diff options
Diffstat (limited to 'plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php')
-rw-r--r-- | plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php b/plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php new file mode 100644 index 0000000000..9822cbf394 --- /dev/null +++ b/plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php @@ -0,0 +1,71 @@ +<?php +/** + * Test class for cgi force_redirect + * + * @package PhpSecInfo + * @author Ed Finkler <coj@funkatron.com> + */ + +/** + * require the PhpSecInfo_Test_Cgi class + */ +require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Cgi.php'); + +/** + * Test class for cgi force_redirect + * + * @package PhpSecInfo + * @author Ed Finkler <coj@funkatron.com> + */ +class PhpSecInfo_Test_Cgi_Force_Redirect extends PhpSecInfo_Test_Cgi +{ + + /** + * This should be a <b>unique</b>, human-readable identifier for this test + * + * @var string + */ + var $test_name = "force_redirect"; + + /** + * The recommended setting value + * + * @var mixed + */ + var $recommended_value = TRUE; + + + + function _retrieveCurrentValue() { + $this->current_value = $this->getBooleanIniValue('cgi.force_redirect'); + } + + + /** + * Checks to see if cgi.force_redirect is enabled + * + */ + function _execTest() { + + if ($this->current_value == $this->recommended_value) { + return PHPSECINFO_TEST_RESULT_OK; + } + + return PHPSECINFO_TEST_RESULT_WARN; + } + + + + /** + * Set the messages specific to this test + * + */ + function _setMessages() { + parent::_setMessages(); + + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', "force_redirect is enabled, which is the recommended setting"); + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', "force_redirect is disabled. In most cases, this is a <strong>serious</strong> security vulnerability. Unless you are absolutely sure this is not needed, enable this setting"); + + } + +}
\ No newline at end of file |