Source for file expose_php.php

Documentation is available at expose_php.php

  1. <?php
  2. /**
  3. * Test class for expose_php
  4. *
  5. * @package PhpSecInfo
  6. * @author Ed Finkler <coj@funkatron.com>
  7. */
  8.  
  9.  
  10. /**
  11. * require the PhpSecInfo_Test_Core class
  12. */
  13. require_once('PhpSecInfo/Test/Test_Core.php');
  14.  
  15. /**
  16. * Test class for expose_php
  17. *
  18. * @package PhpSecInfo
  19. */
  20. class PhpSecInfo_Test_Core_Expose_Php extends PhpSecInfo_Test_Core
  21. {
  22.  
  23. /**
  24. * This should be a <b>unique</b>, human-readable identifier for this test
  25. *
  26. * @var string
  27. */
  28. var $test_name = "expose_php";
  29. var $recommended_value = FALSE;
  30. function _retrieveCurrentValue() {
  31. $this->current_value = $this->returnBytes(ini_get('expose_php'));
  32. }
  33. /**
  34. * Checks to see if expose_php is enabled
  35. *
  36. */
  37. function _execTest() {
  38. if ($this->current_value == $this->recommended_value) {
  39. return PHPSECINFO_TEST_RESULT_OK;
  40. }
  41. return PHPSECINFO_TEST_RESULT_NOTICE;
  42. }
  43. /**
  44. * Set the messages specific to this test
  45. *
  46. */
  47. function _setMessages() {
  48. parent::_setMessages();
  49. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'expose_php is disabled, which is the recommended setting');
  50. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'expose_php is enabled. This adds
  51. the PHP "signature" to the web server header, including the PHP version number. This
  52. could attract attackers looking for vulnerable versions of PHP');
  53. }
  54.  
  55. }

Documentation generated on Fri, 06 Apr 2007 13:32:10 -0400 by phpDocumentor 1.3.0RC3