/**
* Check function.
*
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param array $args
* List of path parts.
*
* @return bool
*/
public function check($args)
{
// lets bypass a few civicrm urls from this check
$skip = array('civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates');
CRM_Utils_Hook::idsException($skip);
$this->path = implode('/', $args);
if (in_array($this->path, $skip)) {
return NULL;
}
// Add request url and user agent.
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
$configFile = self::createConfigFile(FALSE);
// init the PHPIDS and pass the REQUEST array
require_once 'IDS/Init.php';
try {
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
} catch (Exception $e) {
// might be an old stale copy of Config.IDS.ini
// lets try to rebuild it again and see if it works
$configFile = self::createConfigFile(TRUE);
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
}
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return TRUE;
}
function dvwaPhpIdsTrap()
{
try {
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
$init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo 'Hacking attempt detected and logged.';
//echo $result;
exit;
}
} catch (Exception $e) {
/*
* something went terribly wrong - maybe the
* filter rules weren't found?
*/
printf('An error occured: %s', $e->getMessage());
}
}
function preDispatch(Zend_Controller_Request_Abstract $request)
{
try {
require_once 'IDS/Init.php';
require_once 'IDS/Log/Composite.php';
require_once 'IDS/Log/Database.php';
#require_once 'IDS/Log/File.php';
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(APPLICATION_PATH . '/../library/phpids/lib/IDS/Config/Config.ini.php');
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
// This is where you should put some code that
// deals with potential attacks, e.g. throwing
// an exception, logging the attack, etc.
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_Database::getInstance($init));
#$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo $result;
die('<h1>Go away!</h1>');
#$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
#$redirector->gotoUrl('default/error/error/eh/ids')->redirectAndExit();
}
return $request;
} catch (Exception $e) {
try {
$writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugin-ids.log');
$logger = new Zend_Log($writer);
$logger->log($e->getMessage() . ' line ' . $e->getLine() . ' file ' . $e->getFile(), Zend_Log::ERR);
} catch (Exception $e) {
}
}
}
function dvwaPhpIdsTrap()
{
global $_DVWA;
try {
/*
* 1. Define what to scan
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
$init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo 'Hacking attempt detected and logged.<br />Have a nice day.';
if ($_DVWA['default_phpids_verbose'] == 'true') {
echo $result;
}
exit;
}
} catch (Exception $e) {
// Something went terribly wrong - maybe the filter rules weren't found?
printf('An error occured: %s', $e->getMessage());
}
}
/**
* Protects against basic attempts of Cross-Site Scripting (XSS).
*
* @see http://technicalinfo.net/papers/CSS.html
*
* @return void
*/
public function idsInputFilter(GenericEvent $event)
{
if ($event['stage'] & Core::STAGE_MODS && System::getVar('useids') == 1) {
// Run IDS if desired
try {
// build request array defining what to scan
// @todo: change the order of the arrays to merge if ini_get('variables_order') != 'EGPCS'
if (isset($_REQUEST)) {
$request['REQUEST'] = $_REQUEST;
}
if (isset($_GET)) {
$request['GET'] = $_GET;
}
if (isset($_POST)) {
$request['POST'] = $_POST;
}
if (isset($_COOKIE)) {
$request['COOKIE'] = $_COOKIE;
}
if (isset($_SERVER['HTTP_HOST'])) {
$request['HOST'] = $_SERVER['HTTP_HOST'];
}
if (isset($_SERVER['HTTP_ACCEPT'])) {
$request['ACCEPT'] = $_SERVER['HTTP_ACCEPT'];
}
if (isset($_SERVER['USER_AGENT'])) {
$request['USER_AGENT'] = $_SERVER['USER_AGENT'];
}
// while i think that REQUEST_URI is unnecessary,
// the REFERER would be important, but results in way too many false positives
/*
if (isset($_SERVER['REQUEST_URI'])) {
$request['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
}
if (isset($_SERVER['HTTP_REFERER'])) {
$request['REFERER'] = $_SERVER['HTTP_REFERER'];
}
*/
// initialise configuration object
$init = \IDS_Init::init();
