/**
* Protects against basic attempts of Cross-Site Scripting (XSS).
*
* @see http://technicalinfo.net/papers/CSS.html
*
* @return void
*
* @throws \Exception Thrown if there was a problem running ids detection
*/
public function idsInputFilter(Zikula_Event $event)
{
if ($event['stage'] & Zikula_Core::STAGE_MODS && System::getVar('useids') == 1) {
// Run IDS if desired
try {
$request = array();
// build request array defining what to scan
// @todo: change the order of the arrays to merge if ini_get('variables_order') != 'EGPCS'
if (isset($_REQUEST)) {
$request['REQUEST'] = $_REQUEST;
}
if (isset($_GET)) {
$request['GET'] = $_GET;
}
if (isset($_POST)) {
$request['POST'] = $_POST;
}
if (isset($_COOKIE)) {
$request['COOKIE'] = $_COOKIE;
}
if (isset($_SERVER['HTTP_HOST'])) {
$request['HOST'] = $_SERVER['HTTP_HOST'];
}
if (isset($_SERVER['HTTP_ACCEPT'])) {
$request['ACCEPT'] = $_SERVER['HTTP_ACCEPT'];
}
if (isset($_SERVER['USER_AGENT'])) {
$request['USER_AGENT'] = $_SERVER['USER_AGENT'];
}
// while i think that REQUEST_URI is unnecessary,
// the REFERER would be important, but results in way too many false positives
/*
if (isset($_SERVER['REQUEST_URI'])) {
$request['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
}
if (isset($_SERVER['HTTP_REFERER'])) {
$request['REFERER'] = $_SERVER['HTTP_REFERER'];
}
*/
// initialise configuration object
$init = \IDS\Init::init();
// set configuration options
$init->config = $this->_getidsconfig();
// create new IDS instance
$ids = new \IDS\Monitor($init);
// run the request check and fetch the results
$result = $ids->run($request);
// analyze the results
if (!$result->isEmpty()) {
// process the \IDS\Report object
$this->_processIdsResult($init, $result);
} else {
// no attack detected
}
} catch (\Exception $e) {
// sth went wrong - maybe the filter rules weren't found
throw new \Exception(__f('An error occured during executing PHPIDS: %s', $e->getMessage()));
}
}
}
public function start()
{
global $app, $conf;
$security_config = $app->getconf->get_security_config('ids');
set_include_path(get_include_path() . PATH_SEPARATOR . ISPC_CLASS_PATH . '/');
require_once ISPC_CLASS_PATH . '/IDS/Init.php';
require_once ISPC_CLASS_PATH . '/IDS/Monitor.php';
require_once ISPC_CLASS_PATH . '/IDS/Filter.php';
require_once ISPC_CLASS_PATH . '/IDS/Filter/Storage.php';
require_once ISPC_CLASS_PATH . '/IDS/Report.php';
require_once ISPC_CLASS_PATH . '/IDS/Event.php';
require_once ISPC_CLASS_PATH . '/IDS/Converter.php';
$ids_request = array('GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$ids_init = IDS\Init::init(ISPC_CLASS_PATH . '/IDS/Config/Config.ini.php');
$ids_init->config['General']['base_path'] = ISPC_CLASS_PATH . '/IDS/';
$ids_init->config['General']['tmp_path'] = '../../../temp';
$ids_init->config['General']['use_base_path'] = true;
$ids_init->config['Caching']['caching'] = 'none';
$ids_init->config['Logging']['path'] = '../../../temp/ids.log';
$current_script_name = trim($_SERVER['SCRIPT_NAME']);
// Get whitelist
$whitelist_path = '/usr/local/ispconfig/security/ids.whitelist';
if (is_file('/usr/local/ispconfig/security/ids.whitelist.custom')) {
$whitelist_path = '/usr/local/ispconfig/security/ids.whitelist.custom';
}
if (!is_file($whitelist_path)) {
$whitelist_path = realpath(ISPC_ROOT_PATH . '/../security/ids.whitelist');
}
$whitelist_lines = file($whitelist_path);
if (is_array($whitelist_lines)) {
foreach ($whitelist_lines as $line) {
$line = trim($line);
if (substr($line, 0, 1) != '#') {
list($user, $path, $varname) = explode(':', $line);
if ($current_script_name == $path) {
if ($user = '******' || $user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin') || $user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin') {
$ids_init->config['General']['exceptions'][] = $varname;
}
}
}
}
}
// Get HTML fields
$htmlfield_path = '/usr/local/ispconfig/security/ids.htmlfield';
if (is_file('/usr/local/ispconfig/security/ids.htmlfield.custom')) {
$htmlfield_path = '/usr/local/ispconfig/security/ids.htmlfield.custom';
}
if (!is_file($htmlfield_path)) {
$htmlfield_path = realpath(ISPC_ROOT_PATH . '/../security/ids.htmlfield');
}
$htmlfield_lines = file($htmlfield_path);
if (is_array($htmlfield_lines)) {
foreach ($htmlfield_lines as $line) {
$line = trim($line);
if (substr($line, 0, 1) != '#') {
list($user, $path, $varname) = explode(':', $line);
if ($current_script_name == $path) {
if ($user = '******' || $user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin') || $user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin') {
$ids_init->config['General']['html'][] = $varname;
}
}
}
}
}
$ids = new IDS\Monitor($ids_init);
$ids_result = $ids->run($ids_request);
if (!$ids_result->isEmpty()) {
$impact = $ids_result->getImpact();
if ($impact >= $security_config['ids_log_level']) {
$ids_log = ISPC_ROOT_PATH . '/temp/ids.log';
if (!is_file($ids_log)) {
touch($ids_log);
}
$user = isset($_SESSION['s']['user']['typ']) ? $_SESSION['s']['user']['typ'] : 'any';
$log_lines = '';
foreach ($ids_result->getEvents() as $event) {
$log_lines .= $user . ':' . $current_script_name . ':' . $event->getName() . "\n";
}
file_put_contents($ids_log, $log_lines, FILE_APPEND);
}
if ($impact >= $security_config['ids_warn_level']) {
$app->log("PHP IDS Alert." . $ids_result, 2);
}
if ($impact >= $security_config['ids_block_level']) {
$app->error("Possible attack detected. This action has been logged.", '', true, 2);
}
}
}
<?php
/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function ($request) {
$fullRequest = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS\Init::init(app_path() . '/config/ids/config.ini');
$ids = new IDS\Monitor($init);
$result = $ids->run($fullRequest);
if (!$result->isEmpty()) {
foreach ($result as $event) {
Event::fire('security.intrusion', array($event));
}
}
});
App::after(function ($request, $response) {
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
