Exemple #1
0
 public static function ajax_saveWAFConfig_callback()
 {
     if (isset($_POST['wafConfigAction'])) {
         switch ($_POST['wafConfigAction']) {
             case 'config':
                 if (!empty($_POST['wafStatus'])) {
                     if ($_POST['wafStatus'] == 'learning-mode' && !empty($_POST['learningModeGracePeriodEnabled'])) {
                         $gracePeriodEnd = strtotime(isset($_POST['learningModeGracePeriod']) ? $_POST['learningModeGracePeriod'] : '');
                         if ($gracePeriodEnd > time()) {
                             wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 1);
                             wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriod', $gracePeriodEnd);
                         } else {
                             return array('err' => 1, 'errorMsg' => "The grace period end time must be in the future.");
                         }
                     } else {
                         wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 0);
                         wfWAF::getInstance()->getStorageEngine()->unsetConfig('learningModeGracePeriod');
                     }
                     wfWAF::getInstance()->getStorageEngine()->setConfig('wafStatus', $_POST['wafStatus']);
                 }
                 break;
             case 'addWhitelist':
                 if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) {
                     $path = stripslashes($_POST['whitelistedPath']);
                     $paramKey = stripslashes($_POST['whitelistedParam']);
                     if (!$path || !$paramKey) {
                         break;
                     }
                     $data = array('timestamp' => time(), 'description' => 'Whitelisted via Firewall Options page', 'ip' => wfUtils::getIP(), 'disabled' => empty($_POST['whitelistedEnabled']));
                     if (function_exists('get_current_user_id')) {
                         $data['userID'] = get_current_user_id();
                     }
                     wfWAF::getInstance()->whitelistRuleForParam($path, $paramKey, 'all', $data);
                 }
                 break;
             case 'replaceWhitelist':
                 if (!empty($_POST['oldWhitelistedPath']) && !empty($_POST['oldWhitelistedParam']) && !empty($_POST['newWhitelistedPath']) && !empty($_POST['newWhitelistedParam'])) {
                     $oldWhitelistedPath = stripslashes($_POST['oldWhitelistedPath']);
                     $oldWhitelistedParam = stripslashes($_POST['oldWhitelistedParam']);
                     $newWhitelistedPath = stripslashes($_POST['newWhitelistedPath']);
                     $newWhitelistedParam = stripslashes($_POST['newWhitelistedParam']);
                     $savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
                     // These are already base64'd
                     $oldKey = $oldWhitelistedPath . '|' . $oldWhitelistedParam;
                     $newKey = base64_encode($newWhitelistedPath) . '|' . base64_encode($newWhitelistedParam);
                     try {
                         $savedWhitelistedURLParams = wfUtils::arrayReplaceKey($savedWhitelistedURLParams, $oldKey, $newKey);
                     } catch (Exception $e) {
                         error_log("Caught exception from 'wfUtils::arrayReplaceKey' with message: " . $e->getMessage());
                     }
                     wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
                 }
                 break;
             case 'deleteWhitelist':
                 if (isset($_POST['deletedWhitelistedPath']) && is_string($_POST['deletedWhitelistedPath']) && isset($_POST['deletedWhitelistedParam']) && is_string($_POST['deletedWhitelistedParam'])) {
                     $deletedWhitelistedPath = stripslashes($_POST['deletedWhitelistedPath']);
                     $deletedWhitelistedParam = stripslashes($_POST['deletedWhitelistedParam']);
                     $savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
                     $key = $deletedWhitelistedPath . '|' . $deletedWhitelistedParam;
                     unset($savedWhitelistedURLParams[$key]);
                     wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
                 }
                 break;
             case 'enableWhitelist':
                 if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) {
                     $path = stripslashes($_POST['whitelistedPath']);
                     $paramKey = stripslashes($_POST['whitelistedParam']);
                     if (!$path || !$paramKey) {
                         break;
                     }
                     $enabled = !empty($_POST['whitelistedEnabled']);
                     $savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
                     $key = $path . '|' . $paramKey;
                     if (array_key_exists($key, $savedWhitelistedURLParams) && is_array($savedWhitelistedURLParams[$key])) {
                         foreach ($savedWhitelistedURLParams[$key] as $ruleID => $data) {
                             $savedWhitelistedURLParams[$key][$ruleID]['disabled'] = !$enabled;
                         }
                     }
                     wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
                 }
                 break;
             case 'enableRule':
                 $ruleEnabled = !empty($_POST['ruleEnabled']);
                 $ruleID = !empty($_POST['ruleID']) ? (int) $_POST['ruleID'] : false;
                 if ($ruleID) {
                     $disabledRules = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('disabledRules');
                     if ($ruleEnabled) {
                         unset($disabledRules[$ruleID]);
                     } else {
                         $disabledRules[$ruleID] = true;
                     }
                     wfWAF::getInstance()->getStorageEngine()->setConfig('disabledRules', $disabledRules);
                 }
                 break;
         }
     }
     return array('success' => true, 'data' => self::_getWAFData());
 }