'For security reasons this extension should not be loaded on production and Internet facing servers.'));
$t_variables_order = ini_get('variables_order');
check_print_test_row('variables_order php.ini directive contains GPCS', stripos($t_variables_order, 'G') !== false && stripos($t_variables_order, 'P') !== false && stripos($t_variables_order, 'C') !== false && stripos($t_variables_order, 'S') !== false, array(false => 'The value of this directive is currently: ' . $t_variables_order));
check_print_test_row('magic_quotes_gpc php.ini directive is disabled', !(function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_row('magic_quotes_runtime php.ini directive is disabled', !(function_exists('get_magic_quotes_runtime') && @get_magic_quotes_runtime()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_row('register_globals php.ini directive is disabled', !ini_get_bool('register_globals'), array(false => 'PHP\'s register globals feature is <a href="http://php.net/manual/en/security.globals.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_warn_row('register_argc_argv php.ini directive is disabled', !ini_get_bool('register_argc_argv'), array(false => 'This directive should be disabled to increase performance (it only affects PHP in CLI mode).'));
check_print_test_warn_row('register_long_arrays php.ini directive is disabled', !ini_get_bool('register_long_arrays'), array(false => 'This directive is deprecated in PHP 5.3.0 and should be disabled for performance reasons.'));
check_print_test_warn_row('auto_globals_jit php.ini directive is enabled', ini_get_bool('auto_globals_jit'), array(false => 'This directive is currently disabled: enable it for a performance gain.'));
check_print_test_warn_row('display_errors php.ini directive is disabled', !ini_get_bool('display_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.'));
