1<?php 2/** 3 * Test class for cgi force_redirect 4 * 5 * @package PhpSecInfo 6 * @author Ed Finkler <coj@funkatron.com> 7 */ 8 9/** 10 * require the PhpSecInfo_Test_Cgi class 11 */ 12require_once('PhpSecInfo/Test/Test_Cgi.php'); 13 14/** 15 * Test class for cgi force_redirect 16 * 17 * @package PhpSecInfo 18 * @author Ed Finkler <coj@funkatron.com> 19 */ 20class PhpSecInfo_Test_Cgi_Force_Redirect extends PhpSecInfo_Test_Cgi 21{ 22 23 /** 24 * This should be a <b>unique</b>, human-readable identifier for this test 25 * 26 * @var string 27 */ 28 var $test_name = "force_redirect"; 29 30 /** 31 * The recommended setting value 32 * 33 * @var mixed 34 */ 35 var $recommended_value = TRUE; 36 37 38 39 function _retrieveCurrentValue() { 40 $this->current_value = $this->getBooleanIniValue('cgi.force_redirect'); 41 } 42 43 44 /** 45 * Checks to see if cgi.force_redirect is enabled 46 * 47 */ 48 function _execTest() { 49 50 if ($this->current_value == $this->recommended_value) { 51 return PHPSECINFO_TEST_RESULT_OK; 52 } 53 54 return PHPSECINFO_TEST_RESULT_WARN; 55 } 56 57 58 59 /** 60 * Set the messages specific to this test 61 * 62 */ 63 function _setMessages() { 64 parent::_setMessages(); 65 66 $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', "force_redirect is enabled, which is the recommended setting"); 67 $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', "force_redirect is disabled. In most cases, this is a <strong>serious</strong> security vulnerability. Unless you are absolutely sure this is not needed, enable this setting"); 68 69 } 70 71}