version=pmwiki-2.2.10 ordered=1 urlencoded=1
agent=Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7
author=Petko
charset=ISO-8859-1
csum=typo
ctime=1157492351
host=81.65.12.233
name=PmWiki.AnalyzeResults
rev=50
targets=PmWiki.SiteAnalyzer,PmWiki.AuthUser,PmWiki.GroupCustomizations,PmWiki.WebFeeds
text=(:Summary:Instructions and possible responses from using the Site Analyzer:)%0aThis page contains the instructions and possible responses from using the [[Site Analyzer]].%0a%0a----%0a[[#instructions]]%0a!!Instructions for site administrators%0a%0a# Download the [[(http://pmwiki.org/pmwiki/uploads/Cookbook/)analyze.php]] script and place it in your site's ''cookbook/'' directory.%0a%0a# Add the following lines to ''local/config.php'', changing $AnalyzeKey to a key to use for your site.%0a-->[@%0ainclude_once("$FarmD/cookbook/analyze.php");%0a$AnalyzeKey = 'secret';%0a@]%0a%0a# Fill in the form at the top of the [[PmWiki/site analyzer]] page with the url used to access your site and the value of $AnalyzeKey that you set in ''local/config.php''.%0a%0a# Press the "Analyze Site" button.%0a%0a# The PmWiki server will contact your site and report back with information on recommended configuration changes to your site and any vulnerabilities you may need to consider.%0a%0aChecking the "Allow pmwiki.org to save a copy of analysis results" box will save a copy of the analyzer results in a private (web inaccessible) section of the pmwiki.org server.  Having copies of results from many systems will help us to improve the analyzer and future configuration and security options for the PmWiki distribution.%0a%0a[[#SiteConfig_no_connection]]%0a'''Obtain site configuration ... no connection'''%0a%0aThe analyzer was unable to connect to the site.  This may be because the url was entered incorrectly, the site is behind a firewall, or is otherwise inaccessible to the pmwiki.org server.%0a%0a[[#SiteConfig_missing_analyzer]]%0a'''Obtain site configuration ... missing analyzer'''%0a%0aThe analyzer was able to reach the site, but the site did not respond to the [@?action=analyze@] request.  You may need to install the [[(http://www.pmwiki.org/pmwiki/uploads/Cookbook/)analyze.php]] script.  This script should go in the ''cookbook/'' directory, and then be enabled with%0a%0a->[@%0ainclude_once("$FarmD/cookbook/analyze.php");%0a$AnalyzeKey = 'secret';%0a@]%0a%0a%0a[[#SiteConfig_no_key]]%0a'''Obtain site configuration ... no key'''%0a%0aThe analyzer was able to contact the site, but the site does not appear to have an $AnalyzeKey set.%0a%0a%0a[[#SiteConfig_invalid_key]]%0a'''Obtain site configuration ... invalid key'''%0a%0aThe analyzer reached the [@?action=analyze@] request, but the key entered did not match the $AnalyzeKey on the remote site.%0a%0a%0a[[#SiteConfig_update]]%0a'''Obtain site configuration ... update'''%0a%0aA newer version of the [[(http://www.pmwiki.org/pmwiki/uploads/Cookbook/)analyze.php]] script is available -- you may wish to download it and re-run the analysis.%0a%0a%0a[[#FarmDGlobal_ok]]%0a'''$FarmD register_globals vulnerability ... ok'''%0a%0aYour site does not appear to have the $FarmD register globals vulnerability.%0a%0a[[#FarmDGlobal_vulnerable]]%0a'''$FarmD register_globals vulnerability ... vulnerable'''%0a%0aYour site appears to be vulnerable to the $FarmD register globals vulnerability.  This vulnerability is being actively exploited in the wild, so you should do one of the following at the earliest opportunity:%0a%0a* Upgrade to a version of PmWiki at least 2.1.22 or greater.%0a* Turn off register_globals in the php.ini or .htaccess file.%0a%0a[[#RecipeCheck_ok]]%0a'''Recipe versions ... ok'''%0a%0aAll of the cookbook recipes active at this url appear to be up-to-date.  Here's a list:%0a%0a(:recipetable:)%0a%0a[[#RecipeCheck_check]]%0a'''Recipe versions ... check'''%0a%0aThere appear to be some new versions of cookbook scripts'^*^' available.  Here's a list:%0a%0a(:recipetable:)%0a%0a'''* Note:''' Not all scripts reported here are necessarily installed.  This list includes all PHP scripts in the cookbook directory, regardless of whether they are ''included'' via config.php or not.  (PmWiki reports on all scripts in the cookbook directory because they may be conditionally included in certain configurations.)%0a%0a[[#AuthUserVulnerability_ok]]%0a'''AuthUser vulnerability ... ok'''%0a%0aYour site does not appear to have the AuthUser vulnerability.%0a%0a[[#AuthUserVulnerability_upgrade]]%0a'''AuthUser vulnerability ... upgrade'''%0a%0aYour site '''does not have''' the AuthUser vulnerability at the moment. You are, however, strongly encouraged to upgrade to PmWiki version 2.2.2 or later, as some future configuration of your hosting server might put you at risk.%0a%0a[[#AuthUserVulnerability_vulnerable]]%0a'''AuthUser vulnerability ... probably vulnerable'''%0a%0aYour site may be vulnerable to AuthUser vulnerability, if it relies on the core module [[AuthUser]] for User:Password authentication.  This vulnerability may be actively exploited in the wild, so you should do one of the following at the earliest opportunity:%0a%0a* Upgrade to a version of PmWiki at least 2.2.2 or greater.%0a* Turn on magic_quotes_gpc in the php.ini or .htaccess file.%0a%0a[[#ActionDiag_enabled]]%0a'''?action=diag ... enabled'''%0a%0aYour site is running with $EnableDiag set to 1, and others are able to perform [@?action=diag@] on your pages to get diagnostic information about your site.  While this isn't necessarily a bad thing ([[Path:?action=diag | pmwiki.org does it]]), it can show a lot of configuration information that you might not want to be publicly available.  %0a%0aYou may want to change ''local/config.php'' to have $EnableDiag=0 (PmWiki's default).  A useful alternative to setting $EnableDiag in ''local/config.php'' is to set it in a [[GroupCustomizations | per page customization]], so that ?action=diag is enabled only on a single page instead of the entire site.%0aTo provide additional security use%0a-> [@if (CondAuth($pagename, 'edit')) $EnableDiag = 1;@]%0a%0a[[#ScriptUrl_relative]]%0a'''$ScriptUrl setting ... relative'''%0a%0aYour site has the $ScriptUrl variable set to a relative url -- i.e., without a leading ''[=http://=]'' or ''[=https://=]'' prefix.  While this may appear to work in many situations, some web standards (e.g., [[web feeds]] and HTTP redirects) require the use of a fully-qualified (absolute) url.  You may want to update your setting of $ScriptUrl to use an absolute url instead of a relative one.%0a%0aIf you want PmWiki to use relative urls for its internal page links, try the $EnableLinkPageRelative setting.%0a%0a
time=1265622355