<?php // Fix PNG images if client browser is Internet Explorer $pngfix = preg_match("/Internet Explorer/i", $SUMO['client']['browser']) ? "javascript:PNGFix()" : ""; $url_req = ""; // Filter URL query string if ($_SERVER['QUERY_STRING']) { $_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET))); $get_data = array_keys($_GET); $url_req = "?"; for ($k = 0; $k < count($get_data); $k++) { $url_req .= $get_data[$k] . "=" . $_GET[$get_data[$k]] . "&"; } } $tpl_array = array("LANG:User" => $sumo_lang_core['User'], "LANG:Password" => $sumo_lang_core['Password'], "LANG:RegistrationForm" => $sumo_lang_core['RegistrationForm'], "LANG:RegistrationInfo" => $sumo_lang_core['RegistrationInfo'], "LANG:EraseAccount" => $sumo_lang_core['EraseAccount'], "LANG:EraseAccountInfo" => $sumo_lang_core['EraseAccountInfo'], "LANG:PasswordLost" => $sumo_lang_core['PasswordLost'], "LANG:PasswordLostInfo" => $sumo_lang_core['PasswordLostInfo'], "LANG:ConfirmRegistration" => $sumo_lang_core['ConfirmRegistration'], "LANG:ConfirmRegistrationInfo" => $sumo_lang_core['ConfirmRegistrationInfo'], "LANG:ConfirmEraseAccount" => $sumo_lang_core['ConfirmEraseAccount'], "LANG:ConfirmEraseAccountInfo" => $sumo_lang_core['ConfirmEraseAccountInfo'], "LANG:Email" => $sumo_lang_core['Email'], "LANG:Language" => $sumo_lang_core['Language'], "LANG:RegUser" => "<font color='red'>*</font> " . $sumo_lang_core['User'], "LANG:RegEmail" => "<font color='red'>*</font> " . $sumo_lang_core['Email'], "LANG:RegPassword" => "<font color='red'>*</font> " . $sumo_lang_core['Password'], "LANG:RegRepPassword" => "<font color='red'>*</font> " . $sumo_lang_core['RepPassword'], "LINK:Register" => sumo_get_link_registration(), "LINK:PasswordLost" => sumo_get_link_pwdlost(), "LINK:UnRegister" => sumo_get_link_registration(0), "GET:SumoVersion" => SUMO_VERSION, "GET:charset" => $SUMO['config']['server']['charset'], "GET:PagePath" => $SUMO['page']['web_path'], "GET:PageUrl" => $SUMO['page']['url'], "GET:PageTheme" => $SUMO['page']['theme'], "GET:ConfirmRegUser" => $sumo_reg_data['reg_user'], "GET:ConfirmRegEmail" => $sumo_reg_data['reg_email'], "GET:ConfirmLanguage" => $sumo_reg_data['reg_language'], "GET:PageName" => sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']), "GET:ScriptLoginFocus" => sumo_get_script_tag('login_focus.js'), "GET:ScriptRegistrationFocus" => sumo_get_script_tag('registration_focus.js'), "GET:ScriptLogin" => "<script language='javascript' type='text/javascript'>\n" . "var sumo_theme='" . $SUMO['page']['theme'] . "';\n" . "</script>\n" . sumo_get_script_tag('check_login.js') . "\n" . sumo_get_script_tag('sumo_common.js') . "\n" . sumo_get_script_tag('sumo_crypt.js') . "\n" . sumo_get_script_tag('sumo_gui.js') . "\n", "GET:ScriptResubmit" => sumo_get_script_tag('resubmit.js'), "GET:ScriptNoRightClick" => sumo_get_script_tag('no_right_click.js'), "GET:OnLoad" => "onload='" . $pngfix . "'", "GET:Note" => $sumo_lang_core["PoweredBy"] . " <b>SUMO Access Manager</b> " . SUMO_VERSION . "<br>© Copyright 2003-" . date("Y") . " by <b>Basso Alberto</b><br>" . $sumo_lang_core['ProjectPage'] . " <b><a href='http://sumoam.sourceforge.net' target='_blank'>http://sumoam.sourceforge.net</a></b>", "GET:NoteShort" => $sumo_lang_core["PoweredBy"] . "<br><b><a href='http://sumoam.sourceforge.net' target='_blank'>SUMO Access Manager</a></b>", "GET:LoginForm" => "<form method='POST' name='SumoAuth' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}else{sumo_pwd.value=hex_hmac_sha1(\"" . $SUMO['connection']['security_string'] . "\",hex_sha1(sumo_pwd.value));}'>", "GET:Message" => $sumo_message, "GET:Redirect" => "<meta http-equiv='refresh' content='10; " . $SUMO['page']['url'] . "'>", "PUT:RegUser" => "<input type='text' size='16' name='reg_user' value='" . $sumo_reg_data['reg_user'] . "' />" . "<input type='hidden' name='reg_group' value='" . $SUMO['page']['group'] . "' />", "PUT:RegEmail" => "<input