diff options
Diffstat (limited to 'plugins/SecurityInfo/PhpSecInfo/Test/Session/use_trans_sid.php')
-rw-r--r-- | plugins/SecurityInfo/PhpSecInfo/Test/Session/use_trans_sid.php | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/plugins/SecurityInfo/PhpSecInfo/Test/Session/use_trans_sid.php b/plugins/SecurityInfo/PhpSecInfo/Test/Session/use_trans_sid.php new file mode 100644 index 0000000000..f7f3f2e4a9 --- /dev/null +++ b/plugins/SecurityInfo/PhpSecInfo/Test/Session/use_trans_sid.php @@ -0,0 +1,66 @@ +<?php +/** + * Test class for session use_trans_sid + * + * @package PhpSecInfo + * @author Ed Finkler <coj@funkatron.com> + */ + + +/** + * require the PhpSecInfo_Test_Session class + */ +require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Session.php'); + +/** + * Test class for session use_trans_sid + * + * @package PhpSecInfo + * @author Ed Finkler <coj@funkatron.com> + */ +class PhpSecInfo_Test_Session_Use_Trans_Sid extends PhpSecInfo_Test_Session +{ + + /** + * This should be a <b>unique</b>, human-readable identifier for this test + * + * @var string + */ + var $test_name = "use_trans_sid"; + + + var $recommended_value = FALSE; + + + function _retrieveCurrentValue() { + $this->current_value = $this->getBooleanIniValue('session.use_trans_sid'); + } + + + /** + * Checks to see if allow_url_fopen is enabled + * + */ + function _execTest() { + if ($this->current_value == $this->recommended_value) { + return PHPSECINFO_TEST_RESULT_OK; + } + + return PHPSECINFO_TEST_RESULT_NOTICE; + } + + + /** + * Set the messages specific to this test + * + */ + function _setMessages() { + parent::_setMessages(); + + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'use_trans_sid is disabled, which is the recommended setting'); + $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'use_trans_sid is enabled. This makes session hijacking easier. Consider disabling this feature'); + + } + + +}
\ No newline at end of file |