plugin-SecurityInfo icon indicating copy to clipboard operation
plugin-SecurityInfo copied to clipboard

verified publisher icon matomo-org

Metadata

Provides security information about your PHP environment and offers suggestions based on PhpSecInfo from the PHP Security Consortium.

Results 9 plugin-SecurityInfo issues
Sort by recently updated
recently updated
newest added

Look into adding a test for snuffleupagus

Suhosin is outdated and [this PR](https://github.com/matomo-org/plugin-SecurityInfo/pull/81) was created to remove it. [It was suggested](https://github.com/matomo-org/plugin-SecurityInfo/pull/81#issuecomment-1547296085) that we might want to test for [snuffleupagus](https://github.com/jvoisin/snuffleupagus) instead.

snake14 avatar snake14

Replace PhpSecInfo with something more modern

2 comment

As this is the most downloaded Matomo plugin and the description recommends using it > We highly recommend that all Matomo administrators enable the SecurityInfo plugin, and then view the...

Findus23 avatar Findus23

Add a second language with "en" by default

With this option, you can translate phpsecinfo with a second language Example, add "it" If a test code was translate with a new language line, "it" , then, the new...

ZerooCool avatar ZerooCool

Add a test version.php for PHP7.3

5 comment

The Json file https://github.com/ZerooCool/phpsecinfo/blob/phpsecinfo-zeroocool-v0.2.1/20070406-phpsecinfo-v0.2.1/.version.json The file version.php https://github.com/ZerooCool/phpsecinfo/blob/phpsecinfo-zeroocool-v0.2.1/20070406-phpsecinfo-v0.2.1/PhpSecInfo/Test/Core/version.php I change it for PHP 7.3 value.

ZerooCool avatar ZerooCool

SecurityInfo thinks my PHP is vulnerable because it's from Debian Stable

3 comment

I'm running PHP `5.6.9-0+deb8u1`, aka PHP 5.6.9 as packaged in Debian Stable ("Jessie", as of this writing). SecurityInfo wants me to update to PHP 5.6.11, but this isn't actually very...

strugee avatar strugee

bug

Check for upload_tmp_dir maybe broken

1 comment

DocumentRoot /var/www/piwik upload_tmp_dir /var/www/piwik_tmp (0700) phpsecinfo.com says "Pass upload_tmp_dir is enabled, which is the recommended setting. Make sure your upload_tmp_dir path is not world-readable Current Value: /var/www/piwik_tmp/ Recommended Value: A...

gittoar avatar gittoar

Check for save_path maybe broken

save_path /var/lib/php5 (1733) phpsecinfo.com says "Pass save_path is enabled, which is the recommended setting. Make sure your save_path path is not world-readable Current Value: /var/lib/php5 Recommended Value: A non-world readable/writable...

gittoar avatar gittoar

Check for user_id and group_id maybe broken

1 comment

User-ID: 33 Group-ID: 33 Yes, it is lower than 100 and therefore an issue but due to restrictions via PHP disable_functions the checks don't work via phpsecinfo.com, i.e. "Not Run...

gittoar avatar gittoar

Integrate PHP Secure Configuration Checker

Makes sense I think, see https://github.com/sektioneins/pcc/ > Check current PHP configuration for potential security flaws. > Simply access this file from your webserver or run on CLI.

tsteur avatar tsteur

enhancement

Metadata

22
Stars
17
Forks
Watchers

Owner

verified publisher icon matomo-org

Metadata

Provides security information about your PHP environment and offers suggestions based on PhpSecInfo from the PHP Security Consortium.

Back