# MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_L10N_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Localization'); $t_possible_languages = config_get_global('language_choices_arr'); $t_default_language = config_get_global('default_language'); check_print_test_row('default_language configuration option is set to a valid language', in_array($t_default_language, $t_possible_languages), array(true => 'The default language is currently specified as: ' . htmlentities($t_default_language), false => 'Invalid default language detected: ' . htmlentities($t_default_language))); $t_fallback_language = config_get_global('fallback_language'); check_print_test_row('fallback_language configuration option is set to a valid language', $t_fallback_language != 'auto' && in_array($t_fallback_language, $t_possible_languages), array(true => 'The fallback language is currently specified as: ' . htmlentities($t_fallback_language), false => 'Fallback language can not be set to auto or a non-implemented language. Invalid fallback language detected: ' . htmlentities($t_fallback_language)));
check_print_section_header_row('Attachments'); $t_file_uploads_allowed = config_get_global('allow_file_upload'); check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No'); if (!$t_file_uploads_allowed) { return; } check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.')); check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes'); check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.')); $t_use_xsendfile = config_get_global('file_download_xsendfile_enabled'); check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No'); if ($t_use_xsendfile) { check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.')); $t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name'); if ($t_xsendfile_header_name !== 'X-Sendfile') { check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name); } } $t_finfo_exists = class_exists('finfo'); check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.')); if ($t_finfo_exists) { $t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file'); if ($t_fileinfo_magic_db_file) { check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file')); check_print_test_row('fileinfo_magic_db_file configuration value points to an existing magic.db file', file_exists($t_fileinfo_magic_db_file)); $t_finfo = new finfo(FILEINFO_MIME, $t_fileinfo_magic_db_file); } else { $t_finfo = new finfo(FILEINFO_MIME); } check_print_test_row('Fileinfo extension can find and load a valid magic.db file', $t_finfo !== false, array(false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.')); }
$t_result = db_query_bound( 'SHOW TABLE STATUS' ); while( $t_row = db_fetch_array( $t_result ) ) { if( $t_row['Comment'] !== 'VIEW' && preg_match( "/^$t_table_prefix_regex_safe.+?$t_table_suffix_regex_safe\$/", $t_row['Name'] ) ) { check_print_test_row( 'Table <em>' . htmlentities( $t_row['Name'] ) . '</em> is using UTF-8 collation', substr( $t_row['Collation'], 0, 5 ) === 'utf8_', array( false => 'Table ' . htmlentities( $t_row['Name'] ) . ' is using ' . htmlentities( $t_row['Collation'] ) . ' collation where UTF-8 collation is required.' ) ); } } foreach( db_get_table_list() as $t_table ) { if( preg_match( "/^$t_table_prefix_regex_safe.+?$t_table_suffix_regex_safe\$/", $t_table ) ) { $t_result = db_query_bound( 'SHOW FULL FIELDS FROM ' . $t_table ); while( $t_row = db_fetch_array( $t_result ) ) { if ( $t_row['Collation'] === null ) { continue; } check_print_test_row( 'Text column <em>' . htmlentities( $t_row['Field'] ) . '</em> of type <em>' . $t_row['Type'] . '</em> on table <em>' . htmlentities( $t_table ) . '</em> is is using UTF-8 collation', substr( $t_row['Collation'], 0, 5 ) === 'utf8_', array( false => 'Text column ' . htmlentities( $t_row['Field'] ) . ' of type ' . $t_row['Type'] . ' on table ' . htmlentities( $t_table ) . ' is using ' . htmlentities( $t_row['Collation'] ) . ' collation where UTF-8 collation is required.' ) ); } } } }
foreach ($t_paths as $t_path_config_name => $t_path) { check_print_test_row($t_path_config_name . ' configuration option has a trailing directory separator', substr($t_path['config_value'], -1, 1) == DIRECTORY_SEPARATOR, array(false => "You must provide a trailing directory separator (" . DIRECTORY_SEPARATOR . ") to the end of '" . htmlspecialchars($t_path['config_value']) . "'.")); } # Is a directory foreach ($t_paths as $t_path_config_name => $t_path) { check_print_test_row($t_path_config_name . ' configuration option points to a valid directory', is_dir($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' is not a valid directory.")); } # Is readable foreach ($t_paths as $t_path_config_name => $t_path) { check_print_test_row($t_path_config_name . ' configuration option points to an accessible directory', is_readable($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' is not accessible.")); } # File upload default path must be writeable if (DISK == config_get_global('file_upload_method')) { $t_path_config_name = 'absolute_path_default_upload_folder'; $t_path = $t_paths[$t_path_config_name]; check_print_test_row($t_path_config_name . ' configuration option points to a writable directory', is_writable($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' must be writable.")); } if ($g_failed_test) { return; } $t_moveable_paths = array('core_path', 'class_path', 'library_path', 'language_path'); if ($t_paths['absolute_path']['real_path'] !