type='text' size='16' name='reg_email' value='" . $sumo_reg_data['reg_email'] . "' />", "PUT:RegPassword" => "<input type='password' size='16' name='reg_password' autocomplete='off' />", "PUT:RegRepPassword" => "<input type='password' size='16' name='rep_reg_password' autocomplete='off' />", "PUT:User" => "<input type='text' size='16' name='sumo_user' class='username' />", "PUT:Password" => "<input type='password' size='16' name='sumo_pwd' class='password' autocomplete='off' />", "PUT:LanguageLogin" => sumo_get_available_languages(1, 1, $_COOKIE['language'], 'sumo_lang'), "PUT:Language" => sumo_get_available_languages(1), "BUTTON:Submit" => "<input type='submit' class='button' value='" . $sumo_lang_core["Ok"] . "' />", "BUTTON:BackLogin" => "<form action='" . $SUMO['page']['url'] . "' method='POST'><input type='submit' class='button' value='" . $sumo_lang_core['Back'] . "'></form>", "BUTTON:Back" => "<input type='button' class='button' value='" . $sumo_lang_core['Back'] . "' onclick='javascript:history.go(-1);' />"); // Disable password encryption (for LDAP server) if (!$SUMO['page']['pwd_encrypt'] && !in_array($sumo_action, array('registration', 'regconfirmed'))) { $tpl_array['GET:ScriptSHA1'] = ""; $tpl_array['GET:LoginForm'] = "<form name='SumoAuth' method='POST' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}'>"; }
/** * Verify and filter an array data from malicious code * * @global resource $SUMO * @return array * @author Alberto Basso <*****@*****.**> */ function sumo_array_filter($array, $method = 'GET', $available_tags = '') { global $SUMO; $rc = array(array()); $num_val = count($array); for ($e = 0; $e < $num_val; $e++) { if (is_array($array[$e])) { $array[$e] = sumo_array_combine(array_keys($array[$e]), sumo_array_filter(array_values($array[$e]), $method)); } else { $x = 0; $rc[$e] = array(); // Lets now sanitize the GET or SERVER vars if ($method == 'GET' || $method == 'SERVER') { if (eregi("<[^>]*script*\"?[^>]*>", $array[$e]) || eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $array[$e]) || eregi("<[^>]*object*\"?[^>]*>", $array[$e]) || eregi("<[^>]*iframe*\"?[^>]*>", $array[$e]) || eregi("<[^>]*applet*\"?[^>]*>", $array[$e]) || eregi("<[^>]*meta*\"?[^>]*>", $array[$e]) || eregi("<[^>]*style*\"?[^>]*>", $array[$e]) || eregi("<[^>]*form*\"?[^>]*>", $array[$e]) || eregi("<[^>]*window.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*alert*\"?[^>]*>", $array[$e]) || eregi("<[^>]*img*\"?[^>]*>", $array[$e]) || eregi("<[^>]*document.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*cookie*\"?[^>]*>", $array[$e]) || eregi("\"", $array[$e])) { $rc[$e][$x] = "E00108X"; $x++; } } // Lets now sanitize the POST vars if ($method == 'POST') { if (eregi("<[^>]*script*\"?[^>]*>", $array[$e]) || eregi("<[^>]*object*\"?[^>]*>", $array[$e]) || eregi("<[^>]*iframe*\"?[^>]*>", $array[$e]) || eregi("<[^>]*applet*\"?[^>]*>", $array[$e]) || eregi("<[^>]*meta*\"?[^>]*>", $array[$e]) || eregi("<[^>]*window.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*alert*\"?[^>]*>", $array[$e]) || eregi("<[^>]*document.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*cookie*\"?[^>]*>", $array[$e])) { $rc[$e][$x] = "E00108X"; $x++; } } // Lets now sanitize the COOKIE vars if ($method == 'COOKIE') { if (eregi("<[^>]*script*\"?[^>]*>", $array[$e]) || eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $array[$e]) || eregi("<[^>]*object*\"?[^>]*>", $array[$e]) || eregi("<[^>]*iframe*\"?[^>]*>", $array[$e]) || eregi("<[^>]*applet*\"?[^>]*>", $array[$e]) || eregi("<[^>]*meta*\"?[^>]*>", $array[$e]) || eregi("<[^>]*style*\"?[^>]*>", $array[$e]) || eregi("<[^>]*form*\"?[^>]*>", $array[$e]) || eregi("<[^>]*window.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*alert*\"?[^>]*>", $array[$e]) || eregi("<[^>]*img*\"?[^>]*>", $array[$e]) || eregi("<[^>]*document.