diff options
| -rw-r--r-- | lib/security.lib.php | 18 | ||||
| -rw-r--r-- | templates/show_info.inc.php | 6 |
2 files changed, 23 insertions, 1 deletions
diff --git a/lib/security.lib.php b/lib/security.lib.php index ce647eb6..066214d5 100644 --- a/lib/security.lib.php +++ b/lib/security.lib.php @@ -180,5 +180,23 @@ function get_latest($type = null) { */ function check_security() { + $warnings = array(); + + if(ini_get('display_errors') == '1') { + $warnings['display_errors'] = _('Provide useful information to attack the error information.'); + } + if(ini_get('expose_php') == '1') { + $warnings['expose_php'] = _('Including the PHP version that is described in the HTTP header. It is "INI_SYSTEM" because it is set can be changed only in the server configuration.'); + } + if(ini_get('session.use_only_cookies') == '0') { + $warnings['session.use_only_cookies'] = _('URL specified in session and the session ID is initialized using. (permissive session management. if you set 1 URL, POST in the session ID is ignored)'); + } + + if(count($warnings) == 0) { + $warnings['no_probrem'] = _('There is no probrem.'); + } + + return $warnings; + } // check_security ?> diff --git a/templates/show_info.inc.php b/templates/show_info.inc.php index 35b5abe8..c8a8f3d2 100644 --- a/templates/show_info.inc.php +++ b/templates/show_info.inc.php @@ -70,7 +70,11 @@ </tr> <tr> <td valign="top"><?php echo _('PHP recommendation settings'); ?></td> - <td valign="top">[]</td> + <td valign="top"><?php + foreach(check_security() as $warning=>$message) { + printf('<span title="%s">%s</span><br />', $message, $warning); + } + ?></td> <td> <?php echo _('This test checks whether the recommended security settings.'); ?></td> </tr> |