First off, a new build of PHPSecInfo is out: Version 0.1.2, build 20061218. Here’s what’s new:
Code is now licensed under “New BSD” license. See LICENSE
Added PhpSecInfo_Test_Core_Allow_Url_Include to test for allow_url_include in PHP5.2 and above
fix bug in post_max_size check where upload_max_size value was being checked
change curl file_support test to recommend upgrading to newest version of PHP rather than disabling support in cURL for ‘file://’ protocol
removed =& calls that force pass by reference in PHP4, so as to not throw PHP5 STRICT notices. It means passing objects by value in PHP4, but this seems acceptable for our purposes (memory usage isn’t terribly high).
Fixed bug in PhpSecInfo_Test_Session_Use_Trans_Sid where wrong ini key was requested (Thanks Mark Wallert)
New, detailed README file with explanations and basic usage instructions - Now providing an md5 hash for releases
Here’s what I’m planning to do in the next few releases:
- More detailed test results, including the current and recommended settings
- A web-based “glossary” with more details on each test & how to fix problems
- More tests!!! I especially need your help with this one!
I’m also going to look into options to reformat the test result structure, so it plays more nicely with templating systems. No promises on how this will go, but we’ll see.
[tags]phpsecinfo, php, security, audit, tool[/tags]