Source for file expose_php.php

Documentation is available at expose_php.php

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Test class for expose_php
    4. 

  4.  * 
    5. 

  5.  * @package PhpSecInfo
    6. 

  6.  * @author Ed Finkler <coj@funkatron.com>
    7. 

  7.  */
    8. 

  8.  
    9. 

  9.  
    10. 

  10. /**
    11. 

  11.  * require the PhpSecInfo_Test_Core class
    12. 

  12.  */
    13. 

  13. require_once('PhpSecInfo/Test/Test_Core.php');
    14. 

  14.  
    15. 

  15. /**
    16. 

  16.  * Test class for expose_php
    17. 

  17.  * 
    18. 

  18.  * @package PhpSecInfo
    19. 

  19.  */
    20. 

  20. class PhpSecInfo_Test_Core_Expose_Php extends PhpSecInfo_Test_Core
    21. 

  21. {
    22. 

  22.  
    23. 

  23.     /**
    24. 

  24.      * This should be a <b>unique</b>, human-readable identifier for this test
    25. 

  25.      *
    26. 

  26.      * @var string 
    27. 

  27.      */
    28. 

  28.     var $test_name = "expose_php";
    29. 

  29.     
    30. 

  30.         
    31. 

  31.                     
    32. 

  32.     /**
    33. 

  33.      * Checks to see if expose_php is enabled
    34. 

  34.      *
    35. 

  35.      */
    36. 

  36.     function _execTest() {
    37. 

  37.         
    38. 

  38.         if (!$this->getBooleanIniValue('expose_php')) {
    39. 

  39.             return PHPSECINFO_TEST_RESULT_OK;
    40. 

  40.         }
    41. 

  41.         
    42. 

  42.         return PHPSECINFO_TEST_RESULT_NOTICE;
    43. 

  43.     }
    44. 

  44.         
    45. 

  45.     
    46. 

  46.     /**
    47. 

  47.      * Set the messages specific to this test
    48. 

  48.      *
    49. 

  49.      */
    50. 

  50.     function _setMessages() {
    51. 

  51.         parent::_setMessages();
    52. 

  52.         
    53. 

  53.         $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'expose_php is disabled, which is the recommended setting');
    54. 

  54.         $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'expose_php is enabled.  This adds
    55. 

  55.                 the PHP "signature" to the web server header, including the PHP version number.  This
    56. 

  56.                 could attract attackers looking for vulnerable versions of PHP');
    57. 

  57.     }
    58. 

  58.     
    59. 

  59.  
    60. 

  60. }
    61.

Documentation generated on Tue, 24 Oct 2006 10:53:34 -0400 by phpDocumentor 1.3.0RC3