if( db_is_mysql() ) {
check_print_test_row(
'Version of MySQL being used is within the <a href="http://www.mysql.com/about/legal/lifecycle/">MySQL extended lifecycle period</a>',
version_compare( $t_database_server_info['version'], '5.0', '>=' ),
array(
true => 'Extended lifecycle support ends on 2011-12-31 for MySQL 5.0 and on 2013-12-31 for MySQL 5.1.',
false => 'The version of MySQL you are using is ' . htmlentities( $t_database_server_info['version'] ) . '. This version is no longer supported and should not be used as security flaws discovered in this version will not be fixed.'
)
);
check_print_test_warn_row(
'Version of MySQL being used is within the <a href="http://www.mysql.com/about/legal/lifecycle/">MySQL active lifecycle period</a>',
version_compare( $t_database_server_info['version'], '5.1', '>=' ),
array(
true => 'Active lifecycle support ends on 2010-12-31 for MySQL 5.1.',
false => 'The version of MySQL you are using is ' . htmlentities( $t_database_server_info['version'] ) . '. It is recommended you use a newer version of MySQL still within the active lifecycle period.'
)
);
}
if( db_is_pgsql() ) {
check_print_test_row(
'Version of PostgreSQL being used still has <a href="http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy">release support</a>',
version_compare( $t_database_server_info['version'], '7.4', '>=' ),
array( false => 'The version of PostgreSQL you are using is '. htmlentities( $t_database_server_info['version'] ). '. This version is no longer supported and should not be used as security flaws discovered in this version will not be fixed.' )
);
}
$t_path_config_name = 'absolute_path_default_upload_folder';
$t_path = $t_paths[$t_path_config_name];
check_print_test_row($t_path_config_name . ' configuration option points to a writable directory', is_writable($t_path['config_value']), array(false => "The path '" . htmlspecialchars($t_path['config_value']) . "' must be writable."));
}
if ($g_failed_test) {
return;
}
$t_moveable_paths = array('core_path', 'class_path', 'library_path', 'language_path');
if ($t_paths['absolute_path']['real_path'] !== false) {
$t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['real_path'], '/');
} else {
$t_absolute_path_regex_safe = preg_quote($t_paths['absolute_path']['config_value'], '/');
}
foreach ($t_moveable_paths as $t_moveable_path) {
if ($t_paths[$t_moveable_path]['real_path'] !== false) {
$t_moveable_real_path = $t_paths[$t_moveable_path]['real_path'];
} else {
$t_moveable_real_path = $t_paths[$t_moveable_path]['config_value'];
}
check_print_test_warn_row($t_moveable_path . ' configuration option is set to a path outside the web root', !preg_match("/^{$t_absolute_path_regex_safe}/", $t_moveable_real_path), array(false => 'For increased security it is recommended that you move the ' . $t_moveable_path . ' directory outside the web root.'));
}
$t_removeable_directories = array('doc');
foreach ($t_removeable_directories as $t_removeable_directory) {
check_print_test_warn_row('Directory <em><a href="' . htmlentities(config_get_global('short_path')) . $t_removeable_directory . '">' . $t_removeable_directory . '</a></em> does not need to exist within the MantisBT root', !is_dir($t_paths['absolute_path']['config_value'] . $t_removeable_directory), array(false => 'The ' . $t_removeable_directory . ' directory within the MantisBT root should be removed as it is not needed for the live operation of MantisBT.'));
}
$t_developer_directories = array('docbook', 'packages', 'tests');
foreach ($t_developer_directories as $t_developer_directory) {
check_print_test_warn_row('Directory <em><a href="' . htmlentities(config_get_global('short_path')) . $t_developer_directory . '">' . $t_developer_directory . '</a></em> exists. These files are not included in MantisBT builds. For production use, please use a release build/snapshot, and not the developer git code.', !is_dir($t_paths['absolute_path']['config_value'] . $t_developer_directory), array(false => 'The ' . $t_developer_directory . ' directory within the MantisBT root is for development use and is not included in official releases of MantisBT.'));
