[geeklog-cvs] geeklog: Moved hard-coded texts from admin/sectest.php to the la...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Apr 19 06:22:04 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/a9b4ce455fdf
changeset: 6968:a9b4ce455fdf
user: Dirk Haun <dirk at haun-online.de>
date: Sun Apr 19 12:16:59 2009 +0200
description:
Moved hard-coded texts from admin/sectest.php to the language files (bug #0000716)
diffstat:
4 files changed, 165 insertions(+), 92 deletions(-)
language/english.php | 25 +++++
language/english_utf-8.php | 25 +++++
public_html/admin/sectest.php | 205 ++++++++++++++++++++++-------------------
public_html/docs/history | 2
diffs (truncated from 468 to 300 lines):
diff -r f07d1ab4b996 -r a9b4ce455fdf language/english.php
--- a/language/english.php Sun Apr 19 10:35:57 2009 +0200
+++ b/language/english.php Sun Apr 19 12:16:59 2009 +0200
@@ -1464,6 +1464,31 @@
'no_articles' => 'No articles.'
);
+###############################################################################
+# admin/sectest.php
+
+$LANG_SECTEST = array(
+ 'sectest' => 'Geeklog Security Check',
+ 'results' => 'Results of the Security Check',
+ 'okay' => 'Everything seems to be in order.',
+ 'please_fix' => 'Please fix the above issues before using your site!',
+ 'please_note' => 'Please note that no site is ever 100% secure. This script can only test for obvious security issues.',
+ 'stay_informed' => 'To stay informed about new Geeklog releases and possible security issues, we suggest that you subscribe to the (low-traffic) %s mailing list and/or use the %s option in your Admin menu from time to time to check for available updates.',
+ 'public_html' => '"public_html" should never be part of your site\'s URL. Please read the part about public_html in the %s again and change your setup accordingly before you proceed.',
+ 'installation' => 'installation instructions',
+ 'directory' => 'directory',
+ 'failed_bak' => 'Failed to create a temporary file in your data directory. Check your directory permissions!',
+ 'fix_it' => 'This is a security risk and should be fixed!',
+ 'reachable' => 'Your %s is reachable from the web.',
+ 'not_reachable' => 'Good! Your %s is not reachable from the web.',
+ 'not_sure' => 'Got an HTTP result code %s when trying to test your %s. Not sure what to make of it ...',
+ 'remove_inst' => 'You should really remove the install directory %s once you have your site up and running without any errors.',
+ 'remove_inst2' => 'Keeping it around would allow malicious users the ability to destroy your current install, take over your site, or retrieve sensitive information.',
+ 'inst_removed' => 'Good! You seem to have removed the install directory already.',
+ 'fix_password' => 'You still have not changed the <strong>default password</strong> from "password" on %s Root user account(s).',
+ 'password_okay' => 'Good! You seem to have changed the default account password already.'
+);
+
################################################################################
# "What's New" Time Strings
diff -r f07d1ab4b996 -r a9b4ce455fdf language/english_utf-8.php
--- a/language/english_utf-8.php Sun Apr 19 10:35:57 2009 +0200
+++ b/language/english_utf-8.php Sun Apr 19 12:16:59 2009 +0200
@@ -1464,6 +1464,31 @@
'no_articles' => 'No articles.'
);
+###############################################################################
+# admin/sectest.php
+
+$LANG_SECTEST = array(
+ 'sectest' => 'Geeklog Security Check',
+ 'results' => 'Results of the Security Check',
+ 'okay' => 'Everything seems to be in order.',
+ 'please_fix' => 'Please fix the above issues before using your site!',
+ 'please_note' => 'Please note that no site is ever 100% secure. This script can only test for obvious security issues.',
+ 'stay_informed' => 'To stay informed about new Geeklog releases and possible security issues, we suggest that you subscribe to the (low-traffic) %s mailing list and/or use the %s option in your Admin menu from time to time to check for available updates.',
+ 'public_html' => '"public_html" should never be part of your site\'s URL. Please read the part about public_html in the %s again and change your setup accordingly before you proceed.',
+ 'installation' => 'installation instructions',
+ 'directory' => 'directory',
+ 'failed_bak' => 'Failed to create a temporary file in your data directory. Check your directory permissions!',
+ 'fix_it' => 'This is a security risk and should be fixed!',
+ 'reachable' => 'Your %s is reachable from the web.',
+ 'not_reachable' => 'Good! Your %s is not reachable from the web.',
+ 'not_sure' => 'Got an HTTP result code %s when trying to test your %s. Not sure what to make of it ...',
+ 'remove_inst' => 'You should really remove the install directory %s once you have your site up and running without any errors.',
+ 'remove_inst2' => 'Keeping it around would allow malicious users the ability to destroy your current install, take over your site, or retrieve sensitive information.',
+ 'inst_removed' => 'Good! You seem to have removed the install directory already.',
+ 'fix_password' => 'You still have not changed the <strong>default password</strong> from "password" on %s Root user account(s).',
+ 'password_okay' => 'Good! You seem to have changed the default account password already.'
