/**
* Verify and filter an array data from malicious code
*
* @global resource $SUMO
* @return array
* @author Alberto Basso <*****@*****.**>
*/
function sumo_array_filter($array, $method = 'GET', $available_tags = '')
{
global $SUMO;
$rc = array(array());
$num_val = count($array);
for ($e = 0; $e < $num_val; $e++) {
if (is_array($array[$e])) {
$array[$e] = sumo_array_combine(array_keys($array[$e]), sumo_array_filter(array_values($array[$e]), $method));
} else {
$x = 0;
$rc[$e] = array();
// Lets now sanitize the GET or SERVER vars
if ($method == 'GET' || $method == 'SERVER') {
if (eregi("<[^>]*script*\"?[^>]*>", $array[$e]) || eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $array[$e]) || eregi("<[^>]*object*\"?[^>]*>", $array[$e]) || eregi("<[^>]*iframe*\"?[^>]*>", $array[$e]) || eregi("<[^>]*applet*\"?[^>]*>", $array[$e]) || eregi("<[^>]*meta*\"?[^>]*>", $array[$e]) || eregi("<[^>]*style*\"?[^>]*>", $array[$e]) || eregi("<[^>]*form*\"?[^>]*>", $array[$e]) || eregi("<[^>]*window.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*alert*\"?[^>]*>", $array[$e]) || eregi("<[^>]*img*\"?[^>]*>", $array[$e]) || eregi("<[^>]*document.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*cookie*\"?[^>]*>", $array[$e]) || eregi("\"", $array[$e])) {
$rc[$e][$x] = "E00108X";
$x++;
}
}
// Lets now sanitize the POST vars
if ($method == 'POST') {
if (eregi("<[^>]*script*\"?[^>]*>", $array[$e]) || eregi("<[^>]*object*\"?[^>]*>", $array[$e]) || eregi("<[^>]*iframe*\"?[^>]*>", $array[$e]) || eregi("<[^>]*applet*\"?[^>]*>", $array[$e]) || eregi("<[^>]*meta*\"?[^>]*>", $array[$e]) || eregi("<[^>]*window.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*alert*\"?[^>]*>", $array[$e]) || eregi("<[^>]*document.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*cookie*\"?[^>]*>", $array[$e])) {
$rc[$e][$x] = "E00108X";
$x++;
}
}
// Lets now sanitize the COOKIE vars
if ($method == 'COOKIE') {
if (eregi("<[^>]*script*\"?[^>]*>", $array[$e]) || eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $array[$e]) || eregi("<[^>]*object*\"?[^>]*>", $array[$e]) || eregi("<[^>]*iframe*\"?[^>]*>", $array[$e]) || eregi("<[^>]*applet*\"?[^>]*>", $array[$e]) || eregi("<[^>]*meta*\"?[^>]*>", $array[$e]) || eregi("<[^>]*style*\"?[^>]*>", $array[$e]) || eregi("<[^>]*form*\"?[^>]*>", $array[$e]) || eregi("<[^>]*window.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*alert*\"?[^>]*>", $array[$e]) || eregi("<[^>]*img*\"?[^>]*>", $array[$e]) || eregi("<[^>]*document.*\"?[^>]*>", $array[$e]) || eregi("<[^>]*cookie*\"?[^>]*>", $array[$e]) || eregi("\"", $array[$e])) {
$rc[$e][$x] = "E00108X";
$x++;
}
}
// Regex per individuare gli SQL meta-characters
if (eregi("/(\\%27)|(\\-\\-)|(\\%23)|(#)/ix", $array[$e])) {
$rc[$e][$x] = "E00109X";
$x++;
}