}
check_print_test_warn_row('Directory <em><a href="' . htmlentities(config_get_global('short_path')) . 'api">api</a></em> should be removed from the MantisBT root if you do not plan on using <a href="http://en.wikipedia.org/wiki/SOAP">SOAP</a>', !is_dir($t_paths['absolute_path']['config_value'] . 'api'));
$t_date_eol = null;
end($t_versions);
$t_assume = array('older', key($t_versions), 'at end of life');
}
check_print_test_warn_row('PostgreSQL version support information availability', false, array(false => 'Release information for version ' . $t_db_major_version . ' is not available. ' . vsprintf('Since it is %s than %s, we assume it is %s. ', $t_assume) . 'Please refer to the <a href="' . $t_support_url . '">PostgreSQL release support policy</a> to make sure.'));
}
check_print_test_row('Version of PostgreSQL is <a href="' . $t_support_url . '">supported</a>', date_create($t_date_eol) > date_create('now'), array(false => 'PostgreSQL version ' . htmlentities($t_db_version) . ' is no longer supported and should not be used, as security flaws discovered in this version will not be fixed.'));
}
}
$t_table_prefix = config_get_global('db_table_prefix');
check_print_info_row('Prefix added to each MantisBT table name', htmlentities($t_table_prefix));
$t_table_plugin_prefix = config_get_global('db_table_plugin_prefix');
check_print_info_row('Prefix added to each Plugin table name', htmlentities($t_table_plugin_prefix));
$t_table_suffix = config_get_global('db_table_suffix');
check_print_info_row('Suffix added to each MantisBT table name', htmlentities($t_table_suffix));
check_print_test_warn_row('Plugin table prefix should not be empty', !empty($t_table_plugin_prefix), array(false => 'Defining $g_db_table_plugin_prefix allows easy identification of plugin-specific vs MantisBT core tables'));
if (db_is_mysql()) {
$t_table_prefix_regex_safe = preg_quote($t_table_prefix, '/');
$t_table_suffix_regex_safe = preg_quote($t_table_suffix, '/');
# Field names from MySQL data dictionary
# mysql returns fields with uppercase first letter, whereas
# mysqli uses all lowercase.
switch ($g_db_type) {
case 'mysql':
$t_field_name = 'Name';
$t_field_comment = 'Comment';
$t_field_collation = 'Collation';
$t_field_field = 'Field';
$t_field_type = 'Type';
break;
case 'mysqli':
}
/**
* MantisBT Check API
*/
require_once( 'check_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
check_print_section_header_row( 'Cryptography' );
check_print_test_row(
'Master salt value has been specified',
strlen( config_get_global( 'crypto_master_salt' ) ) >= 16,
array( false => 'The crypto_master_salt option needs to be specified in config_inc.php with a minimum string length of 16 characters.' )
);
check_print_test_row(
'login_method is not equal to CRYPT_FULL_SALT',
config_get_global( 'login_method' ) != CRYPT_FULL_SALT,
array( false => 'Login method CRYPT_FULL_SALT has been deprecated and should not be used.' )
);
if( config_get_global( 'login_method' ) != LDAP ) {
check_print_test_warn_row(
'login_method is set to MD5',
config_get_global( 'login_method' ) == MD5,
'MD5 password encryption is currently the strongest password storage method supported by MantisBT.'
);
}
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses constant_inc.php
*/
if (!defined('CHECK_WEBSERVICE_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('constant_inc.php');
check_print_section_header_row('Webservice');
$t_library_path = config_get_global('library_path');
$t_library_path = realpath($t_library_path);
if ($t_library_path[strlen($t_library_path) - 1] != '/') {
$t_library_path .= '/';
}
check_print_test_warn_row("Legacy <em>library/nusoap</em> folder must be deleted.", !is_dir($t_library_path . 'nusoap'));
check_print_test_warn_row('SOAP Extension Enabled', extension_loaded('soap'), array(false => 'Enable the PHP SOAP extension.'));
/**
* Check File integrity of local files against release
*
* @param string $p_directory Directory.
