function dvwaPhpIdsTrap()
{
global $_DVWA;
try {
/*
* 1. Define what to scan
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
$init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo 'Hacking attempt detected and logged.<br />Have a nice day.';
if ($_DVWA['default_phpids_verbose'] == 'true') {
echo $result;
}
exit;
}
} catch (Exception $e) {
// Something went terribly wrong - maybe the filter rules weren't found?
printf('An error occured: %s', $e->getMessage());
}
}
/**
* Check function.
*
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param array $args
* List of path parts.
*
* @return bool
*/
public function check($args)
{
// lets bypass a few civicrm urls from this check
$skip = array('civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates');
CRM_Utils_Hook::idsException($skip);
$this->path = implode('/', $args);
if (in_array($this->path, $skip)) {
return NULL;
}
// Add request url and user agent.
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
$configFile = self::createConfigFile(FALSE);
// init the PHPIDS and pass the REQUEST array
require_once 'IDS/Init.php';
try {
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
} catch (Exception $e) {
// might be an old stale copy of Config.IDS.ini
// lets try to rebuild it again and see if it works
$configFile = self::createConfigFile(TRUE);
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
}
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return TRUE;
}
function preDispatch(Zend_Controller_Request_Abstract $request)
{
try {
require_once 'IDS/Init.php';
require_once 'IDS/Log/Composite.php';
require_once 'IDS/Log/Database.php';
#require_once 'IDS/Log/File.php';
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(APPLICATION_PATH . '/../library/phpids/lib/IDS/Config/Config.ini.php');
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
// This is where you should put some code that
// deals with potential attacks, e.g. throwing
// an exception, logging the attack, etc.
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_Database::getInstance($init));
#$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo $result;
die('<h1>Go away!</h1>');
#$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
#$redirector->gotoUrl('default/error/error/eh/ids')->redirectAndExit();
}
return $request;
} catch (Exception $e) {
try {
$writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugin-ids.log');
$logger = new Zend_Log($writer);
$logger->log($e->getMessage() . ' line ' . $e->getLine() . ' file ' . $e->getFile(), Zend_Log::ERR);
} catch (Exception $e) {
}
}
}
function dvwaPhpIdsTrap()
{
try {
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
$init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo 'Hacking attempt detected and logged.';
//echo $result;
exit;
}
} catch (Exception $e) {
/*
* something went terribly wrong - maybe the
* filter rules weren't found?
*/
printf('An error occured: %s', $e->getMessage());
}
}
/**
* Protects against basic attempts of Cross-Site Scripting (XSS).
*
* @see http://technicalinfo.net/papers/CSS.html
*
* @return void
*/
public function idsInputFilter(GenericEvent $event)
{
if ($event['stage'] & Core::STAGE_MODS && System::getVar('useids') == 1) {
// Run IDS if desired
try {
// build request array defining what to scan
// @todo: change the order of the arrays to merge if ini_get('variables_order') != 'EGPCS'
if (isset($_REQUEST)) {
$request['REQUEST'] = $_REQUEST;
}
if (isset($_GET)) {
$request['GET'] = $_GET;
}
if (isset($_POST)) {
$request['POST'] = $_POST;
}
if (isset($_COOKIE)) {
$request['COOKIE'] = $_COOKIE;
}
if (isset($_SERVER['HTTP_HOST'])) {
$request['HOST'] = $_SERVER['HTTP_HOST'];
}
if (isset($_SERVER['HTTP_ACCEPT'])) {
$request['ACCEPT'] = $_SERVER['HTTP_ACCEPT'];
}
if (isset($_SERVER['USER_AGENT'])) {
$request['USER_AGENT'] = $_SERVER['USER_AGENT'];
}
// while i think that REQUEST_URI is unnecessary,
// the REFERER would be important, but results in way too many false positives
/*
if (isset($_SERVER['REQUEST_URI'])) {
$request['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
}
if (isset($_SERVER['HTTP_REFERER'])) {
$request['REFERER'] = $_SERVER['HTTP_REFERER'];
}
*/
// initialise configuration object
$init = \IDS_Init::init();
// set configuration options
$init->config = $this->_getidsconfig();
// create new IDS instance
$ids = new \IDS_Monitor($request, $init);
// run the request check and fetch the results
$result = $ids->run();
// analyze the results
if (!$result->isEmpty()) {
// process the IDS_Report object
$this->_processIdsResult($init, $result);
} else {
// no attack detected
}
} catch (\Exception $e) {
// sth went wrong - maybe the filter rules weren't found
z_exit(__f('An error occured during executing PHPIDS: %s', $e->getMessage()));
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$req = array('GET' => $request->getQuery(), 'POST' => $request->getPost(), 'COOKIE' => $request->getCookie(), 'PARAMS' => $request->getUserParams());
$init = IDS_Init::init(APPLICATION_PATH . '/configs/phpids.ini');
$ids = new IDS_Monitor($req, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
}
}
/**
* Do check
*/
function check()
{
include_once $this->BASE_PATH . 'IDS/Init.php';
$request = ['REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE];
// $init = IDS_Init::init(YF_PATH.'libs/phpids/'.'IDS/Config/Config.ini');
$init = IDS_Init::init();
$init->setConfig($this->config, true);
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
// Take a look at the result object
// echo $result;
trigger_error("IDS: Possible intrusion detected, result: " . $result, E_USER_WARNING);
}
return false;
}
/**
* Initialize phpIDS and run the IDS-Monitoring on all incomming arrays
*
* Smoke Example:
* Apply to URL "index.php?theme=drahtgitter%3insert%00%00.'AND%XOR%XOR%.'DROP WHERE user_id='1';"
*/
public function runIDS()
{
// prevent redeclaration
if (false === class_exists('IDS_Monitor', false)) {
// load ids init
include ROOT_LIBRARIES . 'IDS/Init.php';
// Setup the $_GLOBALS to monitor
$request = array('GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
// We have to setup some defines here, which are used by parse_ini_file to replace values in config.ini
define('IDS_FILTER_PATH', ROOT_LIBRARIES . 'IDS' . DIRECTORY_SEPARATOR . 'default_filter.xml');
define('IDS_TMP_PATH', ROOT_CACHE);
define('IDS_LOG_PATH', ROOT_LOGS . 'phpids_log.txt');
define('IDS_CACHE_PATH', ROOT_CACHE . 'phpids_defaultfilter.cache');
// the following lines have to remain, till PHP_IDS team fixes their lib
// in order to create the cache file automatically
if (false === is_file(IDS_CACHE_PATH)) {
if (false === file_put_contents(IDS_CACHE_PATH, '')) {
throw new Koch_Exception('PHP IDS Cache file couldn\'t be created.', 11);
}
}
// autoupdate
#self::updateIDSFilterRules();
// Initialize the System with the configuration values
$init = IDS_Init::init(ROOT_CONFIG . 'phpids_config.ini');
// Get IDS Monitor: and analyse the Request with Config applied
$ids = new IDS_Monitor($request, $init);
// Get Results
$monitoring_result = $ids->run();
#var_dump($monitoring_result);
// if no results, everything is fine
if ($monitoring_result->isEmpty() === false or $monitoring_result->getImpact() > 1) {
$access_block_message = 'Access Violation Detected by IDS! Execution stopped!';
if (DEBUG == true) {
$access_block_message .= ' <br /> Monitor:' . $monitoring_result;
}
// Stop the execution of the application.
exit($access_block_message);
}
}
}
/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function check(&$args)
{
// lets bypass a few civicrm urls from this check
static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates');
$path = implode('/', $args);
if (in_array($path, $skip)) {
return;
}
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
require_once 'IDS/Init.php';
// init the PHPIDS and pass the REQUEST array
$config =& CRM_Core_Config::singleton();
$configFile = $config->configAndLogDir . 'Config.IDS.ini';
if (!file_exists($configFile)) {
$tmpDir = empty($config->uploadDir) ? CIVICRM_TEMPLATE_COMPILEDIR : $config->uploadDir;
// also clear the stat cache in case we are upgrading
clearstatcache();
global $civicrm_root;
$contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$tmpDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$tmpDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n exceptions[] = msg_text\n exceptions[] = msg_subject\n exceptions[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = thankyou_footer_text\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n html[] = report_header\n html[] = report_footer\n html[] = data\n html[] = instructions\n";
if (file_put_contents($configFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($configFile);
}
// also create the .htaccess file so we prevent the reading of the log and ini files
// via a browser, CRM-3875
require_once 'CRM/Utils/File.php';
CRM_Utils_File::restrictAccess($config->configAndLogDir);
}
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
/**
* This method checks for the plain event of every single
* exploit array item
*
* @access private
* @param array $exploits
*/
private function _testForPlainEvent($exploits = array())
{
foreach ($exploits as $exploit) {
$test = new IDS_Monitor(array('test' => $exploit), $this->init);
$result = $test->run();
if ($result->getImpact() === 0) {
echo "\n\nNot detected: " . $exploit . "\n\n";
}
$this->assertTrue($result->getImpact() > 0);
}
}
/**
* This method checks for the plain event of every single
* exploit array item
*
* @access private
* @param array $exploits
*/
private function _testForPlainEvent($exploits = array())
{
foreach ($exploits as $key => $value) {
$test = new IDS_Monitor(array('test' => $value), $this->init);
if (preg_match('/^html_/', $key)) {
$this->init->config['General']['HTML_Purifier_Cache'] = dirname(__FILE__) . '/../../lib/IDS/tmp/';
$test->setHtml(array('test'));
}
$result = $test->run();
if ($result->getImpact() === 0) {
echo "\n\nNot detected: " . $value . "\n\n";
}
$this->assertTrue($result->getImpact() > 0);
}
}
/**
* Run PHPIDS
*
* @return void
*/
public function run()
{
// Are we running in the WordPress admin?