== false) { $t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['real_path'], '/'); } else { $t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['config_value'], '/'); } foreach ($t_moveable_paths as $t_moveable_path) { if ($t_paths[$t_moveable_path]['real_path'] !== false) { $t_moveable_real_path = $t_paths[$t_moveable_path]['real_path']; } else { $t_moveable_real_path = $t_paths[$t_moveable_path]['config_value'];
# (at your option) any later version. # # MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_DISPLAY_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Display'); check_print_test_row('dhtml_filters = ON requires use_javascript = ON', !config_get_global('dhtml_filters') || config_get_global('use_javascript')); check_print_test_row('bug_link_tag is not blank/null', config_get_global('bug_link_tag'), array(false => 'The value of the bug_link_tag option cannot be blank/null.')); check_print_test_row('bugnote_link_tag is not blank/null', config_get_global('bugnote_link_tag'), array(false => 'The value of the bugnote_link_tag option cannot be blank/null.'));
} /** * MantisBT Check API */ require_once( 'check_api.php' ); require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); check_print_section_header_row( 'Cryptography' ); check_print_test_row( 'Master salt value has been specified', strlen( config_get_global( 'crypto_master_salt' ) ) >= 16, array( false => 'The crypto_master_salt option needs to be specified in config_inc.php with a minimum string length of 16 characters.' ) ); check_print_test_row( 'login_method is not equal to CRYPT_FULL_SALT', config_get_global( 'login_method' ) != CRYPT_FULL_SALT, array( false => 'Login method CRYPT_FULL_SALT has been deprecated and should not be used.' ) ); if( config_get_global( 'login_method' ) != LDAP ) { check_print_test_warn_row( 'login_method is set to MD5', config_get_global( 'login_method' ) == MD5, 'MD5 password encryption is currently the strongest password storage method supported by MantisBT.' ); }
/** * This file contains configuration checks for internationalization issues * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_I18N_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Internationalization'); $t_config_default_timezone = config_get_global('default_timezone'); if ($t_config_default_timezone) { check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => "Default timezone is '" . htmlentities($t_config_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. " . 'Refer to the <a href="http://php.net/timezones">List of Supported Timezones</a>.')); } else { $t_php_default_timezone = ini_get('date.timezone'); $t_msg = 'No timezone has been specified in config_inc.php (default_timezone option)'; $t_tz_link = '<a href="http://ch1.php.net/datetime.configuration#ini.date.timezone">date.timezone</a>'; if ($t_php_default_timezone) { check_print_test_row($t_msg, in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => "Default timezone (specified by the {$t_tz_link} directive in php.ini) " . "is '" . htmlentities($t_php_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. ")); } else { check_print_test_warn_row($t_msg, !empty($t_php_default_timezone), array(false => "Timezone has been defaulted to 'UTC'.")); } }
/** * Check Mantis config configuration * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php */ if (!defined('CHECK_CONFIG_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; check_print_section_header_row('Configuration'); check_print_test_row('config_inc.php configuration file exists', file_exists($g_config_path . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.')); check_print_test_row('config_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'config_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_strings_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_strings_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_functions_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_functions_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_constants_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_constants_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_relationships_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_relationships_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('api/soap/mc_config_inc.php is no longer supported', !file_exists($g_absolute_path . 'api/soap/mc_config_inc.php'), array(false => 'Move contents of api/soap/mc_config_inc.php into config/config_inc.php.')); # Debugging / Developer Settings check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use')); check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser')); check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.')); check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;')); check_print_test_warn_row('Email debugging should be OFF', empty($g_debug_email), array(false => 'All notification e-mails will be sent to: ' . $g_debug_email)); # Obsolete Settings require_api('obsolete.php');
# GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * This file contains configuration checks for internationalization issues * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_I18N_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Internationalization'); $t_config_default_timezone = config_get_global('default_timezone'); if ($t_config_default_timezone) { check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => 'Default timezone is: ' . htmlentities($t_config_default_timezone), false => 'Invalid timezone \'' . htmlentities($t_config_default_timezone) . '\' specified for the default_timezone configuration option.')); } else { $t_php_default_timezone = ini_get('date.timezone'); check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option) or php.ini (date.timezone directive)', in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => 'Default timezone (specified by the date.timezone directive in php.ini) is: ' . htmlentities($t_php_default_timezone), false => 'Invalid timezone \'' . htmlentities($t_php_default_timezone) . '\' specified for the date.timezone php.ini directive.')); }
* * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses utility_api.php */ if (!defined('CHECK_EMAIL_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('utility_api.php'); check_print_section_header_row('Email'); $t_email_options = array('webmaster_email', 'from_email', 'return_path_email'); foreach ($t_email_options as $t_email_option) { $t_email = config_get_global($t_email_option); check_print_test_row($t_email_option . ' configuration option has a valid email address specified', !preg_match('/@example\\.com$/', $t_email), array(false => 'You need to specify a valid email address for the ' . $t_email_option . ' configuration option.')); } check_print_test_warn_row('Email addresses are validated', config_get_global('validate_email'), array(false => 'You have disabled email validation checks. For security reasons it is suggested that you enable these validation checks.')); check_print_test_row('send_reset_password = ON requires allow_blank_email = OFF', !config_get_global('send_reset_password') || !config_get_global('allow_blank_email')); check_print_test_row('send_reset_password = ON requires enable_email_notification = ON', !config_get_global('send_reset_password') || config_get_global('enable_email_notification')); check_print_test_row('allow_signup = ON requires enable_email_notification = ON', !config_get_global('allow_signup') || config_get_global('enable_email_notification')); check_print_test_row('allow_signup = ON requires send_reset_password = ON', !config_get_global('allow_signup') || config_get_global('send_reset_password'));
check_print_test_row('variables_order php.ini directive contains GPCS', stripos($t_variables_order, 'G') !== false && stripos($t_variables_order, 'P') !== false && stripos($t_variables_order, 'C') !== false && stripos($t_variables_order, 'S') !== false, array(false => 'The value of this directive is currently: ' . $t_variables_order)); check_print_test_row('magic_quotes_gpc php.ini directive is disabled', !(function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.')); check_print_test_row('magic_quotes_runtime php.ini directive is disabled', !(function_exists('get_magic_quotes_runtime') && @get_magic_quotes_runtime()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.')); check_print_test_row('register_globals php.ini directive is disabled', !ini_get_bool('register_globals'), array(false => 'PHP\'s register globals feature is <a href="http://php.net/manual/en/security.globals.php">deprecated in PHP 5.3.0</a> and should not be used.')); check_print_test_warn_row('register_argc_argv php.ini directive is disabled', !ini_get_bool('register_argc_argv'), array(false => 'This directive should be disabled to increase performance (it only affects PHP in CLI mode).')); check_print_test_warn_row('register_long_arrays php.ini directive is disabled', !ini_get_bool('register_long_arrays'), array(false => 'This directive is deprecated in PHP 5.3.0 and should be disabled for performance reasons.')); check_print_test_warn_row('auto_globals_jit php.ini directive is enabled', ini_get_bool('auto_globals_jit'), array(false => 'This directive is currently disabled: enable it for a performance gain.')); check_print_test_warn_row('display_errors php.ini directive is disabled', !ini_get_bool('display_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.')); check_print_test_warn_row('display_startup_errors php.ini directive is disabled', !ini_get_bool('display_startup_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.')); check_print_test_warn_row('PHP errors are being logged or reported', ini_get_bool('display_errors') || ini_get_bool('log_errors'), array(false => 'PHP is not currently set to log or report errors and thus you may be unaware of PHP errors that occur.')); check_print_info_row('php.ini directive: memory_limit', htmlentities(ini_get_number('memory_limit')) . ' bytes'); check_print_info_row('php.ini directive: post_max_size', htmlentities(ini_get_number('post_max_size')) . ' bytes'); check_print_test_row('memory_limit php.ini directive is at least equal to the post_max_size directive', ini_get_number('memory_limit') >= ini_get_number('post_max_size'), array(false => 'The current value of the memory_limit directive is ' . htmlentities(ini_get_number('memory_limit')) . ' bytes. This value needs to be at least equal to the post_max_size directive value of ' . htmlentities(ini_get_number('post_max_size')) . ' bytes.')); check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No'); check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes'); check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.')); $t_disabled_functions = explode(',', ini_get('disable_functions')); foreach ($t_disabled_functions as $t_disabled_function) { $t_disabled_function = trim($t_disabled_function); if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') { check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.'); } } $t_disabled_classes = explode(',', ini_get('disable_classes')); foreach ($t_disabled_classes as $t_disabled_class) { $t_disabled_class = trim($t_disabled_class); if ($t_disabled_class) { check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.'); } } # Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php)
require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Paths'); $t_path_config_names = array('absolute_path', 'core_path', 'class_path', 'library_path', 'language_path'); $t_paths = array(); foreach ($t_path_config_names as $t_path_config_name) { $t_new_path = array(); $t_new_path['config_value'] = config_get_global($t_path_config_name); $t_new_path['real_path'] = realpath($t_new_path['config_value']); $t_paths[$t_path_config_name] = $t_new_path; } foreach ($t_paths as $t_path_config_name => $t_path) { check_print_test_row($t_path_config_name . ' configuration option has a trailing directory separator', substr($t_path['config_value'], -1, 1) == DIRECTORY_SEPARATOR, array(false => 'You must provide a trailing directory separator (' . DIRECTORY_SEPARATOR . ') to the end of the ' . $t_path_config_name . ' configuration value.')); } foreach ($t_paths as $t_path_config_name => $t_path) { check_print_test_row($t_path_config_name . ' configuration option points to a valid directory', is_dir($t_path['config_value']), array(false => 'The path specified by the ' . $t_path_config_name . ' configuration option does not point to a valid and accessible directory.')); } if ($g_failed_test) { return; } $t_moveable_paths = array('core_path', 'class_path', 'library_path', 'language_path'); if ($t_paths['absolute_path']['real_path'] !== false) { $t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['real_path'], '/'); } else { $t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['config_value'], '/'); } foreach ($t_moveable_paths as $t_moveable_path) { if ($t_paths[$t_moveable_path]['real_path'] !== false) { $t_moveable_real_path = $t_paths[$t_moveable_path]['real_path']; } else { $t_moveable_real_path = $t_paths[$t_moveable_path]['config_value'];
} check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.')); check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes'); check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.')); $t_use_xsendfile = config_get_global('file_download_xsendfile_enabled'); check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No'); if ($t_use_xsendfile) { check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.')); $t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name'); if ($t_xsendfile_header_name !== 'X-Sendfile') { check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name); } } $t_finfo_exists = class_exists('finfo'); check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.')); if ($t_finfo_exists) { $t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file'); if ($t_fileinfo_magic_db_file) { check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file')); check_print_test_row('fileinfo_magic_db_file configuration value points to an existing magic.db file', file_exists($t_fileinfo_magic_db_file)); $t_finfo = new finfo(FILEINFO_MIME, $t_fileinfo_magic_db_file); } else { $t_finfo = new finfo(FILEINFO_MIME); } check_print_test_row('Fileinfo extension can find and load a valid magic.db file', $t_finfo !