Curiouser and curiouser...
I turned off Pear, and now get the regular security test to run. I modified sectest.php to hardcode the slash, as follows:
Text Formatted Code
$urls = array
(
array ('/db-config.php', 'db-config.php'),
array ('/logs/error.log', 'logs directory'),
array ('/plugins/staticpages/functions.inc', 'plugins directory'),
array ('/system/lib-security.php', 'system directory')
);
foreach ($urls as $tocheck) {
$display .= doTest ($url, $tocheck[0], $tocheck[1]);
}
// Note: We're not testing the 'sql' and 'language' directories.
if (($_CONF['allow_mysqldump'] == 1) && ($_DB_dbms == 'mysql')) {
if (makeTempfile ('/' . $_CONF['backup_path'] . 'test.txt')) {
$display .= doTest ($url, '/backups/test.txt', 'backups directory');
@unlink ($_CONF['backup_path'] . 'test.txt');
} else {
$display .= '<li>Failed to create a temporary file in your backups directory. Check your directory permissions!</li>';
}
}
if (makeTempfile ('/' . $_CONF['path_data'] . 'test.txt')) {
$display .= doTest ($url, '/data/test.txt', 'data directory');
@unlink ($_CONF['path_data'] . 'test.txt');
} else {
$display .= '<li>Failed to create a temporary file in your data directory. Check your directory permissions!</li>';
}
Text Formatted Code
Results of the Security Check
Good! You seem to have removed the install directory already.
Your db-config.php is reachable from the web.
This is a security risk and should be fixed!
Your logs directory is reachable from the web.
This is a security risk and should be fixed!
Your plugins directory is reachable from the web.
This is a security risk and should be fixed!
Your system directory is reachable from the web.
This is a security risk and should be fixed!
Your backups directory is reachable from the web.
This is a security risk and should be fixed!
Your data directory is reachable from the web.
This is a security risk and should be fixed!
Good! You seem to have changed the default account password already.
I'll go searching for that now. If anyone sees this and knows what I'm on about, I would love to have some time saved.... :pray: