Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#209409 by Heine, webernet, dww: more accurate register globals value checking

6.x
Gábor Hojtsy 2008-01-21 20:04:35 +00:00
parent 436f7d8a51
commit ff1c3902b9
1 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
modules/system/system.install
View File

@ -52,10 +52,6 @@ function system_requirements($phase) {
$requirements['webserver']['description'] = $t('Unable to determine your web server type and version. Drupal might not work properly.'); $requirements['webserver']['description'] = $t('Unable to determine your web server type and version. Drupal might not work properly.');
$requirements['webserver']['severity'] = REQUIREMENT_WARNING; $requirements['webserver']['severity'] = REQUIREMENT_WARNING;
} }
if (ini_get('register_globals')) {
$requirements['php']['description'] = $t('<em>register_globals</em> is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when <em>register_globals</em> is enabled. The PHP manual has instructions for <a href="http://php.net/configuration.changes">how to change configuration settings</a>.');
$requirements['php']['severity'] = REQUIREMENT_ERROR;
}
// Test PHP version // Test PHP version
$requirements['php'] = array( $requirements['php'] = array(
@ -67,6 +63,25 @@ function system_requirements($phase) {
$requirements['php']['severity'] = REQUIREMENT_ERROR; $requirements['php']['severity'] = REQUIREMENT_ERROR;
} }
// Test PHP register_globals setting.
$requirements['php_register_globals'] = array(
'title' => $t('PHP register globals'),
);
$register_globals = trim(ini_get('register_globals'));
// Unfortunately, ini_get() may return many different values, and we can't
// be certain which values mean 'on', so we instead check for 'not off'
// since we never want to tell the user that their site is secure
// (register_globals off), when it is in fact on. We can only guarantee
// register_globals is off if the value returned is 'off', '', or 0.
if (!empty($register_globals) && strtolower($register_globals) != 'off') {
$requirements['php_register_globals']['description'] = $t('<em>register_globals</em> is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when <em>register_globals</em> is enabled. The PHP manual has instructions for <a href="http://php.net/configuration.changes">how to change configuration settings</a>.');
$requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR;
$requirements['php_register_globals']['value'] = $t("Enabled ('@value')", array('@value' => $register_globals));
}
else {
$requirements['php_register_globals']['value'] = $t('Disabled');
}
// Test PHP memory_limit // Test PHP memory_limit
$memory_limit = ini_get('memory_limit'); $memory_limit = ini_get('memory_limit');
$requirements['php_memory_limit'] = array( $requirements['php_memory_limit'] = array(