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*cookie*\"?[^>]*>", $array[$e]) || eregi("\"", $array[$e])) { $rc[$e][$x] = "E00108X"; $x++; } } // Regex per individuare gli SQL meta-characters if (eregi("/(\\%27)|(\\-\\-)|(\\%23)|(#)/ix", $array[$e])) { $rc[$e][$x] = "E00109X"; $x++; } // Regex modificata per individuare gli SQL meta-characters if (eregi("/((\\%3D)|(=))[^\n]*((\\%27)|(\\')|(\\-\\-)|(\\%3B)|(;))/i", $array[$e])) { $rc[$e][$x] = "E00110X"; $x++; } // Regex per gli attacchi SQL Injection comuni if (eregi("/\\w*((\\%27)|(\\'))((\\%6F)|o|(\\%4F))((\\%72)|r|(\\%52))/ix", $array[$e])) { $rc[$e][$x] = "E00111X"; $x++; } // Regex per individuare attacchi SQL Injection con i comandi Sql piu' comuni $sql_command = array("select", "insert", "update", "delete", "drop", "union"); for ($c = 0; $c < count($sql_command); $c++) { if (eregi("/((\\%27)|(\\'))" . $sql_command[$c] . "/ix", $array[$e])) { $rc[$e][$x] = "E00112X"; $x++; } } // Regex per individuare attacchi SQL Injection su MS SQL Server if (eregi("/exec(\\s|\\+)+(s|x)p\\w+/ix", $array[$e])) { $rc[$e][$x] = "E00113X"; $x++; } // Regex per gli attacchi CSS semplici if (eregi("/((\\%3C)|<)((\\%2F)|\\/)*[a-z0-9\\%]+((\\%3E)|>)/ix", $array[$e])) { $rc[$e][$x] = "E00114X"; $x++; } // Regex per gli attacchi CSS di tipo "<img src" if (eregi("/((\\%3C)|<)((\\%69)|i|(\\%49))((\\%6D)|m|(\\%4D))((\\%67)|g|(\\%47))[^\n]+((\\%3E)|>)/I", $array[$e])) { $rc[$e][$x] = "E00115X"; $x++; } // Regex paranoica per gli attacchi CSS if (eregi("/((\\%3C)|<)[^\n]+((\\%3E)|>)/I", $array[$e])) { $rc[$e][$x] = "E00116X"; $x++; } /* * Niente piping, filtra eventuali variabili di sistema ($), * separa i comandi, filtra ridirezioni pagina, processi in background * commandi speciali (backspace, etc.), quotes, nuova riga e altri caratteri speciali */ if (eregi("/(;|\\||`|>|<|&|^|\"|'.\"\n|\r|'\".'|{|}|[|]|\\)|\\()/", $array[$e])) { $rc[$e][$x] = "E00117X"; $x++; } // Se e' stato individuato un attacco genera il log if (count($rc[$e]) > 0) { for ($k = 0; $k < count($rc[$e]); $k++) { $error = sumo_get_paranoic_message($rc[$e][$k], $array[$e], $method); $server = sumo_get_message('I00001M', $SUMO['server']['name']); $object = sumo_get_message('E00107M'); // Log warning messages with ALL methods sumo_write_log('E00107X', array($rc[$e][$k], $SUMO['client']['ip'], $SUMO['client']['country'], $SUMO['page']['url']), 3, 1); // Send e-mail detail of warning message if ($SUMO['config']['log']['errors']['email']) { if (!$SUMO['config']['server']['admin']['email']) { sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE); } else { $mail = new Mail(); $mail->From($server); $mail->To($SUMO['config']['server']['admin']['email']); $mail->Subject($object); $mail->Body($error, SUMO_CHARSET); $mail->Priority(1); $mail->Send(); } } } $array[$e] = ""; } // Strippa eventuali spazi all'inizio ed alla fine della stringa $array[$e] = trim($array[$e]); /* * Converte una stringa con caratteri ISO-8859-1 codificati con UTF-8 * in formato ISO-8859-1 singolo byte. * A volte gli attacchi XSS utilizzano l'unicode per mascherare la * stringa di attacco. */ //$array[$e] = utf8_decode($array[$e]); // how i get rid of backticks and ;'s using str_replace $array[$e] = str_replace("`", "", "{$array[$e]}"); // Elimina tutto il codice JavaScript nei tag <a href =''> $array[$e] = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $array[$e]); // Remove any HTML and PHP tags if they exist $array[$e] = strip_tags($array[$e], $available_tags); } } return $array; }
