/**
* Checks whether given value matches any of the supplied filter patterns
*
* @param mixed $key the key of the value to scan
* @param mixed $value the value to scan
*
* @return bool|array false or array of filter(s) that matched the value
*/
private function _detect($key, $value)
{
/*
* to increase performance, only start detection if value
* isn't alphanumeric
*/
if (preg_match('/[^\\w\\s\\/]+/ims', $value) && !empty($value)) {
if (in_array($key, $this->exceptions, true)) {
return false;
}
// check for magic quotes and remove them if necessary
$value = get_magic_quotes_gpc() ? stripslashes($value) : $value;
// use the converter
include_once 'IDS/Converter.php';
$value = IDS_Converter::runAll($value);
$key = $this->scanKeys ? IDS_Converter::runAll($key) : $key;
$filters = array();
$filterSet = $this->storage->getFilterSet();
foreach ($filterSet as $filter) {
/*
* in case we have a tag array specified the IDS will only
* use those filters that are meant to detect any of the
* defined tags
*/
if (is_array($this->tags)) {
if (array_intersect($this->tags, $filter->getTags())) {
if ($this->_match($key, $value, $filter)) {
$filters[] = $filter;
}
}
} else {
if ($this->_match($key, $value, $filter)) {
$filters[] = $filter;
}
}
}
return empty($filters) ? false : $filters;
}
}
/**
* Checks whether given value matches any of the supplied filter patterns
*
* @param mixed $key the key of the value to scan
* @param mixed $value the value to scan
*
* @return bool|array false or array of filter(s) that matched the value
*/
private function _detect($key, $value)
{
// define the pre-filter
$prefilter = '/[^\\w\\s\\/@!?\\.]+|(?:\\.\\/)|(?:@@\\w+)/';
// to increase performance, only start detection if value
// isn't alphanumeric
if (!$this->scanKeys && (!$value || !preg_match($prefilter, $value))) {
return false;
} elseif ($this->scanKeys) {
if ((!$key || !preg_match($prefilter, $key)) && (!$value || !preg_match($prefilter, $value))) {
return false;
}
}
// check if this field is part of the exceptions
if (is_array($this->exceptions)) {
foreach ($this->exceptions as $exception) {
if (!preg_match('/^\\//', $exception)) {
$exception = '/' . preg_quote($exception, '/') . '/';
}
if (preg_match($exception, $key)) {
return false;
}
}
}
// check for magic quotes and remove them if necessary
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// if html monitoring is enabled for this field - then do it!
if (is_array($this->html) && in_array($key, $this->html, true)) {
list($key, $value) = $this->_purifyValues($key, $value);
}
// check if json monitoring is enabled for this field
if (is_array($this->json) && in_array($key, $this->json, true)) {
list($key, $value) = $this->_jsonDecodeValues($key, $value);
}
// use the converter
include_once 'IDS/Converter.php';
$value = IDS_Converter::runAll($value);
$value = IDS_Converter::runCentrifuge($value, $this);
// scan keys if activated via config
$key = $this->scanKeys ? IDS_Converter::runAll($key) : $key;
$key = $this->scanKeys ? IDS_Converter::runCentrifuge($key, $this) : $key;
$filters = array();
$filterSet = $this->storage->getFilterSet();
foreach ($filterSet as $filter) {
/*
* in case we have a tag array specified the IDS will only
* use those filters that are meant to detect any of the
* defined tags
*/
if (is_array($this->tags)) {
if (array_intersect($this->tags, $filter->getTags())) {
if ($this->_match($key, $value, $filter)) {
$filters[] = $filter;
}
}
} else {
if ($this->_match($key, $value, $filter)) {
$filters[] = $filter;
}
}
}
return empty($filters) ? false : $filters;
}
/**
* Checks whether given value matches any of the supplied filter patterns
*
* @param mixed $key the key of the value to scan
* @param mixed $value the value to scan
*
* @return bool|array false or array of filter(s) that matched the value
*/
private function _detect($key, $value)
{
// define the pre-filter
$prefilter = '/[^\\w\\s\\/@!?\\.]+|(?:\\.\\/)|(?:@@\\w+)' . '|(?:\\+ADw)|(?:union\\s+select)/i';
// to increase performance, only start detection if value
// isn't alphanumeric
if (!$this->scanKeys && (!$value || !preg_match($prefilter, $value))) {
return false;
} elseif ($this->scanKeys) {
if ((!$key || !preg_match($prefilter, $key)) && (!$value || !preg_match($prefilter, $value))) {
return false;
}
}
// check if this field is part of the exceptions
$xss_exception = false;
if (is_array($this->exceptions)) {
foreach ($this->exceptions as $exception) {
$matches = array();
if (preg_match('/(\\/.*\\/[^eE]*)$/', $exception, $matches)) {
if (isset($matches[1]) && preg_match($matches[1], $key)) {
//return false;
$xss_exception = true;
}
} else {
if ($exception === $key) {
//return false;
$xss_exception = true;
}
}
}
}
// check if this field is part of the exceptions
$filter_bypass = false;
if (is_array($this->bypass)) {
foreach ($this->bypass as $bypass) {
$matches = array();
if (preg_match('/(\\/.*\\/[^eE]*)$/', $bypass, $matches)) {
if (isset($matches[1]) && preg_match($matches[1], $key)) {
//return false;
$filter_bypass = true;
}
} else {
if ($bypass === $key) {
//return false;
$filter_bypass = true;
}
}
}
}
// check for magic quotes and remove them if necessary
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (function_exists('get_magic_quotes_gpc') && !get_magic_quotes_gpc() && version_compare(PHP_VERSION, '5.3.0', '>=')) {
$value = preg_replace('/\\\\(["\'\\/])/im', '$1', $value);
}
// if html monitoring is enabled for this field - then do it!
if (is_array($this->html) && in_array($key, $this->html, true)) {
list($key, $value) = $this->_purifyValues($key, $value);
}
// check if json monitoring is enabled for this field
if (is_array($this->json) && in_array($key, $this->json, true)) {
list($key, $value) = $this->_jsonDecodeValues($key, $value);
}
// use the converter
include_once 'IDS/Converter.php';
$value = IDS_Converter::runAll($value);
$value = IDS_Converter::runCentrifuge($value, $this);
// scan keys if activated via config
$key = $this->scanKeys ? IDS_Converter::runAll($key) : $key;
$key = $this->scanKeys ? IDS_Converter::runCentrifuge($key, $this) : $key;
$filters = array();
if ($filter_bypass) {
// Bypass all filter
$filterSet = array();
} elseif ($xss_exception) {
// Load xss filters
$filterSet = $this->storage->getFilterXSS();
} else {
// load all filters
$filterSet = $this->storage->getFilterSet();
}
foreach ($filterSet as $filter) {
/*
* in case we have a tag array specified the IDS will only
* use those filters that are meant to detect any of the
* defined tags
*/
if (is_array($this->tags)) {
if (array_intersect($this->tags, $filter->getTags())) {
if ($this->_match($key, $value, $filter)) {
$filters[] = $filter;
}
}
} else {
if ($this->_match($key, $value, $filter)) {
$filters[] = $filter;
}
}
}
return empty($filters) ? false : $filters;
}
