public function getAuditor($name) { $type = Auditor::getType($name, $this->propertyReader); if (isset($type)) { switch ($type) { case Auditor::TYPE_FILELOGGER: return new FileLogger($name, $this->propertyReader); break; default: break; } } return null; }
/** * @depends testLoggingToFile */ public function testHTMLEncoding($logFileIsReadable) { $failMessage = null; if (ESAPI::getSecurityConfiguration()->getLogEncodingRequired() === false) { $failMessage = 'HTML encoding cannot be tested until the LogEncodingRequired' . ' property is set to true. This test has not actually failed.'; } elseif ($logFileIsReadable === false) { $failMessage = 'HTML encoding could not be tested because we' . ' could not read the logfile.'; } $testMsg = null; $r = getRandomAlphaNumString(16); $expected = $this->getExpected('FATAL', 'SECURITY', true, "{$r}&{$r}"); $this->testLogger->fatal(Auditor::SECURITY, true, "{$r}&{$r}"); $result = $this->verifyLogEntry($expected, $testMsg); $this->assertTrue($result, $failMessage); }
public static function TXAudit() { $collection = Auditor::AuditTransactions(); echo ' <div class="logo"> <h5 style="margin-bottom:-15px;margin-top:0px;font-size:14px;">Date: ' . date('d/m/Y') . '</h5> <h4>AUDIT STATEMENT</h4>'; echo '</div> <table class="table table-bordered table-striped" style="text-align:center;margin-left:0;margin-right:0;width:760px;font-size:12px;"> <thead class="title"> <tr> <td>TRANSACTION</td> <td>ENTRIES</td> <td>AMOUNT</td> <td>DEFICIT</td> </tr> </thead> <tbody>'; $cr = 0.0; $dr = 0.0; foreach ($collection as $model) { echo '<tr><td>' . $model['id'] . '</td><td>' . $model['entr'] . '</td><td>' . $model['amount'] . '</td><td>' . $model['defic'] . '</td></tr>'; } $diff = $cr - $dr; echo '</tbody> </table> <div class="logo"> <p style="margin: 5px 0 0 5px">Total Credits: <b>Ksh. <script>document.writeln((' . $cr . ').formatMoney(2, \'.\', \',\'));</script></b></p> <p style="margin: 5px 0 0 5px">Total Debits: <b>Ksh. <script>document.writeln((' . $dr . ').formatMoney(2, \'.\', \',\'));</script></b></p>'; if ($diff >= 0) { echo '<p style="margin: 5px 0 0 5px">Net Profit/(Loss): <b>Ksh. <script>document.writeln((' . $diff . ').formatMoney(2, \'.\', \',\'));</script></b></p>'; } else { echo '<p style="margin: 5px 0 0 5px">Net Profit/(Loss): <b>(Ksh. <script>document.writeln((' . $diff * -1 . ').formatMoney(2, \'.\', \',\'));</script>)</b></p>'; } echo '</div>'; }
<div class="mtitle">审核人员列表</div> <div class="mtool"> <a href="<?php echo $router->urlfor('auditor/show'); ?> " target="content_frm">增加新审核人员</a> </div> <table cellpadding="4" cellspacing="0" border="1" class="adminlist"> <tr> <th width="20">#</th> <th class="title" width="60">姓名</th> <th class="title" width="50">角色</th> </tr> <?php $i = 0; $roleDef = Auditor::roleDef(); $ufrom = date('Y-m-d 00:00:00'); $uto = date('Y-m-d H:i:s'); foreach ($auditors as $auditor) { ?> <tr class="row<?php echo 0 == $i / 2 ? 1 : 0; ?> "> <td width="20" class="row-line"><?php echo $auditor->user->id; ?> </td> <td> <a href="<?php echo $router->urlfor('auditor/show', array('id' => $auditor->id));
/** * Format the Source IP address, URL, URL parameters, and all form parameters * into a string suitable for the log file. The list of parameters to obfuscate * should be specified in order to prevent sensitive information from being * logged. If a NULL or empty list of parameters is provided, then all * parameters will be logged in the clear. If HTTP request logging is done in a * central place $paramsToObfuscate could be made a configuration parameter. We * include it here in case different parts of the application need to obfuscate * different parameters. * * @param SafeRequest $request Current Request object. * @param Auditor $auditor The auditor to write the request to. * @param array|NULL $paramsToObfuscate The sensitive parameters. */ public function logHTTPRequestObfuscate($request, $auditor, $paramsToObfuscate) { if ($request instanceof SafeRequest == false) { throw new InvalidArgumentException('logHTTPRequestObfuscate expects an instance of SafeRequest.'); } if ($auditor instanceof Auditor == false) { throw new InvalidArgumentException('logHTTPRequestObfuscate expects an instance of Auditor.'); } if ($paramsToObfuscate === null) { $paramsToObfuscate = array(); } elseif (!is_array($paramsToObfuscate)) { throw new InvalidArgumentException('logHTTPRequestObfuscate expects an array $paramsToObfuscate or null.'); } $msg = ''; $msg .= $request->getRemoteAddr(); if ($msg !== '') { $msg .= ' '; } $msg .= $request->getMethod(); if ($msg !== '') { $msg .= ' '; } $path = $request->getRequestURI() . $request->getPathInfo(); $msg .= $path; $params = $request->getParameterMap(); if ($path !== '' && sizeof($params, false) > 0) { $msg .= '?'; } elseif ($msg !== '') { $msg .= ' '; } $paramBuilder = array(); foreach ($params as $pName => $pValues) { foreach ($pValues as $pval) { $pair = ''; $pair .= "{$pName}"; if ($pval == '') { $paramBuilder[] = $pair; continue; } if (in_array($pName, $paramsToObfuscate, true)) { $pair .= '=********'; } else { $pair .= "={$pval}"; } $paramBuilder[] = $pair; } } $msg .= implode('&', $paramBuilder); $cookies = $request->getCookies(); $sessName = session_name(); foreach ($cookies as $cName => $cValue) { if ($cName !== $sessName) { $msg .= "+{$cName}={$cValue}"; } } $auditor->info(Auditor::SECURITY, true, $msg); }
"/> <button class="pausestage">暂停</button> <button class="finishstage">结束</button> <?php } else { echo "——"; } ?> </td> <td> <?php echo Auditor::getNameByUser($a->createUser); ?> / <?php echo CustomerMgrStage::STATUS_UNFINISHED == $a->status ? "——" : Auditor::getNameByUser($a->stopUser); ?> </td> </tr> <?php } ?> <tr> <td colspan="4"> 添加新管理阶段: <select id="addstage"> <?php foreach (CustomerMgrStage::$stageDes as $stage => $des) { ?> <option value="<?php echo $stage;
public function error($obj) { if (parent::getLevel() > self::ERROR) { return false; } $msg = "\r\nWARN - " . date('Y-m-d G:i', time()) . " - " . $obj; try { $handler = $this->getFileHandler(); @fwrite($handler, $msg); @fclose($handler); return true; } catch (Exception $e) { return false; } }