//if ( is_admin() AND $this->enable_admin == false ) {
/// return;
//}
//hassan HMWP_MS
$can_deactive = false;
if (isset($_COOKIE['hmwp_can_deactivate']) && preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 8)) == preg_replace("/[^a-zA-Z]/", "", $_COOKIE['hmwp_can_deactivate'])) {
$can_deactive = true;
}
if (!$this->opt('ids_admin_include') && $can_deactive) {
return false;
}
if (is_admin() && !$this->opt('ids_level')) {
// is 0
return false;
}
if ($this->opt('login_query')) {
$login_query = preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 6)) . '_' . $this->opt('login_query');
} else {
$login_query = preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 6)) . '_' . 'hide_my_wp';
}
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => '', 'SERVER' => '');
//Do not allow to cookies block login area!
// if ($this->opt('ids_cookie') && strpos($_SERVER['PHP_SELF'], 'wp-login.php')===false)
// $request['COOKIE'] = $_COOKIE;
$request['SERVER'] = array('HTTP_REFERER' => '', 'REQUEST_URI' => isset($_SERVER['REQUEST_URI']) ? strtok($_SERVER["REQUEST_URI"], '?') : '', 'PHP_SELF' => isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '');
if (isset($_GET['style_wrapper']) && $this->opt('admin_key') && isset($_GET[$login_query]) && $_GET[$login_query] == $this->opt('admin_key')) {
$request['SERVER'] = '';
} else {
$request['SERVER'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
}
if ($this->has_short_values($_GET, 5) && $this->has_short_values($_POST, 5) && $this->has_short_values($_REQUEST, 5) && $this->has_short_values($request['SERVER'], 12)) {
return false;
}
$init = $this->init_ids();
$ids = new IDS_Monitor($request, $init);
$this->result = $ids->run();
// Nothing more to do
if ($this->result->isEmpty()) {
return;
}
$max = 0;
foreach ($this->result as $event) {
$max = max($max, $event->getImpact());
}
//echo '<br>count'.$this->result->count().'totalimpact';
//echo '<pre>';print_r($this->result->getImpact());echo '</pre>';
$compositeLog = new IDS_Log_Composite();
//if ( $this->enable_intrusion_logs ) {
if ($this->opt('log_ids_min') && $this->opt('log_ids_min') <= $this->result->getImpact()) {
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(new HMWP_MS_Log_Database());
// Update new intrusion count, log the event
$this->update_intrusion_count();
}
// Send alert email
if ($this->opt('email_ids_min') && $this->opt('email_ids_min') <= $this->result->getImpact()) {
require_once 'hmwp_ms/Log_Email.php';
$compositeLog->addLogger(HMWP_MS_Log_Email::getInstance($init, 'HMWP_MS_Log_Email'));
}
$compositeLog->execute($this->result);
if ($this->opt('block_ids_min') && $this->opt('block_ids_min') <= $this->result->getImpact()) {
$this->block_access();
// Load custom error page
//add_action( 'template_redirect', array( $this, 'load_template' ) );
// Catch wp-login.php requests
//add_action( 'hmwp_ms_wp_login', array( $this, 'load_template' ) );
}
//$this->ban_user();
// Warning page runs last to allow for ban processing
// $this->warning_page();
}
/**
* Register ZIDS plugin in the pre-Dispatch phase.
