Error for deprecated directives like "magic_quotes_gpc"
steffenweber opened this issue · 5 comments
I'm using the latest version of iniscan and PHP 5.5. My php.ini file does not contain any deprecated directives but iniscan reports errors for them (I've filed a similar issue last year: #47).
$ vendor/bin/iniscan scan
== Executing INI Scan [08.11.2014 07:11:55] ==
Results for /etc/php/cli-php5.5/php.ini:
============
Status | Severity | PHP Version | Key | Description
----------------------------------------------------------------------
...
FAIL | ERROR | | magic_quotes_gpc | Magic quotes automatically adds quotes to incoming data ('Off' recommended)
FAIL | ERROR | | magic_quotes_runtime | Magic quotes should be disabled at runtime in addition to being off for incoming data
...
FAIL | ERROR | | safe_mode | It's not actually 'safe' ('Off' recommended)
...
19 passing
5 failure(s) and 13 warnings
Where in the source code does iniscan check if a configuration directive exists in php.ini?
The problem is that in Psecio\Iniscan\Operation\OperationEquals::execute for the magic_quotes_gpc rule $found is false but $value is 0.
Hmm, weird...is the evaluation (casting) not working correctly for it? Or is it just that the check is failing since it's deprecated?
The code in Psecio\Iniscan\Cast::castValue does not implement casting false to 0.
It works if I change
if ($value === 'Off' || $value === '' || $value === 0 || $value === '0') {
$casted = 0;
}
to
if ($value === 'Off' || $value === '' || $value === 0 || $value === '0' || $value === false) {
$casted = 0;
}
I do not know the iniscan code well enough to decide if this is the correct fix.
Hah, go figure that the most obvious check (== false) would be the one left off. I'll check this one and see how the tests behave if it's changed. Thanks for the update.