# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_L10N_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Localization');
$t_possible_languages = config_get_global('language_choices_arr');
$t_default_language = config_get_global('default_language');
check_print_test_row('default_language configuration option is set to a valid language', in_array($t_default_language, $t_possible_languages), array(true => 'The default language is currently specified as: ' . htmlentities($t_default_language), false => 'Invalid default language detected: ' . htmlentities($t_default_language)));
$t_fallback_language = config_get_global('fallback_language');
check_print_test_row('fallback_language configuration option is set to a valid language', $t_fallback_language != 'auto' && in_array($t_fallback_language, $t_possible_languages), array(true => 'The fallback language is currently specified as: ' . htmlentities($t_fallback_language), false => 'Fallback language can not be set to auto or a non-implemented language. Invalid fallback language detected: ' . htmlentities($t_fallback_language)));
check_print_section_header_row('Attachments');
$t_file_uploads_allowed = config_get_global('allow_file_upload');
check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No');
if (!$t_file_uploads_allowed) {
return;
}
check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.'));
check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes');
check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.'));
$t_use_xsendfile = config_get_global('file_download_xsendfile_enabled');
check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No');
if ($t_use_xsendfile) {
check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.'));
$t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name');
if ($t_xsendfile_header_name !== 'X-Sendfile') {
check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name);
}
}
$t_finfo_exists = class_exists('finfo');
check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.'));
if ($t_finfo_exists) {
$t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file');
if ($t_fileinfo_magic_db_file) {
check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file'));
check_print_test_row('fileinfo_magic_db_file configuration value points to an existing magic.db file', file_exists($t_fileinfo_magic_db_file));
$t_finfo = new finfo(FILEINFO_MIME, $t_fileinfo_magic_db_file);
} else {
$t_finfo = new finfo(FILEINFO_MIME);
}
check_print_test_row('Fileinfo extension can find and load a valid magic.db file', $t_finfo !== false, array(false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.'));
}
$t_result = db_query_bound( 'SHOW TABLE STATUS' );
while( $t_row = db_fetch_array( $t_result ) ) {
if( $t_row['Comment'] !== 'VIEW' &&
preg_match( "/^$t_table_prefix_regex_safe.+?$t_table_suffix_regex_safe\$/", $t_row['Name'] ) ) {
check_print_test_row(
'Table <em>' . htmlentities( $t_row['Name'] ) . '</em> is using UTF-8 collation',
substr( $t_row['Collation'], 0, 5 ) === 'utf8_',
array( false => 'Table ' . htmlentities( $t_row['Name'] ) . ' is using ' . htmlentities( $t_row['Collation'] ) . ' collation where UTF-8 collation is required.' )
);
}
}
foreach( db_get_table_list() as $t_table ) {
if( preg_match( "/^$t_table_prefix_regex_safe.+?$t_table_suffix_regex_safe\$/", $t_table ) ) {
$t_result = db_query_bound( 'SHOW FULL FIELDS FROM ' . $t_table );
while( $t_row = db_fetch_array( $t_result ) ) {
if ( $t_row['Collation'] === null ) {
continue;
}
check_print_test_row(
'Text column <em>' . htmlentities( $t_row['Field'] ) . '</em> of type <em>' . $t_row['Type'] . '</em> on table <em>' . htmlentities( $t_table ) . '</em> is is using UTF-8 collation',
substr( $t_row['Collation'], 0, 5 ) === 'utf8_',
array( false => 'Text column ' . htmlentities( $t_row['Field'] ) . ' of type ' . $t_row['Type'] . ' on table ' . htmlentities( $t_table ) . ' is using ' . htmlentities( $t_row['Collation'] ) . ' collation where UTF-8 collation is required.' )
);
}
}
}
}
foreach ($t_paths as $t_path_config_name => $t_path) {
check_print_test_row($t_path_config_name . ' configuration option has a trailing directory separator', substr($t_path['config_value'], -1, 1) == DIRECTORY_SEPARATOR, array(false => "You must provide a trailing directory separator (" . DIRECTORY_SEPARATOR . ") to the end of '" . htmlspecialchars($t_path['config_value']) . "'."));
}
# Is a directory
foreach ($t_paths as $t_path_config_name => $t_path) {
check_print_test_row($t_path_config_name . ' configuration option points to a valid directory', is_dir($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' is not a valid directory."));
}
# Is readable
foreach ($t_paths as $t_path_config_name => $t_path) {
check_print_test_row($t_path_config_name . ' configuration option points to an accessible directory', is_readable($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' is not accessible."));
}
# File upload default path must be writeable
if (DISK == config_get_global('file_upload_method')) {
$t_path_config_name = 'absolute_path_default_upload_folder';
$t_path = $t_paths[$t_path_config_name];
check_print_test_row($t_path_config_name . ' configuration option points to a writable directory', is_writable($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' must be writable."));
}
if ($g_failed_test) {
return;
}
$t_moveable_paths = array('core_path', 'class_path', 'library_path', 'language_path');
if ($t_paths['absolute_path']['real_path'] !== false) {
$t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['real_path'], '/');
} else {
$t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['config_value'], '/');
}
foreach ($t_moveable_paths as $t_moveable_path) {
if ($t_paths[$t_moveable_path]['real_path'] !== false) {
$t_moveable_real_path = $t_paths[$t_moveable_path]['real_path'];
} else {
$t_moveable_real_path = $t_paths[$t_moveable_path]['config_value'];
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_DISPLAY_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Display');
check_print_test_row('dhtml_filters = ON requires use_javascript = ON', !config_get_global('dhtml_filters') || config_get_global('use_javascript'));
check_print_test_row('bug_link_tag is not blank/null', config_get_global('bug_link_tag'), array(false => 'The value of the bug_link_tag option cannot be blank/null.'));
check_print_test_row('bugnote_link_tag is not blank/null', config_get_global('bugnote_link_tag'), array(false => 'The value of the bugnote_link_tag option cannot be blank/null.'));
}
/**
* MantisBT Check API
*/
require_once( 'check_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
check_print_section_header_row( 'Cryptography' );
check_print_test_row(
'Master salt value has been specified',
strlen( config_get_global( 'crypto_master_salt' ) ) >= 16,
array( false => 'The crypto_master_salt option needs to be specified in config_inc.php with a minimum string length of 16 characters.' )
);
check_print_test_row(
'login_method is not equal to CRYPT_FULL_SALT',
config_get_global( 'login_method' ) != CRYPT_FULL_SALT,
array( false => 'Login method CRYPT_FULL_SALT has been deprecated and should not be used.' )
);
if( config_get_global( 'login_method' ) != LDAP ) {
check_print_test_warn_row(
'login_method is set to MD5',
config_get_global( 'login_method' ) == MD5,
'MD5 password encryption is currently the strongest password storage method supported by MantisBT.'
