if( db_is_mysql() ) { check_print_test_row( 'Version of MySQL being used is within the <a href="http://www.mysql.com/about/legal/lifecycle/">MySQL extended lifecycle period</a>', version_compare( $t_database_server_info['version'], '5.0', '>=' ), array( true => 'Extended lifecycle support ends on 2011-12-31 for MySQL 5.0 and on 2013-12-31 for MySQL 5.1.', false => 'The version of MySQL you are using is ' . htmlentities( $t_database_server_info['version'] ) . '. This version is no longer supported and should not be used as security flaws discovered in this version will not be fixed.' ) ); check_print_test_warn_row( 'Version of MySQL being used is within the <a href="http://www.mysql.com/about/legal/lifecycle/">MySQL active lifecycle period</a>', version_compare( $t_database_server_info['version'], '5.1', '>=' ), array( true => 'Active lifecycle support ends on 2010-12-31 for MySQL 5.1.', false => 'The version of MySQL you are using is ' . htmlentities( $t_database_server_info['version'] ) . '. It is recommended you use a newer version of MySQL still within the active lifecycle period.' ) ); } if( db_is_pgsql() ) { check_print_test_row( 'Version of PostgreSQL being used still has <a href="http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy">release support</a>', version_compare( $t_database_server_info['version'], '7.4', '>=' ), array( false => 'The version of PostgreSQL you are using is '. htmlentities( $t_database_server_info['version'] ). '. This version is no longer supported and should not be used as security flaws discovered in this version will not be fixed.' ) ); }
$t_path_config_name = 'absolute_path_default_upload_folder'; $t_path = $t_paths[$t_path_config_name]; check_print_test_row($t_path_config_name . ' configuration option points to a writable directory', is_writable($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' must be writable.")); } if ($g_failed_test) { return; } $t_moveable_paths = array('core_path', 'class_path', 'library_path', 'language_path'); if ($t_paths['absolute_path']['real_path'] !== false) { $t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['real_path'], '/'); } else { $t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['config_value'], '/'); } foreach ($t_moveable_paths as $t_moveable_path) { if ($t_paths[$t_moveable_path]['real_path'] !== false) { $t_moveable_real_path = $t_paths[$t_moveable_path]['real_path']; } else { $t_moveable_real_path = $t_paths[$t_moveable_path]['config_value']; } check_print_test_warn_row($t_moveable_path . ' configuration option is set to a path outside the web root', !preg_match("/^{$t_absolute_path_regex_safe}/", $t_moveable_real_path), array(false => 'For increased security it is recommended that you move the ' . $t_moveable_path . ' directory outside the web root.')); } $t_removeable_directories = array('doc'); foreach ($t_removeable_directories as $t_removeable_directory) { check_print_test_warn_row('Directory <em><a href="' . htmlentities(config_get_global('short_path')) . $t_removeable_directory . '">' . $t_removeable_directory . '</a></em> does not need to exist within the MantisBT root', !is_dir($t_paths['absolute_path']['config_value'] . $t_removeable_directory), array(false => 'The ' . $t_removeable_directory . ' directory within the MantisBT root should be removed as it is not needed for the live operation of MantisBT.')); } $t_developer_directories = array('docbook', 'packages', 'tests'); foreach ($t_developer_directories as $t_developer_directory) { check_print_test_warn_row('Directory <em><a href="' . htmlentities(config_get_global('short_path')) . $t_developer_directory . '">' . $t_developer_directory . '</a></em> exists. These files are not included in MantisBT builds. For production use, please use a release build/snapshot, and not the developer git code.', !is_dir($t_paths['absolute_path']['config_value'] . $t_developer_directory), array(false => 'The ' . $t_developer_directory . ' directory within the MantisBT root is for development use and is not included in official releases of MantisBT.')); } check_print_test_warn_row('Directory <em><a href="' . htmlentities(config_get_global('short_path')) . 'api">api</a></em> should be removed from the MantisBT root if you do not plan on using <a href="http://en.wikipedia.org/wiki/SOAP">SOAP</a>', !is_dir($t_paths['absolute_path']['config_value'] . 'api'));