/** * Splitting query results in multiple pages * * @author Alberto Basso */ function sumo_paging_results($num_rows, $visible_rows_from_query, $visible_rows, $num_links = 10, $start, $start_title = "start", $action = "") { global $SUMO, $language; $result = ''; // Generate pages if necessary if ($num_rows >= $visible_rows_from_query && $num_rows > 0) { // Calculate number of pages to view rows $pages = round($num_rows / $visible_rows, 0); if ($pages >= 1) { $result .= "<table cellpadding='0' class='paging'>\n" . " <tr class='paging'>\n"; } $uri = sumo_array_filter(explode("&", $_SERVER['REQUEST_URI']), 'GET'); // PATCH if ($action) { for ($u = 0; $u < count($uri); $u++) { if (substr($uri[$u], 0, 7) == 'action=') { $uri[$u] = "action={$action}"; } } } $uri = ereg_replace('&+(' . $start_title . '=[0-9]+)', '', implode("&", $uri)); // To remember past query into request url $query_string = $_SERVER['QUERY_STRING'] ? $uri . "&" : "?"; // Display back link if necessary if ($start > 0) { $result .= "<td class='paging'>" . "<a href='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"" . $query_string . $start_title . "=0&decoration=false\");'>" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/paging-first.gif' alt='" . $language['First'] . "'>" . "</a>" . "</td>\n" . "<td class='paging'>" . "<a href='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"" . $query_string . $start_title . "=" . ($start / $visible_rows - 1) * $visible_rows . "&decoration=false\");'>" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/paging-back.gif' style='padding-right:5px;text-align:middle' alt='" . $language['Back'] . "'>" . $language['Back'] . "</a>" . "</td>\n"; } $page_start = $start > 0 ? $start / $visible_rows : 1; // Print page numbers for ($p = $page_start; $p <= $num_links + $page_start; $p++) { if ($p * $visible_rows < $num_rows) { if ($start / $visible_rows == $p) { // if it's current page $result .= "<td class='paging-on'>" . ($p + 1) . "</td>\n"; } else { $result .= "<td class='paging'>" . "<a href='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"" . $query_string . $start_title . "=" . $p * $visible_rows . "&decoration=false\");'>" . ($p + 1) . "</a>" . "</td>\n"; } } } // to correct last message number if ($start < $num_rows - $visible_rows) { $result .= "<td class='paging'>" . "<a href='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"" . $query_string . $start_title . "=" . ($start + $visible_rows) . "&decoration=false\");'>" . $language['Next'] . "<img src='themes/" . $SUMO['page']['theme'] . "/images/paging-next.gif' style='padding-left:5px;text-align:middle' alt='" . $language['Next'] . "'>" . "</a>" . "</td>\n" . "<td class='paging'>" . "<a href='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"" . $query_string . $start_title . "=" . ($pages - 1) * $visible_rows . "&decoration=false\");'>" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/paging-last.gif' alt='" . $language['Last'] . "'>" . "</a>" . "</td>\n"; } if ($pages >= 1) { $result .= "</tr>\n</table>"; } } return $result; }
sumo_delete_old_log(); sumo_optimize_db(); sumo_optimize_hits_counter(); } // Auto optimize Sumo database if (sumo_hits_count($SUMO['config']['database']['optimize_hits'], TRUE)) { sumo_delete_old_users_temp(); sumo_delete_old_sessions(); sumo_delete_old_connections(); sumo_delete_old_log(); sumo_optimize_db(); } // Filter all input data $_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET))); $_POST = sumo_array_combine(array_keys($_POST), sumo_array_filter(array_values($_POST), 'POST')); $_COOKIE = sumo_array_combine(array_keys($_COOKIE), sumo_array_filter(array_values($_COOKIE), 'COOKIE')); // Get variables require SUMO_PATH . '/inc/inc.get_variables.php'; $SUMO['user'] = sumo_get_user_info(); $SUMO['connection'] = sumo_get_connection_info(); // ...to remember 'security string' after login if (empty($SUMO['connection']['security_string'])) { $SUMO['connection']['security_string'] = $_SESSION['security_string']; } // Define and Load language, // if exist language cookie load language set by user require SUMO_PATH . '/inc/inc.load_language.php'; $sumo_access = NULL; if ($sumo_action) { $sumo_access = strtoupper($sumo_action); } elseif (sumo_get_banned_ip($SUMO['client']['ip'])) {