/**
* Put an entry into the log table so the admin can figure out what to do wwith the violation.
* @param array $CSPViolation
*/
public static function LogPolicyViolation($CSPViolation)
{
// Two bits of information we need to be able to log the violation.
$ViolatedDirective = '';
$DocumentURI = '';
$BlockedURI = '';
$UserAgent = '';
$RemoteAddress = '';
$LogViolation = false;
// Options as entered by the site admin.
$CSPOptions = get_option(wpCSPclass::SETTINGS_OPTIONS_ALLOPTIONS);
//Figure out the policy that was violated.
if (isset($CSPViolation['csp-report']['effective-directive'])) {
$ViolatedDirective = $CSPViolation['csp-report']['effective-directive'];
} elseif (isset($CSPViolation['csp-report']['violated-directive'])) {
$parts = explode(" ", $CSPViolation['csp-report']['violated-directive'], 2);
$ViolatedDirective = $parts[0];
}
// Find out which URL was blocked.
if (isset($CSPViolation['csp-report']['document-uri'])) {
$DocumentURI = $CSPViolation['csp-report']['document-uri'];
} elseif (isset($_SERVER['HTTP_REFERER'])) {
$DocumentURI = $_SERVER['HTTP_REFERER'];
}
// Find out which URL was blocked.
$BlockedURI = isset($CSPViolation['csp-report']['blocked-uri']) ? $CSPViolation['csp-report']['blocked-uri'] : '';
// Find out browser information.
$UserAgent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
// Find out source of problem.
$RemoteAddress = isset($CSPViolation['REMOTE_ADDR']['REMOTE_ADDR']) ? '' : '';
// Do we have enough information to do anything with?
if (!empty($ViolatedDirective) && !empty($BlockedURI)) {
$LogViolation = true;
// Let's see if we are set to ignore this host - Not reporting ignored URLs to stop clogging up the database
if (!empty($CSPOptions[wpCSPclass::SETTINGS_OPTIONS_VIOLATIONSTOIGNORE]) && self::IsURIInOptionString($BlockedURI, $CSPOptions[wpCSPclass::SETTINGS_OPTIONS_VIOLATIONSTOIGNORE])) {
$LogViolation = false;
}
// Sometimes some browsers seem to cache old directives - see if the host is now blocked.
if (!empty($CSPOptions[$ViolatedDirective]) && self::IsURIInOptionString($BlockedURI, $CSPOptions[$ViolatedDirective])) {
$LogViolation = false;
}
// Did the user want us to log the violations?
if (empty($CSPOptions[wpCSPclass::SETTINGS_OPTIONS_LOGVIOLATIONS])) {
$LogViolation = false;
}
// Do we still want to log the violation?
if ($LogViolation === true) {
// This is the extra information to help track down weird violations.
$PrettyData = "Violated Directive: " . $ViolatedDirective . " <br>\n" . "Blocked Host: " . $BlockedURI . " <br>\n";
// Not sure we can handle blocking individual ports....
if (isset($URLParts['port'])) {
$PrettyData .= "Port Blocked: " . $URLParts['port'] . " <br>\n";
}
$PrettyData .= print_r($CSPViolation, true);
//
global $wpdb;
$wpdb->insert(wpCSPclass::LogTableName(), array('violated_directive' => $ViolatedDirective, 'blocked_uri' => $BlockedURI, 'document_uri' => $DocumentURI, 'useragent' => $UserAgent, 'remoteaddress' => $RemoteAddress, 'information' => $PrettyData), array('%s', '%s', '%s', '%s', '%s', '%s'));
}
}
return $LogViolation;
}
public static function plugin_uninstall()
{
global $wpdb;
$wpdb->query("DROP TABLE IF EXISTS " . wpCSPclass::LogTableName());
unregister_setting(wpCSPclass::SETTINGS_OPTIONS_SECTION, wpCSPclass::SETTINGS_OPTIONS_ALLOPTIONS);
delete_option(self::wpCSPDBVersionOptionName);
delete_option(wpCSPclass::SETTINGS_OPTIONS_ALLOPTIONS);
wp_clear_scheduled_hook(self::wpCSPDBCronJobName);
}
