/** * Set the messages for CGI tests * */ function _setMessages() { parent::_setMessages(); $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', "You don't seem to be using the CGI SAPI"); }
/** * This is the main output method. The look and feel mimics phpinfo() * */ function renderOutput() { /** * We need to use PhpSecInfo_Test::getBooleanIniValue() below * @see PhpSecInfo_Test::getBooleanIniValue() */ require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'Test' . DIRECTORY_SEPARATOR . 'Test.php'; ?> <div class="center"> <table border="0" cellpadding="3" width="600"> <tr class="h"><td> <h1 class="p"> <?php if (PhpSecInfo_Test::getBooleanIniValue('expose_php')) { ?> <a href="http://www.php.net/"><img border="0" src="<?php echo '?=' . php_logo_guid(); ?> " alt="PHP Logo" /></a> <?php } ?> PHP Environment Security Info </h1> <h2 class="p">Version <?php echo PHPSECINFO_VERSION; ?> ; build <?php echo PHPSECINFO_BUILD; ?> </h2> </td></tr> </table> <br /> <?php foreach ($this->test_results as $group_name => $group_results) { $this->_outputRenderTable($group_name, $group_results); } $this->_outputRenderNotRunTable(); $this->_outputRenderStatsTable(); ?> </div> <?php }
/** * Returns an array of data returned from the UNIX 'id' command * * includes uid, username, gid, groupname, and groups (if "exec" * is enabled). Groups is an array of all the groups the user * belongs to. Keys are the group ids, values are the group names. * * returns FALSE if no suitable function is available to retrieve * the data * * @return array|boolean */ function getUnixId() { if ($this->osIsWindows()) { return false; } elseif (function_exists("exec") && !PhpSecInfo_Test::getBooleanIniValue('safe_mode')) { $id_raw = exec('id'); // uid=1000(coj) gid=1000(coj) groups=1000(coj),1001(admin) preg_match("|uid=(\\d+)\\((\\S+)\\)\\s+gid=(\\d+)\\((\\S+)\\)\\s+groups=(.+)|i", $id_raw, $matches); $id_data = array('uid' => $matches[1], 'username' => $matches[2], 'gid' => $matches[3], 'group' => $matches[4]); if ($matches[5]) { $gs = $matches[5]; $gs = explode(',', $gs); foreach ($gs as $groupstr) { preg_match("/(\\d+)\\(([^\\)]+)\\)/", $groupstr, $subs); $groups[$subs[1]] = $subs[2]; } ksort($groups); $id_data['groups'] = $groups; } return $id_data; } elseif (function_exists("posix_getpwuid") && function_exists("posix_geteuid") && function_exists('posix_getgrgid') && function_exists('posix_getgroups')) { $data = posix_getpwuid(posix_getuid()); $id_data['uid'] = $data['uid']; $id_data['username'] = $data['name']; $id_data['gid'] = $data['gid']; //$group_data = posix_getgrgid( posix_getegid() ); //$id_data['group'] = $group_data['name']; $groups = posix_getgroups(); foreach ($groups as $gid) { //$group_data = posix_getgrgid(posix_getgid()); $id_data['groups'][$gid] = '<unknown>'; } } return false; }
/** * Set the messages for Curl tests * */ function _setMessages() { parent::_setMessages(); $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', "CURL support is not enabled in your PHP install"); }
/** * Returns an array of data returned from the UNIX 'id' command * * includes uid, username, gid, groupname, and groups (if "exec" * is enabled). Groups is an array of all the groups the user * belongs to. Keys are the group ids, values are the group names. * * returns FALSE if no suitable function is available to retrieve * the data * * @return array|boolean */ function getUnixId() { if ($this->osIsWindows()) { return false; } $success = false; if (function_exists("exec") && !PhpSecInfo_Test::getBooleanIniValue('safe_mode')) { $id_raw = exec('id'); // uid=1000(coj) gid=1000(coj) groups=1000(coj),1001(admin) preg_match( "|uid=(\d+)\((\S+)\)\s+gid=(\d+)\((\S+)\)\s+groups=(.+)|i", $id_raw, $matches); if (!$matches) { /** * for some reason the output from 'id' wasn't as we expected. * return false so the test doesn't run. */ $success = false; } else { $id_data = array( 'uid'=>$matches[1], 'username'=>$matches[2], 'gid'=>$matches[3], 'group'=>$matches[4] ); $groups = array(); if ($matches[5]) { $gs = $matches[5]; $gs = explode(',', $gs); foreach ($gs as $groupstr) { if (preg_match("/(\d+)\(([^\)]+)\)/", $groupstr, $subs)) { $groups[$subs[1]] = $subs[2]; } else { $groups[$groupstr] = ''; } } ksort($groups); } $id_data['groups'] = $groups; $success = true; } } if (!$success && function_exists("posix_getpwuid") && function_exists("posix_geteuid") && function_exists('posix_getgrgid') && function_exists('posix_getgroups') ) { $data = posix_getpwuid( posix_getuid() ); $id_data['uid'] = $data['uid']; $id_data['username'] = $data['name']; $id_data['gid'] = $data['gid']; //$group_data = posix_getgrgid( posix_getegid() ); //$id_data['group'] = $group_data['name']; $id_data['groups'] = array(); $groups = posix_getgroups(); foreach ( $groups as $gid ) { //$group_data = posix_getgrgid(posix_getgid()); $id_data['groups'][$gid] = '<unknown>'; } $success = true; } if ($success) { return $id_data; } else { return false; } }