* @param Zend_Controller_Request_Abstract $request
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
// should ZIDS ignore this request?
if (isset($this->_config['ignore'])) {
foreach ($this->_config['ignore']['requests']['module'] as $i => $module) {
// if module, controller and action have been specified, all three parameters have to match
if (isset($this->_config['ignore']['requests']['controller'][$i]) && isset($this->_config['ignore']['requests']['action'][$i])) {
if ($request->getModuleName() == $module && $request->getControllerName() == $this->_config['ignore']['requests']['controller'][$i] && $request->getActionName() == $this->_config['ignore']['requests']['action'][$i]) {
return $request;
}
// if only module and controller have been specified, both parameters have to match (action is being ignored)
} else {
if (isset($this->_config['ignore']['requests']['controller'][$i])) {
if ($request->getModuleName() == $module && $request->getControllerName() == $this->_config['ignore']['requests']['controller'][$i]) {
return $request;
}
// if only module has been specified, module has to match (controller & action are being ignored)
} else {
if ($request->getModuleName() == $module) {
return $request;
}
}
}
}
}
// init and start PHP IDS
require_once 'IDS/Init.php';
$input = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init($this->_config['phpids']['config']);
// set PHPIDS options
if (isset($this->_config['phpids']['general']['base_path'])) {
$init->config['General']['base_path'] = $this->_config['phpids']['general']['base_path'];
}
if (isset($this->_config['phpids']['general']['use_base_path'])) {
$init->config['General']['use_base_path'] = $this->_config['phpids']['general']['use_base_path'];
}
if (isset($this->_config['phpids']['general']['tmp_path'])) {
$init->config['General']['tmp_path'] = $this->_config['phpids']['general']['tmp_path'];
}
if (isset($this->_config['phpids']['general']['filter_path'])) {
$init->config['General']['filter_path'] = $this->_config['phpids']['general']['filter_path'];
}
if (isset($this->_config['phpids']['logging']['path'])) {
$init->config['Logging']['path'] = $this->_config['phpids']['logging']['path'];
}
if (isset($this->_config['phpids']['caching']['path'])) {
$init->config['Caching']['path'] = $this->_config['phpids']['caching']['path'];
}
// html preparation
if (isset($this->_config['phpids']['general']['html'])) {
if (is_array($this->_config['phpids']['general']['html'])) {
foreach ($this->_config['phpids']['general']['html'] as $html) {
$init->config['General']['html'][] = $html;
}
} else {
$init->config['General']['html'][] = $this->_config['phpids']['general']['html'];
}
}
// json options
if (isset($this->_config['phpids']['general']['json'])) {
if (is_array($this->_config['phpids']['general']['json'])) {
foreach ($this->_config['phpids']['general']['json'] as $json) {
$init->config['General']['json'][] = $json;
}
} else {
$init->config['General']['json'][] = $this->_config['phpids']['general']['json'];
}
}
// exceptions (POST,GET,COOKIE)
if (isset($this->_config['phpids']['general']['exceptions'])) {
if (is_array($this->_config['phpids']['general']['exceptions'])) {
foreach ($this->_config['phpids']['general']['exceptions'] as $exceptions) {
$init->config['General']['exceptions'][] = $exceptions;
}
} else {
$init->config['General']['exceptions'][] = $this->_config['phpids']['general']['exceptions'];
}
}
$ids = new IDS_Monitor($input, $init);
$result = $ids->run();
// deal with the result of PHP IDS
if (!$result->isEmpty()) {
// get PHP-IDS impact
$impact = $result->getImpact();
// check, if ZIDS should aggregate all impacts in the session
if ($this->_aggregate) {
$session = new Zend_Session_Namespace('ZIDS');
$impact += $session->impact;
$session->impact = $impact;
}
// find corresponding ZIDS level of attack
foreach ($this->_levels as $lvlname => $currlevel) {
if (!in_array(strtolower($lvlname), array('*', 'all'))) {
if (isset($currlevel['upto'])) {
if ($impact <= $currlevel['upto']) {
$level = $lvlname;
break;
}
} else {
$level = $lvlname;
break;
}
}
}
if (!isset($level)) {
throw new Exception('ZIDS could not find a corresponding level for impact value ' . $impact . '! Please, check your ZIDS configuration in application.ini!');
}
// which actions should ZIDS perform?