== false, array(false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.')); } $t_file_type_icons = config_get('file_type_icons'); foreach ($t_file_type_icons as $t_ext => $t_filename) { $t_file_path = dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'images' . DIRECTORY_SEPARATOR . 'fileicons' . DIRECTORY_SEPARATOR . $t_filename; check_print_test_row("Testing icon for extension '{$t_ext}'...", file_exists($t_file_path), array(false => 'File not found: ' . $t_file_path)); }
return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.' ) );
# it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php */ if (!defined('CHECK_CONFIG_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; check_print_section_header_row('Configuration'); check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.')); check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use')); check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser')); require_api('obsolete.php');
return; } # MantisBT Check API require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Display'); check_print_test_row('bug_link_tag is not blank/null', config_get_global('bug_link_tag'), array(false => 'The value of the bug_link_tag option cannot be blank/null.')); check_print_test_row('bugnote_link_tag is not blank/null', config_get_global('bugnote_link_tag'), array(false => 'The value of the bugnote_link_tag option cannot be blank/null.')); if (plugin_is_installed('MantisGraph')) { plugin_push_current('MantisGraph'); check_print_test_row('Checking GD library is enabled, and version 2...', get_gd_version() == 2); if (plugin_config_get('eczlibrary', ON) == OFF) { $t_jpgraph_path = plugin_config_get('jpgraph_path'); if ($t_jpgraph_path == '') { $t_jpgraph_path = config_get('absolute_path') . 'library/jpgraph'; } $t_jpgraph_path .= '/jpgraph.php'; $t_jpgraph_found = check_print_test_row('Checking we can find jpgraph library class files', file_exists($t_jpgraph_path), dirname($t_jpgraph_path)); if ($t_jpgraph_found) { require_once $t_jpgraph_path; # Old versions of jpgraph did not define the constant $t_jpgraph_version = defined('JPG_VERSION') ? JPG_VERSION : 'Unknown version'; check_print_test_row('Checking jpgraph library version is at least 2.3.0', version_compare($t_jpgraph_version, '2.3.0', '>='), $t_jpgraph_version); } $t_jpgraph_antialias = plugin_config_get('jpgraph_antialias', OFF); if ($t_jpgraph_antialias) { check_print_test_row('jpgraph anti-aliasing requires the php-bundled GD library', $t_jpgraph_antialias == OFF || function_exists('imageantialias'), array(false => 'The functionality requires the imageantialias() function')); } } plugin_pop_current(); }
* Check Mantis config configuration * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php */ if (!defined('CHECK_CONFIG_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; check_print_section_header_row('Configuration'); check_print_test_row('config_inc.php configuration file exists', file_exists($g_config_path . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.')); check_print_test_row('config_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'config_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_strings_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_strings_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_functions_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_functions_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_constants_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_constants_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_relationships_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_relationships_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('api/soap/mc_config_inc.php is no longer supported', !file_exists($g_absolute_path . 'api/soap/mc_config_inc.php'), array(false => 'Move contents of api/soap/mc_config_inc.php into config/config_inc.php.')); # Debugging / Developer Settings check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use')); check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser')); check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.')); check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;')); check_print_test_warn_row('Email debugging should be OFF', empty($g_debug_email), array(false => 'All notification e-mails will be sent to: ' . $g_debug_email)); check_print_test_row('Default move category must exists ("default_category_for_moves")', category_exists(config_get('default_category_for_moves')), array(false => 'Issues moved may end up with invalid category id.')); # Obsolete Settings require_api('obsolete.php');