// set configuration options
$init->config = $this->_getidsconfig();
// create new IDS instance
$ids = new \IDS_Monitor($request, $init);
// run the request check and fetch the results
$result = $ids->run();
// analyze the results
if (!$result->isEmpty()) {
// process the IDS_Report object
$this->_processIdsResult($init, $result);
} else {
// no attack detected
}
} catch (\Exception $e) {
// sth went wrong - maybe the filter rules weren't found
z_exit(__f('An error occured during executing PHPIDS: %s', $e->getMessage()));
}
}
}
public function setUp()
{
$path = dirname(__FILE__) . '/../../lib/IDS/Config/Config.ini';
$this->init = IDS_Init::init($path);
$this->init->config['General']['filter_path'] = dirname(__FILE__) . '/../../lib/IDS/default_filter.xml';
$this->init->config['General']['tmp_path'] = dirname(__FILE__) . '/../../lib/IDS/tmp';
$this->init->config['Caching']['path'] = dirname(__FILE__) . '/../../lib/IDS/tmp/default_filter.cache';
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$req = array('GET' => $request->getQuery(), 'POST' => $request->getPost(), 'COOKIE' => $request->getCookie(), 'PARAMS' => $request->getUserParams());
$init = IDS_Init::init(APPLICATION_PATH . '/configs/phpids.ini');
$ids = new IDS_Monitor($req, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
}
}
/**
* Initializing method: Removes slashes from GPC.
*
* @return Recipe_Request_IDS
*/
protected function init()
{
parent::init();
$this->setIds(new IDS_Monitor(array("GET" => $_GET, "POST" => $_POST, "COOKIE" => $_COOKIE), IDS_Init::init(RD . "IDS/Config/Config.ini")), array("sqli", "spam", "dt"));
$result = $this->getIds()->run();
if (!$result->isEmpty()) {
$report = $result->__toString();
$report .= "<br/>URI: " . $_SERVER["REQUEST_URI"] . "<br/>IP-Address: " . IPADDRESS;
echo $report;
$file = randString(8) . ".html";
file_put_contents(AD . "var/reports/injection_" . $file, $report);
exit;
}
return $this;
}
/**
* Do check
*/
function check()
{
include_once $this->BASE_PATH . 'IDS/Init.php';
$request = ['REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE];
// $init = IDS_Init::init(YF_PATH.'libs/phpids/'.'IDS/Config/Config.ini');
$init = IDS_Init::init();
$init->setConfig($this->config, true);
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
// Take a look at the result object
// echo $result;
trigger_error("IDS: Possible intrusion detected, result: " . $result, E_USER_WARNING);
}
return false;
}
/**
* Initialize phpIDS and run the IDS-Monitoring on all incomming arrays
*
* Smoke Example:
* Apply to URL "index.php?theme=drahtgitter%3insert%00%00.'AND%XOR%XOR%.'DROP WHERE user_id='1';"
*/
public function runIDS()
{
// prevent redeclaration
if (false === class_exists('IDS_Monitor', false)) {
// load ids init
include ROOT_LIBRARIES . 'IDS/Init.php';
// Setup the $_GLOBALS to monitor
$request = array('GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
// We have to setup some defines here, which are used by parse_ini_file to replace values in config.ini
define('IDS_FILTER_PATH', ROOT_LIBRARIES . 'IDS' . DIRECTORY_SEPARATOR . 'default_filter.xml');
define('IDS_TMP_PATH', ROOT_CACHE);
define('IDS_LOG_PATH', ROOT_LOGS . 'phpids_log.txt');
define('IDS_CACHE_PATH', ROOT_CACHE . 'phpids_defaultfilter.cache');
// the following lines have to remain, till PHP_IDS team fixes their lib
// in order to create the cache file automatically
if (false === is_file(IDS_CACHE_PATH)) {
if (false === file_put_contents(IDS_CACHE_PATH, '')) {
throw new Koch_Exception('PHP IDS Cache file couldn\'t be created.', 11);
}
}
// autoupdate
#self::updateIDSFilterRules();
// Initialize the System with the configuration values
$init = IDS_Init::init(ROOT_CONFIG . 'phpids_config.ini');
// Get IDS Monitor: and analyse the Request with Config applied
$ids = new IDS_Monitor($request, $init);
// Get Results
$monitoring_result = $ids->run();
#var_dump($monitoring_result);
// if no results, everything is fine
if ($monitoring_result->isEmpty() === false or $monitoring_result->getImpact() > 1) {
$access_block_message = 'Access Violation Detected by IDS! Execution stopped!';
if (DEBUG == true) {
$access_block_message .= ' <br /> Monitor:' . $monitoring_result;
}
// Stop the execution of the application.
