diff options
| author | vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105> | 2009-12-15 09:41:41 +0300 |
|---|---|---|
| committer | vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105> | 2009-12-15 09:41:41 +0300 |
| commit | dee0f9d967d79b3b3c031244fb86335f9c06a162 (patch) | |
| tree | 16c2aeb7d44d07fce1799ede02d146956c2a7106 /plugins | |
| parent | 99411f4bd63ae7b5617c94b688759c8852ffbbec (diff) | |
Looking ahead (e.g., #607), restored a couple of tests but suppress the results for now.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/SecurityInfo/Controller.php | 4 | ||||
| -rw-r--r-- | plugins/SecurityInfo/PhpSecInfo/Test/Core/post_max_size.php | 71 | ||||
| -rw-r--r-- | plugins/SecurityInfo/PhpSecInfo/Test/Core/upload_max_filesize.php | 70 |
3 files changed, 145 insertions, 0 deletions
diff --git a/plugins/SecurityInfo/Controller.php b/plugins/SecurityInfo/Controller.php index 9a9bcd8ebd..5811a52a49 100644 --- a/plugins/SecurityInfo/Controller.php +++ b/plugins/SecurityInfo/Controller.php @@ -30,6 +30,10 @@ class Piwik_SecurityInfo_Controller extends Piwik_Controller // grab the results as a multidimensional array $results = $psi->getResultsAsArray(); + // suppress results + unset($results['test_results']['Core']['post_max_size']); + unset($results['test_results']['Core']['upload_max_filesize']); + $view = Piwik_View::factory('index'); $this->setGeneralVariablesView($view); $view->menu = Piwik_GetAdminMenu(); diff --git a/plugins/SecurityInfo/PhpSecInfo/Test/Core/post_max_size.php b/plugins/SecurityInfo/PhpSecInfo/Test/Core/post_max_size.php new file mode 100644 index 0000000000..09bd2474ec --- /dev/null +++ b/plugins/SecurityInfo/PhpSecInfo/Test/Core/post_max_size.php @@ -0,0 +1,71 @@ +<?php +/** + * Test Class for post_max_size + * + * @package PhpSecInfo + * @author Ed Finkler <coj@funkatron.com> + */ + + +/** + * require the PhpSecInfo_Test_Core class + */ +require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Core.php'); + +/** + * The max recommended size for the post_max_size setting, in bytes + * + */ +define ('PHPSECINFO_POST_MAXLIMIT', 1024*256); + +/** + * Test Class for post_max_size + * + * @package PhpSecInfo + */ +class PhpSecInfo_Test_Core_Post_Max_Size extends PhpSecInfo_Test_Core +{ + + /** + * This should be a <b>unique</b>, human-readable identifier for this test + * + * @var string + */ + var $test_name = "post_max_size"; + + var $recommended_value = PHPSECINFO_POST_MAXLIMIT; + + function _retrieveCurrentValue() { + $this->current_value = $this->returnBytes(ini_get('post_max_size')); + } + + /** + * Check to see if the post_max_size setting is enabled. + */ + function _execTest() { + + if ($this->current_value + && $this->current_value <= $this->recommended_value + && $post_max_size != -1) { + return PHPSECINFO_TEST_RESULT_OK; + } + + return PHPSECINFO_TEST_RESULT_NOTICE; + } + + + /** + * Set the messages specific to this test + * + */ + function _setMessages() { + parent::_setMessages(); + + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'post_max_size is enabled, and appears to + be a relatively low value'); + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'post_max_size is not enabled, or is set to + a high value. Allowing a large value may open up your server to denial-of-service attacks'); + } + + +}
\ No newline at end of file diff --git a/plugins/SecurityInfo/PhpSecInfo/Test/Core/upload_max_filesize.php b/plugins/SecurityInfo/PhpSecInfo/Test/Core/upload_max_filesize.php new file mode 100644 index 0000000000..bc0b66b42b --- /dev/null +++ b/plugins/SecurityInfo/PhpSecInfo/Test/Core/upload_max_filesize.php @@ -0,0 +1,70 @@ +<?php +/** + * Test Class for upload_max_filesize + * + * @package PhpSecInfo + * @author Ed Finkler <coj@funkatron.com> + */ + +/** + * require the PhpSecInfo_Test_Core class + */ +require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Core.php'); + +/** + * The max recommended size for the upload_max_filesize setting, in bytes + * + */ +define ('PHPSECINFO_UPLOAD_MAXLIMIT', 1024*256); + + +/** + * Test Class for upload_max_filesize + * + * @package PhpSecInfo + */ +class PhpSecInfo_Test_Core_Upload_Max_Filesize extends PhpSecInfo_Test_Core +{ + + + /** + * This should be a <b>unique</b>, human-readable identifier for this test + * + * @var string + */ + var $test_name = "upload_max_filesize"; + + var $recommended_value = PHPSECINFO_UPLOAD_MAXLIMIT; + + function _retrieveCurrentValue() { + $this->current_value = $this->returnBytes(ini_get('upload_max_filesize')); + } + + /** + * Check to see if the post_max_size setting is enabled. + */ + function _execTest() { + + if ($this->current_value + && $this->current_value <= $this->recommended_value + && $post_max_size != -1) { + return PHPSECINFO_TEST_RESULT_OK; + } + + return PHPSECINFO_TEST_RESULT_NOTICE; + } + + + /** + * Set the messages specific to this test + * + */ + function _setMessages() { + parent::_setMessages(); + + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'upload_max_filesize is enabled, and appears to be a relatively low value.'); + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'upload_max_filesize is not enabled, or is set to a high value. Are you sure your apps require uploading files of this size? If not, lower the limit, as large file uploads can impact server performance'); + } + + +}
\ No newline at end of file |