From a1912bbc27e69b3d6b59599bc309f282a5401ccc Mon Sep 17 00:00:00 2001 From: pdontthink Date: Thu, 3 May 2007 04:31:16 +0000 Subject: [PATCH] Implement checks for correct PHP variables_order and gpc_order settings git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12363 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- src/configtest.php | 49 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/src/configtest.php b/src/configtest.php index 8e6311ad..e57374d1 100644 --- a/src/configtest.php +++ b/src/configtest.php @@ -170,7 +170,6 @@ if (! $allow_remote_configtest) { do_err('Enable "Allow remote configtest" option in squirrelmail configuration in order to use this script.'); } } -/* checking PHP specs */ echo "

\n\n" . '\n" . @@ -183,6 +182,9 @@ if ($config_version!='1.5.0') { do_err('Configuration file version does not match required version. Please update your configuration file.'); } + +/* checking PHP specs */ + echo "Checking PHP configuration...
\n"; if(!check_php_version(4,1,0)) { @@ -190,11 +192,54 @@ if(!check_php_version(4,1,0)) { } echo $IND . 'PHP version ' . PHP_VERSION . ' OK. (You have: ' . phpversion() . ". Minimum: 4.1.0)
\n"; -/* test for boolean false and any string that is not equal to 'off' */ + +/* register_globals check: test for boolean false and any string that is not equal to 'off' */ + if ((bool) ini_get('register_globals') && strtolower(ini_get('register_globals'))!='off') { do_err('You have register_globals turned on. This is not an error, but it CAN be a security hazard. Consider turning register_globals off.', false); } + + +/* variables_order check */ + +// FIXME(?): Hmm, how do we distinguish between when an ini setting is +// not available (ini_set() returns empty string) and when +// the administrator set the value to an empty string? The +// latter is sure to be highly rare, so for now, just assume +// that empty value means the setting isn't even available +// (could also check PHP version when this setting was implemented) +$variables_order = ini_get('variables_order'); +if (!empty($variables_order) && (strpos($variables_order, 'G') === FALSE + || strpos($variables_order, 'P') === FALSE + || strpos($variables_order, 'C') === FALSE + || strpos($variables_order, 'S') === FALSE)) { + do_err('Your variables_order setting is insufficient for SquirrelMail to function. It needs at least "GPCS", but you have it set to "' . $variables_order . '"', true); +} else { + echo $IND . "variables_order OK: $variables_order.
\n"; +} + + +/* gpc_order check */ + +// FIXME(?): Hmm, how do we distinguish between when an ini setting is +// not available (ini_set() returns empty string) and when +// the administrator set the value to an empty string? The +// latter is sure to be highly rare, so for now, just assume +// that empty value means the setting isn't even available +// (could also check PHP version when this setting was implemented) +$gpc_order = ini_get('gpc_order'); +if (!empty($gpc_order) && (strpos($gpc_order, 'G') === FALSE + || strpos($gpc_order, 'P') === FALSE + || strpos($gpc_order, 'C') === FALSE)) { + do_err('Your gpc_order setting is insufficient for SquirrelMail to function. It needs to be set to "GPC", but you have it set to "' . $gpc_order . '"', true); +} else { + echo $IND . "gpc_order OK: $gpc_order.
\n"; +} + + +/* check PHP extensions */ + $php_exts = array('session','pcre'); $diff = array_diff($php_exts, get_loaded_extensions()); if(count($diff)) { -- 2.25.1
SquirrelMail version:" . SM_VERSION . "
Config file version:' . $config_version . "