$t_date_eol = null; end($t_versions); $t_assume = array('older', key($t_versions), 'at end of life'); } check_print_test_warn_row('PostgreSQL version support information availability', false, array(false => 'Release information for version ' . $t_db_major_version . ' is not available. ' . vsprintf('Since it is %s than %s, we assume it is %s. ', $t_assume) . 'Please refer to the <a href="' . $t_support_url . '">PostgreSQL release support policy</a> to make sure.')); } check_print_test_row('Version of PostgreSQL is <a href="' . $t_support_url . '">supported</a>', date_create($t_date_eol) > date_create('now'), array(false => 'PostgreSQL version ' . htmlentities($t_db_version) . ' is no longer supported and should not be used, as security flaws discovered in this version will not be fixed.')); } } $t_table_prefix = config_get_global('db_table_prefix'); check_print_info_row('Prefix added to each MantisBT table name', htmlentities($t_table_prefix)); $t_table_plugin_prefix = config_get_global('db_table_plugin_prefix'); check_print_info_row('Prefix added to each Plugin table name', htmlentities($t_table_plugin_prefix)); $t_table_suffix = config_get_global('db_table_suffix'); check_print_info_row('Suffix added to each MantisBT table name', htmlentities($t_table_suffix)); check_print_test_warn_row('Plugin table prefix should not be empty', !empty($t_table_plugin_prefix), array(false => 'Defining $g_db_table_plugin_prefix allows easy identification of plugin-specific vs MantisBT core tables')); if (db_is_mysql()) { $t_table_prefix_regex_safe = preg_quote($t_table_prefix, '/'); $t_table_suffix_regex_safe = preg_quote($t_table_suffix, '/'); # Field names from MySQL data dictionary # mysql returns fields with uppercase first letter, whereas # mysqli uses all lowercase. switch ($g_db_type) { case 'mysql': $t_field_name = 'Name'; $t_field_comment = 'Comment'; $t_field_collation = 'Collation'; $t_field_field = 'Field'; $t_field_type = 'Type'; break; case 'mysqli':
} /** * MantisBT Check API */ require_once( 'check_api.php' ); require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); check_print_section_header_row( 'Cryptography' ); check_print_test_row( 'Master salt value has been specified', strlen( config_get_global( 'crypto_master_salt' ) ) >= 16, array( false => 'The crypto_master_salt option needs to be specified in config_inc.php with a minimum string length of 16 characters.' ) ); check_print_test_row( 'login_method is not equal to CRYPT_FULL_SALT', config_get_global( 'login_method' ) != CRYPT_FULL_SALT, array( false => 'Login method CRYPT_FULL_SALT has been deprecated and should not be used.' ) ); if( config_get_global( 'login_method' ) != LDAP ) { check_print_test_warn_row( 'login_method is set to MD5', config_get_global( 'login_method' ) == MD5, 'MD5 password encryption is currently the strongest password storage method supported by MantisBT.' ); }
# # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses constant_inc.php */ if (!defined('CHECK_WEBSERVICE_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('constant_inc.php'); check_print_section_header_row('Webservice'); $t_library_path = config_get_global('library_path'); $t_library_path = realpath($t_library_path); if ($t_library_path[strlen($t_library_path) - 1] != '/') { $t_library_path .= '/'; } check_print_test_warn_row("Legacy <em>library/nusoap</em> folder must be deleted.", !is_dir($t_library_path . 'nusoap')); check_print_test_warn_row('SOAP Extension Enabled', extension_loaded('soap'), array(false => 'Enable the PHP SOAP extension.'));
/** * Check File integrity of local files against release * * @param string $p_directory Directory. * @param string $p_base_directory Base directory. * @param string $p_relative_path_prefix Relative path prefix. * @param array $p_ignore_files Files to ignore. * @return void */ function check_file_integrity_recursive($p_directory, $p_base_directory, $p_relative_path_prefix = '', array $p_ignore_files = array()) { global $g_integrity_blobs, $g_integrity_release_blobs; if ($t_handle = opendir($p_directory)) { while (false !== ($t_file = readdir($t_handle))) { if ($t_file == '.' || $t_file == '..') { continue; } $t_file_absolute = $p_directory . $t_file; $t_file_relative = preg_replace('@^' . preg_quote($p_base_directory, '@') . '@', '', $t_file_absolute); $t_file_relative = $p_relative_path_prefix . $t_file_relative; $t_file_relative = strtr($t_file_relative, '\\', '/'); $t_file_relative = ltrim($t_file_relative, '/'); if (is_dir($t_file_absolute)) { if (in_array($t_file_relative . '/', $p_ignore_files)) { continue; } check_file_integrity_recursive($t_file_absolute . DIRECTORY_SEPARATOR, $p_base_directory, $p_relative_path_prefix, $p_ignore_files); } else { if (is_file($t_file_absolute)) { if (in_array($t_file_relative, $p_ignore_files)) { continue; } $t_file_hash = create_git_object_hash($t_file_absolute); $t_integrity_ok = false; $t_integrity_info = 'This file does not originate from any official MantisBT release or snapshot.'; $t_release = get_release_containing_object_hash($t_file_relative, $t_file_hash); if ($t_release !== null) { $t_integrity_ok = true; $t_release_sanitised = htmlentities($t_release); $t_integrity_info = 'Matches file from release <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=release-' . $t_release_sanitised . '">' . $t_release_sanitised . '</a>.'; } else { $t_commit = get_commit_containing_object_hash($t_file_relative, $t_file_hash); if ($t_commit !== null) { $t_integrity_ok = true; $t_commit_sanitised = htmlentities($t_commit); $t_integrity_info = 'Matches file introduced or modified in commit <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=' . $t_commit_sanitised . '">' . $t_commit_sanitised . '</a>.'; } } check_print_test_warn_row(htmlentities($t_file_absolute), $t_integrity_ok, $t_integrity_info); } } } } }
