diff options
| -rw-r--r-- | backend.php | 13 | ||||
| -rw-r--r-- | config.php-dist | 4 | ||||
| -rw-r--r-- | sanity_check.php | 13 |
3 files changed, 28 insertions, 2 deletions
diff --git a/backend.php b/backend.php index 482874d21..8acf26868 100644 --- a/backend.php +++ b/backend.php @@ -4120,11 +4120,20 @@ function check_configuration_variables() { if (!defined('SESSION_EXPIRE_TIME')) { - return "SESSION_EXPIRE_TIME is undefined"; + return "config: SESSION_EXPIRE_TIME is undefined"; } if (SESSION_EXPIRE_TIME < 60) { - return "SESSION_EXPIRE_TIME is too low (less than 60)"; + return "config: SESSION_EXPIRE_TIME is too low (less than 60)"; + } + + if (SESSION_EXPIRE_TIME < SESSION_COOKIE_LIFETIME_REMEMBER) { + return "config: SESSION_EXPIRE_TIME should be greater or equal to" . + "SESSION_COOKIE_LIFETIME_REMEMBER"; + } + + if (defined('DISABLE_SESSIONS') && DISABLE_SESSIONS) { + return "config: you have enabled DISABLE_SESSIONS. Please disable this option."; } return false; diff --git a/config.php-dist b/config.php-dist index 94437041a..fa7376af7 100644 --- a/config.php-dist +++ b/config.php-dist @@ -119,5 +119,9 @@ // Hard expiration limit for sessions. Should be // >= SESSION_COOKIE_LIFETIME_REMEMBER + define('CONFIG_VERSION', 1); + // Expected config version. Please updated this option in config.php + // if necessary (after migrating all new options from this file). + // vim:ft=php ?> diff --git a/sanity_check.php b/sanity_check.php index 21fc08199..e8b1ca34c 100644 --- a/sanity_check.php +++ b/sanity_check.php @@ -1,10 +1,19 @@ <? + define('EXPECTED_CONFIG_VERSION', 1); + if (!file_exists("config.php")) { print "<b>Fatal Error</b>: You forgot to copy <b>config.php-dist</b> to <b>config.php</b> and edit it."; exit; } + if (CONFIG_VERSION != EXPECTED_CONFIG_VERSION) { + print "<b>Fatal Error</b>: Your configuration file has + wrong version. Please copy new options from <b>config.php-dist</b> and + update CONFIG_VERSION directive."; + exit; + } + if (!file_exists("magpierss/rss_fetch.inc")) { print "<b>Fatal Error</b>: You forgot to place <a href=\"http://magpierss.sourceforge.net\">MagpieRSS</a> @@ -13,6 +22,10 @@ exit; } + if (CONFIG_VERSION != EXPECTED_CONFIG_VERSION) { + return "config: your config file version is incorrect. See config.php-dist."; + } + if (file_exists("xml-export.php") || file_exists("xml-import.php")) { print "<b>Fatal Error</b>: XML Import/Export tools (<b>xml-export.php</b> and <b>xml-import.php</b>) could be used maliciously. Please remove them |