);
}
/**
* This file contains configuration checks for internationalization issues
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_I18N_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Internationalization');
$t_config_default_timezone = config_get_global('default_timezone');
if ($t_config_default_timezone) {
check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => "Default timezone is '" . htmlentities($t_config_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. " . 'Refer to the <a href="http://php.net/timezones">List of Supported Timezones</a>.'));
} else {
$t_php_default_timezone = ini_get('date.timezone');
$t_msg = 'No timezone has been specified in config_inc.php (default_timezone option)';
$t_tz_link = '<a href="http://ch1.php.net/datetime.configuration#ini.date.timezone">date.timezone</a>';
if ($t_php_default_timezone) {
check_print_test_row($t_msg, in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => "Default timezone (specified by the {$t_tz_link} directive in php.ini) " . "is '" . htmlentities($t_php_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. "));
} else {
check_print_test_warn_row($t_msg, !empty($t_php_default_timezone), array(false => "Timezone has been defaulted to 'UTC'."));
}
}
/**
* Check Mantis config configuration
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
*/
if (!defined('CHECK_CONFIG_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
check_print_section_header_row('Configuration');
check_print_test_row('config_inc.php configuration file exists', file_exists($g_config_path . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.'));
check_print_test_row('config_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'config_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_strings_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_strings_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_functions_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_functions_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_constants_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_constants_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_relationships_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_relationships_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('api/soap/mc_config_inc.php is no longer supported', !file_exists($g_absolute_path . 'api/soap/mc_config_inc.php'), array(false => 'Move contents of api/soap/mc_config_inc.php into config/config_inc.php.'));
# Debugging / Developer Settings
check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use'));
check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser'));
check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.'));
check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;'));
check_print_test_warn_row('Email debugging should be OFF', empty($g_debug_email), array(false => 'All notification e-mails will be sent to: ' . $g_debug_email));
# Obsolete Settings
require_api('obsolete.php');
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains configuration checks for internationalization issues
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_I18N_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Internationalization');
$t_config_default_timezone = config_get_global('default_timezone');
if ($t_config_default_timezone) {
check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => 'Default timezone is: ' . htmlentities($t_config_default_timezone), false => 'Invalid timezone \'' . htmlentities($t_config_default_timezone) . '\' specified for the default_timezone configuration option.'));
} else {
$t_php_default_timezone = ini_get('date.timezone');
check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option) or php.ini (date.timezone directive)', in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => 'Default timezone (specified by the date.timezone directive in php.ini) is: ' . htmlentities($t_php_default_timezone), false => 'Invalid timezone \'' . htmlentities($t_php_default_timezone) . '\' specified for the date.timezone php.ini directive.'));
}
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses utility_api.php
*/
if (!defined('CHECK_EMAIL_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('utility_api.php');
check_print_section_header_row('Email');
$t_email_options = array('webmaster_email', 'from_email', 'return_path_email');
foreach ($t_email_options as $t_email_option) {
$t_email = config_get_global($t_email_option);
check_print_test_row($t_email_option . ' configuration option has a valid email address specified', !preg_match('/@example\\.com$/', $t_email), array(false => 'You need to specify a valid email address for the ' . $t_email_option . ' configuration option.'));
}
check_print_test_warn_row('Email addresses are validated', config_get_global('validate_email'), array(false => 'You have disabled email validation checks. For security reasons it is suggested that you enable these validation checks.'));
check_print_test_row('send_reset_password = ON requires allow_blank_email = OFF', !config_get_global('send_reset_password') || !config_get_global('allow_blank_email'));
check_print_test_row('send_reset_password = ON requires enable_email_notification = ON', !config_get_global('send_reset_password') || config_get_global('enable_email_notification'));
check_print_test_row('allow_signup = ON requires enable_email_notification = ON', !config_get_global('allow_signup') || config_get_global('enable_email_notification'));
check_print_test_row('allow_signup = ON requires send_reset_password = ON', !config_get_global('allow_signup') || config_get_global('send_reset_password'));
check_print_test_row('variables_order php.ini directive contains GPCS', stripos($t_variables_order, 'G') !== false && stripos($t_variables_order, 'P') !== false && stripos($t_variables_order, 'C') !== false && stripos($t_variables_order, 'S') !== false, array(false => 'The value of this directive is currently: ' . $t_variables_order));
check_print_test_row('magic_quotes_gpc php.ini directive is disabled', !(function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_row('magic_quotes_runtime php.ini directive is disabled', !(function_exists('get_magic_quotes_runtime') && @get_magic_quotes_runtime()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_row('register_globals php.ini directive is disabled', !ini_get_bool('register_globals'), array(false => 'PHP\'s register globals feature is <a href="http://php.net/manual/en/security.globals.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_warn_row('register_argc_argv php.ini directive is disabled', !ini_get_bool('register_argc_argv'), array(false => 'This directive should be disabled to increase performance (it only affects PHP in CLI mode).'));
check_print_test_warn_row('register_long_arrays php.ini directive is disabled', !ini_get_bool('register_long_arrays'), array(false => 'This directive is deprecated in PHP 5.3.0 and should be disabled for performance reasons.'));
check_print_test_warn_row('auto_globals_jit php.ini directive is enabled', ini_get_bool('auto_globals_jit'), array(false => 'This directive is currently disabled: enable it for a performance gain.'));
check_print_test_warn_row('display_errors php.ini directive is disabled', !ini_get_bool('display_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.'));
check_print_test_warn_row('display_startup_errors php.ini directive is disabled', !ini_get_bool('display_startup_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.'));
check_print_test_warn_row('PHP errors are being logged or reported', ini_get_bool('display_errors') || ini_get_bool('log_errors'), array(false => 'PHP is not currently set to log or report errors and thus you may be unaware of PHP errors that occur.'));
check_print_info_row('php.ini directive: memory_limit', htmlentities(ini_get_number('memory_limit')) . ' bytes');
check_print_info_row('php.ini directive: post_max_size', htmlentities(ini_get_number('post_max_size')) . ' bytes');
check_print_test_row('memory_limit php.ini directive is at least equal to the post_max_size directive', ini_get_number('memory_limit') >= ini_get_number('post_max_size'), array(false => 'The current value of the memory_limit directive is ' . htmlentities(ini_get_number('memory_limit')) . ' bytes. This value needs to be at least equal to the post_max_size directive value of ' . htmlentities(ini_get_number('post_max_size')) . ' bytes.'));
check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No');
check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes');
check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.'));
$t_disabled_functions = explode(',', ini_get('disable_functions'));
foreach ($t_disabled_functions as $t_disabled_function) {
$t_disabled_function = trim($t_disabled_function);
if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') {
check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.');
}
}
$t_disabled_classes = explode(',', ini_get('disable_classes'));
foreach ($t_disabled_classes as $t_disabled_class) {
$t_disabled_class = trim($t_disabled_class);
if ($t_disabled_class) {
check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.');
}
}
# Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php)
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Paths');
$t_path_config_names = array('absolute_path', 'core_path', 'class_path', 'library_path', 'language_path');
$t_paths = array();
foreach ($t_path_config_names as $t_path_config_name) {
$t_new_path = array();
$t_new_path['config_value'] = config_get_global($t_path_config_name);
$t_new_path['real_path'] = realpath($t_new_path['config_value']);
$t_paths[$t_path_config_name] = $t_new_path;
}
foreach ($t_paths as $t_path_config_name => $t_path) {
check_print_test_row($t_path_config_name . ' configuration option has a trailing directory separator', substr($t_path['config_value'], -1, 1) == DIRECTORY_SEPARATOR, array(false => 'You must provide a trailing directory separator (' . DIRECTORY_SEPARATOR . ') to the end of the ' . $t_path_config_name . ' configuration value.'));
}
foreach ($t_paths as $t_path_config_name => $t_path) {
check_print_test_row($t_path_config_name . ' configuration option points to a valid directory', is_dir($t_path['config_value']), array(false => 'The path specified by the ' . $t_path_config_name . ' configuration option does not point to a valid and accessible directory.'));
}
if ($g_failed_test) {
return;
}
$t_moveable_paths = array('core_path', 'class_path', 'library_path', 'language_path');
if ($t_paths['absolute_path']['real_path'] !== false) {
$t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['real_path'], '/');
} else {
$t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['config_value'], '/');
}
foreach ($t_moveable_paths as $t_moveable_path) {
if ($t_paths[$t_moveable_path]['real_path'] !== false) {
$t_moveable_real_path = $t_paths[$t_moveable_path]['real_path'];
} else {
$t_moveable_real_path = $t_paths[$t_moveable_path]['config_value'];
}
check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.'));
check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes');
check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.'));
