Source for file allow_url_include.php

Documentation is available at allow_url_include.php

  1. <?php
  2. /**
  3. * Test Class for allow_url_include
  4. *
  5. * @package PhpSecInfo
  6. * @author Ed Finkler <coj@funkatron.com>
  7. */
  8.  
  9.  
  10. /**
  11. * require the PhpSecInfo_Test_Core class
  12. */
  13. require_once('PhpSecInfo/Test/Test_Core.php');
  14.  
  15. /**
  16. * Test Class for allow_url_include
  17. *
  18. * @package PhpSecInfo
  19. *
  20. *
  21. */
  22. class PhpSecInfo_Test_Core_Allow_Url_Include extends PhpSecInfo_Test_Core
  23. {
  24. /**
  25. * This should be a <b>unique</b>, human-readable identifier for this test
  26. *
  27. * @var string
  28. */
  29. var $test_name = "allow_url_include";
  30.  
  31.  
  32. var $recommended_value = FALSE;
  33.  
  34. function _retrieveCurrentValue() {
  35. $this->current_value = $this->getBooleanIniValue('allow_url_include');
  36. }
  37. /**
  38. * Checks to see if allow_url_fopen is enabled
  39. *
  40. */
  41. function _execTest() {
  42. if ($this->current_value == $this->recommended_value) {
  43. return PHPSECINFO_TEST_RESULT_OK;
  44. }
  45.  
  46. return PHPSECINFO_TEST_RESULT_WARN;
  47. }
  48.  
  49.  
  50. /**
  51. * allow_url_include is only available since PHP 5.2
  52. *
  53. * @return boolean
  54. */
  55. function isTestable() {
  56.  
  57. if ( version_compare(PHP_VERSION, '5.2', '<') ) {
  58. return false;
  59. } else {
  60. return true;
  61. }
  62. }
  63.  
  64.  
  65.  
  66. /**
  67. * Set the messages specific to this test
  68. *
  69. */
  70. function _setMessages() {
  71. parent::_setMessages();
  72.  
  73. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', 'You are running a version of PHP older than 5.2, and allow_url_include is not available');
  74. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'allow_url_include is disabled, which is the recommended setting');
  75. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'allow_url_include is enabled. This could be a serious security risk. You should disable allow_url_include and consider using the <a href="http://php.net/manual/en/ref.curl.php" target="_blank">PHP cURL functions</a> instead.');
  76. }
  77.  
  78.  
  79. }

Documentation generated on Mon, 26 Feb 2007 10:49:55 -0500 by phpDocumentor 1.3.0RC3