* @param string $p_base_directory Base directory.
* @param string $p_relative_path_prefix Relative path prefix.
* @param array $p_ignore_files Files to ignore.
* @return void
*/
function check_file_integrity_recursive($p_directory, $p_base_directory, $p_relative_path_prefix = '', array $p_ignore_files = array())
{
global $g_integrity_blobs, $g_integrity_release_blobs;
if ($t_handle = opendir($p_directory)) {
while (false !== ($t_file = readdir($t_handle))) {
if ($t_file == '.' || $t_file == '..') {
continue;
}
$t_file_absolute = $p_directory . $t_file;
$t_file_relative = preg_replace('@^' . preg_quote($p_base_directory, '@') . '@', '', $t_file_absolute);
$t_file_relative = $p_relative_path_prefix . $t_file_relative;
$t_file_relative = strtr($t_file_relative, '\\', '/');
$t_file_relative = ltrim($t_file_relative, '/');
if (is_dir($t_file_absolute)) {
if (in_array($t_file_relative . '/', $p_ignore_files)) {
continue;
}
check_file_integrity_recursive($t_file_absolute . DIRECTORY_SEPARATOR, $p_base_directory, $p_relative_path_prefix, $p_ignore_files);
} else {
if (is_file($t_file_absolute)) {
if (in_array($t_file_relative, $p_ignore_files)) {
continue;
}
$t_file_hash = create_git_object_hash($t_file_absolute);
$t_integrity_ok = false;
$t_integrity_info = 'This file does not originate from any official MantisBT release or snapshot.';
$t_release = get_release_containing_object_hash($t_file_relative, $t_file_hash);
if ($t_release !== null) {
$t_integrity_ok = true;
$t_release_sanitised = htmlentities($t_release);
$t_integrity_info = 'Matches file from release <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=release-' . $t_release_sanitised . '">' . $t_release_sanitised . '</a>.';
} else {
$t_commit = get_commit_containing_object_hash($t_file_relative, $t_file_hash);
if ($t_commit !== null) {
$t_integrity_ok = true;
$t_commit_sanitised = htmlentities($t_commit);
$t_integrity_info = 'Matches file introduced or modified in commit <a href="http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=' . $t_commit_sanitised . '">' . $t_commit_sanitised . '</a>.';
}
}
check_print_test_warn_row(htmlentities($t_file_absolute), $t_integrity_ok, $t_integrity_info);
}
}
}
}
}
/**
* This file contains configuration checks for internationalization issues
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
*/
if (!defined('CHECK_I18N_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
require_api('config_api.php');
check_print_section_header_row('Internationalization');
$t_config_default_timezone = config_get_global('default_timezone');
if ($t_config_default_timezone) {
check_print_test_row('Default timezone has been specified in config_inc.php (default_timezone option)', in_array($t_config_default_timezone, timezone_identifiers_list()), array(true => "Default timezone is '" . htmlentities($t_config_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. " . 'Refer to the <a href="http://php.net/timezones">List of Supported Timezones</a>.'));
} else {
$t_php_default_timezone = ini_get('date.timezone');
$t_msg = 'No timezone has been specified in config_inc.php (default_timezone option)';
$t_tz_link = '<a href="http://ch1.php.net/datetime.configuration#ini.date.timezone">date.timezone</a>';
if ($t_php_default_timezone) {
check_print_test_row($t_msg, in_array($t_php_default_timezone, timezone_identifiers_list()), array(true => "Default timezone (specified by the {$t_tz_link} directive in php.ini) " . "is '" . htmlentities($t_php_default_timezone) . "'", false => "Invalid timezone '" . htmlentities($t_config_default_timezone) . "' specified. "));
} else {
check_print_test_warn_row($t_msg, !empty($t_php_default_timezone), array(false => "Timezone has been defaulted to 'UTC'."));
}
}
function config_obsolete($p_var, $p_replace = '')
{
global $g_cache_config;
# @@@ we could trigger a WARNING here, once we have errors that can
# have extra data plugged into them (we need to give the old and
# new config option names in the warning text)
if (config_is_set($p_var)) {
$t_description = 'The configuration option <em>' . $p_var . '</em> is now obsolete';
$t_info = '';
// Check if set in the database
if (is_array($g_cache_config) && array_key_exists($p_var, $g_cache_config)) {
$t_info .= 'it is currently defined in ';
if (isset($GLOBALS['g_' . $p_var])) {
$t_info .= 'config_inc.php, as well as in ';
}
$t_info .= 'the database configuration for: <ul>';
foreach ($g_cache_config[$p_var] as $t_user_id => $t_user) {