exit($access_block_message);
}
}
}
/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function check(&$args)
{
// lets bypass a few civicrm urls from this check
static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates');
$path = implode('/', $args);
if (in_array($path, $skip)) {
return;
}
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
require_once 'IDS/Init.php';
// init the PHPIDS and pass the REQUEST array
$config =& CRM_Core_Config::singleton();
$configFile = $config->configAndLogDir . 'Config.IDS.ini';
if (!file_exists($configFile)) {
$tmpDir = empty($config->uploadDir) ? CIVICRM_TEMPLATE_COMPILEDIR : $config->uploadDir;
// also clear the stat cache in case we are upgrading
clearstatcache();
global $civicrm_root;
$contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$tmpDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$tmpDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n exceptions[] = msg_text\n exceptions[] = msg_subject\n exceptions[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = thankyou_footer_text\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n html[] = report_header\n html[] = report_footer\n html[] = data\n html[] = instructions\n";
if (file_put_contents($configFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($configFile);
}
// also create the .htaccess file so we prevent the reading of the log and ini files
// via a browser, CRM-3875
require_once 'CRM/Utils/File.php';
CRM_Utils_File::restrictAccess($config->configAndLogDir);
}
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
<?php
set_include_path(LIB_DIR);
require_once 'IDS/Init.php';
try {
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
if (!is_file($init->config['Logging']['path'])) {
if (is_writable(LOG_DIR)) {
touch($init->config['Logging']['path']);
}
}
$init = IDS_Init::init(LIB_DIR . '/IDS/Config/Config.ini.php');
$init->config['General']['base_path'] = LIB_DIR . '/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
$init->config['Logging']['path'] = '../../logs/phpIDS.log';
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
if (isset($_GET['request']) && $_GET['request'] == 'json') {
header('Content-Type: application/json');
echo json_encode('Hacking attack recognized!<br />IP was logged!<br /><br />' . $result);
} else {
echo 'Hacking attack recognized!<br />IP was logged!<br /><br />' . $result;
}
die;
// set the include path properly for PHPIDS
set_include_path(get_include_path() . PATH_SEPARATOR . '/home/ciyi/ucomparte/www/phpids/lib/');
if (!session_id()) {
session_start();
}
require_once 'IDS/Init.php';
try {
/*
* It's pretty easy to get the PHPIDS running
* 1. Define what to scan
*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(dirname(__FILE__) . '/phpids/lib/IDS/Config/Config.ini.php');
/**
* You can also reset the whole configuration
* array or merge in own data
*
* This usage doesn't overwrite already existing values
* $config->setConfig(array('General' => array('filter_type' => 'xml')));
*
* This does (see 2nd parameter)
* $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
*
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = dirname(__FILE__) . '/phpids/lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function check(&$args)
{
// lets bypass a few civicrm urls from this check
static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend');
$path = implode('/', $args);
if (in_array($path, $skip)) {
return;
}
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
require_once 'IDS/Init.php';
// init the PHPIDS and pass the REQUEST array
$config =& CRM_Core_Config::singleton();
$configFile = $config->configAndLogDir . 'Config.IDS.ini';
if (!file_exists($configFile)) {
global $civicrm_root;
$contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$config->uploadDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$config->uploadDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n html[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = msg_html\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n";
if (file_put_contents($configFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($configFile);
}
// also create the .htaccess file so we prevent the reading of the log and ini files
// via a browser, CRM-3875
$htaccessFile = $config->configAndLogDir . '.htaccess';
if (!file_exists($htaccessFile)) {
$contents = '