// Regex modificata per individuare gli SQL meta-characters
if (eregi("/((\\%3D)|(=))[^\n]*((\\%27)|(\\')|(\\-\\-)|(\\%3B)|(;))/i", $array[$e])) {
$rc[$e][$x] = "E00110X";
$x++;
}
// Regex per gli attacchi SQL Injection comuni
if (eregi("/\\w*((\\%27)|(\\'))((\\%6F)|o|(\\%4F))((\\%72)|r|(\\%52))/ix", $array[$e])) {
$rc[$e][$x] = "E00111X";
$x++;
}
// Regex per individuare attacchi SQL Injection con i comandi Sql piu' comuni
$sql_command = array("select", "insert", "update", "delete", "drop", "union");
for ($c = 0; $c < count($sql_command); $c++) {
if (eregi("/((\\%27)|(\\'))" . $sql_command[$c] . "/ix", $array[$e])) {
$rc[$e][$x] = "E00112X";
$x++;
}
}
// Regex per individuare attacchi SQL Injection su MS SQL Server
if (eregi("/exec(\\s|\\+)+(s|x)p\\w+/ix", $array[$e])) {
$rc[$e][$x] = "E00113X";
$x++;
}
// Regex per gli attacchi CSS semplici
if (eregi("/((\\%3C)|<)((\\%2F)|\\/)*[a-z0-9\\%]+((\\%3E)|>)/ix", $array[$e])) {
$rc[$e][$x] = "E00114X";
$x++;
}
// Regex per gli attacchi CSS di tipo "<img src"
if (eregi("/((\\%3C)|<)((\\%69)|i|(\\%49))((\\%6D)|m|(\\%4D))((\\%67)|g|(\\%47))[^\n]+((\\%3E)|>)/I", $array[$e])) {
$rc[$e][$x] = "E00115X";
$x++;
}
// Regex paranoica per gli attacchi CSS
if (eregi("/((\\%3C)|<)[^\n]+((\\%3E)|>)/I", $array[$e])) {
$rc[$e][$x] = "E00116X";
$x++;
}
/*
* Niente piping, filtra eventuali variabili di sistema ($),
* separa i comandi, filtra ridirezioni pagina, processi in background
* commandi speciali (backspace, etc.), quotes, nuova riga e altri caratteri speciali
*/
if (eregi("/(;|\\||`|>|<|&|^|\"|'.\"\n|\r|'\".'|{|}|[|]|\\)|\\()/", $array[$e])) {
$rc[$e][$x] = "E00117X";
$x++;
}
// Se e' stato individuato un attacco genera il log
if (count($rc[$e]) > 0) {
for ($k = 0; $k < count($rc[$e]); $k++) {
$error = sumo_get_paranoic_message($rc[$e][$k], $array[$e], $method);
$server = sumo_get_message('I00001M', $SUMO['server']['name']);
$object = sumo_get_message('E00107M');
// Log warning messages with ALL methods
sumo_write_log('E00107X', array($rc[$e][$k], $SUMO['client']['ip'], $SUMO['client']['country'], $SUMO['page']['url']), 3, 1);
// Send e-mail detail of warning message
if ($SUMO['config']['log']['errors']['email']) {
if (!$SUMO['config']['server']['admin']['email']) {
sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
} else {
$mail = new Mail();
$mail->From($server);
$mail->To($SUMO['config']['server']['admin']['email']);
$mail->Subject($object);
$mail->Body($error, SUMO_CHARSET);
$mail->Priority(1);
$mail->Send();
}
}
}
$array[$e] = "";
}
// Strippa eventuali spazi all'inizio ed alla fine della stringa
$array[$e] = trim($array[$e]);
/*
* Converte una stringa con caratteri ISO-8859-1 codificati con UTF-8
* in formato ISO-8859-1 singolo byte.
* A volte gli attacchi XSS utilizzano l'unicode per mascherare la
* stringa di attacco.
