diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-21 20:04:35 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-21 20:04:35 +0000 |
| commit | ff1c3902b96c1d6d46174da4cc1949e5385fa68d (patch) | |
| tree | 5ff7b56290f45a5627a27a10ddb377590bb2b53b /modules | |
| parent | 436f7d8a512fda8b3d6bc598e263887960e8d6a2 (diff) | |
| download | brdo-ff1c3902b96c1d6d46174da4cc1949e5385fa68d.tar.gz brdo-ff1c3902b96c1d6d46174da4cc1949e5385fa68d.tar.bz2 | |
#209409 by Heine, webernet, dww: more accurate register globals value checking
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/system/system.install | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/modules/system/system.install b/modules/system/system.install index fb49e1755..95fba9b29 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -52,10 +52,6 @@ function system_requirements($phase) { $requirements['webserver']['description'] = $t('Unable to determine your web server type and version. Drupal might not work properly.'); $requirements['webserver']['severity'] = REQUIREMENT_WARNING; } - if (ini_get('register_globals')) { - $requirements['php']['description'] = $t('<em>register_globals</em> is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when <em>register_globals</em> is enabled. The PHP manual has instructions for <a href="http://php.net/configuration.changes">how to change configuration settings</a>.'); - $requirements['php']['severity'] = REQUIREMENT_ERROR; - } // Test PHP version $requirements['php'] = array( @@ -67,6 +63,25 @@ function system_requirements($phase) { $requirements['php']['severity'] = REQUIREMENT_ERROR; } + // Test PHP register_globals setting. + $requirements['php_register_globals'] = array( + 'title' => $t('PHP register globals'), + ); + $register_globals = trim(ini_get('register_globals')); + // Unfortunately, ini_get() may return many different values, and we can't + // be certain which values mean 'on', so we instead check for 'not off' + // since we never want to tell the user that their site is secure + // (register_globals off), when it is in fact on. We can only guarantee + // register_globals is off if the value returned is 'off', '', or 0. + if (!empty($register_globals) && strtolower($register_globals) != 'off') { + $requirements['php_register_globals']['description'] = $t('<em>register_globals</em> is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when <em>register_globals</em> is enabled. The PHP manual has instructions for <a href="http://php.net/configuration.changes">how to change configuration settings</a>.'); + $requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR; + $requirements['php_register_globals']['value'] = $t("Enabled ('@value')", array('@value' => $register_globals)); + } + else { + $requirements['php_register_globals']['value'] = $t('Disabled'); + } + // Test PHP memory_limit $memory_limit = ini_get('memory_limit'); $requirements['php_memory_limit'] = array( |