public function getAuditor($name)
{
$type = Auditor::getType($name, $this->propertyReader);
if (isset($type)) {
switch ($type) {
case Auditor::TYPE_FILELOGGER:
return new FileLogger($name, $this->propertyReader);
break;
default:
break;
}
}
return null;
}
/**
* @depends testLoggingToFile
*/
public function testHTMLEncoding($logFileIsReadable)
{
$failMessage = null;
if (ESAPI::getSecurityConfiguration()->getLogEncodingRequired() === false) {
$failMessage = 'HTML encoding cannot be tested until the LogEncodingRequired' . ' property is set to true. This test has not actually failed.';
} elseif ($logFileIsReadable === false) {
$failMessage = 'HTML encoding could not be tested because we' . ' could not read the logfile.';
}
$testMsg = null;
$r = getRandomAlphaNumString(16);
$expected = $this->getExpected('FATAL', 'SECURITY', true, "{$r}&{$r}");
$this->testLogger->fatal(Auditor::SECURITY, true, "{$r}&{$r}");
$result = $this->verifyLogEntry($expected, $testMsg);
$this->assertTrue($result, $failMessage);
}
public static function TXAudit()
{
$collection = Auditor::AuditTransactions();
echo '
<div class="logo">
<h5 style="margin-bottom:-15px;margin-top:0px;font-size:14px;">Date: ' . date('d/m/Y') . '</h5>
<h4>AUDIT STATEMENT</h4>';
echo '</div>
<table class="table table-bordered table-striped" style="text-align:center;margin-left:0;margin-right:0;width:760px;font-size:12px;">
<thead class="title">
<tr>
<td>TRANSACTION</td>
<td>ENTRIES</td>
<td>AMOUNT</td>
<td>DEFICIT</td>
</tr>
</thead>
<tbody>';
$cr = 0.0;
$dr = 0.0;
foreach ($collection as $model) {
echo '<tr><td>' . $model['id'] . '</td><td>' . $model['entr'] . '</td><td>' . $model['amount'] . '</td><td>' . $model['defic'] . '</td></tr>';
}
$diff = $cr - $dr;
echo '</tbody>
</table>
<div class="logo">
<p style="margin: 5px 0 0 5px">Total Credits: <b>Ksh. <script>document.writeln((' . $cr . ').formatMoney(2, \'.\', \',\'));</script></b></p>
<p style="margin: 5px 0 0 5px">Total Debits: <b>Ksh. <script>document.writeln((' . $dr . ').formatMoney(2, \'.\', \',\'));</script></b></p>';
if ($diff >= 0) {
echo '<p style="margin: 5px 0 0 5px">Net Profit/(Loss): <b>Ksh. <script>document.writeln((' . $diff . ').formatMoney(2, \'.\', \',\'));</script></b></p>';
} else {
echo '<p style="margin: 5px 0 0 5px">Net Profit/(Loss): <b>(Ksh. <script>document.writeln((' . $diff * -1 . ').formatMoney(2, \'.\', \',\'));</script>)</b></p>';
}
echo '</div>';
}
<div class="mtitle">审核人员列表</div>
<div class="mtool">
<a href="<?php
echo $router->urlfor('auditor/show');
?>
" target="content_frm">增加新审核人员</a>
</div>
<table cellpadding="4" cellspacing="0" border="1" class="adminlist">
<tr>
<th width="20">#</th>
<th class="title" width="60">姓名</th>
<th class="title" width="50">角色</th>
</tr>
<?php
$i = 0;
$roleDef = Auditor::roleDef();
$ufrom = date('Y-m-d 00:00:00');
$uto = date('Y-m-d H:i:s');
foreach ($auditors as $auditor) {
?>
<tr class="row<?php
echo 0 == $i / 2 ? 1 : 0;
?>
">
<td width="20" class="row-line"><?php
echo $auditor->user->id;
?>
</td>
<td>
<a href="<?php
echo $router->urlfor('auditor/show', array('id' => $auditor->id));
/**
* Format the Source IP address, URL, URL parameters, and all form parameters
* into a string suitable for the log file. The list of parameters to obfuscate
* should be specified in order to prevent sensitive information from being
* logged. If a NULL or empty list of parameters is provided, then all
* parameters will be logged in the clear. If HTTP request logging is done in a
* central place $paramsToObfuscate could be made a configuration parameter. We
* include it here in case different parts of the application need to obfuscate
* different parameters.
*
* @param SafeRequest $request Current Request object.
* @param Auditor $auditor The auditor to write the request to.
* @param array|NULL $paramsToObfuscate The sensitive parameters.
*/
public function logHTTPRequestObfuscate($request, $auditor, $paramsToObfuscate)
{
if ($request instanceof SafeRequest == false) {
throw new InvalidArgumentException('logHTTPRequestObfuscate expects an instance of SafeRequest.');
}
if ($auditor instanceof Auditor == false) {
throw new InvalidArgumentException('logHTTPRequestObfuscate expects an instance of Auditor.');
}
if ($paramsToObfuscate === null) {
$paramsToObfuscate = array();
} elseif (!is_array($paramsToObfuscate)) {
throw new InvalidArgumentException('logHTTPRequestObfuscate expects an array $paramsToObfuscate or null.');
}
$msg = '';
$msg .= $request->getRemoteAddr();
if ($msg !== '') {
$msg .= ' ';
}
$msg .= $request->getMethod();
if ($msg !== '') {
$msg .= ' ';
}
$path = $request->getRequestURI() . $request->getPathInfo();
$msg .= $path;
$params = $request->getParameterMap();
if ($path !== '' && sizeof($params, false) > 0) {
$msg .= '?';
} elseif ($msg !== '') {
$msg .= ' ';
}
$paramBuilder = array();
foreach ($params as $pName => $pValues) {
foreach ($pValues as $pval) {
$pair = '';
$pair .= "{$pName}";
if ($pval == '') {
$paramBuilder[] = $pair;
continue;
}
if (in_array($pName, $paramsToObfuscate, true)) {
$pair .= '=********';
} else {
$pair .= "={$pval}";
}
$paramBuilder[] = $pair;
}
}
$msg .= implode('&', $paramBuilder);
$cookies = $request->getCookies();
$sessName = session_name();
foreach ($cookies as $cName => $cValue) {
if ($cName !== $sessName) {
$msg .= "+{$cName}={$cValue}";
}
}
$auditor->info(Auditor::SECURITY, true, $msg);
}
"/>
<button class="pausestage">暂停</button>
<button class="finishstage">结束</button>
<?php
} else {
echo "——";
}
?>
</td>
<td>
<?php
echo Auditor::getNameByUser($a->createUser);
?>
/
<?php
echo CustomerMgrStage::STATUS_UNFINISHED == $a->status ? "——" : Auditor::getNameByUser($a->stopUser);
?>
</td>
</tr>
<?php
}
?>
<tr>
<td colspan="4">
添加新管理阶段:
<select id="addstage">
<?php
foreach (CustomerMgrStage::$stageDes as $stage => $des) {
?>
<option value="<?php
echo $stage;
public function error($obj)
{
if (parent::getLevel() > self::ERROR) {
return false;
}
$msg = "\r\nWARN - " . date('Y-m-d G:i', time()) . " - " . $obj;
try {
$handler = $this->getFileHandler();
@fwrite($handler, $msg);
@fclose($handler);
return true;
} catch (Exception $e) {
return false;
}
}
