// http://lists.horde.org/archives/imp/Week-of-Mon-20030113/029149.html
$conf['cookie']['path'] = '/horde';
+// Disable the test script (horde/test.php)?
+$conf['testdisable'] = false;
+
// YOU SHOULDN'T CHANGE ANTHING BELOW THIS LINE.
$conf['debug_level'] = E_ALL & ~E_NOTICE;
$conf['umask'] = 077;
<configinteger name="umask" octal="true" desc="What umask should we run
with? This will affect the permissions on any temporary files that are
created. This value is an integer.">077</configinteger>
+ <configboolean name="testdisable" desc="Disable the test script
+ (horde/test.php)?">false</configboolean>
<configstring name="tmpdir" required="false" desc="If you want to use a
temporary directory other than the system default or the one specified in
php's upload_tmp_dir value, enter it here."/>
The ``test.php`` files provide a wealth of information that can be used
against the site by attackers. One you have confirmed that everything is
-working, you should disable access to the test.php files. You can do this via
-the web server, or via system file permissions. On a unix system, you might
-issue a command such as::
-
-$ chmod a-rwx /home/httpd/html/horde/test.php
-$ chmod a-rwx /home/httpd/html/horde/*/test.php
+working, you should disable access to the test.php files, which can be done by
+setting 'testdisable' to true in the Horde configuration.
Preventing Apache from serving configuration and source files
require_once dirname(__FILE__) . '/lib/Application.php';
$api = new Horde_Application(array('authentication' => 'none'));
+if (!empty($conf['testdisable'])) {
+ echo '<h2 style="color:red">Horde test scripts have been disabled in the local configuration.</h2>';
+ exit;
+}
+
/* We should have loaded the String class, from the Horde_Util package. If it
* isn't defined, then we're not finding some critical libraries. */
if (!class_exists('Horde_String')) {
- echo '<br /><h2 style="color:red">Required Horde libraries were not found. If PHP\'s error_reporting setting is high enough and display_errors is on, there should be error messages printed above that may help you in debugging the problem. If you are simply missing these files, then you need to install the framework module.</h2>';
+ echo '<h2 style="color:red">Required Horde libraries were not found. If PHP\'s error_reporting setting is high enough and display_errors is on, there should be error messages printed above that may help you in debugging the problem. If you are simply missing these files, then you need to install the framework module.</h2>';
exit;
}
/* Initialize the Horde_Test:: class. */
if (!class_exists('Horde_Test')) {
/* Try and provide enough information to debug the missing file. */
- echo '<br /><h2 style="color:red">Unable to find the Horde_Test library. Your Horde installation may be missing critical files, or PHP may not have sufficient permissions to include files. There may be error messages printed above this message that will help you in debugging the problem.</h2>';
+ echo '<h2 style="color:red">Unable to find the Horde_Test library. Your Horde installation may be missing critical files, or PHP may not have sufficient permissions to include files. There may be error messages printed above this message that will help you in debugging the problem.</h2>';
exit;
}
projects / horde.git / commitdiff