Add a check at install to suggest setting session.cookie_httponly inside php.ini
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
parent
2328b2c871
commit
1de98223db
@ -124,6 +124,12 @@ if (extension_loaded('openssl')) {
|
||||
$messages[] = new Message('warning', __('Check','Consider enabling the PHP extension OpenSSL for increased security.'));
|
||||
}
|
||||
|
||||
if (ini_get('session.cookie_httponly') === '1') {
|
||||
$messages[] = new Message('info', __('Check', 'Cookies are served from HTTP only.'));
|
||||
} else {
|
||||
$messages[] = new Message('warning', __('Check', "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript."));
|
||||
}
|
||||
|
||||
// Datetime
|
||||
$timezone = ini_get('date.timezone');
|
||||
if (!empty($timezone)) {
|
||||
|
||||
@ -422,6 +422,8 @@
|
||||
"The config file exists.": "Amañ mañ ar restr kefnluniañ.",
|
||||
"The config file directory (%s) is writable.": "Gallout a raer skrivañ e kavlec'h ar restr kefluniañ (%s).",
|
||||
"OpenSSL extension loaded.": "Askouezh OpenSSL karget.",
|
||||
"Cookies are served from HTTP only.": "BR_Cookies are served from HTTP only.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "BR_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "Aliañ a reomp gweredekaat an askouezh OpenSSL evit ;uioc'h a surentez.",
|
||||
"date.timezone is set.": "Arventennet eo date.timezone.",
|
||||
"Consider setting the date.timezone in php.ini.": "Aliañ a reomp da lakaat date.timezone e php.ini.",
|
||||
|
||||
@ -423,6 +423,8 @@
|
||||
"The config file exists.": "Die Konfigurationsdatei existiert.",
|
||||
"The config file directory (%s) is writable.": "Die Konfigurationsdatei (%s) ist beschreibbar.",
|
||||
"OpenSSL extension loaded.": "Die OpenSSL-Erweiterung ist geladen.",
|
||||
"Cookies are served from HTTP only.": "DE_Cookies are served from HTTP only.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "DE_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "Ziehen Sie in Erwägung, für eine verbesserte Sicherheit die OpenSSL-Erweiterung zu aktivieren.",
|
||||
"date.timezone is set.": "date.timezone ist konfiguriert.",
|
||||
"Consider setting the date.timezone in php.ini.": "Ziehen Sie in Erwägung, date.timezone in php.ini zu konfigurieren.",
|
||||
|
||||
@ -430,6 +430,8 @@
|
||||
"The config file exists.": "The config file exists.",
|
||||
"The config file directory (%s) is writable.": "The config file directory (%s) is writable.",
|
||||
"OpenSSL extension loaded.": "OpenSSL extension loaded.",
|
||||
"Cookies are served from HTTP only.": "Cookies are served from HTTP only.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "Consider enabling the PHP extension OpenSSL for increased security.",
|
||||
"date.timezone is set.": "date.timezone is set.",
|
||||
"Consider setting the date.timezone in php.ini.": "Consider setting the date.timezone in php.ini.",
|
||||
|
||||
@ -424,6 +424,8 @@
|
||||
"The config file directory (%s) is writable.": "ES_Le dossier du fichier de configuration (%s) est accessible en écriture.",
|
||||
"OpenSSL extension loaded.": "ES_L'extension PHP OpenSSL est chargée.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "ES_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
|
||||
"Cookies are served from HTTP only.": "ES_Cookies are served from HTTP only.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "ES_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
|
||||
"date.timezone is set.": "ES_date.timezone est défini.",
|
||||
"Consider setting the date.timezone in php.ini.": "ES_Veuillez considérer la définition de date.timezone dans le php.ini.",
|
||||
"Check again": "ES_Vérifier à nouveau",
|
||||
|
||||
@ -430,6 +430,8 @@
|
||||
"The config file exists.": "Le fichier de configuration existe.",
|
||||
"The config file directory (%s) is writable.": "Le dossier du fichier de configuration (%s) est accessible en écriture.",
|
||||
"OpenSSL extension loaded.": "L'extension PHP OpenSSL est chargée.",
|
||||
"Cookies are served from HTTP only.": "Les cookies sont accessibles uniquement via HTTP.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Pensez à définir « session.cookie_httponly = 1 » dans votre fichier php.ini ou bien ajouter « php_value session.cookie_httponly 1 » à votre fichier .htaccess de telle sorte que les cookies ne puissent pas être accessibles depuis Javascript.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
|
||||
"date.timezone is set.": "date.timezone est défini.",
|
||||
"Consider setting the date.timezone in php.ini.": "Veuillez considérer la définition de date.timezone dans le php.ini.",
|
||||
|
||||
@ -423,7 +423,9 @@
|
||||
"The config file exists.": "IT_Le fichier de configuration existe.",
|
||||
"The config file directory (%s) is writable.": "IT_Le dossier du fichier de configuration (%s) est accessible en écriture.",
|
||||
"OpenSSL extension loaded.": "IT_L'extension PHP OpenSSL est chargée.",
|
||||
"Cookies are served from HTTP only.": "IT_Cookies are served from HTTP only.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "IT_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "IT_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
|
||||
"date.timezone is set.": "IT_date.timezone est défini.",
|
||||
"Consider setting the date.timezone in php.ini.": "IT_Veuillez considérer la définition de date.timezone dans le php.ini.",
|
||||
"Check again": "Verificare di nuovo",
|
||||
|
||||
@ -424,6 +424,8 @@
|
||||
"The config file directory (%s) is writable.": "De map van het configuratiebestand (%s) is schrijfbaar.",
|
||||
"OpenSSL extension loaded.": "PHP OpenSSL extensie opgeladen.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "Overweeg de activering van de PHP OpenSSL extensie om de veiligheid te verhogen.",
|
||||
"Cookies are served from HTTP only.": "NL_Cookies are served from HTTP only.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "NL_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
|
||||
"date.timezone is set.": "date.timezone is ingesteld.",
|
||||
"Consider setting the date.timezone in php.ini.": "Overweeg de instelling van date.timezone in het php.ini bestand.",
|
||||
"Check again": "Controleer opnieuw",
|
||||
|
||||
@ -424,6 +424,8 @@
|
||||
"The config file directory (%s) is writable.": "Lo dorsièr del fichièr de configuracion (%s) es accessible en escritura.",
|
||||
"OpenSSL extension loaded.": "L’extension PHP OpenSSL es cargada.",
|
||||
"Consider enabling the PHP extension OpenSSL for increased security.": "Mercés de pensar a activar l’extension PHP OpenSSL per milhorar la seguritat.",
|
||||
"Cookies are served from HTTP only.": "OC_Cookies are served from HTTP only.",
|
||||
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "OC_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
|
||||
"date.timezone is set.": "date.timezone es definit.",
|
||||
"Consider setting the date.timezone in php.ini.": "Mercés de far cas a la definicion de date.timezone dins lo php.ini.",
|
||||
"Check again": "Tornar verificar",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user