$t_info .= '<li>' . ($t_user_id == 0 ? lang_get('all_users') : user_get_name($t_user_id)) . ': ';
foreach ($t_user as $t_project_id => $t_project) {
$t_info .= project_get_name($t_project_id) . ', ';
}
$t_info = rtrim($t_info, ', ') . '</li>';
}
$t_info .= '</ul>';
}
// Replacement defined
if (is_array($p_replace)) {
$t_info .= 'please see the following options: <ul>';
foreach ($p_replace as $t_option) {
$t_info .= '<li>' . $t_option . '</li>';
}
$t_info .= '</ul>';
} else {
if (!is_blank($p_replace)) {
$t_info .= 'please use ' . $p_replace . ' instead.';
}
}
check_print_test_warn_row($t_description, false, $t_info);
}
}
check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No');
check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes');
check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.'));
$t_disabled_functions = explode(',', ini_get('disable_functions'));
foreach ($t_disabled_functions as $t_disabled_function) {
$t_disabled_function = trim($t_disabled_function);
if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') {
check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.');
}
}
$t_disabled_classes = explode(',', ini_get('disable_classes'));
foreach ($t_disabled_classes as $t_disabled_class) {
$t_disabled_class = trim($t_disabled_class);
if ($t_disabled_class) {
check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.');
}
}
# Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php)
$t_vars = array('open_basedir', 'extension', 'upload_tmp_dir', 'max_file_uploads', 'date.timezone');
while (list($t_foo, $t_var) = each($t_vars)) {
$t_value = ini_get($t_var);
if ($t_value != '') {
check_print_info_row('php.ini directive: ' . $t_var, htmlentities($t_value));
}
}
if (is_windows_server()) {
check_print_test_warn_row('There is a performance issue on windows for PHP versions < 5.4 in openssl_random_pseudo_bytes', version_compare(phpversion(), '5.4.0', '>='), array(false => 'For best performance upgrade to PHP > 5.4.0.'));
}
check_print_test_warn_row('Check for php bug 61443 - php 5.4.0-5.4.3, trying to use compression with no output handler set', !(ini_get('output_handler') == '' && function_exists('ini_set') && version_compare(PHP_VERSION, '5.4.0', '>=') && version_compare(PHP_VERSION, '5.4.4', '<')), array(false => 'you should consider setting a php output handler, ensuring compression is disabled or upgrading to at least php 5.4.4'));
check_print_test_warn_row('webserver: check SCRIPT_NAME is returned to PHP by web server', isset($_SERVER['SCRIPT_NAME']), array(false => 'Please ensure web server configuration sets SCRIPT_NAME'));
* This file contains configuration checks for email issues
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses utility_api.php
*/
if (!defined('CHECK_EMAIL_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('utility_api.php');
check_print_section_header_row('Email');
$t_email_options = array('webmaster_email', 'from_email', 'return_path_email');
foreach ($t_email_options as $t_email_option) {
$t_email = config_get_global($t_email_option);
check_print_test_row($t_email_option . ' configuration option has a valid email address specified', !preg_match('/@example\\.com$/', $t_email), array(false => 'You need to specify a valid email address for the ' . $t_email_option . ' configuration option.'));
}
check_print_test_warn_row('Email addresses are validated', config_get_global('validate_email'), array(false => 'You have disabled email validation checks. For security reasons it is suggested that you enable these validation checks.'));
check_print_test_row('send_reset_password = ON requires allow_blank_email = OFF', !config_get_global('send_reset_password') || !config_get_global('allow_blank_email'));
check_print_test_row('send_reset_password = ON requires enable_email_notification = ON', !config_get_global('send_reset_password') || config_get_global('enable_email_notification'));
check_print_test_row('allow_signup = ON requires enable_email_notification = ON', !config_get_global('allow_signup') || config_get_global('enable_email_notification'));
check_print_test_row('allow_signup = ON requires send_reset_password = ON', !config_get_global('allow_signup') || config_get_global('send_reset_password'));
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* Check Mantis config configuration
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
*/