# Protect files and directories from prying eyes.
<FilesMatch "\\.(log|ini)$">
Order allow,deny
</FilesMatch>
';
if (file_put_contents($htaccessFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($htaccessFile);
}
}
}
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
/* 2006/10 by Volker Augustin, multi.art.studio Hanau */
/* Contact/Kontakt: info@tellmatic.org */
/* Homepage: www.tellmatic.org */
/* leave this header in file! */
/* diesen Header nicht loeschen! */
/* check Homepage for Updates and more Infos */
/* Besuchen Sie die Homepage fuer Updates und weitere Infos */
/********************************************************************************/
/******************************************/
//php ids
/******************************************/
#phpids sucks a lot, we need explicitely define the include dir, base path has no effect! ;P bad style, doesnt really work as explained, lacks documentation, example is just a fake. needs too much tweaking.
set_include_path(get_include_path() . PATH_SEPARATOR . TM_INCLUDEPATH . '/phpids/lib/');
$ids_request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
require_once TM_INCLUDEPATH . '/phpids/lib/IDS/Init.php';
$ids_init = IDS_Init::init(TM_INCLUDEPATH . '/phpids/lib/IDS/Config/Config.ini.php');
$ids_init->config['General']['filter_type'] = 'xml';
$ids_init->config['General']['filter_path'] = 'default_filter.xml';
#tmp_path = tmp
#scan_keys = false
$ids_init->config['General']['base_path'] = TM_INCLUDEPATH . '/phpids/lib/IDS/';
$ids_init->config['General']['use_base_path'] = true;
#$ids_init->config['General']['use_base_path'] = false;
$ids_init->config['General']['html'] = array("POST.summary", "POST.body", "POST.body_text", "POST.subject", "POST.message_doptin", "POST.message_greeting", "POST.message_update", "POST.content");
$ids_init->config['General']['exceptions'] = array("POST.summary", "POST.body", "POST.body_text", "POST.subject", "POST.message_doptin", "POST.message_greeting", "POST.message_update", "POST.content", "REQUEST.summary", "REQUEST.body", "REQUEST.body_text", "REQUEST.subject", "REQUEST.message_doptin", "REQUEST.message_greeting", "REQUEST.message_update", "REQUEST.content");
$ids_init->config['Caching']['caching'] = 'file';
//none
$ids_init->config['Caching']['expiration_time'] = 600;
$ids_init->config['Caching']['path'] = "../../../../admin/tmp/phpids.cache";
$ids_init->config['Logging']['path'] = "../../../../admin/tmp/phpids.log";
#$ids_init->config['Caching']['path'] =TM_INCLUDEPATH."/../admin/tmp/phpids.cache";
}
function sql_connect()
{
global $mysql_host, $mysql_user, $mysql_password, $mysql_database, $Connected;
$Connected = mysql_connect($mysql_host, $mysql_user, $mysql_password);
$SelectedDb = mysql_select_db($mysql_database);
return $Connected;
}
function sql_close()
{
global $Connected;
mysql_close($Connected);
}
require_once 'IDS/Init.php';
try {
$init = IDS_Init::init(dirname(__FILE__) . '/lib/IDS/Config/Config.ini');
$init->config['General']['tmp_path'] = dirname(__FILE__) . '/lib/IDS/tmp';
$init->config['General']['filter_path'] = dirname(__FILE__) . '/lib/IDS/default_filter.xml';
$init->config['Caching']['caching'] = 'none';
$request = $_GET;
if (isset($_SERVER['HTTP_VIA'])) {
//array_push($request,array('HTTP_VIA'=>$_SERVER['HTTP_VIA']));
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
//array_push($request,array('HTTP_X_FORWARDED_FOR'=>$_SERVER['HTTP_X_FORWARDED_FOR']));
}
if (isset($_SERVER['HTTP_USER_AGENT'])) {
//array_push($request,$_SERVER['HTTP_USER_AGENT']);
}
if (!$_SESSION['UserName']) {
//array_push($request,$_POST);
/**
* Initialise PHPIDS
*
* @return object
*/
private function init_ids()
{
$config['General']['filter_type'] = 'xml';
$config['General']['base_path'] = HMWP_MS_PATH . '/libraries/IDS/';
$config['General']['use_base_path'] = false;
$config['General']['filter_path'] = HMWP_MS_PATH . '/libraries/IDS/default_filter.xml';
$config['General']['tmp_path'] = HMWP_MS_Utils::upload_path();
$config['General']['scan_keys'] = false;
$config['General']['HTML_Purifier_Path'] = 'vendors/htmlpurifier/HTMLPurifier.auto.php';
$config['General']['HTML_Purifier_Cache'] = HMWP_MS_Utils::upload_path();
$config['Caching']['caching'] = 'none';
$exceptions = $this->opt('exception_fields');
$exceptions = str_replace(array("\r\n", "\n", "\r"), "\n", $exceptions);
$exceptions = explode("\n", $exceptions);
// Exception fields array must not contain an empty string
// otherwise all fields will be excepted
foreach ($exceptions as $k => $v) {
if (strlen($exceptions[$k]) == 0) {
unset($exceptions[$k]);
} else {
$exceptions[$k] = trim($exceptions[$k], ' ');
}
}
// Mark fields that shouldn't be monitored
$config['General']['exceptions'] = $exceptions ? $exceptions : false;
$html_fields = str_replace(array("\r\n", "\n", "\r"), "\n", $this->opt('html_fields'));
$html_fields = explode("\n", $html_fields);
// Exception fields array must not contain an empty string
// otherwise all fields will be excepted
foreach ($html_fields as $k => $v) {
if (strlen($html_fields[$k]) == 0) {
unset($html_fields[$k]);
}
}
// Mark fields that contain HTML
$config['General']['html'] = $html_fields;
// Mark fields that have JSON data
//$config['General']['json'] = $this->json_fields ? $this->json_fields : false;
$config['General']['json'] = false;
// Email logging
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$subject = sprintf(__('[%s] HMWP IDS Alert', 'mute-screamer'), $blogname);
$config['Logging']['recipients'] = get_option('admin_email');
$config['Logging']['subject'] = $subject;
$config['Logging']['header'] = '';
$config['Logging']['envelope'] = '';
$config['Logging']['safemode'] = true;
$config['Logging']['urlencode'] = true;
$config['Logging']['allowed_rate'] = 15;
$ids = IDS_Init::init();
$ids->setConfig($config, true);
return $ids;
}
/**
* Register ZIDS plugin in the pre-Dispatch phase.
* @param Zend_Controller_Request_Abstract $request
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
// should ZIDS ignore this request?
if (isset($this->_config['ignore'])) {
foreach ($this->_config['ignore']['requests']['module'] as $i => $module) {
// if module, controller and action have been specified, all three parameters have to match
if (isset($this->_config['ignore']['requests']['controller'][$i]) && isset($this->_config['ignore']['requests']['action'][$i])) {
if ($request->getModuleName() == $module && $request->getControllerName() == $this->_config['ignore']['requests']['controller'][$i] && $request->getActionName() == $this->_config['ignore']['requests']['action'][$i]) {
return $request;
}
// if only module and controller have been specified, both parameters have to match (action is being ignored)
} else {
if (isset($this->_config['ignore']['requests']['controller'][$i])) {
if ($request->getModuleName() == $module && $request->getControllerName() == $this->_config['ignore']['requests']['controller'][$i]) {
return $request;
}
// if only module has been specified, module has to match (controller & action are being ignored)
} else {
if ($request->getModuleName() == $module) {
return $request;
}
}
}
}
}
// init and start PHP IDS
require_once 'IDS/Init.php';
$input = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init($this->_config['phpids']['config']);
// set PHPIDS options
if (isset($this->_config['phpids']['general']['base_path'])) {
$init->config['General']['base_path'] = $this->_config['phpids']['general']['base_path'];
}
if (isset($this->_config['phpids']['general']['use_base_path'])) {
$init->config['General']['use_base_path'] = $this->_config['phpids']['general']['use_base_path'];
}
if (isset($this->_config['phpids']['general']['tmp_path'])) {
$init->config['General']['tmp_path'] = $this->_config['phpids']['general']['tmp_path'];
}
if (isset($this->_config['phpids']['general']['filter_path'])) {
$init->config['General']['filter_path'] = $this->_config['phpids']['general']['filter_path'];
}
if (isset($this->_config['phpids']['logging']['path'])) {
$init->config['Logging']['path'] = $this->_config['phpids']['logging']['path'];
}
if (isset($this->_config['phpids']['caching']['path'])) {
$init->config['Caching']['path'] = $this->_config['phpids']['caching']['path'];
}
// html preparation
if (isset($this->_config['phpids']['general']['html'])) {
if (is_array($this->_config['phpids']['general']['html'])) {
foreach ($this->_config['phpids']['general']['html'] as $html) {
$init->config['General']['html'][] = $html;
}
} else {
$init->config['General']['html'][] = $this->_config['phpids']['general']['html'];
}
}
// json options
if (isset($this->_config['phpids']['general']['json'])) {
if (is_array($this->_config['phpids']['general']['json'])) {
foreach ($this->_config['phpids']['general']['json'] as $json) {
$init->config['General']['json'][] = $json;
}
} else {
$init->config['General']['json'][] = $this->_config['phpids']['general']['json'];
}
}
// exceptions (POST,GET,COOKIE)
if (isset($this->_config['phpids']['general']['exceptions'])) {
if (is_array($this->_config['phpids']['general']['exceptions'])) {
foreach ($this->_config['phpids']['general']['exceptions'] as $exceptions) {
$init->config['General']['exceptions'][] = $exceptions;
}
} else {
$init->config['General']['exceptions'][] = $this->_config['phpids']['general']['exceptions'];
}
}
$ids = new IDS_Monitor($input, $init);
$result = $ids->run();
// deal with the result of PHP IDS
if (!$result->isEmpty()) {
// get PHP-IDS impact
$impact = $result->getImpact();
// check, if ZIDS should aggregate all impacts in the session
if ($this->_aggregate) {
$session = new Zend_Session_Namespace('ZIDS');
$impact += $session->impact;
$session->impact = $impact;
}
// find corresponding ZIDS level of attack
foreach ($this->_levels as $lvlname => $currlevel) {
if (!in_array(strtolower($lvlname), array('*', 'all'))) {
if (isset($currlevel['upto'])) {
if ($impact <= $currlevel['upto']) {
$level = $lvlname;
break;
}
} else {
$level = $lvlname;
break;
}
}
}
if (!isset($level)) {
throw new Exception('ZIDS could not find a corresponding level for impact value ' . $impact . '! Please, check your ZIDS configuration in application.ini!');
}
// which actions should ZIDS perform?
$actions = $this->_levels[$level]['action'];
// make sure to trim each action, e.g. ' email' => 'email'
array_walk($actions, create_function('&$arr', '$arr=trim($arr);'));
// do we have to ignore this (potential) attack?
if (!in_array('ignore', $actions)) {
// fire all defined actions
foreach ($actions as $action) {
$plugin = $this->getPlugin($action);
if (!$plugin) {
throw new Exception('ZIDS cannot find a plugin with name ' . $action);
}
$plugin->injectRequest($request)->fires($result, $impact, $level);
}
}
}
return $request;
}
<?php
/**
* Copyright (c) BoonEx Pty Limited - http://www.boonex.com/
* CC-BY License - http://creativecommons.org/licenses/by/3.0/
*/
list($iImpactLog, $iImpactBlock) = bx_sys_security_get_impact_threshold();
if ((-1 != $iImpactLog || -1 != $iImpactBlock) && !defined('BX_DOL_CRON_EXECUTE')) {
if (version_compare(phpversion(), '5.1.6', '>=')) {
set_include_path(get_include_path() . PATH_SEPARATOR . BX_DIRECTORY_PATH_PLUGINS . 'phpids/');
require_once 'IDS/Init.php';
$request = array('GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE, 'PHP_SELF' => $_SERVER['PHP_SELF']);
$init = IDS_Init::init(BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/Config/Config.ini');
$init->config['General']['base_path'] = BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['General']['tmp_path'] = '../../../tmp/';
$init->config['Caching']['path'] = '../../../tmp/default_filter.cache';
if (defined('BX_SECURITY_JSON') && is_array($aBxSecurityJSON)) {
$init->config['General']['json'] = array_merge($init->config['General']['json'], $aBxSecurityJSON);
}
$init->config['General']['json'] = array_merge($init->config['General']['json'], bx_sys_security_get_fields('json'));
if (defined('BX_SECURITY_HTML') && is_array($aBxSecurityHTML)) {
$init->config['General']['html'] = array_merge($init->config['General']['html'], $aBxSecurityHTML);
}
$init->config['General']['html'] = array_merge($init->config['General']['html'], bx_sys_security_get_fields('html'));
if (defined('BX_SECURITY_EXCEPTIONS') && is_array($aBxSecurityExceptions)) {
$init->config['General']['exceptions'] = array_merge($init->config['General']['exceptions'], $aBxSecurityExceptions);
}
$init->config['General']['exceptions'] = array_merge($init->config['General']['exceptions'], bx_sys_security_get_fields('exceptions'));
$init->config['General']['HTML_Purifier_Path'] = BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
$init->config['General']['HTML_Purifier_Cache'] = '../../htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/';
/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function detect(&$controller)
{
$this->controller =& $controller;
$this->name = Inflector::singularize($this->controller->name);
#set include path for IDS and store old one
$path = get_include_path();
set_include_path(VENDORS . 'phpids/');
#require the needed files
vendor('phpids/IDS/Init');
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
#init the PHPIDS and pass the REQUEST array
$this->init = IDS_Init::init();
$ids = new IDS_Monitor($this->init, $_REQUEST);
$result = $ids->run();
// Re-set include path
set_include_path($path);
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
function testInstanciatingInitObjectWithoutPassingConfigFile()
{
$init = IDS_Init::init();
$this->assertType('IDS_Init', $init);
$this->assertSame($init, IDS_Init::init());
}
</div>
<section class="post">
<?php
// set the include path properly for PHPIDS
set_include_path(get_include_path() . PATH_SEPARATOR . 'include/PHPIDS-0.7/lib/');
require_once 'IDS/Init.php';
try {
/*
* It's pretty easy to get the PHPIDS running
* 1. Define what to scan
*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(dirname(__FILE__) . '/include/PHPIDS-0.7/lib/IDS/Config/Config.ini.php');
/**
* You can also reset the whole configuration
* array or merge in own data
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = dirname(__FILE__) . '/include/PHPIDS-0.7/lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
/*
* That's it - now you can analyze the results:
*
* In the result object you will find any suspicious
public function testInitConfigWrongPathException()
{
$this->setExpectedException('Exception');
$this->assertEquals(IDS_Init::init('IDS/Config/Config.ini.wrong'), $this->getExpectedException());
}
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
// set the include path properly for PHPIDS
set_include_path(get_include_path() . PATH_SEPARATOR . BASE_DIR . '/lib');
require_once 'IDS/Init.php';
try {
/*
* It's pretty easy to get the PHPIDS running
* 1. Define what to scan
*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(BASE_DIR . '/lib/IDS/Config/Config.ini.php');
/**
* You can also reset the whole configuration
* array or merge in own data
*
* This usage doesn't overwrite already existing values
* $config->setConfig(array('General' => array('filter_type' => 'xml')));
