Thanks guys. I think I'm going to use it because I have my own dedicated server. I think in general I should probably make more use of libraries et al. Today I've been through every single function reference section from .NET to Zlib deciding whether I want it or not and creating a really simple test case so that I can synchronize production and development server and test any new builds I do. Have a look
Code: Select all
<?php
ini_set('display_errors', true);
error_reporting(E_ALL | E_STRICT);
define('PRODUCTION', trim(`hostname`) === 'production');
$tests = $errors = $failures = 0;
function attest($actual, $expected, $strict = true)
{
static $file = null;
if (!$file) {
$file = file(__FILE__);
}
$GLOBALS['tests']++;
$result = $strict ? $actual === $expected : $actual == $expected;
if ($result === false) {
$GLOBALS['failures']++;
$bt = debug_backtrace();
do {
$current = array_pop($bt);
} while (is_array($current) && $current['function'] !== __FUNCTION__);
$line = $current['line'];
$code = array();
preg_match('~attest\((.*),.*\)~s', $file[$line - 1], $code);
$code = $code[1];
$expected = var_export($expected, true);
$actual = var_export($actual, true);
echo "Attestment failed [$line]: Expected $expected from $code but got $actual\n";
}
}
function errorHandle($errorCode, $str, $file, $line)
{
$GLOBALS['errors']++;
echo "Error occured [$line]: $str\n";
}
echo 'Server test, being performed by ' . __FILE__ . ':';
echo "\n-----------------------------------------------\n";
set_error_handler('errorHandle');
runTests();
restore_error_handler();
echo "\n$tests tests completed: $failures failures and $errors errors\n\n";
function runTests()
{
if (PRODUCTION) {
attest(version_compare(PHP_VERSION, "5.2.3"), 0);
} else {
attest(version_compare(PHP_VERSION, "5.1.2"), 0);
}
attest(ini_get('register_globals'), false, false);
attest(ini_get('apc.enabled'), PRODUCTION, false);
attest(ini_get('short_open_tag'), !PRODUCTION, false);
attest(ini_get('log_errors'), PRODUCTION, false);
attest(function_exists('spl_classes'), true);
attest(function_exists('bcadd'), true);
attest(function_exists('cal_days_in_month'), true);
attest(function_exists('ctype_alnum'), true);
attest(function_exists('curl_init'), true);
attest(function_exists('dio_open'), false);
attest(function_exists('dbx_connect'), false);
attest(function_exists('dbm_open'), false);
attest(function_exists('dbase_open'), false);
attest(function_exists('dba_open'), false);
attest(function_exists('dbplus_add'), false);
attest(function_exists('cyrus_query'), false);
attest(function_exists('cyrus_query'), false);
attest(function_exists('cybermut_testmac'), false);
attest(function_exists('cybercash_encr'), false);
attest(function_exists('crack_check'), false); // may add this later
attest(class_exists('DOMDocument'), true);
attest(function_exists('domxml_open_file'), false); // an old extension that shouldn't be kept arround
attest(function_exists('exif_imagetype'), true);
attest(function_exists('expect_expectl'), false); // possibly dangerous
attest(function_exists('expect_popen'), false);
attest(function_exists('fam_open'), false);
attest(function_exists('fdf_open'), false);
attest(function_exists('finfo_open'), false);
attest(function_exists('filepro'), false);
attest(function_exists('filter_var'), true); // useful
attest(function_exists('ibase_connect'), false);
attest(function_exists('fbsql_connect'), false);
attest(function_exists('ftp_connect'), true);
attest(function_exists('geoip_id_by_name'), false);
attest(function_exists('gettext'), true);
attest(function_exists('gmp_init'), false);
attest(function_exists('gnupg_encrypt'), false);
attest(function_exists('gopher_parsedir'), false);
attest(class_exists('HaruDoc'), false);
attest(function_exists('hash'), true); // does no harm, usually I'll use mhash though
attest(class_exists('HttpMessage'), false);
attest(function_exists('hw_Connect'), false);
attest(class_exists('HW_API'), false);
attest(function_exists('db2_connect'), false);
attest(function_exists('icap_open'), false);
attest(function_exists('iconv'), true);
attest(function_exists('id3_set_tag'), false);
attest(function_exists('iis_add_server'), false);
attest(function_exists('imagecreatetruecolor'), true);
attest(function_exists('imagegd2'), true);
attest(function_exists('imagegif'), true);
attest(function_exists('imagepng'), true);
attest(function_exists('imagejpeg'), true);
attest(function_exists('imagettftext'), true);
attest(function_exists('imagefilter'), true);
attest(class_exists('Imagick'), false);
attest(function_exists('imap_open'), false);
attest(function_exists('ifx_connect'), false);
attest(function_exists('ingres_connect'), false);
attest(function_exists('ircg_pconnect'), false);
attest(function_exists('json_encode'), PRODUCTION);
attest(function_exists('kadm5_init_with_password'), false);
attest(function_exists('ldap_connect'), true);
attest(function_exists('libxml_clear_errors'), false);
attest(function_exists('notes_body'), false);
attest(function_exists('lzf_compress'), false);
attest(function_exists('mail'), !PRODUCTION);
attest(function_exists('mailparse_msg_create'), false);
attest(function_exists('maxdb_character_set_name'), false);
attest(function_exists('mcal_open'), false); // could be useful later however
