1 files changed, 71 insertions, 0 deletions

diff --git a/plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php b/plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php
new file mode 100644
index 0000000000..9822cbf394
--- /dev/null
+++ b/plugins/SecurityInfo/PhpSecInfo/Test/CGI/force_redirect.php
@@ -0,0 +1,71 @@
+<?php
+/**
+ * Test class for cgi force_redirect
+ *
+ * @package PhpSecInfo
+ * @author Ed Finkler <coj@funkatron.com>
+ */
+
+/**
+ * require the PhpSecInfo_Test_Cgi class
+ */
+require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Cgi.php');
+
+/**
+ * Test class for cgi force_redirect
+ *
+ * @package PhpSecInfo
+ * @author Ed Finkler <coj@funkatron.com>
+ */
+class PhpSecInfo_Test_Cgi_Force_Redirect extends PhpSecInfo_Test_Cgi
+{
+
+	/**
+	 * This should be a <b>unique</b>, human-readable identifier for this test
+	 *
+	 * @var string
+	 */
+	var $test_name = "force_redirect";
+
+	/**
+	 * The recommended setting value
+	 *
+	 * @var mixed
+	 */
+	var $recommended_value = TRUE;
+
+
+
+	function _retrieveCurrentValue() {
+		$this->current_value = $this->getBooleanIniValue('cgi.force_redirect');
+	}
+
+
+	/**
+	 * Checks to see if cgi.force_redirect is enabled
+	 *
+	 */
+	function _execTest() {
+
+		if ($this->current_value == $this->recommended_value) {
+			return PHPSECINFO_TEST_RESULT_OK;
+		}
+
+		return PHPSECINFO_TEST_RESULT_WARN;
+	}
+
+
+
+	/**
+	 * Set the messages specific to this test
+	 *
+	 */
+	function _setMessages() {
+		parent::_setMessages();
+
+		$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', "force_redirect is enabled, which is the recommended setting");
+		$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', "force_redirect is disabled.  In most cases, this is a <strong>serious</strong> security vulnerability.  Unless you are absolutely sure this is not needed, enable this setting");
+
+	}
+
+}
\ No newline at end of file