diff options
author | robocoder <anthon.pang@gmail.com> | 2011-01-10 19:03:27 +0300 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2011-01-10 19:03:27 +0300 |
commit | bae316c9500f56f78aa7b1c596d9ef38b8b50231 (patch) | |
tree | c7f209b4991116253c1adb32af3764d62a27d5b4 /plugins/SecurityInfo/PhpSecInfo | |
parent | afaeb80c609a785e1c7ae05424485edf70ac8248 (diff) |
fixes #1993
git-svn-id: http://dev.piwik.org/svn/trunk@3693 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/SecurityInfo/PhpSecInfo')
-rw-r--r-- | plugins/SecurityInfo/PhpSecInfo/Test/Session/save_path.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/plugins/SecurityInfo/PhpSecInfo/Test/Session/save_path.php b/plugins/SecurityInfo/PhpSecInfo/Test/Session/save_path.php index 5a7ae7752e..8638d1973a 100644 --- a/plugins/SecurityInfo/PhpSecInfo/Test/Session/save_path.php +++ b/plugins/SecurityInfo/PhpSecInfo/Test/Session/save_path.php @@ -38,6 +38,10 @@ class PhpSecInfo_Test_Session_Save_Path extends PhpSecInfo_Test_Session $this->current_value = $this->sys_get_temp_dir(); } } + + if( preg_match('/^[0-9]+;(.+)/', $this->current_value, $matches) ) { + $this->current_value = $matches[1]; + } } @@ -66,9 +70,10 @@ class PhpSecInfo_Test_Session_Save_Path extends PhpSecInfo_Test_Session */ function _execTest() { - $perms = fileperms($this->current_value); - - if ($this->current_value + $perms = @fileperms($this->current_value); + if ($perms === false) { + return PHPSECINFO_TEST_RESULT_WARN; + } else if ($this->current_value && !preg_match("|".PHPSECINFO_TEST_COMMON_TMPDIR."/?|", $this->current_value) && ! ($perms & 0x0004) && ! ($perms & 0x0002) ) { @@ -91,6 +96,7 @@ class PhpSecInfo_Test_Session_Save_Path extends PhpSecInfo_Test_Session $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', 'Test not run -- currently disabled on Windows OSes'); $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'save_path is enabled, which is the recommended setting. Make sure your save_path path is not world-readable'); + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'unable to retrieve file permissions on save_path'); $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'save_path is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access session files. You should set save_path to a non-world-readable directory'); |