dvwa updated

dvwa/security.php

@@ -62,8 +62,17 @@ foreach( array( 'low', 'medium', 'high', 'impossible' ) as $securityLevel ) {
 }
 
 $phpIdsHtml = 'PHPIDS is currently: ';
+
+// Able to write to the PHPIDS log file?
+$WarningHtml = '';
+
 if( dvwaPhpIdsIsEnabled() ) {
 	$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">Disable PHPIDS</a>]';
+
+	# Only check if PHPIDS is enabled
+	if( !is_writable( $PHPIDSPath ) ) {
+		$WarningHtml .= "<div class=\"warning\"><em>Cannot write to the PHPIDS log file</em>: ${PHPIDSPath}</div>";
+	}
 }
 else {
 	$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">Enable PHPIDS</a>]';
@@ -72,13 +81,6 @@ else {
 // Anti-CSRF
 generateSessionToken();
 
-// Able to write to the PHPIDS log file?
-$WarningHtml = '';
-if( !is_writable( $PHPIDSPath ) ) {
-	$WarningHtml .= "<div class=\"warning\"><em>Cannot write to the PHPIDS log file</em>: ${PHPIDSPath}</div>";
-}
-
-
 $page[ 'body' ] .= "
 <div class=\"body_padded\">
 	<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\" /></h1>
@@ -96,7 +98,7 @@ $page[ 'body' ] .= "
 			<li> Medium - This setting is mainly to give an example to the user of <em>bad security practices</em>, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.</li>
 			<li> High - This option is an extension to the medium difficulty, with a mixture of <em>harder or alternative bad practices</em> to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.</li>
 			<li> Impossible - This level should be <em>secure against all vulnerabilities</em>. It is used to compare the vulnerable source code to the secure source code.<br />
-				Priority to DVWA v1.9, this level was known as 'high'.</li>
+				Prior to DVWA v1.9, this level was known as 'high'.</li>
 		</ol>
 		<select name=\"security\">
 			{$securityOptionsHtml}