public function Load() { header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found"); parent::$PAGE_TITLE = __(ERROR_PAGE) . " - " . __(SITE_NAME); parent::$PAGE_META_ROBOTS = "noindex, nofollow"; // check if URL is not bad, but could be a good URL if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") { $url_to_check = trim($_GET['error-redirect-url']); } else { $url_to_check = trim($this->getCurrentUrl()); } $base_url_tmp = BASE_URL; if ($base_url_tmp[strlen($base_url_tmp) - 1] == "/") { $base_url_tmp = substr($base_url_tmp, 0, strlen($base_url_tmp) - 1); } $url_to_check = str_replace("%22", "\"", str_replace("%5C", "\\", str_replace("%5c", "\\", str_replace("%27", "'", $url_to_check)))); $redirect_bad_url_to = ""; if (preg_match("@" . $base_url_tmp . "([^?]*)/'(http://|https://|http:/|https:/)(.+)/'@i", $url_to_check, $matches) == 1) { // url detect with /' in the end $redirect_bad_url_to = $matches[3]; $redirect_bad_url_to_http = $matches[2]; } else { if (preg_match("@" . $base_url_tmp . "([^?]*)/'(http://|https://|http:/|https:/)(.+)'@i", $url_to_check, $matches) == 1) { // url detect with ' $redirect_bad_url_to = $matches[3]; $redirect_bad_url_to_http = $matches[2]; } else { if (preg_match("@" . $base_url_tmp . "([^?]*)/\\\\'(http://|https://|http:/|https:/)(.+)\\\\'@i", $url_to_check, $matches) == 1) { // url detect with \' $redirect_bad_url_to = $matches[3]; $redirect_bad_url_to_http = $matches[2]; } else { if (preg_match("@" . $base_url_tmp . "([^?]*)/\"(http://|https://|http:/|https:/)(.+)\"@i", $url_to_check, $matches) == 1) { // url detect with " $redirect_bad_url_to = $matches[3]; $redirect_bad_url_to_http = $matches[2]; } else { if (preg_match("@" . $base_url_tmp . "([^?]*)/(http://|https://|http:/|https:/)(.+)@i", $url_to_check, $matches) == 1) { // url detect without no ' $redirect_bad_url_to = $matches[3]; $redirect_bad_url_to_http = $matches[2]; } else { if (preg_match("@" . BASE_URL . "combine-css/'/(.+)'@i", $url_to_check, $matches) == 1) { // combine-css url with ' $redirect_bad_url_to = BASE_URL . $matches[1]; $redirect_bad_url_to_http = ""; } } } } } } // check apple icon if ($redirect_bad_url_to == "" && find($url_to_check, "apple-touch-icon") > 0) { if ($url_to_check == BASE_URL . "apple-touch-icon.png" || $url_to_check == BASE_URL . "apple-touch-icon-precomposed.png") { if (defined('SITE_META_IPHONE_IMAGE_114PX')) { $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_114PX; } else { if (defined('SITE_META_IPHONE_IMAGE_72PX')) { $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_72PX; } else { if (defined('SITE_META_IPHONE_IMAGE_57PX')) { $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_57PX; } } } } else { if ($url_to_check == BASE_URL . "apple-touch-icon-57x57.png" || $url_to_check == BASE_URL . "apple-touch-icon-57x57-precomposed.png") { if (defined('SITE_META_IPHONE_IMAGE_57PX')) { $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_57PX; } } } if ($redirect_bad_url_to != "") { if (strtoupper(substr($redirect_bad_url_to, 0, 7)) != "HTTP://" && strtoupper(substr($redirect_bad_url_to, 0, 8)) != "HTTPS://") { $redirect_bad_url_to = BASE_URL . $redirect_bad_url_to; } } } // End check if URL is not bad if ($redirect_bad_url_to != "") { // if URL is detect as bad but can be redirect to good URL if ($redirect_bad_url_to_http != "") { $redirect_bad_url_to = str_replace(":/", "", str_replace("://", "", $redirect_bad_url_to_http)) . "://" . $redirect_bad_url_to; } $this->redirect($redirect_bad_url_to); $msg_redirect = new Label(__(REDIRECT_URL_TO, $redirect_bad_url_to, $redirect_bad_url_to)); $this->render = new ErrorTemplate($msg_redirect, parent::$PAGE_TITLE); } else { // display the error page if the URL is correct $error_msg_title = ""; $array_code_error = array(401, 403, 404, 500); if (in_array($_GET['error-redirect'], $array_code_error)) { $_SESSION['calling_page'] = ""; $error_msg = constant("ERROR_" . $_GET['error-redirect'] . "_MSG"); parent::$PAGE_TITLE = constant("ERROR_" . $_GET['error-redirect'] . "_MSG") . " - " . __(SITE_NAME); $error_msg_title = constant("ERROR_" . $_GET['error-redirect'] . "_MSG"); } else { if ($_SESSION['calling_page'] == "error-page") { if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") { $error_msg = __(ERROR_PAGE_MSG, $_GET['error-redirect-url']); } else { if ($this->getRefererURL() != "") { $error_msg = __(ERROR_PAGE_MSG, $this->getRefererURL()); } else { $error_msg = __(ERROR_PAGE_MSG, ""); } } } else { $error_msg = __(ERROR_PAGE_MSG, $_SESSION['calling_page']); } $error_msg_title = __(ERROR_PAGE); } $error_msg = new Label($error_msg, true); $obj_error_msg = new Object(new Picture("wsp/img/warning.png", 48, 48, 0, "absmidlle"), "<br/>", $error_msg->setColor("red")); $obj_error_msg->add("<br/><br/>", __(MAIN_PAGE_GO_BACK), new Link(BASE_URL, Link::TARGET_NONE, __(SITE_NAME))); $this->render = new ErrorTemplate($obj_error_msg, $error_msg_title); // check if URL is not banned if (!isset($_GET['banned_url'])) { if (file_exists(dirname(__FILE__) . "/../../wsp/config/banned_url.cnf")) { $list_banned_url = file_get_contents(dirname(__FILE__) . "/../../wsp/config/banned_url.cnf"); $array_banned_url = explode("\n", str_replace("\r", "", $list_banned_url)); } else { $array_banned_url = array(); } if (find($this->getCurrentUrl(), $this->getBaseLanguageURL()) > 0) { $url_without_base = str_replace($this->getBaseLanguageURL(), "", $this->getCurrentUrl()); } else { $url_without_base = str_replace($this->getBaseURL(), "", $this->getCurrentUrl()); } if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") { if (find($_GET['error-redirect-url'], $this->getBaseLanguageURL()) > 0) { $url_without_base = str_replace($this->getBaseLanguageURL(), "", $_GET['error-redirect-url']); } else { $url_without_base = str_replace($this->getBaseURL(), "", $_GET['error-redirect-url']); } } if ($url_without_base[0] != '/') { $url_without_base = "/" . $url_without_base; } $url_without_base_array = split("\\?", $url_without_base); $url_without_base = $url_without_base_array[0]; if (in_array(trim($url_without_base), $array_banned_url)) { $_GET['banned_url'] = "true"; } } $nb_user_bad_url_access = 0; if ($_GET['banned_url'] == "true" && !$this->isCrawlerBot()) { WspBannedVisitors::addIP($this->getRemoteIP()); $nb_user_bad_url_access = WspBannedVisitors::getIpNbBadAccess($this->getRemoteIP()); } // send error by mail if (defined('SEND_ERROR_BY_MAIL') && SEND_ERROR_BY_MAIL == true && !isLocalDebug()) { $send_error_mail = true; // Check if we have enougth information to send a mail if (in_array($_GET['error-redirect'], $array_code_error)) { if ($this->getRefererURL() == "") { if (!isset($_GET['error-redirect-referer']) || $_GET['error-redirect-referer'] == "") { if (!isset($_GET['error-redirect-url']) || $_GET['error-redirect-url'] == "") { $send_error_mail = false; // not enougth information to treat the error } } } } // Check if file need to send a mail $array_files_ex = array(); // list of files without error email $array_file_no_mail = array("", "crossdomain.xml", "sitemap.xml", "error-page.html", "undefined", "&", "browserconfig.xml", "favicon.gif", "favicon.png", "ui.item.id;", "url;", "javascript:void(0);"); if (defined('SEND_BY_MAIL_FILE_EX') && SEND_BY_MAIL_FILE_EX != "") { $array_files_ex = explode(',', SEND_BY_MAIL_FILE_EX); } $array_file_no_mail = array_merge($array_file_no_mail, $array_files_ex); if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") { $tmp_current_url = explode('?', $_GET['error-redirect-url']); } else { $tmp_current_url = explode('?', $this->getCurrentUrl()); } $current_url = $tmp_current_url[0]; $array_current_url = explode('/', $current_url); $filename = $array_current_url[sizeof($array_current_url) - 1]; if (in_array($filename, $array_file_no_mail)) { $send_error_mail = false; } else { if ($this->getBrowserName() == "Firefox" && ($this->getBrowserVersion() == "3.6" || $this->getBrowserVersion() == "3.5") && (substr($filename, strlen($filename) - 6, 6) == "%5C%27" || substr($filename, strlen($filename) - 3, 3) == "%22" || substr($filename, strlen($filename) - 3, 3) == "%5C")) { // Interpretation error by firefox 3.6 and 3.5 $send_error_mail = false; } else { if ($this->getBrowserName() == "IE" && $this->getBrowserVersion() < 7) { // Error with IE <= 6.0 $send_error_mail = false; } else { if ($this->getBrowserName() == "BlackBerry" && $this->getBrowserVersion() == 0) { // Error with BlackBerry version 0 $send_error_mail = false; } else { // no mail for some referers (html transformed or base href not take into account) $array_exluded_referer = array("translate.googleusercontent.com", "webcache.googleusercontent.com"); $array_referer_url = explode('/', str_replace("http://", "", str_replace("https://", "", $this->getRefererURL()))); $base_referer_url = $array_referer_url[0]; if (in_array($base_referer_url, $array_exluded_referer)) { $send_error_mail = false; } else { // test if there is regexp in the administrator exclude list for ($i = 0; $i < sizeof($array_files_ex); $i++) { if (is_regexp($array_files_ex[$i], true)) { $path_or_filename = $filename; if (find($array_files_ex[$i], "\\/") > 0) { // detect is regex on a path $path_or_filename = str_replace(BASE_URL, "", $current_url); } if (preg_match($array_files_ex[$i], $path_or_filename)) { $send_error_mail = false; break; } } } } } } } } // send mail if ($send_error_mail) { $debug_mail = $error_msg->render(); $debug_mail .= "<br/><br/><b>General information:</b><br/>"; if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") { $debug_mail .= "URL : " . $_GET['error-redirect-url'] . "<br/>"; } else { $debug_mail .= "URL : " . $this->getCurrentUrl() . "<br/>"; } if (isset($_GET['error-redirect-referer']) && $_GET['error-redirect-referer'] != "") { $debug_mail .= "Referer : " . $_GET['error-redirect-referer'] . "<br/>"; } else { $debug_mail .= "Referer : " . $this->getRefererURL() . "<br/>"; } $debug_mail .= "IP : <a href='http://www.infosniper.net/index.php?ip_address=" . $this->getRemoteIP() . "' target='_blank'>" . $this->getRemoteIP() . "</a><br/>"; $debug_mail .= "Browser : "; if ($this->getBrowserName() == "Default Browser") { $debug_mail .= $this->getBrowserUserAgent(); } else { $debug_mail .= $this->getBrowserName() . " (version: " . $this->getBrowserVersion() . ")"; } $debug_mail .= "<br/>"; $debug_mail .= "Crawler : " . ($this->isCrawlerBot() ? "true" : "false") . "<br/>"; if ($_GET['banned_url'] == "true" && $nb_user_bad_url_access > 0) { $debug_mail .= "<br/><font color='red'>This user already tried to access to " . $nb_user_bad_url_access . " forbidden URL.</font><br/>"; $debug_mail .= "(User will be blocked with captcha code after " . MAX_BAD_URL_BEFORE_BANNED . " attempts)<br/>"; } try { $mail = new SmtpMail(SEND_ERROR_BY_MAIL_TO, __(SEND_ERROR_BY_MAIL_TO), "ERROR on " . __(SITE_NAME) . " !!!", __($debug_mail), SMTP_MAIL, __(SMTP_NAME)); $mail->setPriority(SmtpMail::PRIORITY_HIGH); $mail->send(); } catch (Exception $e) { } } } } }
/** * Set the filter. * * @param string Filter string (for regular expressions, if no delimiter/modifiers are included, we try magically adding them) * @param boolean Is the filter a regular expression? (it's a glob pattern otherwise) */ function set_filter($filter_string, $filter_is_regexp) { global $Messages; $this->_filter_is_regexp = $filter_is_regexp; if ($this->_filter_is_regexp && !empty($filter_string)) { if (!is_regexp($filter_string, true)) { // Try with adding delimiters: $filter_string_delim = '~' . str_replace('~', '\\~', $filter_string) . '~'; if (is_regexp($filter_string_delim, true)) { $filter_string = $filter_string_delim; } else { $Messages->add(sprintf(T_('The filter «%s» is not a regular expression.'), $filter_string), 'fl_error'); $filter_string = '~.*~'; } } } $this->_filter = empty($filter_string) ? NULL : $filter_string; }
/** * Check if the value of a param is a regular expression (syntax). * * @param string param name * @param string error message * @param string|NULL error message for form field ($err_msg gets used if === NULL). * @return boolean true if OK */ function param_check_isregexp($var, $err_msg, $field_err_msg = NULL) { if (!is_regexp($GLOBALS[$var])) { param_error($var, $field_err_msg); return false; } return true; }