Source for file file_support.php

Documentation is available at file_support.php

  1. <?php
  2. /**
  3. * Test class for CURL file_support
  4. *
  5. * @package PhpSecInfo
  6. * @author Ed Finkler <coj@funkatron.com>
  7. */
  8.  
  9. /**
  10. * require the PhpSecInfo_Test_Curl class
  11. */
  12. require_once('PhpSecInfo/Test/Test_Curl.php');
  13.  
  14. /**
  15. * Test class for CURL file_support
  16. *
  17. * Checks for CURL file:// support; if this is installed, it can be used to bypass
  18. * safe_mode and open_basedir
  19. *
  20. *
  21. * @package PhpSecInfo
  22. * @author Ed Finkler <coj@funkatron.com>
  23. */
  24. class PhpSecInfo_Test_Curl_File_Support extends PhpSecInfo_Test_Curl
  25. {
  26.  
  27. /**
  28. * This should be a <b>unique</b>, human-readable identifier for this test
  29. *
  30. * @var string
  31. */
  32. var $test_name = "file_support";
  33.  
  34. var $recommended_value = '5.1.6+ or 4.4.4+';
  35.  
  36. function _retrieveCurrentValue() {
  37. $this->current_value = PHP_VERSION;
  38. }
  39.  
  40. /**
  41. * Checks to see if libcurl's "file://" support is enabled by examining the "protocols" array
  42. * in the info returned from curl_version()
  43. * @return integer
  44. *
  45. */
  46. function _execTest() {
  47.  
  48. $curlinfo = curl_version();
  49.  
  50. if ( version_compare($this->current_value, '5.1.6', '>=') ||
  51. (version_compare($this->current_value, '4.4.4', '>=')) && ( version_compare($this->current_value, '5', '<') )
  52. ) {
  53. return PHPSECINFO_TEST_RESULT_OK;
  54. } else {
  55. return PHPSECINFO_TEST_RESULT_WARN;
  56. }
  57.  
  58. }
  59.  
  60.  
  61.  
  62. /**
  63. * Set the messages specific to this test
  64. *
  65. */
  66. function _setMessages() {
  67. parent::_setMessages();
  68.  
  69. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', "You are running PHP 4.4.4 or higher, or PHP 5.1.6 or higher. These versions fix the security hole present in the cURL functions that allow it to bypass safe_mode and open_basedir restrictions.");
  70. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', "A security hole present in your version of PHP allows the cURL functions to bypass safe_mode and open_basedir restrictions. You should upgrade to the latest version of PHP.");
  71.  
  72. }
  73.  
  74. }

Documentation generated on Mon, 26 Feb 2007 10:49:56 -0500 by phpDocumentor 1.3.0RC3