Added security check function (this is experimental.)

2 files changed, 23 insertions, 1 deletions

diff --git a/lib/security.lib.php b/lib/security.lib.php
index ce647eb6..066214d5 100644
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -180,5 +180,23 @@ function get_latest($type = null) {
  */
 function check_security() {
 
+	$warnings = array();
+
+	if(ini_get('display_errors') == '1') {
+		$warnings['display_errors'] = _('Provide useful information to attack the error information.');
+	}
+	if(ini_get('expose_php') == '1') {
+		$warnings['expose_php'] = _('Including the PHP version that is described in the HTTP header. It is "INI_SYSTEM" because it is set can be changed only in the server configuration.');
+	}
+	if(ini_get('session.use_only_cookies') == '0') {
+		$warnings['session.use_only_cookies'] = _('URL specified in session and the session ID is initialized using. (permissive session management. if you set 1 URL, POST in the session ID is ignored)');
+	}
+
+	if(count($warnings) == 0) {
+		$warnings['no_probrem'] = _('There is no probrem.');
+	}
+
+	return $warnings;
+
 } // check_security
 ?>
diff --git a/templates/show_info.inc.php b/templates/show_info.inc.php
index 35b5abe8..c8a8f3d2 100644
--- a/templates/show_info.inc.php
+++ b/templates/show_info.inc.php
@@ -70,7 +70,11 @@
 </tr>
 <tr>
 	<td valign="top"><?php echo _('PHP recommendation settings'); ?></td>
-	<td valign="top">[]</td>
+	<td valign="top"><?php
+		foreach(check_security() as $warning=>$message) {
+			printf('<span title="%s">%s</span><br />', $message, $warning);
+		}
+	?></td>
 	<td>
 	<?php echo _('This test checks whether the recommended security settings.'); ?></td>
 </tr>