-
$_language
-
the language code. Should be a pointer to the setting in the PhpSecInfo object
-
$_message
-
The message corresponding to the result of the test
-
$_messages
-
This is a hash of messages that correspond to various test result levels.
-
$_result
-
The result returned from the test
-
_execTest
-
Check to see if the post_max_size setting is enabled.
-
_execTest
-
Checks to see if allow_url_fopen is enabled
-
_execTest
-
Checks to see if expose_php is enabled
-
_execTest
-
Checks to see if cgi.force_redirect is enabled
-
_execTest
-
Check to see if the memory_limit setting is enabled.
-
_execTest
-
Checks to see if allow_url_fopen is enabled
-
_execTest
-
Checks the GID of the PHP process to make sure it is above PHPSECINFO_MIN_SAFE_GID
-
_execTest
-
Checks to see if allow_url_fopen is enabled
-
_execTest
-
Check if session.save_path matches PHPSECINFO_TEST_COMMON_TMPDIR, or is word-writable
-
_execTest
-
Checks to see if libcurl's "file://" support is enabled by examining the "protocols" array
-
_execTest
-
Checks the GID of the PHP process to make sure it is above PHPSECINFO_MIN_SAFE_UID
-
_execTest
-
Check to see if the post_max_size setting is enabled.
-
_execTest
-
Checks to see if allow_url_fopen is enabled
-
_execTest
-
Checks to see if display_errors is enabled
-
_execTest
-
The "meat" of the test. This is where the real test code goes. You should override this when extending
-
_execTest
-
Check if upload_tmp_dir matches PHPSECINFO_TEST_COMMON_TMPDIR, or is word-writable
-
_execTest
-
Checks to see if allow_url_fopen is enabled
-
_execTest
-
Checks to see if expose_php is enabled
-
_execTest
-
Checks to see if allow_url_fopen is enabled
-
_outputGetCssClassFromResult
-
This is a helper function that returns a CSS class corresponding to the result code the test returned. This allows us to color-code results
-
_outputGetResultTypeFromCode
-
This is a helper function that returns a label string corresponding to the result code the test returned. This is mainly used for the Test Results Summary table.
-
_outputRenderNotRunTable
-
This outputs a table containing a summary or test that were not executed, and the reasons why they were skipped
-
_outputRenderStatsTable
-
This outputs a table containing a summary of the test results (counts and % in each result type)
-
_outputRenderTable
-
This is a helper method that makes it easy to output tables of test results for a given test group
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
Placeholder - extend for tests
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_retrieveCurrentValue
-
-
_setMessage
-
Sets the $this->_message variable based on the passed result and language codes
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages for Curl tests
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
This function loads up result messages into the $this->_messages array.
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages specific to this test
-
_setMessages
-
Set the messages for CGI tests
-
_setResult
-
Sets the result code
-
getBooleanIniValue
-
This method converts the several possible return values from allegedly "boolean" ini settings to proper booleans
-
getCurrentTestValue
-
returns the current value. This function should be used to access the value for display. All values are cast as strings
-
getMessage
-
Retrieves the message for the current result
-
getMoreInfoURL
-
Returns a link to a page with detailed information about the test
-
getOutput
-
returns the standard output as a string instead of echoing it to the browser
-
getRecommendedTestValue
-
returns the recommended value. This function should be used to access the value for display. All values are cast as strings
-
getResult
-
Retrieves the result
-
getResultsAsArray
-
returns an associative array of test data. Four keys are set:
-
getStringValue
-
This just does the usual PHP string casting, except for the boolean FALSE value, where the string "0" is returned instead of an empty string
-
getTestGroup
-
Returns the test group this test belongs to
-
getTestName
-
This retrieves the name of this test.
-
getUnixId
-
Returns an array of data returned from the UNIX 'id' command
-
gid.php
-
-
index.php
-
-
isTestable
-
"Curl" tests should only be run if the curl extension is installed. We can check for this by seeing if the function curl_init() is defined
-
isTestable
-
"Core" tests should pretty much be always testable, so the default is just to return true
-
isTestable
-
"Session" tests should pretty much be always testable, so the default is just to return true
-
isTestable
-
This test only works under Unix OSes
-
isTestable
-
We are disabling this function on Windows OSes right now until we can be certain of the proper way to check world-readability
-
isTestable
-
"CGI" tests should only be run if we're running as a CGI. The best way I could think of to test this was to preg against the php_sapi_name() return value.
-
isTestable
-
Determines whether or not it's appropriate to run this test (for example, if this test is for a particular library, it shouldn't be run if the lib isn't loaded).