if (!defined('CHECK_CONFIG_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
check_print_section_header_row('Configuration');
check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . '/config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.'));
# Debugging / Developer Settings
check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use'));
check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser'));
check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.'));
check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;'));
check_print_test_warn_row('Email debugging should be OFF', $g_debug_email === OFF, array(false => "All notification e-mails will be sent to {$g_debug_email}"));
# Obsolete Settings
require_api('obsolete.php');
if( $t_disabled_function ) {
check_print_test_warn_row(
'<em>' . $t_disabled_function . '</em> function is enabled',
false,
'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.'
);
}
}
$t_disabled_classes = explode( ',', ini_get( 'disable_classes' ) );
foreach( $t_disabled_classes as $t_disabled_class ) {
$t_disabled_class = trim( $t_disabled_class );
if( $t_disabled_class ) {
check_print_test_warn_row(
'<em>' . $t_disabled_class . '</em> class is enabled',
false,
'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.'
);
}
}
# Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php)
$t_vars = array(
'open_basedir',
'extension',
'upload_tmp_dir',
'max_file_uploads',
'date.timezone'
);
while( list( $t_foo, $t_var ) = each( $t_vars ) ) {
check_print_test_row('memory_limit php.ini directive is at least equal to the post_max_size directive', ini_get_number('memory_limit') >= ini_get_number('post_max_size'), array(false => 'The current value of the memory_limit directive is ' . htmlentities(ini_get_number('memory_limit')) . ' bytes. This value needs to be at least equal to the post_max_size directive value of ' . htmlentities(ini_get_number('post_max_size')) . ' bytes.'));
check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No');
check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes');
check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.'));
$t_disabled_functions = explode(',', ini_get('disable_functions'));
foreach ($t_disabled_functions as $t_disabled_function) {
$t_disabled_function = trim($t_disabled_function);
if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') {
check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.');
}
}
$t_disabled_classes = explode(',', ini_get('disable_classes'));
foreach ($t_disabled_classes as $t_disabled_class) {
$t_disabled_class = trim($t_disabled_class);
if ($t_disabled_class) {
check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.');
}
}
# Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php)
$t_vars = array('open_basedir', 'extension', 'upload_tmp_dir', 'max_file_uploads', 'date.timezone');
while (list($t_foo, $t_var) = each($t_vars)) {
$t_value = ini_get($t_var);
if ($t_value != '') {
check_print_info_row('php.ini directive: ' . $t_var, htmlentities($t_value));
}
}
if (is_windows_server()) {
check_print_test_warn_row('There is a performance issue on windows for PHP versions < 5.4 in openssl_random_pseudo_bytes', version_compare(phpversion(), '5.4.0', '>='), array(false => 'For best performance upgrade to PHP > 5.4.0.'));
}
check_print_test_warn_row('Check for php bug 61443 - php 5.4.0-5.4.3, trying to use compression with no output handler set', !(ini_get('output_handler') == '' && function_exists('ini_set') && version_compare(PHP_VERSION, '5.4.0', '>=') && version_compare(PHP_VERSION, '5.4.4', '<')), array(false => 'you should consider setting a php output handler, ensuring compression is disabled or upgrading to at least php 5.4.4'));
check_print_section_header_row('Attachments');
$t_file_uploads_allowed = config_get_global('allow_file_upload');
check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No');
if (!$t_file_uploads_allowed) {
return;
}
check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.'));
check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes');
check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.'));
$t_use_xsendfile = config_get_global('file_download_xsendfile_enabled');
check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No');
if ($t_use_xsendfile) {
check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.'));
$t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name');
if ($t_xsendfile_header_name !== 'X-Sendfile') {
