/** * Get security analyzer data. * * @return array data */ private function _securityanalyzer() { $data = array(); // check for magic_quotes $data['magic_quotes_gpc'] = \DataUtil::getBooleanIniValue('magic_quotes_gpc'); // check for register_globals $data['register_globals'] = \DataUtil::getBooleanIniValue('register_globals'); // check for config.php beeing writable $data['config_php'] = (bool) is_writable('config/config.php'); // check for .htaccess in temp directory $temp_htaccess = false; $tempDir = $GLOBALS['ZConfig']['System']['temp']; if ($tempDir) { // check if we have an absolute path which is possibly not within the document root $docRoot = \System::serverGetVar('DOCUMENT_ROOT'); if (\StringUtil::left($tempDir, 1) == '/' && strpos($tempDir, $docRoot) === false) { // temp dir is outside the webroot, no .htaccess file needed $temp_htaccess = true; } else { if (strpos($tempDir, $docRoot) === false) { $ldir = dirname(__FILE__); $p = strpos($ldir, DIRECTORY_SEPARATOR . 'system'); // we are in system/Admin $b = substr($ldir, 0, $p); $filePath = $b . '/' . $tempDir . '/.htaccess'; } else { $filePath = $tempDir . '/.htaccess'; } $temp_htaccess = (bool) file_exists($filePath); } } else { // already customized, admin should know about what he's doing... $temp_htaccess = true; } $data['temp_htaccess'] = $temp_htaccess; $data['scactive'] = (bool) \ModUtil::available('SecurityCenterModule'); // check for outputfilter $data['useids'] = (bool) (\ModUtil::available('SecurityCenterModule') && System::getVar('useids') == 1); $data['idssoftblock'] = System::getVar('idssoftblock'); return $data; }