*/
//$array[$e] = utf8_decode($array[$e]);
// how i get rid of backticks and ;'s using str_replace
$array[$e] = str_replace("`", "", "{$array[$e]}");
// Elimina tutto il codice JavaScript nei tag <a href =''>
$array[$e] = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $array[$e]);
// Remove any HTML and PHP tags if they exist
$array[$e] = strip_tags($array[$e], $available_tags);
}
}
return $array;
}
<?php
// Fix PNG images if client browser is Internet Explorer
$pngfix = preg_match("/Internet Explorer/i", $SUMO['client']['browser']) ? "javascript:PNGFix()" : "";
$url_req = "";
// Filter URL query string
if ($_SERVER['QUERY_STRING']) {
$_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET)));
$get_data = array_keys($_GET);
$url_req = "?";
for ($k = 0; $k < count($get_data); $k++) {
$url_req .= $get_data[$k] . "=" . $_GET[$get_data[$k]] . "&";
}
}
$tpl_array = array("LANG:User" => $sumo_lang_core['User'], "LANG:Password" => $sumo_lang_core['Password'], "LANG:RegistrationForm" => $sumo_lang_core['RegistrationForm'], "LANG:RegistrationInfo" => $sumo_lang_core['RegistrationInfo'], "LANG:EraseAccount" => $sumo_lang_core['EraseAccount'], "LANG:EraseAccountInfo" => $sumo_lang_core['EraseAccountInfo'], "LANG:PasswordLost" => $sumo_lang_core['PasswordLost'], "LANG:PasswordLostInfo" => $sumo_lang_core['PasswordLostInfo'], "LANG:ConfirmRegistration" => $sumo_lang_core['ConfirmRegistration'], "LANG:ConfirmRegistrationInfo" => $sumo_lang_core['ConfirmRegistrationInfo'], "LANG:ConfirmEraseAccount" => $sumo_lang_core['ConfirmEraseAccount'], "LANG:ConfirmEraseAccountInfo" => $sumo_lang_core['ConfirmEraseAccountInfo'], "LANG:Email" => $sumo_lang_core['Email'], "LANG:Language" => $sumo_lang_core['Language'], "LANG:RegUser" => "<font color='red'>*</font> " . $sumo_lang_core['User'], "LANG:RegEmail" => "<font color='red'>*</font> " . $sumo_lang_core['Email'], "LANG:RegPassword" => "<font color='red'>*</font> " . $sumo_lang_core['Password'], "LANG:RegRepPassword" => "<font color='red'>*</font> " . $sumo_lang_core['RepPassword'], "LINK:Register" => sumo_get_link_registration(), "LINK:PasswordLost" => sumo_get_link_pwdlost(), "LINK:UnRegister" => sumo_get_link_registration(0), "GET:SumoVersion" => SUMO_VERSION, "GET:charset" => $SUMO['config']['server']['charset'], "GET:PagePath" => $SUMO['page']['web_path'], "GET:PageUrl" => $SUMO['page']['url'], "GET:PageTheme" => $SUMO['page']['theme'], "GET:ConfirmRegUser" => $sumo_reg_data['reg_user'], "GET:ConfirmRegEmail" => $sumo_reg_data['reg_email'], "GET:ConfirmLanguage" => $sumo_reg_data['reg_language'], "GET:PageName" => sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']), "GET:ScriptLoginFocus" => sumo_get_script_tag('login_focus.js'), "GET:ScriptRegistrationFocus" => sumo_get_script_tag('registration_focus.js'), "GET:ScriptLogin" => "<script language='javascript' type='text/javascript'>\n" . "var sumo_theme='" . $SUMO['page']['theme'] . "';\n" . "</script>\n" . sumo_get_script_tag('check_login.js') . "\n" . sumo_get_script_tag('sumo_common.js') . "\n" . sumo_get_script_tag('sumo_crypt.js') . "\n" . sumo_get_script_tag('sumo_gui.js') . "\n", "GET:ScriptResubmit" => sumo_get_script_tag('resubmit.js'), "GET:ScriptNoRightClick" => sumo_get_script_tag('no_right_click.js'), "GET:OnLoad" => "onload='" . $pngfix . "'", "GET:Note" => $sumo_lang_core["PoweredBy"] . " <b>SUMO Access Manager</b> " . SUMO_VERSION . "<br>© Copyright 2003-" . date("Y") . " by <b>Basso Alberto</b><br>" . $sumo_lang_core['ProjectPage'] . " <b><a href='http://sumoam.sourceforge.net' target='_blank'>http://sumoam.sourceforge.net</a></b>", "GET:NoteShort" => $sumo_lang_core["PoweredBy"] . "<br><b><a href='http://sumoam.sourceforge.net' target='_blank'>SUMO Access Manager</a></b>", "GET:LoginForm" => "<form method='POST' name='SumoAuth' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}else{sumo_pwd.value=hex_hmac_sha1(\"" . $SUMO['connection']['security_string'] . "\",hex_sha1(sumo_pwd.value));}'>", "GET:Message" => $sumo_message, "GET:Redirect" => "<meta http-equiv='refresh' content='10; " . $SUMO['page']['url'] . "'>", "PUT:RegUser" => "<input type='text' size='16' name='reg_user' value='" . $sumo_reg_data['reg_user'] . "' />" . "<input type='hidden' name='reg_group' value='" . $SUMO['page']['group'] . "' />", "PUT:RegEmail" => "<input type='text' size='16' name='reg_email' value='" . $sumo_reg_data['reg_email'] . "' />", "PUT:RegPassword" => "<input type='password' size='16' name='reg_password' autocomplete='off' />", "PUT:RegRepPassword" => "<input type='password' size='16' name='rep_reg_password' autocomplete='off' />", "PUT:User" => "<input type='text' size='16' name='sumo_user' class='username' />", "PUT:Password" => "<input type='password' size='16' name='sumo_pwd' class='password' autocomplete='off' />", "PUT:LanguageLogin" => sumo_get_available_languages(1, 1, $_COOKIE['language'], 'sumo_lang'), "PUT:Language" => sumo_get_available_languages(1), "BUTTON:Submit" => "<input type='submit' class='button' value='" . $sumo_lang_core["Ok"] . "' />", "BUTTON:BackLogin" => "<form action='" . $SUMO['page']['url'] . "' method='POST'><input type='submit' class='button' value='" . $sumo_lang_core['Back'] . "'></form>", "BUTTON:Back" => "<input type='button' class='button' value='" . $sumo_lang_core['Back'] . "' onclick='javascript:history.go(-1);' />");
// Disable password encryption (for LDAP server)
if (!$SUMO['page']['pwd_encrypt'] && !in_array($sumo_action, array('registration', 'regconfirmed'))) {
$tpl_array['GET:ScriptSHA1'] = "";
$tpl_array['GET:LoginForm'] = "<form name='SumoAuth' method='POST' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}'>";
}
sumo_delete_old_log();
sumo_optimize_db();
sumo_optimize_hits_counter();
}
// Auto optimize Sumo database
if (sumo_hits_count($SUMO['config']['database']['optimize_hits'], TRUE)) {
sumo_delete_old_users_temp();
sumo_delete_old_sessions();
sumo_delete_old_connections();
sumo_delete_old_log();
sumo_optimize_db();
}
// Filter all input data
$_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET)));
$_POST = sumo_array_combine(array_keys($_POST), sumo_array_filter(array_values($_POST), 'POST'));
$_COOKIE = sumo_array_combine(array_keys($_COOKIE), sumo_array_filter(array_values($_COOKIE), 'COOKIE'));
// Get variables
require SUMO_PATH . '/inc/inc.get_variables.php';
$SUMO['user'] = sumo_get_user_info();
$SUMO['connection'] = sumo_get_connection_info();
// ...to remember 'security string' after login
if (empty($SUMO['connection']['security_string'])) {
$SUMO['connection']['security_string'] = $_SESSION['security_string'];
}
// Define and Load language,
// if exist language cookie load language set by user
require SUMO_PATH . '/inc/inc.load_language.php';
$sumo_access = NULL;
if ($sumo_action) {
$sumo_access = strtoupper($sumo_action);
} elseif (sumo_get_banned_ip($SUMO['client']['ip'])) {
