/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', 'You are running PHP 6 or later and register_globals has been removed');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'register_globals is disabled, which is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'register_globals is enabled. This could be a serious security risk. You should disable register_globals immediately');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', 'You are running a version of PHP older than 5.2, and allow_url_include is not available');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'allow_url_include is disabled, which is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'allow_url_include is enabled. This could be a serious security risk. You should disable allow_url_include and consider using the <a href="http://php.net/manual/en/ref.curl.php" target="_blank">PHP cURL functions</a> instead.');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'PHP is executing as what is probably a non-privileged user');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'PHP may be executing as a "privileged" user, which could be a serious security vulnerability.');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', 'This test will not run on Windows OSes');
}
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', "You are running PHP " . $this->current_value . ($this->current_value == $this->recommended_value ? " (the latest version)." : ". The latest version is " . $this->recommended_value . "."));
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', "You are running PHP " . $this->current_value . ". The latest version of PHP is " . $this->recommended_value . ".");
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', "You are running PHP " . $this->current_value . " which is really old. We recommend running the latest (stable) version of PHP which includes numerous bug fixes and security fixes.");
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_ERROR, 'en', "Unable to determine the latest version of PHP available.");
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'expose_php is disabled, which is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'expose_php is enabled. This adds
the PHP "signature" to the web server header, including the PHP version number. This
could attract attackers looking for vulnerable versions of PHP');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'post_max_size is enabled, and appears to
be a relatively low value');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'post_max_size is not enabled, or is set to
a high value. Allowing a large value may open up your server to denial-of-service attacks');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'upload_tmp_dir is enabled, which is the
recommended setting. Make sure your upload_tmp_dir path is not world-readable');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'upload_tmp_dir is disabled, or is set to a
common world-writable directory. This typically allows other users on this server
to access temporary copies of files uploaded via your PHP scripts. You should set
upload_tmp_dir to a non-world-readable directory');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages() {
parent::_setMessages();
if ( version_compare(PHP_VERSION, '5.2', '<') ) { /* this is much more severe if we're running < 5.2 */
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'allow_url_fopen is disabled, which is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the <a href="http://php.net/manual/en/ref.curl.php" target="_blank">PHP cURL functions</a> instead.');
} else {
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'You are running PHP 5.2 or greater, which makes allow_url_fopen significantly safer. Make sure allow_url_include is <em>disabled</em>, though');
}
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'magic_quotes_gpc is disabled, which is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'magic_quotes_gpc is enabled. This
feature is inconsistent in blocking attacks, and can in some cases cause data loss with
uploaded files. You should <i>not</i> rely on magic_quotes_gpc to block attacks. It is
recommended that magic_quotes_gpc be disabled, and input filtering be handled by your PHP
scripts');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'open_basedir is enabled, which is the
recommended setting. Keep in mind that other web applications not written in PHP will not
be restricted by this setting.');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'open_basedir is disabled. When
this is enabled, only files that are in the
given directory/directories and their subdirectories can be read by PHP scripts.
You should consider turning this on. Keep in mind that other web applications not
written in PHP will not be restricted by this setting.');
}
/**
* Set the messages specific to this test
*
* @access public
* @return null
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'memory_limit is enabled, and appears to be set
to a realistic value.');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'memory_limit is set to a very high value. Are
you sure your apps require this much memory? If not, lower the limit, as certain attacks or poor
programming practices can lead to exhaustion of server resources. It is recommended that you set this
to a realistic value (8M for example) from which it can be expanded as required.');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'memory_limit does not appear to be enabled. This
leaves the server vulnerable to attacks that attempt to exhaust resources and creates an environment
where poor programming practices can propagate unchecked. This must be enabled at compile time by
including the parameter "--enable-memory-limit" in the configure line. Once enabled "memory_limit" may
be set in php.ini to define the maximum amount of memory a script is allowed to allocate.');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
// HACK: Force to grab current versions - this will fetch the latest version
$this->_retrieveCurrentVersions();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', $this->_message_ok);
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', "You are running a version of PHP that has reached End of Life for support. You should upgrade to the latest version of PHP immediately.");
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'You are running a version of PHP that is not the most recent and may be near End of Life for support. You should begin to migrate to the latest version of PHP as soon as possible.');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'upload_max_filesize is enabled, and appears to be a relatively low value.');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'upload_max_filesize is not enabled, or is set to a high value. Are you sure your apps require uploading files of this size? If not, lower the limit, as large file uploads can impact server performance');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'display_errors is disabled, which is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'display_errors is enabled. This is not recommended on "production" servers, as it could reveal sensitive information. You should consider disabling this feature');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'file_uploads are disabled. Unless you\'re sure you need them, this is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'file_uploads are enabled. If you do not require file upload capability, consider disabling them.');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'allow_url_fopen is disabled, which is the recommended setting');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the <a href="http://php.net/manual/en/ref.curl.php" target="_blank">PHP cURL functions</a> instead.');
}
/**
* Set the messages specific to this test
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'PHP is executing as what is probably a non-privileged group');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'PHP may be executing as a "privileged" group, which could be a serious security vulnerability.');
}
