diff options
Diffstat (limited to 'plugins/SecurityInfo/PhpSecInfo/Test/Core/expose_php.php')
-rw-r--r-- | plugins/SecurityInfo/PhpSecInfo/Test/Core/expose_php.php | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/plugins/SecurityInfo/PhpSecInfo/Test/Core/expose_php.php b/plugins/SecurityInfo/PhpSecInfo/Test/Core/expose_php.php new file mode 100644 index 0000000000..3f26648193 --- /dev/null +++ b/plugins/SecurityInfo/PhpSecInfo/Test/Core/expose_php.php @@ -0,0 +1,64 @@ +<?php +/** + * Test class for expose_php + * + * @package PhpSecInfo + * @author Ed Finkler <coj@funkatron.com> + */ + + +/** + * require the PhpSecInfo_Test_Core class + */ +require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Core.php'); + +/** + * Test class for expose_php + * + * @package PhpSecInfo + */ +class PhpSecInfo_Test_Core_Expose_Php extends PhpSecInfo_Test_Core +{ + + /** + * This should be a <b>unique</b>, human-readable identifier for this test + * + * @var string + */ + var $test_name = "expose_php"; + + var $recommended_value = FALSE; + + function _retrieveCurrentValue() { + $this->current_value = $this->returnBytes(ini_get('expose_php')); + } + + /** + * Checks to see if expose_php is enabled + * + */ + function _execTest() { + + if ($this->current_value == $this->recommended_value) { + return PHPSECINFO_TEST_RESULT_OK; + } + + return PHPSECINFO_TEST_RESULT_NOTICE; + } + + + /** + * Set the messages specific to this test + * + */ + function _setMessages() { + parent::_setMessages(); + + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'expose_php is disabled, which is the recommended setting'); + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'expose_php is enabled. This adds + the PHP "signature" to the web server header, including the PHP version number. This + could attract attackers looking for vulnerable versions of PHP'); + } + + +}
\ No newline at end of file |