/** * This file contains configuration checks for internationalization issues * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php */ if (!defined('CHECK_I18N_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; require_api('config_api.php'); check_print_section_header_row('Internationalization'); $t_config_default_timezone = config_get_global('default_timezone'); if ($t_config_default_timezone) { check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => "Default timezone is '" . htmlentities($t_config_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. " . 'Refer to the <a href="http://php.net/timezones">List of Supported Timezones</a>.')); } else { $t_php_default_timezone = ini_get('date.timezone'); $t_msg = 'No timezone has been specified in config_inc.php (default_timezone option)'; $t_tz_link = '<a href="http://ch1.php.net/datetime.configuration#ini.date.timezone">date.timezone</a>'; if ($t_php_default_timezone) { check_print_test_row($t_msg, in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => "Default timezone (specified by the {$t_tz_link} directive in php.ini) " . "is '" . htmlentities($t_php_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. ")); } else { check_print_test_warn_row($t_msg, !empty($t_php_default_timezone), array(false => "Timezone has been defaulted to 'UTC'.")); } }
function config_obsolete($p_var, $p_replace = '') { global $g_cache_config; # @@@ we could trigger a WARNING here, once we have errors that can # have extra data plugged into them (we need to give the old and # new config option names in the warning text) if (config_is_set($p_var)) { $t_description = 'The configuration option <em>' . $p_var . '</em> is now obsolete'; $t_info = ''; // Check if set in the database if (is_array($g_cache_config) && array_key_exists($p_var, $g_cache_config)) { $t_info .= 'it is currently defined in '; if (isset($GLOBALS['g_' . $p_var])) { $t_info .= 'config_inc.php, as well as in '; } $t_info .= 'the database configuration for: <ul>'; foreach ($g_cache_config[$p_var] as $t_user_id => $t_user) { $t_info .= '<li>' . ($t_user_id == 0 ? lang_get('all_users') : user_get_name($t_user_id)) . ': '; foreach ($t_user as $t_project_id => $t_project) { $t_info .= project_get_name($t_project_id) . ', '; } $t_info = rtrim($t_info, ', ') . '</li>'; } $t_info .= '</ul>'; } // Replacement defined if (is_array($p_replace)) { $t_info .= 'please see the following options: <ul>'; foreach ($p_replace as $t_option) { $t_info .= '<li>' . $t_option . '</li>'; } $t_info .= '</ul>'; } else { if (!is_blank($p_replace)) { $t_info .= 'please use ' . $p_replace . ' instead.'; } } check_print_test_warn_row($t_description, false, $t_info); } }
check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No'); check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes'); check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.')); $t_disabled_functions = explode(',', ini_get('disable_functions')); foreach ($t_disabled_functions as $t_disabled_function) { $t_disabled_function = trim($t_disabled_function); if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') { check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.'); } } $t_disabled_classes = explode(',', ini_get('disable_classes')); foreach ($t_disabled_classes as $t_disabled_class) { $t_disabled_class = trim($t_disabled_class); if ($t_disabled_class) { check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.'); } } # Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php) $t_vars = array('open_basedir', 'extension', 'upload_tmp_dir', 'max_file_uploads', 'date.timezone'); while (list($t_foo, $t_var) = each($t_vars)) { $t_value = ini_get($t_var); if ($t_value != '') { check_print_info_row('php.ini directive: ' . $t_var, htmlentities($t_value)); } } if (is_windows_server()) { check_print_test_warn_row('There is a performance issue on windows for PHP versions < 5.4 in openssl_random_pseudo_bytes', version_compare(phpversion(), '5.4.0', '>='), array(false => 'For best performance upgrade to PHP > 5.4.0.')); } check_print_test_warn_row('Check for php bug 61443 - php 5.4.0-5.4.3, trying to use compression with no output handler set', !(ini_get('output_handler') == '' && function_exists('ini_set') && version_compare(PHP_VERSION, '5.4.0', '>=') && version_compare(PHP_VERSION, '5.4.4', '<')), array(false => 'you should consider setting a php output handler, ensuring compression is disabled or upgrading to at least php 5.4.4')); check_print_test_warn_row('webserver: check SCRIPT_NAME is returned to PHP by web server', isset($_SERVER['SCRIPT_NAME']), array(false => 'Please ensure web server configuration sets SCRIPT_NAME'));
