XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
advisory.php
Go to the documentation of this file.
1 <?php
2 include '../../../include/cp_header.php';
3 include 'admin_header.php';
5 
6 // beggining of Output
8 include dirname(__FILE__).'/mymenu.php' ;
9 
10 // open table for ADVISORY
11 echo "<style>dd {margin-left: 32px;}</style>\n" ;
12 echo "<br />\n<div style='border: 2px solid #2F5376;padding:8px;width:95%;' class='bg4'>\n" ;
13 
14 // calculate the relative path between XOOPS_ROOT_PATH and XOOPS_TRUST_PATH
15 $root_paths = explode( '/' , XOOPS_ROOT_PATH ) ;
16 $trust_paths = explode( '/' , XOOPS_TRUST_PATH ) ;
17 foreach( $root_paths as $i => $rpath ) {
18  if( $rpath != $trust_paths[ $i ] ) break ;
19 }
20 $relative_path = str_repeat( '../' , count( $root_paths ) - $i ) . implode( '/' , array_slice( $trust_paths , $i ) ) ;
21 
22 // the path of XOOPS_TRUST_PATH accessible check
23 echo "<dl><dt>'XOOPS_TRUST_PATH' : " ;
24 echo "<img src='".XOOPS_URL.'/'.htmlspecialchars($relative_path)."/modules/protector/public_check.png' width='40' height='20' alt='' style='border:1px solid black;' /><br /><a href='".XOOPS_URL.'/'.htmlspecialchars($relative_path)."/modules/protector/public_check.php'>"._AM_ADV_TRUSTPATHPUBLICLINK."</a></dt>\n" ;
25 echo "<dd>"._AM_ADV_TRUSTPATHPUBLIC."</b><br /><br /></dd></dl>" ;
26 
27 // register_globals
28 echo "<dl><dt>'register_globals' : " ;
29 $safe = ! ini_get( "register_globals" ) ;
30 if( $safe ) {
31  echo "off &nbsp; <span style='color:green;font-weight:bold;'>OK</span></dt>\n" ;
32 } else {
33  echo "on &nbsp; <span style='color:red;font-weight:bold;'>"._AM_ADV_NOTSECURE."</span></dt>\n" ;
34  echo "<dd><br /><br />"._AM_ADV_REGISTERGLOBALS."<br /><br />
35  ".XOOPS_ROOT_PATH."/.htaccess<br /><br />
36  "._AM_ADV_REGISTERGLOBALS2."<br /><br />
37  <b>php_flag &nbsp; register_globals &nbsp; off
38  </dd>" ;
39 }
40 echo "</b><br /><br /></dl>\n" ;
41 
42 
43 // allow_url_fopen
44 echo "<dl><dt>'allow_url_fopen' : " ;
45 $safe = ! ini_get( "allow_url_fopen" ) ;
46 if( $safe ) {
47  echo "off &nbsp; <span style='color:green;font-weight:bold;'>OK</span></dt>\n" ;
48 } else {
49  echo "on &nbsp; <span style='color:red;font-weight:bold;'>"._AM_ADV_NOTSECURE."</span></dt>\n" ;
50  echo "<dd>"._AM_ADV_ALLOWURLFOPEN."</dd>" ;
51 }
52 echo "</b><br /><br /></dl>\n" ;
53 
54 
55 // session.use_trans_sid
56 echo "<dl><dt>'session.use_trans_sid' : " ;
57 $safe = ! ini_get( "session.use_trans_sid" ) ;
58 if( $safe ) {
59  echo "off &nbsp; <span style='color:green;font-weight:bold;'>OK</span></dt>\n" ;
60 } else {
61  echo "on &nbsp; <span style='color:red;font-weight:bold;'>"._AM_ADV_NOTSECURE."</span></dt>\n" ;
