-
Notifications
You must be signed in to change notification settings - Fork 719
/
check_attachments_inc.php
119 lines (104 loc) · 4.09 KB
/
check_attachments_inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
# MantisBT - A PHP based bugtracking system
# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses constant_inc.php
* @uses utility_api.php
*/
if ( !defined( 'CHECK_ATTACHMENTS_INC_ALLOW' ) ) {
return;
}
/**
* MantisBT Check API
*/
require_once( 'check_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'utility_api.php' );
check_print_section_header_row( 'Attachments' );
$t_file_uploads_allowed = config_get_global( 'allow_file_upload' );
check_print_info_row(
'File uploads are allowed',
$t_file_uploads_allowed ? 'Yes' : 'No'
);
if( !$t_file_uploads_allowed ) {
return;
}
check_print_test_row(
'file_uploads php.ini directive is enabled',
ini_get_bool( 'file_uploads' ),
array( false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.' )
);
check_print_info_row(
'Maximum file upload size (per file)',
config_get_global( 'max_file_size' ) . ' bytes'
);
check_print_test_row(
'max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini',
config_get_global( 'max_file_size' ) <= ini_get_number( 'upload_max_filesize' ),
array( false => 'max_file_size is currently ' . htmlentities( config_get_global( 'max_file_size' ) ) . ' bytes which is greater than the limit of ' . htmlentities( ini_get_number( 'upload_max_filesize' ) ) . ' bytes imposed by the php.ini directive upload_max_filesize.' )
);
$t_use_xsendfile = config_get_global( 'file_download_xsendfile_enabled' );
check_print_info_row(
'<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled',
$t_use_xsendfile ? 'Yes' : 'No'
);
if( $t_use_xsendfile ) {
check_print_test_row(
'file_download_xsendfile_enabled = ON requires file_upload_method = DISK',
config_get_global( 'file_upload_method' ) == DISK,
array( false => 'X-Sendfile file downloading only works when files are stored on a disk.' )
);
$t_xsendfile_header_name = config_get_global( 'file_download_xsendfile_header_name' );
if( $t_xsendfile_header_name !== 'X-Sendfile' ) {
check_print_info_row(
'Alternative header name to use for X-Sendfile-like functionality',
$t_xsendfile_header_name
);
}
}
$t_finfo_exists = class_exists( 'finfo' );
check_print_test_warn_row(
'Fileinfo extension is available for determining file MIME types',
$t_finfo_exists,
array( false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.' )
);
if( $t_finfo_exists ) {
$t_fileinfo_magic_db_file = config_get_global( 'fileinfo_magic_db_file' );
if( $t_fileinfo_magic_db_file ) {
check_print_info_row(
'Name of magic.db file set with the fileinfo_magic_db_file configuration value',
config_get_global( 'fileinfo_magic_db_file' )
);
check_print_test_row(
'fileinfo_magic_db_file configuration value points to an existing magic.db file',
file_exists( $t_fileinfo_magic_db_file )
);
$t_finfo = new finfo( FILEINFO_MIME, $t_fileinfo_magic_db_file );
} else {
$t_finfo = new finfo( FILEINFO_MIME );
}
check_print_test_row(
'Fileinfo extension can find and load a valid magic.db file',
$t_finfo !== false,
array( false => 'Ensure that the fileinfo_magic_db_file configuration value points to a valid magic.db file.' )
);
}