* This file contains configuration checks for email issues * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses utility_api.php */ if (!defined('CHECK_EMAIL_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('utility_api.php'); check_print_section_header_row('Email'); $t_email_options = array('webmaster_email', 'from_email', 'return_path_email'); foreach ($t_email_options as $t_email_option) { $t_email = config_get_global($t_email_option); check_print_test_row($t_email_option . ' configuration option has a valid email address specified', !preg_match('/@example\\.com$/', $t_email), array(false => 'You need to specify a valid email address for the ' . $t_email_option . ' configuration option.')); } check_print_test_warn_row('Email addresses are validated', config_get_global('validate_email'), array(false => 'You have disabled email validation checks. For security reasons it is suggested that you enable these validation checks.')); check_print_test_row('send_reset_password = ON requires allow_blank_email = OFF', !config_get_global('send_reset_password') || !config_get_global('allow_blank_email')); check_print_test_row('send_reset_password = ON requires enable_email_notification = ON', !config_get_global('send_reset_password') || config_get_global('enable_email_notification')); check_print_test_row('allow_signup = ON requires enable_email_notification = ON', !config_get_global('allow_signup') || config_get_global('enable_email_notification')); check_print_test_row('allow_signup = ON requires send_reset_password = ON', !config_get_global('allow_signup') || config_get_global('send_reset_password'));
# GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * Check Mantis config configuration * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php */ if (!defined('CHECK_CONFIG_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; check_print_section_header_row('Configuration'); check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . '/config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.')); # Debugging / Developer Settings check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use')); check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser')); check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.')); check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;')); check_print_test_warn_row('Email debugging should be OFF', $g_debug_email === OFF, array(false => "All notification e-mails will be sent to {$g_debug_email}")); # Obsolete Settings require_api('obsolete.php');
if( $t_disabled_function ) { check_print_test_warn_row( '<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.' ); } } $t_disabled_classes = explode( ',', ini_get( 'disable_classes' ) ); foreach( $t_disabled_classes as $t_disabled_class ) { $t_disabled_class = trim( $t_disabled_class ); if( $t_disabled_class ) { check_print_test_warn_row( '<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.' ); } } # Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php) $t_vars = array( 'open_basedir', 'extension', 'upload_tmp_dir', 'max_file_uploads', 'date.timezone' ); while( list( $t_foo, $t_var ) = each( $t_vars ) ) {
check_print_test_row('memory_limit php.ini directive is at least equal to the post_max_size directive', ini_get_number('memory_limit') >= ini_get_number('post_max_size'), array(false => 'The current value of the memory_limit directive is ' . htmlentities(ini_get_number('memory_limit')) . ' bytes. This value needs to be at least equal to the post_max_size directive value of ' . htmlentities(ini_get_number('post_max_size')) . ' bytes.')); check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No'); check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes'); check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.')); $t_disabled_functions = explode(',', ini_get('disable_functions')); foreach ($t_disabled_functions as $t_disabled_function) { $t_disabled_function = trim($t_disabled_function); if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') { check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.'); } } $t_disabled_classes = explode(',', ini_get('disable_classes')); foreach ($t_disabled_classes as $t_disabled_class) { $t_disabled_class = trim($t_disabled_class); if ($t_disabled_class) { check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.'); } } # Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php) $t_vars = array('open_basedir', 'extension', 'upload_tmp_dir', 'max_file_uploads', 'date.timezone'); while (list($t_foo, $t_var) = each($t_vars)) { $t_value = ini_get($t_var); if ($t_value != '') { check_print_info_row('php.ini directive: ' . $t_var, htmlentities($t_value)); } } if (is_windows_server()) { check_print_test_warn_row('There is a performance issue on windows for PHP versions < 5.4 in openssl_random_pseudo_bytes', version_compare(phpversion(), '5.4.0', '>='), array(false => 'For best performance upgrade to PHP > 5.4.0.')); } check_print_test_warn_row('Check for php bug 61443 - php 5.4.0-5.4.3, trying to use compression with no output handler set', !(ini_get('output_handler') == '' && function_exists('ini_set') && version_compare(PHP_VERSION, '5.4.0', '>=') && version_compare(PHP_VERSION, '5.4.4', '<')), array(false => 'you should consider setting a php output handler, ensuring compression is disabled or upgrading to at least php 5.4.4'));