$t_use_xsendfile = config_get_global('file_download_xsendfile_enabled');
check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No');
if ($t_use_xsendfile) {
check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.'));
$t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name');
if ($t_xsendfile_header_name !== 'X-Sendfile') {
check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name);
}
}
$t_finfo_exists = class_exists('finfo');
check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.'));
if ($t_finfo_exists) {
$t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file');
if ($t_fileinfo_magic_db_file) {
check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file'));
check_print_test_row('fileinfo_magic_db_file configuration value points to an existing magic.db file', file_exists($t_fileinfo_magic_db_file));
$t_finfo = new finfo(FILEINFO_MIME, $t_fileinfo_magic_db_file);
} else {
$t_finfo = new finfo(FILEINFO_MIME);
}
check_print_test_row('Fileinfo extension can find and load a valid magic.db file', $t_finfo !== false, array(false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.'));
}
$t_file_type_icons = config_get('file_type_icons');
foreach ($t_file_type_icons as $t_ext => $t_filename) {
$t_file_path = dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'images' . DIRECTORY_SEPARATOR . 'fileicons' . DIRECTORY_SEPARATOR . $t_filename;
check_print_test_row("Testing icon for extension '{$t_ext}'...", file_exists($t_file_path), array(false => 'File not found: ' . $t_file_path));
}
return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.' ) );
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
*/
if (!defined('CHECK_CONFIG_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
check_print_section_header_row('Configuration');
check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.'));
check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use'));
check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser'));
require_api('obsolete.php');
return;
}
# MantisBT Check API
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Display');
check_print_test_row('bug_link_tag is not blank/null', config_get_global('bug_link_tag'), array(false => 'The value of the bug_link_tag option cannot be blank/null.'));
check_print_test_row('bugnote_link_tag is not blank/null', config_get_global('bugnote_link_tag'), array(false => 'The value of the bugnote_link_tag option cannot be blank/null.'));
if (plugin_is_installed('MantisGraph')) {
plugin_push_current('MantisGraph');
check_print_test_row('Checking GD library is enabled, and version 2...', get_gd_version() == 2);
if (plugin_config_get('eczlibrary', ON) == OFF) {
$t_jpgraph_path = plugin_config_get('jpgraph_path');
if ($t_jpgraph_path == '') {
$t_jpgraph_path = config_get('absolute_path') . 'library/jpgraph';
}
$t_jpgraph_path .= '/jpgraph.php';
$t_jpgraph_found = check_print_test_row('Checking we can find jpgraph library class files', file_exists($t_jpgraph_path), dirname($t_jpgraph_path));
if ($t_jpgraph_found) {
require_once $t_jpgraph_path;
# Old versions of jpgraph did not define the constant
$t_jpgraph_version = defined('JPG_VERSION') ? JPG_VERSION : 'Unknown version';
check_print_test_row('Checking jpgraph library version is at least 2.3.0', version_compare($t_jpgraph_version, '2.3.0', '>='), $t_jpgraph_version);
}
$t_jpgraph_antialias = plugin_config_get('jpgraph_antialias', OFF);
if ($t_jpgraph_antialias) {
check_print_test_row('jpgraph anti-aliasing requires the php-bundled GD library', $t_jpgraph_antialias == OFF || function_exists('imageantialias'), array(false => 'The functionality requires the imageantialias() function'));
}
}
plugin_pop_current();
}
* Check Mantis config configuration
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
*/
if (!defined('CHECK_CONFIG_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
check_print_section_header_row('Configuration');
check_print_test_row('config_inc.php configuration file exists', file_exists($g_config_path . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.'));
check_print_test_row('config_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'config_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_strings_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_strings_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_functions_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_functions_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_constants_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_constants_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_relationships_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_relationships_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('api/soap/mc_config_inc.php is no longer supported', !file_exists($g_absolute_path . 'api/soap/mc_config_inc.php'), array(false => 'Move contents of api/soap/mc_config_inc.php into config/config_inc.php.'));
# Debugging / Developer Settings
check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use'));
check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser'));
check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.'));
check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;'));
check_print_test_warn_row('Email debugging should be OFF', empty($g_debug_email), array(false => 'All notification e-mails will be sent to: ' . $g_debug_email));
check_print_test_row('Default move category must exists ("default_category_for_moves")', category_exists(config_get('default_category_for_moves')), array(false => 'Issues moved may end up with invalid category id.'));
# Obsolete Settings
require_api('obsolete.php');