$actions = $this->_levels[$level]['action'];
// make sure to trim each action, e.g. ' email' => 'email'
array_walk($actions, create_function('&$arr', '$arr=trim($arr);'));
// do we have to ignore this (potential) attack?
if (!in_array('ignore', $actions)) {
// fire all defined actions
foreach ($actions as $action) {
$plugin = $this->getPlugin($action);
if (!$plugin) {
throw new Exception('ZIDS cannot find a plugin with name ' . $action);
}
$plugin->injectRequest($request)->fires($result, $impact, $level);
}
}
}
return $request;
}
/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function check(&$args)
{
// lets bypass a few civicrm urls from this check
static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend');
$path = implode('/', $args);
if (in_array($path, $skip)) {
return;
}
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
require_once 'IDS/Init.php';
// init the PHPIDS and pass the REQUEST array
$config =& CRM_Core_Config::singleton();
$configFile = $config->configAndLogDir . 'Config.IDS.ini';
if (!file_exists($configFile)) {
global $civicrm_root;
$contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$config->uploadDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$config->uploadDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n html[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = msg_html\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n";
if (file_put_contents($configFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($configFile);
}
// also create the .htaccess file so we prevent the reading of the log and ini files
// via a browser, CRM-3875
$htaccessFile = $config->configAndLogDir . '.htaccess';
if (!file_exists($htaccessFile)) {
$contents = '
# Protect files and directories from prying eyes.
<FilesMatch "\\.(log|ini)$">
Order allow,deny
</FilesMatch>
';
if (file_put_contents($htaccessFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($htaccessFile);
}
}
}
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
* You can also reset the whole configuration
* array or merge in own data
*
* This usage doesn't overwrite already existing values
* $config->setConfig(array('General' => array('filter_type' => 'xml')));
*
* This does (see 2nd parameter)
* $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
*
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = BASE_DIR . '/lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
/*
* That's it - now you can analyze the results:
*
* In the result object you will find any suspicious
* fields of the passed array enriched with additional info
*
* Note: it is moreover possible to dump this information by
* simply echoing the result object, since IDS_Report implemented
* a __toString method.
*/
if (!$result->isEmpty()) {
// echo $result;
/*
* The following steps are optional to log the results
/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function detect(&$controller)
{
$this->controller =& $controller;
$this->name = Inflector::singularize($this->controller->name);
#set include path for IDS and store old one
$path = get_include_path();
set_include_path(VENDORS . 'phpids/');
#require the needed files
vendor('phpids/IDS/Init');
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
#init the PHPIDS and pass the REQUEST array
$this->init = IDS_Init::init();
$ids = new IDS_Monitor($this->init, $_REQUEST);
$result = $ids->run();
// Re-set include path
set_include_path($path);
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
public function processIDS()
{
/**
* PHPIDS
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2010 PHPIDS group (http://php-ids.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the license.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
// set the include path properly for PHPIDS
set_include_path(get_include_path() . PATH_SEPARATOR . 'IDS/lib/');
if (!session_id()) {
session_start();
}
require_once 'IDS/Init.php';
try {
/*
* It's pretty easy to get the PHPIDS running
* 1. Define what to scan
*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(dirname(__FILE__) . '/IDS/Config/Config.ini.php');
/**
* You can also reset the whole configuration
* array or merge in own data
*
* This usage doesn't overwrite already existing values
* $config->setConfig(array('General' => array('filter_type' => 'xml')));
*
* This does (see 2nd parameter)
* $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
*
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = dirname(__FILE__) . '/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
/*
* That's it - now you can analyze the results:
*
* In the result object you will find any suspicious
* fields of the passed array enriched with additional info
*
* Note: it is moreover possible to dump this information by
* simply echoing the result object, since IDS_Report implemented
* a __toString method.
*/
if (!$result->isEmpty()) {
// echo $result;
Yii::log($result, 'warning', 'application.components.ids');
/*
* The following steps are optional to log the results
*/
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
/*
* Note that you might also use different logging facilities
* such as IDS_Log_Email or IDS_Log_Database
*
* Just uncomment the following lines to test the wrappers
*/
/*
*
require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Database.php';
$compositeLog->addLogger(
IDS_Log_Email::getInstance($init),
IDS_Log_Database::getInstance($init)
);
*/
$compositeLog->execute($result);
if ($this->callback !== NULL) {
call_user_func($this->callback);
} else {
throw new CHttpException(500, $this->genericMessage);
}
} else {
// echo '<a href="?test=%22><script>eval(window.name)</script>">No attack detected - click for an example attack</a>';
}
} catch (Exception $e) {
/*
* sth went terribly wrong - maybe the
* filter rules weren't found?
*/
/*printf(
'An error occured: %s',
$e->getMessage()
);*/
Yii::log($e->getMessage(), 'warning', 'application.components.ids');
throw new CHttpException(500, $this->genericMessage);
}
}
