/** * Checks whether given value matches any of the supplied filter patterns * * @param mixed $key the key of the value to scan * @param mixed $value the value to scan * * @return bool|array false or array of filter(s) that matched the value */ private function _detect($key, $value) { // define the pre-filter $prefilter = '/[^\\w\\s\\/@!?\\.]+|(?:\\.\\/)|(?:@@\\w+)/'; // to increase performance, only start detection if value // isn't alphanumeric if (!$this->scanKeys && (!$value || !preg_match($prefilter, $value))) { return false; } elseif ($this->scanKeys) { if ((!$key || !preg_match($prefilter, $key)) && (!$value || !preg_match($prefilter, $value))) { return false; } } // check if this field is part of the exceptions if (is_array($this->exceptions) && in_array($key, $this->exceptions, true)) { return false; } // check for magic quotes and remove them if necessary if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $value = stripslashes($value); } // if html monitoring is enabled for this field - then do it! if (is_array($this->html) && in_array($key, $this->html, true)) { list($key, $value) = $this->_purifyValues($key, $value); } // check if json monitoring is enabled for this field if (is_array($this->json) && in_array($key, $this->json, true)) { list($key, $value) = $this->_jsonDecodeValues($key, $value); } // use the converter include_once 'IDS/Converter.php'; $value = IDS_Converter::runAll($value); $value = IDS_Converter::runCentrifuge($value, $this); // scan keys if activated via config $key = $this->scanKeys ? IDS_Converter::runAll($key) : $key; $key = $this->scanKeys ? IDS_Converter::runCentrifuge($key, $this) : $key; $filters = array(); $filterSet = $this->storage->getFilterSet(); foreach ($filterSet as $filter) { /* * in case we have a tag array specified the IDS will only * use those filters that are meant to detect any of the * defined tags */ if (is_array($this->tags)) { if (array_intersect($this->tags, $filter->getTags())) { if ($this->_match($key, $value, $filter)) { $filters[] = $filter; } } } else { if ($this->_match($key, $value, $filter)) { $filters[] = $filter; } } } return empty($filters) ? false : $filters; }
/** * Checks whether given value matches any of the supplied filter patterns * * @param mixed $key the key of the value to scan * @param mixed $value the value to scan * * @return bool|array false or array of filter(s) that matched the value */ private function _detect($key, $value) { /* * to increase performance, only start detection if value * isn't alphanumeric */ if (preg_match('/[^\\w\\s\\/]+/ims', $value) && !empty($value)) { if (in_array($key, $this->exceptions, true)) { return false; } // check for magic quotes and remove them if necessary $value = get_magic_quotes_gpc() ? stripslashes($value) : $value; // use the converter include_once 'IDS/Converter.php'; $value = IDS_Converter::runAll($value); $key = $this->scanKeys ? IDS_Converter::runAll($key) : $key; $filters = array(); $filterSet = $this->storage->getFilterSet(); foreach ($filterSet as $filter) { /* * in case we have a tag array specified the IDS will only * use those filters that are meant to detect any of the * defined tags */ if (is_array($this->tags)) { if (array_intersect($this->tags, $filter->getTags())) { if ($this->_match($key, $value, $filter)) { $filters[] = $filter; } } } else { if ($this->_match($key, $value, $filter)) { $filters[] = $filter; } } } return empty($filters) ? false : $filters; } }
/** * Checks whether given value matches any of the supplied filter patterns * * @param mixed $key the key of the value to scan * @param mixed $value the value to scan * * @return bool|array false or array of filter(s) that matched the value */ private function _detect($key, $value) { // define the pre-filter $prefilter = '/[^\\w\\s\\/@!?\\.]+|(?:\\.\\/)|(?:@@\\w+)' . '|(?:\\+ADw)|(?:union\\s+select)/i'; // to increase performance, only start detection if value // isn't alphanumeric if (!$this->scanKeys && (!$value || !preg_match($prefilter, $value))) { return false; } elseif ($this->scanKeys) { if ((!$key || !preg_match($prefilter, $key)) && (!$value || !preg_match($prefilter, $value))) { return false; } } // check if this field is part of the exceptions $xss_exception = false; if (is_array($this->exceptions)) { foreach ($this->exceptions as $exception) { $matches = array(); if (preg_match('/(\\/.*\\/[^eE]*)$/', $exception, $matches)) { if (isset($matches[1]) && preg_match($matches[1], $key)) { //return false; $xss_exception = true; } } else { if ($exception === $key) { //return false; $xss_exception = true; } } } } // check if this field is part of the exceptions $filter_bypass = false; if (is_array($this->bypass)) { foreach ($this->bypass as $bypass) { $matches = array(); if (preg_match('/(\\/.*\\/[^eE]*)$/', $bypass, $matches)) { if (isset($matches[1]) && preg_match($matches[1], $key)) { //return false; $filter_bypass = true; } } else { if ($bypass === $key) { //return false; $filter_bypass = true; } } } } // check for magic quotes and remove them if necessary if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $value = stripslashes($value); } if (function_exists('get_magic_quotes_gpc') && !get_magic_quotes_gpc() && version_compare(PHP_VERSION, '5.3.0', '>=')) { $value = preg_replace('/\\\\(["\'\\/])/im', '$1', $value); } // if html monitoring is enabled for this field - then do it! if (is_array($this->html) && in_array($key, $this->html, true)) { list($key, $value) = $this->_purifyValues($key, $value); } // check if json monitoring is enabled for this field if (is_array($this->json) && in_array($key, $this->json, true)) { list($key, $value) = $this->_jsonDecodeValues($key, $value); } // use the converter include_once 'IDS/Converter.php'; $value = IDS_Converter::runAll($value); $value = IDS_Converter::runCentrifuge($value, $this); // scan keys if activated via config $key = $this->scanKeys ? IDS_Converter::runAll($key) : $key; $key = $this->scanKeys ? IDS_Converter::runCentrifuge($key, $this) : $key; $filters = array(); if ($filter_bypass) { // Bypass all filter $filterSet = array(); } elseif ($xss_exception) { // Load xss filters $filterSet = $this->storage->getFilterXSS(); } else { // load all filters $filterSet = $this->storage->getFilterSet(); } foreach ($filterSet as $filter) { /* * in case we have a tag array specified the IDS will only * use those filters that are meant to detect any of the * defined tags */ if (is_array($this->tags)) { if (array_intersect($this->tags, $filter->getTags())) { if ($this->_match($key, $value, $filter)) { $filters[] = $filter; } } } else { if ($this->_match($key, $value, $filter)) { $filters[] = $filter; } } } return empty($filters) ? false : $filters; }