Beispiel #1
0
 protected static function addAlert($type, $key, $message, $severity = 0, $save = false)
 {
     // If the severity is greater than 0, this alert can be tracked by the system to learn more about it.
     // This may be useful for diagnosing potential threats, or seeing where problems are frequently occuring.
     if ($severity > 0) {
         // Identify where the alert was called: the class, file, file line, etc.
         $backtrace = debug_backtrace();
         $origin = $backtrace[2];
         // Record the information discovered about the alert
         self::$debuggingInfo[] = array($message, isset($origin['class']) ? $origin['class'] . $origin['type'] : "", isset($origin['function']) ? $origin['function'] : "", isset($origin['args']) ? $origin['args'] : array(), $origin['file'], $backtrace[1]['line'], $severity, Me::$id);
         // If debug mode is verbose, display the alert information directly in the browser
         if (Debug::$verbose == 1 and Debug::$adminDisplay == false) {
             Debug::$adminDisplay = true;
             register_shutdown_function(array('Debug', 'run'));
         }
         // If Security_ThreatTracker mode is set to logging, log these results in the database for later review
         if (Security_ThreatTracker::$trackActivity == true and Security_ThreatTracker::$minSeverity <= $severity) {
             // Prepare Values
             $function = (isset($origin['class']) ? $origin['class'] . $origin['type'] : "") . (isset($origin['function']) ? $origin['function'] : "");
             $params = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : "";
             // Log the threat
             Security_ThreatTracker::log("activity", $severity, $message, array(), $function, $params, $origin['file'], $backtrace[1]['line']);
         }
     }
     // Now we can load the alert as intended for normal users:
     if ($save == false) {
         // This alert is a regular alert, and will only load on this page:
         switch ($type) {
             case "success":
                 self::$successList[$key] = $message;
                 break;
             case "warning":
                 self::$warningList[$key] = $message;
                 break;
             case "error":
                 self::$errorList[$key] = $message;
                 break;
             case "info":
                 self::$infoList[$key] = $message;
                 break;
             default:
                 return false;
         }
         return true;
     }
     // This is a saved alert, so it will generally load on the next page (unless you don't display alerts there)
     // Filter out any invalid alert types
     if (!in_array($type, array("success", "warning", "error", "info"))) {
         return false;
     }
     // Prepare the Session Variable
     if (!isset($_SESSION[SITE_HANDLE]['alert'])) {
         $_SESSION[SITE_HANDLE]['alert'] = array($type => array());
     } else {
         if (!isset($_SESSION[SITE_HANDLE]['alert'][$type])) {
             $_SESSION[SITE_HANDLE]['alert'][$type] = array();
         }
     }
     // Save the Alert into the Session
     $_SESSION[SITE_HANDLE]['alert'][$type][$key] = $message;
     return true;
 }
function customErrorHandler($errorNumber, $errorString, $errorFile, $errorLine)
{
    // Prepare Values
    $errorType = "Error";
    switch ($errorNumber) {
        case E_USER_NOTICE:
            $errorType = "Notice";
            $importance = 0;
            break;
        case E_USER_WARNING:
            $errorType = "Warning";
            $importance = 2;
            break;
        case E_USER_ERROR:
            $errorType = "Fatal Error";
            $importance = 4;
            break;
        default:
            $errorType = "Unknown Error";
            $importance = 8;
            break;
    }
    // Run the Backtrace
    $backtrace = debug_backtrace();
    if (isset($backtrace[1])) {
        // Prepare Backtrace Values
        $origin = $backtrace[1];
        $behind = $backtrace[0];
        // Identify the current URL
        $urlData = URL::parse($_SERVER['SERVER_NAME'] . "/" . $_SERVER['REQUEST_URI']);
        // If the error was triggered with trigger_error(), simplify the logging
        if ($origin['function'] == "trigger_error") {
            // Prepare Logging Values
            $class = "";
            $function = "trigger_error";
            $argString = $origin['args'][0];
            $filePath = str_replace(SYS_PATH, "", $origin['file']);
            $fileLine = (int) $origin['line'];
            // Local Environment
            if (ENVIRONMENT == "local") {
