コード例 #1
0
ファイル: filter.php プロジェクト: ASDAFF/entask.ru
	public static function OnBeforeProlog()
	{
		if (CSecuritySystemInformation::isCliMode())
			return;

		if(CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"]))
			return;

		if(self::currentUserHaveRightsForSkip())
		{
			if(
				check_bitrix_sessid()
				&& (
					!isset($_POST['____SECFILTER_CONVERT_JS'])
					|| !$_POST['____SECFILTER_CONVERT_JS']
				)
			)
			{
				return;
			}
		}

		$filter = new CSecurityFilter;
		$filter->process();
	}
コード例 #2
0
ファイル: post_filter.php プロジェクト: ASDAFF/bxApiDocs
 /**
  * @param $pContent
  */
 public static function OnEndBufferContent(&$pContent)
 {
     if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"])) {
         return;
     }
     $filter = new CSecurityXSSDetect();
     $pContent = $filter->process($pContent);
 }
コード例 #3
0
ファイル: filter.php プロジェクト: k-kalashnikov/geekcon_new
 /**
  *
  */
 public static function OnBeforeProlog()
 {
     if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"])) {
         return;
     }
     $filter = new CSecurityFilter();
     $filter->process();
 }
コード例 #4
0
ファイル: post_filter.php プロジェクト: rasuldev/torino
 /**
  * @param $content
  */
 public static function OnEndBufferContent(&$content)
 {
     if (CSecuritySystemInformation::isCliMode()) {
         return;
     }
     if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"])) {
         return;
     }
     $filter = new CSecurityXSSDetect();
     $content = $filter->process($content);
 }
コード例 #5
0
ファイル: post_filter.php プロジェクト: nycmic/bittest
	/**
	 * @param $content
	 */
	public static function OnEndBufferContent(&$content)
	{
		if (CSecuritySystemInformation::isCliMode())
			return;

		if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"]))
			return;

		if (!preg_match('#</script#', $content)) // Probably does not include the scripts
			return;

		$filter = new CSecurityXSSDetect();
		$filter->process($content);
	}
コード例 #6
0
		<?php 
echo EndNote();
?>
	</td>
</tr>
<?php 
$tabControl->BeginNextTab();
$arMasks = array();
if ($bVarsFromForm) {
    if (is_array($_POST["FILTER_MASKS"])) {
        foreach ($_POST["FILTER_MASKS"] as $i => $POST_MASK) {
            $arMasks[] = array("SITE_ID" => htmlspecialcharsbx($POST_MASK["SITE_ID"]), "FILTER_MASK" => htmlspecialcharsbx($POST_MASK["FILTER_MASK"]));
        }
    }
} else {
    $rs = CSecurityFilterMask::GetList();
    while ($ar = $rs->Fetch()) {
        $arMasks[] = array("SITE_ID" => htmlspecialcharsbx($ar["SITE_ID"]), "FILTER_MASK" => htmlspecialcharsbx($ar["FILTER_MASK"]));
    }
}
?>
<tr>
	<td class="adm-detail-valign-top" width="40%"><?php 
echo GetMessage("SEC_FILTER_MASKS");
?>
</td>
	<td width="60%">
	<table cellpadding="0" cellspacing="0" border="0" class="nopadding" width="100%" id="tbFILTER_MASKS">
		<?php 
foreach ($arMasks as $i => $arMask) {
    ?>
コード例 #7
0
    $criticalResultsCount = 0;
}
if (isset($lastTestingInfo["test_date"])) {
    $lastDate = $lastTestingInfo["test_date"];
} else {
    $lastDate = GetMessage("SEC_PANEL_SCANNER_NEVER_START");
}
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_LAST_SCAN"), "KPI_VALUE" => $lastDate, "KPI_RECOMMENDATION" => !CSecuritySiteChecker::isNewTestNeeded() ? '&nbsp;' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_RUN") . '</a>' : GetMessage("SEC_PANEL_SCANNER_RUN")));
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_PROBLEM_COUNT"), "KPI_VALUE" => count($lastResults), "KPI_RECOMMENDATION" => count($lastResults) <= 0 ? '&nbsp;' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_FIX_IT") . '</a>' : GetMessage("SEC_PANEL_SCANNER_FIX_IT")));
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_CRITICAL_PROBLEM_COUNT"), "KPI_VALUE" => $criticalResultsCount, "KPI_RECOMMENDATION" => $criticalResultsCount <= 0 ? '&nbsp;' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_FIX_IT") . '</a>' : GetMessage("SEC_PANEL_SCANNER_FIX_IT")));
unset($lastTestingInfo);
unset($lastResults);
unset($criticalResultsCount);
$bSecurityFilter = CSecurityFilter::IsActive();
$data['std']['ITEMS'][] = array("IS_OK" => $bSecurityFilter, "KPI_NAME" => GetMessage("SEC_PANEL_FILTER_NAME"), "KPI_VALUE" => $bSecurityFilter ? GetMessage("SEC_PANEL_FILTER_VALUE_ON") : GetMessage("SEC_PANEL_FILTER_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityFilter ? '&nbsp;' : ($USER->CanDoOperation('security_filter_settings_write') ? '<a href="security_filter.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_FILTER_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILTER_RECOMMENDATION")));
$rsSecurityFilterExclMask = CSecurityFilterMask::GetList();
if ($rsSecurityFilterExclMask->Fetch()) {
    $bSecurityFilterExcl = true;
} else {
    $bSecurityFilterExcl = false;
}
$data['std']['ITEMS'][] = array("IS_OK" => !$bSecurityFilterExcl, "KPI_NAME" => GetMessage("SEC_PANEL_FILTER_EXCL_NAME"), "KPI_VALUE" => $bSecurityFilterExcl ? GetMessage("SEC_PANEL_FILTER_EXCL_VALUE_ON") : GetMessage("SEC_PANEL_FILTER_EXCL_VALUE_OFF"), "KPI_RECOMMENDATION" => !$bSecurityFilterExcl ? '&nbsp;' : ($USER->CanDoOperation('security_filter_settings_write') ? '<a href="security_filter.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&amp;tabControl_active_tab=exceptions">' . GetMessage("SEC_PANEL_FILTER_EXCL_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILTER_EXCL_RECOMMENDATION")));
$days = COption::GetOptionInt("main", "event_log_cleanup_days", 7);
if ($days > 7) {
    $days = 7;
}
$cntLog = 0;
$rsLog = CEventLog::GetList(array(), array("TIMESTAMP_X_1" => ConvertTimeStamp(time() - $days * 24 * 3600 + CTimeZone::GetOffset(), "FULL"), "AUDIT_TYPE_ID" => "SECURITY_FILTER_SQL|SECURITY_FILTER_XSS|SECURITY_FILTER_XSS2|SECURITY_FILTER_PHP|SECURITY_REDIRECT"));
while ($rsLog->Fetch()) {
    $cntLog++;
}
コード例 #8
0
ファイル: checklist.php プロジェクト: nProfessor/Mytb
	function CheckSecurity($arParams)
	{
		global $DB;
		$err = 1;
		$arResult['STATUS'] = false;
		switch ($arParams["ACTION"])
		{
			case "SECURITY_LEVEL":
				if (IsModuleInstalled("security"))
				{
						if ($arMask = CSecurityFilterMask::GetList()->Fetch())
							$arMessage.= $err++.". ".GetMessage("CL_FILTER_EXEPTION_FOUND")."\n";
						if(!CSecurityFilter::IsActive())
							$arMessage.=$err++.". ".GetMessage("CL_FILTER_NON_ACTIVE")."\n";
						if(COption::GetOptionString("main", "captcha_registration", "N") == "N")
							$arMessage.=$err++.". ".GetMessage("CL_CAPTCHA_NOT_USE")."\n";

					if (CCheckListTools::AdminPolicyLevel() != "high")
						$arMessage.=$err++.". ".GetMessage("CL_ADMIN_SECURITY_LEVEL")."\n";
					if (COption::GetOptionInt("main", "error_reporting", E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR|E_PARSE) != (E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR|E_PARSE) && COption::GetOptionString("main","error_reporting","") != 0)
						$arMessage.=$err++.". ".GetMessage("CL_ERROR_REPORTING_LEVEL")."\n";
					if($DB->debug)
						$arMessage.=$err++.". ".GetMessage("CL_DBDEBUG_TURN_ON")."\n";
					if ($arMessage)
					{
						$arResult["STATUS"] = false;
						$arResult["MESSAGE"]=Array(
								"PREVIEW"=>GetMessage("CL_MIN_LEVEL_SECURITY"),
								"DETAIL"=>GetMessage("CL_ERROR_FOUND")."\n".$arMessage
						);
					}
					else
					{
						$arResult["STATUS"] = true;
						$arResult["MESSAGE"]=Array(
								"PREVIEW"=>GetMessage("CL_LEVEL_SECURITY")."\n"
						);
					}
				}
				else
					$arResult = Array(
						"STATUS" => false,
						"MESSAGE"=>Array(
							"PREVIEW"=>GetMessage("CL_SECURITY_MODULE_NOT_INSTALLED")."\n"
						)
					);
			break;
			case "ADMIN_POLICY":
				if (CCheckListTools::AdminPolicyLevel() != "high")
					$arResult["MESSAGE"]["PREVIEW"] = GetMessage("CL_ADMIN_SECURITY_LEVEL")."\n";
				else
					$arResult = Array(
						"STATUS" => true,
						"MESSAGE"=>Array(
							"PREVIEW"=>GetMessage("CL_ADMIN_SECURITY_LEVEL_IS_HIGH")."\n"
						)
					);
			break;
		}

		return $arResult;
	}