*
* This does (see 2nd parameter)
* $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
*
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = BASE_DIR . '/lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
$_POST[$Key] = str_replace("'", ''', strip_tags($Value));
}
}
foreach ($_GET as $Key => $Value) {
if (is_string($Value)) {
$_GET[$Key] = str_replace('<', '<', strip_tags($Value));
$_GET[$Key] = str_replace(">", '>', strip_tags($Value));
$_GET[$Key] = str_replace('"', '"', strip_tags($Value));
$_GET[$Key] = str_replace("'", ''', strip_tags($Value));
}
}
}
set_include_path(get_include_path() . PATH_SEPARATOR . $xgp_root);
require_once 'IDS/Init.php';
$request = array('GET' => $_GET, 'POST' => $_POST);
$init = IDS_Init::init($xgp_root . 'IDS/Config/Config.ini.php');
$init->config['General']['base_path'] = $xgp_root . 'IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$AttackImpact = $result->getImpact();
} else {
$AttackImpact = 0;
}
} else {
$AttackImpact = 0;
}
include_once $xgp_root . 'includes/constants.' . $phpEx;
include_once $xgp_root . 'includes/GeneralFunctions.' . $phpEx;
public function setUp()
{
$this->path = dirname(__FILE__) . '/../../lib/IDS/Config/Config.ini.php';
$this->init = IDS_Init::init($this->path);
}
<?php
// set the include path properly for IDS
set_include_path(get_include_path() . PATH_SEPARATOR . "{$include_dir}/");
if (!session_id()) {
session_start();
}
require_once 'IDS/Init.php';
$result = '';
try {
// define what to scan
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
// Initialise the IDS and fetch the results
$init = IDS_Init::init(dirname(__FILE__) . "/IDS/Config/Config.ini.php");
$init->config['General']['base_path'] = dirname(__FILE__) . "/IDS/";
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = true;
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
// prepare the log file
require_once 'IDS/Log/File.php';
//require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
//$compositeLog->addLogger(IDS_Log_File::getInstance($init),IDS_Log_Email::getInstance($init));
$compositeLog->execute($result);
}
} catch (Exception $e) {
// if the IDS init went wrong
public function processIDS()
{
/**
* PHPIDS
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2010 PHPIDS group (http://php-ids.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the license.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
// set the include path properly for PHPIDS
set_include_path(get_include_path() . PATH_SEPARATOR . 'IDS/lib/');
if (!session_id()) {
session_start();
}
require_once 'IDS/Init.php';
try {
/*
* It's pretty easy to get the PHPIDS running
* 1. Define what to scan
*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(dirname(__FILE__) . '/IDS/Config/Config.ini.php');
/**
* You can also reset the whole configuration
* array or merge in own data
*
* This usage doesn't overwrite already existing values
* $config->setConfig(array('General' => array('filter_type' => 'xml')));
*
* This does (see 2nd parameter)
* $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
*
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = dirname(__FILE__) . '/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
/*
* That's it - now you can analyze the results:
*
* In the result object you will find any suspicious
* fields of the passed array enriched with additional info
*
* Note: it is moreover possible to dump this information by
* simply echoing the result object, since IDS_Report implemented
* a __toString method.
*/
if (!$result->isEmpty()) {
// echo $result;
Yii::log($result, 'warning', 'application.components.ids');
/*
* The following steps are optional to log the results
*/
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
/*
* Note that you might also use different logging facilities
* such as IDS_Log_Email or IDS_Log_Database
*
* Just uncomment the following lines to test the wrappers
*/
/*
*
require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Database.php';
$compositeLog->addLogger(
IDS_Log_Email::getInstance($init),
IDS_Log_Database::getInstance($init)
);
*/
$compositeLog->execute($result);
if ($this->callback !== NULL) {
call_user_func($this->callback);
} else {
throw new CHttpException(500, $this->genericMessage);
}
} else {
// echo '<a href="?test=%22><script>eval(window.name)</script>">No attack detected - click for an example attack</a>';
}
} catch (Exception $e) {
/*
* sth went terribly wrong - maybe the
* filter rules weren't found?
*/
/*printf(
'An error occured: %s',
$e->getMessage()
);*/
Yii::log($e->getMessage(), 'warning', 'application.components.ids');
throw new CHttpException(500, $this->genericMessage);
}
}