+);
+
################################################################################
# "What's New" Time Strings
diff -r f07d1ab4b996 -r a9b4ce455fdf public_html/admin/sectest.php
--- a/public_html/admin/sectest.php Sun Apr 19 10:35:57 2009 +0200
+++ b/public_html/admin/sectest.php Sun Apr 19 12:16:59 2009 +0200
@@ -30,7 +30,21 @@
// | |
// +---------------------------------------------------------------------------+
+/**
+* This script does a few quick and simple checks to ensure that you have
+* installed Geeklog in a (relatively) secure fashion. It also gives tips on
+* how to fix issues.
+*
+*/
+
+/**
+* Geeklog common function library
+*/
require_once '../lib-common.php';
+
+/**
+* Security check to ensure user even belongs on this page
+*/
require_once 'auth.inc.php';
$display = '';
@@ -51,23 +65,23 @@
* Send an HTTP HEAD request for the given URL
*
* @param string $url URL to request
-* @param string $errmsg error message, if any (on return)
+* @param string &$errmsg error message, if any (on return)
* @return int HTTP response code or 777 on error
*
*/
-function doHeadRequest ($url, &$errmsg)
+function doHeadRequest($url, &$errmsg)
{
- require_once ('HTTP/Request.php');
+ require_once 'HTTP/Request.php';
- $req = new HTTP_Request ($url);
- $req->setMethod (HTTP_REQUEST_METHOD_HEAD);
- $req->addHeader ('User-Agent', 'Geeklog/' . VERSION);
- $response = $req->sendRequest ();
- if (PEAR::isError ($response)) {
+ $req = new HTTP_Request($url);
+ $req->setMethod(HTTP_REQUEST_METHOD_HEAD);
+ $req->addHeader('User-Agent', 'Geeklog/' . VERSION);
+ $response = $req->sendRequest();
+ if (PEAR::isError($response)) {
$errmsg = $response->getMessage();
return 777;
} else {
- return $req->getResponseCode ();
+ return $req->getResponseCode();
}
}
@@ -85,26 +99,26 @@
if ($_CONF['path'] == $_CONF['path_html']) {
// not good ...
$url = $_CONF['site_url'];
- } else if (substr ($_CONF['path'], 0, strlen ($_CONF['path_html'])) == $_CONF['path_html']) {
+ } elseif (substr($_CONF['path'], 0, strlen($_CONF['path_html'])) == $_CONF['path_html']) {
// "geeklog" dir in the document root
- $rest = substr ($_CONF['path'], -(strlen ($_CONF['path']) - strlen ($_CONF['path_html'])));
+ $rest = substr($_CONF['path'], -(strlen($_CONF['path']) - strlen($_CONF['path_html'])));
$url = $_CONF['site_url'] . '/' . $rest;
} else {
// check for sites like www.example.com/geeklog
$u = $_CONF['site_url'];
- if (substr ($u, -1) == '/') {
- $u = substr ($u, 0, -1);
+ if (substr($u, -1) == '/') {
+ $u = substr($u, 0, -1);
}
- $pos = strpos ($u, ':');
+ $pos = strpos($u, ':');
if ($pos !== false) {
- $u2 = substr ($u, $pos + 3);
+ $u2 = substr($u, $pos + 3);
} else {
$u2 = $u;
}
- $p = explode ('/', $u2);
- if (count ($p) > 1) {
- $cut = strlen ($p[count ($p) - 1]) + 1;
- $url = substr ($u, 0, -$cut) . '/';
+ $p = explode('/', $u2);
+ if (count($p) > 1) {
+ $cut = strlen($p[count($p) - 1]) + 1;
+ $url = substr($u, 0, -$cut) . '/';
}
}
@@ -119,22 +133,24 @@
* @return string text explaining the result of the test
*
*/
-function interpretResult ($retcode, $msg)
+function interpretResult($retcode, $msg)
{
- global $failed_tests;
+ global $LANG_SECTEST, $failed_tests;
$retval = '';
if ($retcode == 200) {
- $retval = 'Your <strong>' . $msg . '</strong> is reachable from the web.<br' . XHTML . '><em>This is a security risk and should be fixed!</em>';
+ $retval .= sprintf($LANG_SECTEST['reachable'],
+ '<strong>' . $msg . '</strong>')
+ . '<br' . XHTML . '><em>' . $LANG_SECTEST['fix_it'] . '</em>';
$failed_tests++;
} elseif (($retcode == 401) || ($retcode == 403) || ($retcode == 404)) {
- $retval = 'Good! Your ' . $msg . ' is not reachable from the web.';
- } else if (is_numeric ($retcode)) {
- $retval = 'Got an HTTP result code ' . $retcode . ' when trying to test your ' . $msg . '. Not sure what to make of it ...';
+ $retval .= sprintf($LANG_SECTEST['not_reachable'], $msg);
+ } elseif (is_numeric($retcode)) {
+ $retval .= sprintf($LANG_SECTEST['not_sure'], $retval, $msg);
$failed_tests++;
} else {
- $retval = $retcode;
+ $retval .= $retcode;
}
return $retval;
@@ -147,14 +163,14 @@
* @return boolean true: success; false: file creation failed
*
*/
-function makeTempfile ($file)
+function makeTempfile($file)
{
$retval = false;
- $tempfile = @fopen ($file, 'w');
+ $tempfile = @fopen($file, 'w');
if ($tempfile) {
$retval = true;
- fclose ($tempfile);
+ fclose($tempfile);
}
return $retval;
@@ -169,19 +185,19 @@
* @return string test result as a list item
*
*/
-function doTest ($baseurl, $urltocheck, $what)
+function doTest($baseurl, $urltocheck, $what)
{
global $failed_tests;
$retval = '';
$retval .= '<li>';
- $retcode = doHeadRequest ($baseurl . $urltocheck, $errmsg);
+ $retcode = doHeadRequest($baseurl . $urltocheck, $errmsg);
if ($retcode == 777) {
$retval .= $errmsg;
$failed_tests++;
} else {
- $retval .= interpretResult ($retcode, $what);
+ $retval .= interpretResult($retcode, $what);
}
$retval .= '</li>' . LB;
@@ -196,33 +212,34 @@
* @return string text explaining the result of the test
*
*/
-function checkInstallDir ()
+function checkInstallDir()
{
- global $_CONF, $failed_tests;
+ global $_CONF, $LANG_SECTEST, $failed_tests;
$retval = '';
// we don't have the path to the admin directory, so try to figure it out
// from $_CONF['site_admin_url']
$adminurl = $_CONF['site_admin_url'];
- if (strrpos ($adminurl, '/') == strlen ($adminurl)) {
- $adminurl = substr ($adminurl, 0, -1);
+ if (strrpos($adminurl, '/') == strlen($adminurl)) {
+ $adminurl = substr($adminurl, 0, -1);
}
- $pos = strrpos ($adminurl, '/');
+ $pos = strrpos($adminurl, '/');
if ($pos === false) {
// only guessing ...
$installdir = $_CONF['path_html'] . 'admin/install';
} else {
- $installdir = $_CONF['path_html'] . substr ($adminurl, $pos + 1)
+ $installdir = $_CONF['path_html'] . substr($adminurl, $pos + 1)
. '/install';
}
- if (is_dir ($installdir)) {
- $retval .= '<li>You should really remove the install directory <b>' . $installdir .'</b> once you have your site up and running without any errors.';
- $retval .= ' Keeping it around would allow malicious users the ability to destroy your current install, take over your site, or retrieve sensitive information.</li>';
+ if (is_dir($installdir)) {
+ $retval .= '<li>' . sprintf($LANG_SECTEST['remove_inst'],
+ '<b>' . $installdir . '</b>') . ' '
+ . $LANG_SECTEST['remove_inst2'] . '</li>';
$failed_tests++;
} else {
- $retval .= '<li>Good! You seem to have removed the install directory already.</li>';
+ $retval .= '<li>' . $LANG_SECTEST['inst_removed'] . '</li>';
}
return $retval;
@@ -237,9 +254,9 @@
* @return string text explaining the result of the test
*
*/
-function checkDefaultPassword ()
+function checkDefaultPassword()
{
- global $_TABLES, $failed_tests;
+ global $_TABLES, $LANG_SECTEST, $failed_tests;
$retval = '';
@@ -259,76 +276,87 @@
}
}
if ($pwdRoot > 0) {
- $retval .= '<li>You still have not changed the <strong>default password</strong> from "password" on ' . $pwdRoot . ' Root user account(s).';
More information about the geeklog-cvs
mailing list