check_print_section_header_row('Attachments'); $t_file_uploads_allowed = config_get_global('allow_file_upload'); check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No'); if (!$t_file_uploads_allowed) { return; } check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.')); check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes'); check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.')); $t_use_xsendfile = config_get_global('file_download_xsendfile_enabled'); check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No'); if ($t_use_xsendfile) { check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.')); $t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name'); if ($t_xsendfile_header_name !== 'X-Sendfile') { check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name); } } $t_finfo_exists = class_exists('finfo'); check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.')); if ($t_finfo_exists) { $t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file'); if ($t_fileinfo_magic_db_file) { check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file')); check_print_test_row('fileinfo_magic_db_file configuration value points to an existing magic.db file', file_exists($t_fileinfo_magic_db_file)); $t_finfo = new finfo(FILEINFO_MIME, $t_fileinfo_magic_db_file); } else { $t_finfo = new finfo(FILEINFO_MIME); } check_print_test_row('Fileinfo extension can find and load a valid magic.db file', $t_finfo !== false, array(false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.')); }
# it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php */ if (!defined('CHECK_CONFIG_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; check_print_section_header_row('Configuration'); check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.')); check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use')); check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser')); require_api('obsolete.php');
/** * Checks if an obsolete environment variable is set. * If so, an error will be generated and the script will exit. * * @param string $p_env_variable Old variable. * @param string $p_new_env_variable New variable. * @return void */ function env_obsolete($p_env_variable, $p_new_env_variable) { $t_env = getenv($p_env_variable); if ($t_env) { $t_description = 'Environment variable <em>' . $p_env_variable . '</em> is obsolete.'; $t_info = 'please use ' . $p_new_env_variable . ' instead.'; check_print_test_warn_row($t_description, false, $t_info); } }
/** * Check Mantis config configuration * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses check_api.php */ if (!defined('CHECK_CONFIG_INC_ALLOW')) { return; } # MantisBT Check API require_once 'check_api.php'; check_print_section_header_row('Configuration'); check_print_test_row('config_inc.php configuration file exists', file_exists($g_config_path . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.')); check_print_test_row('config_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'config_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_strings_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_strings_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_functions_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_functions_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_constants_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_constants_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('custom_relationships_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_relationships_inc.php'), array(false => 'Move from MantisBT root folder to config folder.')); check_print_test_row('api/soap/mc_config_inc.php is no longer supported', !file_exists($g_absolute_path . 'api/soap/mc_config_inc.php'), array(false => 'Move contents of api/soap/mc_config_inc.php into config/config_inc.php.')); # Debugging / Developer Settings check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use')); check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser')); check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.')); check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;')); check_print_test_warn_row('Email debugging should be OFF', empty($g_debug_email), array(false => 'All notification e-mails will be sent to: ' . $g_debug_email)); # Obsolete Settings require_api('obsolete.php');