-
isTestable
-
This test only works under Unix OSes
-
isTestable
-
magic_quotes_gpc has been removed since PHP 6.0
-
isTestable
-
register_globals has been removed since PHP 6.0
-
isTestable
-
We are disabling this function on Windows OSes right now until we can be certain of the proper way to check world-readability
-
isTestable
-
allow_url_include is only available since PHP 5.2
-
PhpSecInfo
-
This is the main class for the phpsecinfo system. It's responsible for dynamically loading tests, running those tests, and generating the results output
-
PhpSecInfo
-
Constructor
-
phpsecinfo
-
A globally-available function that runs the tests and creates the result page
-
PHPSECINFO_BUILD
-
a YYYYMMDD date string to indicate "build" date
-
PHPSECINFO_LANG_DEFAULT
-
The default language setting if none is set/retrievable
-
PHPSECINFO_MEMORY_LIMIT
-
The max recommended size for the memory_limit setting, in bytes
-
PHPSECINFO_MIN_SAFE_GID
-
the minimum "safe" UID that php should be executing as. This can vary, but in general 100 seems like a good min.
-
PHPSECINFO_MIN_SAFE_UID
-
the minimum "safe" UID that php should be executing as. This can vary, but in general 100 seems like a good min.
-
PhpSecInfo.php
-
-
PHPSECINFO_POST_MAXLIMIT
-
The max recommended size for the post_max_size setting, in bytes
-
PhpSecInfo_Test
-
This is a skeleton class for PhpSecInfo tests You should extend this to make a "group" skeleton to categorize tests under, then make a subdir with your group name that contains test classes extending your group skeleton class.
-
PhpSecInfo_Test
-
Constructor for Test skeleton class
-
PhpSecInfo_Test_Cgi
-
This is a skeleton class for PhpSecInfo "CGI" tests
-
PhpSecInfo_Test_Cgi_Force_Redirect
-
Test class for cgi force_redirect
-
PHPSECINFO_TEST_COMMON_TMPDIR
-
-
PhpSecInfo_Test_Core
-
This is a skeleton class for PhpSecInfo "Core" tests
-
PhpSecInfo_Test_Core_Allow_Url_Fopen
-
Test Class for allow_url_fopen
-
PhpSecInfo_Test_Core_Allow_Url_Include
-
Test Class for allow_url_include
-
PhpSecInfo_Test_Core_Display_Errors
-
Test class for display_errors
-
PhpSecInfo_Test_Core_Expose_Php
-
Test class for expose_php
-
PhpSecInfo_Test_Core_File_Uploads
-
Test Class for file_uploads
-
PhpSecInfo_Test_Core_Gid
-
Test class for GID
-
PhpSecInfo_Test_Core_Magic_Quotes_GPC
-
Test Class for magic_quotes_gpc
-
PhpSecInfo_Test_Core_Memory_Limit
-
Test Class for memory_limit setting
-
PhpSecInfo_Test_Core_Open_Basedir
-
Test Class for open_basedir
-
PhpSecInfo_Test_Core_Post_Max_Size
-
Test Class for post_max_size
-
post_max_size.php
-
-
PhpSecInfo_Test_Core_Register_Globals
-
Test Class for register_globals
-
PhpSecInfo_Test_Core_Uid
-
Test class for UID
-
PhpSecInfo_Test_Core_Upload_Max_Filesize
-
Test Class for upload_max_filesize
-
PhpSecInfo_Test_Core_Upload_Tmp_Dir
-
Test Class for upload_tmp_dir
-
PhpSecInfo_Test_Curl
-
This is a skeleton class for PhpSecInfo "Curl" tests
-
PhpSecInfo_Test_Curl_File_Support
-
Test class for CURL file_support
-
PHPSECINFO_TEST_MOREINFO_BASEURL
-
-
PHPSECINFO_TEST_RESULT_ERROR
-
-
PHPSECINFO_TEST_RESULT_NOTICE
-
-
PHPSECINFO_TEST_RESULT_NOTRUN
-
-
PHPSECINFO_TEST_RESULT_OK
-
-
PHPSECINFO_TEST_RESULT_WARN
-
-
PhpSecInfo_Test_Session
-
This is a skeleton class for PhpSecInfo "Session" tests
-
PhpSecInfo_Test_Session_Save_Path
-
Test class for session save_path
-
PhpSecInfo_Test_Session_Use_Trans_Sid
-
Test class for session use_trans_sid
-
PHPSECINFO_UPLOAD_MAXLIMIT
-
The max recommended size for the upload_max_filesize setting, in bytes
-
PHPSECINFO_URL
-
Homepage for phpsecinfo project
-
PHPSECINFO_VERSION
-
a general version string to differentiate releases
-
$tests_not_run
-
An array of tests that were not run
-
$tests_to_run
-
An array of tests to run
-
$test_group
-
This value is used to group test results together.
-
$test_group
-
This value is used to group test results together.
-
$test_group
-
This value is used to group test results together.
-
$test_group
-
This value is used to group test results together.
-
$test_group
-
This value is used to group test results together.
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_name
-
This should be a unique, human-readable identifier for this test
-
$test_results
-
An array of results. Each result is an associative array:
-
Test_Cgi.php
-
-
Test_Core.php
-
-
Test_Curl.php
-
-
Test.php
-
-
Test_Session.php
-
-
test
-
This is the wrapper that executes the test and sets the result code and message