1
<?php
2

3
/**
4
 * Noncritical PHP configuration checks.
5
 *
6
 * For critical checks, see @{class:PhabricatorPHPPreflightSetupCheck}.
7
 */
8
final class PhabricatorPHPConfigSetupCheck extends PhabricatorSetupCheck {
9

10
  public function getDefaultGroup() {
11
    return self::GROUP_PHP;
12
  }
13

14
  protected function executeChecks() {
15

16
    if (empty($_SERVER['REMOTE_ADDR'])) {
17
      $doc_href = PhabricatorEnv::getDoclink('Configuring a Preamble Script');
18

19
      $summary = pht(
20
        'You likely need to fix your preamble script so '.
21
        'REMOTE_ADDR is no longer empty.');
22

23
      $message = pht(
24
        'No REMOTE_ADDR is available, so this server cannot determine the '.
25
        'origin address for requests. This will prevent the software from '.
26
        'performing important security checks. This most often means you '.
27
        'have a mistake in your preamble script. Consult the documentation '.
28
        '(%s) and double-check that the script is written correctly.',
29
        phutil_tag(
30
          'a',
31
          array(
32
            'href' => $doc_href,
33
            'target' => '_blank',
34
            ),
35
          pht('Configuring a Preamble Script')));
36

37
      $this->newIssue('php.remote_addr')
38
        ->setName(pht('No REMOTE_ADDR available'))
39
        ->setSummary($summary)
40
        ->setMessage($message);
41
    }
42

43
    if (version_compare(phpversion(), '7', '>=')) {
44
      // This option was removed in PHP7.
45
      $raw_post_data = -1;
46
    } else {
47
      $raw_post_data = (int)ini_get('always_populate_raw_post_data');
48
    }
49

50
    if ($raw_post_data != -1) {
51
      $summary = pht(
52
        'PHP setting "%s" should be set to "-1" to avoid deprecation '.
53
        'warnings.',
54
        'always_populate_raw_post_data');
55

56
      $message = pht(
57
        'The "%s" key is set to some value other than "-1" in your PHP '.
58
        'configuration. This can cause PHP to raise deprecation warnings '.
59
        'during process startup. Set this option to "-1" to prevent these '.
60
        'warnings from appearing.',
61
        'always_populate_raw_post_data');
62

63
      $this->newIssue('php.always_populate_raw_post_data')
64
        ->setName(pht('Disable PHP %s', 'always_populate_raw_post_data'))
65
        ->setSummary($summary)
66
        ->setMessage($message)
67
        ->addPHPConfig('always_populate_raw_post_data');
68
    }
69

70
    if (!extension_loaded('mysqli')) {
71
      $summary = pht(
72
        'Install the MySQLi extension to improve database behavior.');
73

74
      $message = pht(
75
        'PHP is currently using the very old "mysql" extension to interact '.
76
        'with the database. You should install the newer "mysqli" extension '.
77
        'to improve behaviors (like error handling and query timeouts).'.
78
        "\n\n".
79
        'This software will work with the older extension, but upgrading to '.
80
        'the newer extension is recommended.'.
81
        "\n\n".
82
        'You may be able to install the extension with a command like: %s',
83

84
        // NOTE: We're intentionally telling you to install "mysqlnd" here; on
85
        // Ubuntu, there's no separate "mysqli" package.
86
        phutil_tag('tt', array(), 'sudo apt-get install php5-mysqlnd'));
87

88
      $this->newIssue('php.mysqli')
89
        ->setName(pht('MySQLi Extension Not Available'))
90
        ->setSummary($summary)
91
        ->setMessage($message);
92
    } else if (!defined('MYSQLI_ASYNC')) {
93
      $summary = pht(
94
        'Configure the MySQL Native Driver to improve database behavior.');
95

96
      $message = pht(
97
        'PHP is currently using the older MySQL external driver instead of '.
98
        'the newer MySQL native driver. The older driver lacks options and '.
99
        'features (like support for query timeouts) which allow this server '.
100
        'to interact better with the database.'.
101
        "\n\n".
102
        'This software will work with the older driver, but upgrading to the '.
103
        'native driver is recommended.'.
104
        "\n\n".
105
        'You may be able to install the native driver with a command like: %s',
106
        phutil_tag('tt', array(), 'sudo apt-get install php5-mysqlnd'));
107

108

109
      $this->newIssue('php.myqlnd')
110
        ->setName(pht('MySQL Native Driver Not Available'))
111
        ->setSummary($summary)
112
        ->setMessage($message);
113
    }
114

115

116
    if (extension_loaded('mysqli')) {
117
      $infile_key = 'mysqli.allow_local_infile';
118
    } else {
119
      $infile_key = 'mysql.allow_local_infile';
120
    }
121

122
    if (ini_get($infile_key)) {
123
      $summary = pht(
124
        'Disable unsafe option "%s" in PHP configuration.',
125
        $infile_key);
126

127
      $message = pht(
128
        'PHP is currently configured to honor requests from any MySQL server '.
129
        'it connects to for the content of any local file.'.
130
        "\n\n".
131
        'This capability supports MySQL "LOAD DATA LOCAL INFILE" queries, but '.
132
        'allows a malicious MySQL server read access to the local disk: the '.
133
        'server can ask the client to send the content of any local file, '.
134
        'and the client will comply.'.
135
        "\n\n".
136
        'Although it is normally difficult for an attacker to convince '.
137
        'this software to connect to a malicious MySQL server, you should '.
138
        'disable this option: this capability is unnecessary and inherently '.
139
        'dangerous.'.
140
        "\n\n".
141
        'To disable this option, set: %s',
142
        phutil_tag('tt', array(), pht('%s = 0', $infile_key)));
143

144
      $this->newIssue('php.'.$infile_key)
145
        ->setName(pht('Unsafe PHP "Local Infile" Configuration'))
146
        ->setSummary($summary)
147
        ->setMessage($message)
148
        ->addPHPConfig($infile_key);
149
    }
150

151
  }
152

153
}
154

155