check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name);
}
}
$t_finfo_exists = class_exists('finfo');
check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.'));
if ($t_finfo_exists) {
$t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file');
if ($t_fileinfo_magic_db_file) {
check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file'));
check_print_test_row('fileinfo_magic_db_file configuration value points to an existing magic.db file', file_exists($t_fileinfo_magic_db_file));
$t_finfo = new finfo(FILEINFO_MIME, $t_fileinfo_magic_db_file);
} else {
$t_finfo = new finfo(FILEINFO_MIME);
}
check_print_test_row('Fileinfo extension can find and load a valid magic.db file', $t_finfo !== false, array(false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.'));
}
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
*/
if (!defined('CHECK_CONFIG_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
check_print_section_header_row('Configuration');
check_print_test_row('config_inc.php configuration file exists', file_exists(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.'));
check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use'));
check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser'));
require_api('obsolete.php');
/**
* Checks if an obsolete environment variable is set.
* If so, an error will be generated and the script will exit.
*
* @param string $p_env_variable Old variable.
* @param string $p_new_env_variable New variable.
* @return void
*/
function env_obsolete($p_env_variable, $p_new_env_variable)
{
$t_env = getenv($p_env_variable);
if ($t_env) {
$t_description = 'Environment variable <em>' . $p_env_variable . '</em> is obsolete.';
$t_info = 'please use ' . $p_new_env_variable . ' instead.';
check_print_test_warn_row($t_description, false, $t_info);
}
}
/**
* Check Mantis config configuration
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
*/
if (!defined('CHECK_CONFIG_INC_ALLOW')) {
return;
}
# MantisBT Check API
require_once 'check_api.php';
check_print_section_header_row('Configuration');
check_print_test_row('config_inc.php configuration file exists', file_exists($g_config_path . 'config_inc.php'), array(false => 'Please use <a href="install.php">install.php</a> to perform the initial installation of MantisBT.'));
check_print_test_row('config_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'config_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_strings_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_strings_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_functions_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_functions_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_constants_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_constants_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('custom_relationships_inc.php must not be in MantisBT root folder', !file_exists($g_absolute_path . 'custom_relationships_inc.php'), array(false => 'Move from MantisBT root folder to config folder.'));
check_print_test_row('api/soap/mc_config_inc.php is no longer supported', !file_exists($g_absolute_path . 'api/soap/mc_config_inc.php'), array(false => 'Move contents of api/soap/mc_config_inc.php into config/config_inc.php.'));
# Debugging / Developer Settings
check_print_test_warn_row('Check whether diagnostic logging is enabled', $g_log_level == LOG_NONE, array(false => 'Global Log Level should usually be set to LOG_NONE for production use'));
check_print_test_warn_row('Check whether log output is sent to end user', !($g_log_destination == 'firebug' || $g_log_destination == 'page'), array(false => 'Diagnostic output destination is currently sent to end users browser'));
check_print_test_warn_row('Detailed errors should be OFF', $g_show_detailed_errors == OFF, array(false => 'Setting show_detailed_errors = ON is a potential security hazard as it can expose sensitive information.'));
check_print_test_warn_row('MantisBT Application Errors should halt execution', $g_display_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT, array(false => 'Continuing after an error may lead to system and/or data integrity issues. Set $g_display_errors[E_USER_ERROR] = DISPLAY_ERROR_HALT;'));
check_print_test_warn_row('Email debugging should be OFF', empty($g_debug_email), array(false => 'All notification e-mails will be sent to: ' . $g_debug_email));
# Obsolete Settings
require_api('obsolete.php');
