Commit 1665b419 authored by Hugh Davenport's avatar Hugh Davenport Committed by Gerrit Code Review
Browse files

Merge "Add admin warning for entropy_length (bug #888424)"

parents bb88eaa7 c7a0ed9a
......@@ -127,3 +127,4 @@ $string['themenameinvalid'] = "The name of the theme '%s' contains invalid chara
$string['timezoneidentifierunusable'] = 'PHP on your website host does not return a useful value for the timezone identifier (%%z) - certain date formatting, such as the Leap2A export, will be broken. %%z is a PHP date formatting code. This problem is usually due to a limitation in running PHP on Windows.';
$string['postmaxlessthanuploadmax'] = 'Your PHP post_max_size setting (%s) is smaller than your upload_max_filesize setting (%s). Uploads larger than %s will fail without displaying an error. Usually, post_max_size should be much larger than upload_max_filesize.';
$string['smallpostmaxsize'] = 'Your PHP post_max_size setting (%s) is very small. Uploads larger than %s will fail without displaying an error.';
$string['notenoughsessionentropy'] = 'Your PHP session.entropy_length setting is too small. Set it to at least 16 in your php.ini to ensure that generated session IDs are random and unpredictable enough.';
......@@ -1178,6 +1178,11 @@ function site_warnings() {
$warnings[] = get_string('timezoneidentifierunusable', 'error');
}
// Check for low security (i.e. not random enough) session IDs
if ((int)ini_get('session.entropy_length') < 16) {
$warnings[] = get_string('notenoughsessionentropy', 'error');
}
// Check file upload settings.
$postmax = ini_get('post_max_size');
$uploadmax = ini_get('upload_max_filesize');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment