source: trunk/inc/security.inc.php

Last change on this file was 2, checked in by george, 14 years ago
  • Přidáno: Trunk revize 13719.
File size: 5.1 KB
Line 
1<?php
2
3 list ($iImpactLog, $iImpactBlock) = bx_sys_security_get_impact_threshold ();
4
5 if (-1 != $iImpactLog || -1 != $iImpactBlock) {
6
7 if (version_compare(phpversion(), '5.1.6', '>=')) {
8
9 set_include_path (
10 get_include_path()
11 . PATH_SEPARATOR
12 . BX_DIRECTORY_PATH_PLUGINS . 'phpids/'
13 );
14
15 require_once 'IDS/Init.php';
16 $request = array(
17 'REQUEST' => $_REQUEST,
18 'GET' => $_GET,
19 'POST' => $_POST,
20 'COOKIE' => $_COOKIE,
21 'PHP_SELF' => $_SERVER['PHP_SELF'],
22 );
23 $init = IDS_Init::init(BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/Config/Config.ini');
24 $init->config['General']['base_path'] = BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/';
25 $init->config['General']['use_base_path'] = true;
26 $init->config['General']['tmp_path'] = '../../../tmp/';
27 $init->config['Caching']['path'] = '../../../tmp/default_filter.cache';
28
29
30 if (defined('BX_SECURITY_JSON') && is_array($aBxSecurityJSON)) {
31 $init->config['General']['json'] = array_merge ($init->config['General']['json'], $aBxSecurityJSON);
32 }
33 $init->config['General']['json'] = array_merge($init->config['General']['json'], bx_sys_security_get_fields ('json'));
34
35
36 if (defined('BX_SECURITY_HTML') && is_array($aBxSecurityHTML)) {
37 $init->config['General']['html'] = array_merge ($init->config['General']['html'], $aBxSecurityHTML);
38 }
39 $init->config['General']['html'] = array_merge($init->config['General']['html'], bx_sys_security_get_fields ('html'));
40
41
42 if (defined('BX_SECURITY_EXCEPTIONS') && is_array($aBxSecurityExceptions)) {
43 $init->config['General']['exceptions'] = array_merge ($init->config['General']['exceptions'], $aBxSecurityExceptions);
44 }
45 $init->config['General']['exceptions'] = array_merge($init->config['General']['exceptions'], bx_sys_security_get_fields ('exceptions'));
46
47
48 $init->config['General']['HTML_Purifier_Path'] = BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
49 $init->config['General']['HTML_Purifier_Cache'] = '../../htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/';
50
51 $ids = new IDS_Monitor($request, $init);
52 $result = $ids->run();
53
54
55 if (!$result->isEmpty() && $result->getImpact() >= $iImpactLog) {
56
57 require_once( BX_DIRECTORY_PATH_CLASSES . "BxDolService.php" );
58 require_once( BX_DIRECTORY_PATH_INC . 'design.inc.php' );
59 require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' );
60 require_once( BX_DIRECTORY_PATH_INC . 'utils.inc.php' );
61 $s = (string)$result;
62 $s .= "\nREMOTE_ADDR: " . $_SERVER['REMOTE_ADDR'];
63 $s .= "\nHTTP_X_FORWARDED_FOR: " . $_SERVER['HTTP_X_FORWARDED_FOR'];
64 $s .= "\nHTTP_CLIENT_IP: " . $_SERVER['HTTP_CLIENT_IP'];
65 $s .= "\nSCRIPT_FILENAME: " . $_SERVER['SCRIPT_FILENAME'];
66 $s .= "\nQUERY_STRING: " . $_SERVER['QUERY_STRING'];
67 $s .= "\nREQUEST_URI: " . $_SERVER['REQUEST_URI'];
68 $s .= "\nQUERY_STRING: " . $_SERVER['QUERY_STRING'];
69 $s .= "\nSCRIPT_NAME: " . $_SERVER['SCRIPT_NAME'];
70 $s .= "\nPHP_SELF: " . $_SERVER['PHP_SELF'];
71 if ($result->getImpact() >= $iImpactBlock) {
72 sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' - security attack was stopped!', $s, 0, array(), 'text');
73 echo 'Possible security attack!!! All data has been collected and sent to the site owner for analysis.';
74 exit;
75 } else {
76 sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' - possible security attack!', $s, 0, array(), 'text');
77 }
78 }
79 } else {
80 echo 'Site security module is disabled, please upgrade to php 5.1.6 or higher to make your site secure.';
81 }
82 }
83
84 function bx_sys_security_get_fields ($sType) {
85 switch ($sType) {
86 case 'html':
87 case 'json':
88 case 'exceptions':
89 break;
90 default:
91 return array();
92 }
93
94 $sCacheFile = BX_DIRECTORY_PATH_CACHE . "db_sys_{$sType}_fields.php";
95 if (!file_exists($sCacheFile)) {
96 require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' );
97 $mixedVar = $GLOBALS['MySQL']->fromCache ("sys_{$sType}_fields", 'getOne', "SELECT `VALUE` FROM `sys_options` WHERE `Name` = 'sys_{$sType}_fields' LIMIT 1");
98 } else {
99 include $sCacheFile;
100 }
101 $mixedVar = unserialize ($mixedVar);
102 if (!$mixedVar || !is_array($mixedVar))
103 return array ();
104 $a = array ();
105 foreach ($mixedVar as $r)
106 $a = array_merge ($a, $r);
107 return $a;
108 }
109
110 function bx_sys_security_get_impact_threshold () {
111 $sCacheFile = BX_DIRECTORY_PATH_CACHE . "sys_options.php";
112 if (!file_exists($sCacheFile)) {
113 require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' );
114 return array (getParam('sys_security_impact_threshold_log'), getParam('sys_security_impact_threshold_block'));
115 } else {
116 include $sCacheFile;
117 }
118 return array ($mixedData['sys_security_impact_threshold_log'], $mixedData['sys_security_impact_threshold_block']);
119 }
120
121?>
Note: See TracBrowser for help on using the repository browser.