attest(function_exists('mcrypt_encrypt'), PRODUCTION);
attest(class_exists('Memcache'), PRODUCTION);
attest(function_exists('mhash'), PRODUCTION);
attest(function_exists('mime_content_type'), false);
attest(class_exists('SWFAction'), false); // could be useful later however
attest(function_exists('udm_add_search_limit'), false);
attest(function_exists('mssql_connect'), false);
attest(function_exists('msession_connect'), false);
attest(function_exists('msql_connect'), false);
attest(function_exists('mb_substr'), true);
attest(function_exists('muscat_get'), false);
attest(function_exists('mysql_connect'), true);
attest(class_exists('mysqli'), true);
attest(function_exists('ncurses_init'), false); // interesting though
attest(function_exists('newt_init'), false); // also interesting
attest(function_exists('nsapi_virtual'), false);
attest(function_exists('aggregate'), false);
attest(function_exists('overload'), false);
attest(function_exists('oci_connect'), false);
attest(function_exists('odbc_connect'), false);
attest(function_exists('openal_context_create'), false);
attest(function_exists('openssl_open'), true);
attest(function_exists('ora_exec'), false);
attest(function_exists('ovrimos_exec'), false);
attest(function_exists('px_create_fp'), false);
attest(function_exists('parsekit_compile_file'), false);
attest(function_exists('pcntl_exec'), false);
attest(function_exists('preg_match'), true);
attest(function_exists('PDF_activate_item'), false);
attest(class_exists('PDO'), true);
attest(class_exists('Phar'), true);
attest(function_exists('posix_access'), false); // dangerous
attest(function_exists('pg_connect'), false);
attest(function_exists('printer_open'), false);
attest(function_exists('recode'), false); // iconv and mbstring are better
attest(function_exists('ps_new'), false);
attest(function_exists('pspell_check'), false);
attest(function_exists('qdom_tree'), false);
attest(function_exists('radius_acct_open'), false);
attest(function_exists('rar_open'), false);
attest(function_exists('readline'), false);
attest(function_exists('rpm_open'), false);
attest(function_exists('runkit_lint'), false);
attest(class_exists('SAMConnection'), false);
attest(function_exists('satellite_object_to_string'), false);
attest(class_exists('SDO_DataFactory'), false);
attest(class_exists('SDO_DAS_XML'), false);
attest(class_exists('SDO_DAS_Relational'), false);
attest(function_exists('sem_acquire'), false);
attest(function_exists('sesam_connect'), false);
attest(function_exists('session_pgsql_get_field'), false);
attest(function_exists('shmop_open'), false);
attest(function_exists('simplexml_load_file'), true);
attest(class_exists('SoapServer'), false);
attest(function_exists('socket_accept'), false);
attest(function_exists('sqlite_exec'), true);
attest(function_exists('ssh2_connect'), false);
attest(function_exists('stats_variance'), false);
attest(function_exists('swf_viewport'), false);
attest(class_exists('Swish'), false);
attest(function_exists('sybase_query'), false);
attest(function_exists('tcpwrap_check'), false);
attest(class_exists('tidyNode'), false);
attest(function_exists('token_get_all'), true);
attest(function_exists('pfpro_init'), false);
attest(function_exists('vpopmail_alias_add'), false);
attest(function_exists('wddx_add_vars'), false);
attest(function_exists('xattr_set'), false);
attest(function_exists('xdiff_file_diff'), false);
attest(function_exists('xml_parse'), false);
attest(function_exists('xmlrpc_encode'), false);
attest(class_exists('XMLReader'), false);
attest(class_exists('XMLWriter'), false);
attest(class_exists('XSLTProcessor'), true);
attest(function_exists('xslt_create'), false);
attest(function_exists('yaz_connect'), false);
attest(function_exists('yp_all'), false);
attest(function_exists('zip_open'), true);
attest(function_exists('gzopen'), false);
// these function should be installed but disabled by default:
attest(function_exists('ereg_replace'), false);
attest(function_exists('ereg'), false);
attest(function_exists('eregi_replace'), false);
attest(function_exists('eregi'), false);
attest(function_exists('split'), false);
attest(function_exists('spliti'), false);
attest(function_exists('sql_regcase'), false);
attest(function_exists('escapeshellarg'), false);
attest(function_exists('escapeshellcmd'), false);
attest(function_exists('exec'), false);
attest(function_exists('passthru'), false);
attest(function_exists('proc_close'), false);
attest(function_exists('proc_get_status'), false);
attest(function_exists('proc_nice'), false);
attest(function_exists('proc_open'), false);
attest(function_exists('proc_terminate'), false);
attest(function_exists('shell_exec'), false);
attest(function_exists('system'), false);
$diff = array_diff(stream_get_filters(), array(
'string.toupper', 'string.tolower',
'string.base64', 'string.quoted-printable',
));
attest(empty($diff), true);
// probably need more gd attestations
}
It's not finished yet I'm going to go through the whole of appendix i and write attestations for the most secure PHP environment by default. You know having gone into this in detail I now think there is actually enough scope to write a book on PHP configuration alone. Not that I'm going to do I'm not really an expert in this field.