                $cons = get_defined_constants(true);
                $debugData = array("Backtrace" => array_splice($backtrace, 1), "URL" => $urlData, "Constants" => $cons['user'], "_GET" => $_GET, "_POST" => $_POST, "_COOKIE" => $_COOKIE, "_SESSION" => $_SESSION, "_SERVER" => $_SERVER);
            }
        } else {
            // Prepare Logging Values
            $class = isset($origin['class']) ? $origin['class'] : "";
            $function = isset($origin['function']) ? $origin['function'] : "";
            $argString = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : "";
            $filePath = isset($behind['file']) ? str_replace(dirname(SYS_PATH), "", $behind['file']) : '';
            $fileLine = isset($behind['line']) ? $behind['line'] : 0;
            // Skip instances of the autoloader
            if ($errorType == "Unknown Error" and strpos($function, "spl_autoload") !== false) {
                return false;
            }
        }
        // Debug files in the local environment
        if (ENVIRONMENT == "local") {
            if (!isset($urlData['path'])) {
                $urlData['path'] = "home";
            }
            // Add an entry to the debug timeline
            File::write(SYS_PATH . "/debug/" . microtime(true) . "-" . str_replace("/", "_", $urlData['path']) . ".php", print_r(isset($debugData) ? $debugData : $backtrace, true));
            // Add an entry to the primary debug page
            File::prepend(SYS_PATH . "/debug/_primaryDebug.php", print_r(array("Domain" => FULL_DOMAIN, "URL" => $urlData['full'], "Error" => $errorType . ": " . $argString, "File" => "[Line " . $fileLine . "] " . $filePath, "Timestamp" => microtime(true)), true));
            // Add an entry to the debugging page
            File::prepend(SYS_PATH . "/debug/by-site/" . FULL_DOMAIN . "/" . $urlData['path'] . ".php", print_r(array("URL" => $urlData['full'], "Error" => $errorType . ": " . $behind['args'][1], "File" => "[Line " . $fileLine . "] " . $filePath, "Timestamp" => microtime(true)), true));
            // Prune the debug pages so that they don't get overloaded
            File::prune(SYS_PATH . "/debug/_primaryDebug.php", 300);
            File::prune(SYS_PATH . "/debug/by-site/" . FULL_DOMAIN . "/" . $urlData['path'] . ".php", 120);
            // Prune the timeline debug files so that they don't exhaust the system
            if (mt_rand(0, 25) == 22) {
                $debugFiles = Dir::getFiles(SYS_PATH . "/debug");
                foreach ($debugFiles as $dbf) {
                    if ($dbf[0] != "_") {
                        $exp = explode(".", $dbf);
                        if ($exp[0] < time() + 86400) {
                            File::delete(SYS_PATH . "/debug/" . $dbf);
                        } else {
                            break;
                        }
                    }
                }
            }
        }
        // Log this error in the database
        // Debug::logError($importance, $errorType, $class, $function, $argString, $filePath, $fileLine, $urlData['full'], Me::$id);
        // End the Error Handler
        return false;
        // TRUE to run standard error logging afterward
        /*
        if(ENVIRONMENT != "production")
        {
        	Debug::$verbose = true;
        	
        	Debug::scriptError($errorString, $class, $function, $argString, $filePath, $fileLine, $filePathNext, $fileLineNext);
        }
        else
        {
        	return false;
        }
        */
    }
    // Returning FALSE will activate the default PHP Handler after ours runs.
    // Returning TRUE will prevent the default PHP Handler from running.
    return true;
}
Beispiel #3
0
 private static function warnOfPotentialAttack($unsafeContent, $threatText = "", $severity = 0, $traceDepth = 0)
 {
     // Record this if the system is tracking input of this severity level
     if (Security_ThreatTracker::$trackInput == true and Security_ThreatTracker::$minSeverity <= $severity) {
         // Prepare Values
         $threatData = array("Input Caught" => $unsafeContent, "Illegal Characters" => '');
         $backtrace = debug_backtrace();
         $origin = $backtrace[2 + $traceDepth];
         $function = (isset($origin['class']) ? $origin['class'] . $origin['type'] : "") . (isset($origin['function']) ? $origin['function'] : "");
         $params = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : "";
         // Log the threat
         Security_ThreatTracker::log("input", $severity, $threatText, $threatData, $function, $params, $origin['file'], $backtrace[1 + $traceDepth]['line']);
     }
 }