62  echo "<dd>"._AM_ADV_USETRANSSID."</dd>" ;
63 }
64 echo "</b><br /><br /></dl>\n" ;
65 
66 
67 // XOOPS_DB_PREFIX
68 echo "<dl><dt>'XOOPS_DB_PREFIX' : " ;
69 $safe = strtolower( XOOPS_DB_PREFIX ) != 'xoops' ;
70 if( $safe ) {
71  echo XOOPS_DB_PREFIX." &nbsp; <span style='color:green;font-weight:bold;'>OK</span></dt>\n<dd>" ;
72 } else {
73  echo XOOPS_DB_PREFIX." &nbsp; <span style='color:red;font-weight:bold;'>"._AM_ADV_NOTSECURE."</span></dt>\n" ;
74  echo "<dd>"._AM_ADV_DBPREFIX."<br />\n" ;
75 }
76 echo "<a href='center.php?page=prefix_manager'>"._AM_ADV_LINK_TO_PREFIXMAN."</a></dd>" ;
77 echo "</b><br /><br /></dl>\n" ;
78 
79 
80 // patch to mainfile.php
81 echo "<dl><dt>'mainfile.php' : " ;
82 if( ! defined( 'PROTECTOR_PRECHECK_INCLUDED' ) ) {
83  echo "missing precheck &nbsp; <span style='color:red;font-weight:bold;'>"._AM_ADV_NOTSECURE."</span></dt>\n" ;
84  echo "<dd>"._AM_ADV_MAINUNPATCHED."</dd>" ;
85 } else if( ! defined( 'PROTECTOR_POSTCHECK_INCLUDED' ) ) {
86  echo "missing postcheck &nbsp; <span style='color:red;font-weight:bold;'>"._AM_ADV_NOTSECURE."</span></dt>\n" ;
87  echo "<dd>"._AM_ADV_MAINUNPATCHED."</dd>" ;
88 } else {
89  echo "patched &nbsp; <span style='color:green;font-weight:bold;'>OK</span></dt>\n" ;
90 }
91 echo "</b><br /><br /></dl>\n" ;
92 
93 // patch to databasefactory.php
94 echo "<dl><dt>'databasefactory.php' : " ;
96 if(substr(@XOOPS_VERSION , 6 , 3) < 2.4 && strtolower( get_class( $db ) ) != 'protectormysqldatabase' ) {
97  echo "<span style='color:red;font-weight:bold;'>"._AM_ADV_DBFACTORYUNPATCHED."</span></dt>\n" ;
98 } else {
99  echo _AM_ADV_DBFACTORYPATCHED."<span style='color:green;font-weight:bold;'> OK</span></dt>\n" ;
100 }
101 echo "</dl>\n" ;
102 
103 // close table for ADVISORY
104 echo "</div><br />\n" ;
105 
106 
107 
108 // open table for PROTECTION CHECK
109 echo "<br />\n<div style='border: 2px solid #2F5376;padding:8px;width:95%;' class='bg4'>\n" ;
110 
111 echo "<h3>"._AM_ADV_SUBTITLECHECK."</h3>\n" ;
112 // Check contaminations
113 $uri_contami = XOOPS_URL."/index.php?xoopsConfig%5Bnocommon%5D=1" ;
114 echo "<dl><dt>"._AM_ADV_CHECKCONTAMI.":</dt>\n" ;
115 echo "<dd><a href='$uri_contami' target='_blank'>$uri_contami</a></dd>" ;
116 echo "</dl>\n" ;
117 
118 // Check isolated comments
119 $uri_isocom = XOOPS_URL."/index.php?cid=".urlencode(",password /*") ;
120 echo "<dl><dt>"._AM_ADV_CHECKISOCOM.":</dt>\n" ;
121 echo "<dd><a href='$uri_isocom' target='_blank'>$uri_isocom</a></dd>" ;
122 echo "</dl>\n" ;
123 // close table for PROTECTION CHECK
124 echo "</div>\n" ;
125 
126 
127 
129 ?>