[Sommaire] [Imprimer]

   1  <?php
   2  /**
   3   * Test class for expose_php
   4   *
   5   * @package PhpSecInfo
   6   * @author Ed Finkler <coj@funkatron.com>
   7   */
   8  
   9  
  10  /**
  11   * require the PhpSecInfo_Test_Core class
  12   */
  13  require_once dirname(__FILE__) . '/../Test_Core.php';
  14  
  15  /**
  16   * Test class for expose_php
  17   *
  18   * @package PhpSecInfo
  19   */
  20  class PhpSecInfo_Test_Core_Expose_Php extends PhpSecInfo_Test_Core
  21  {
  22  
  23      /**
  24       * This should be a <b>unique</b>, human-readable identifier for this test
  25       *
  26       * @var string
  27       */
  28      var $test_name = "expose_php";
  29  
  30  
  31  
  32      /**
  33       * Checks to see if expose_php is enabled
  34       *
  35       */
  36  	function _execTest() {
  37  
  38          if (!$this->getBooleanIniValue('expose_php')) {
  39              return PHPSECINFO_TEST_RESULT_OK;
  40          }
  41  
  42          return PHPSECINFO_TEST_RESULT_NOTICE;
  43      }
  44  
  45  
  46      /**
  47       * Set the messages specific to this test
  48       *
  49       */
  50  	function _setMessages() {
  51          parent::_setMessages();
  52  
  53          $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'expose_php is disabled, which is the recommended setting');
  54          $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'expose_php is enabled.  This adds
  55                  the PHP "signature" to the web server header, including the PHP version number.  This
  56                  could attract attackers looking for vulnerable versions of PHP');
  57      }
  58  
  59  
  60  }