/** * Put an entry into the log table so the admin can figure out what to do wwith the violation. * @param array $CSPViolation */ public static function LogPolicyViolation($CSPViolation) { // Two bits of information we need to be able to log the violation. $ViolatedDirective = ''; $DocumentURI = ''; $BlockedURI = ''; $UserAgent = ''; $RemoteAddress = ''; $LogViolation = false; // Options as entered by the site admin. $CSPOptions = get_option(wpCSPclass::SETTINGS_OPTIONS_ALLOPTIONS); //Figure out the policy that was violated. if (isset($CSPViolation['csp-report']['effective-directive'])) { $ViolatedDirective = $CSPViolation['csp-report']['effective-directive']; } elseif (isset($CSPViolation['csp-report']['violated-directive'])) { $parts = explode(" ", $CSPViolation['csp-report']['violated-directive'], 2); $ViolatedDirective = $parts[0]; } // Find out which URL was blocked. if (isset($CSPViolation['csp-report']['document-uri'])) { $DocumentURI = $CSPViolation['csp-report']['document-uri']; } elseif (isset($_SERVER['HTTP_REFERER'])) { $DocumentURI = $_SERVER['HTTP_REFERER']; } // Find out which URL was blocked. $BlockedURI = isset($CSPViolation['csp-report']['blocked-uri']) ? $CSPViolation['csp-report']['blocked-uri'] : ''; // Find out browser information. $UserAgent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; // Find out source of problem. $RemoteAddress = isset($CSPViolation['REMOTE_ADDR']['REMOTE_ADDR']) ? '' : ''; // Do we have enough information to do anything with? if (!empty($ViolatedDirective) && !empty($BlockedURI)) { $LogViolation = true; // Let's see if we are set to ignore this host - Not reporting ignored URLs to stop clogging up the database if (!empty($CSPOptions[wpCSPclass::SETTINGS_OPTIONS_VIOLATIONSTOIGNORE]) && self::IsURIInOptionString($BlockedURI, $CSPOptions[wpCSPclass::SETTINGS_OPTIONS_VIOLATIONSTOIGNORE])) { $LogViolation = false; } // Sometimes some browsers seem to cache old directives - see if the host is now blocked. if (!empty($CSPOptions[$ViolatedDirective]) && self::IsURIInOptionString($BlockedURI, $CSPOptions[$ViolatedDirective])) { $LogViolation = false; } // Did the user want us to log the violations? if (empty($CSPOptions[wpCSPclass::SETTINGS_OPTIONS_LOGVIOLATIONS])) { $LogViolation = false; } // Do we still want to log the violation? if ($LogViolation === true) { // This is the extra information to help track down weird violations. $PrettyData = "Violated Directive: " . $ViolatedDirective . " <br>\n" . "Blocked Host: " . $BlockedURI . " <br>\n"; // Not sure we can handle blocking individual ports.... if (isset($URLParts['port'])) { $PrettyData .= "Port Blocked: " . $URLParts['port'] . " <br>\n"; } $PrettyData .= print_r($CSPViolation, true); // global $wpdb; $wpdb->insert(wpCSPclass::LogTableName(), array('violated_directive' => $ViolatedDirective, 'blocked_uri' => $BlockedURI, 'document_uri' => $DocumentURI, 'useragent' => $UserAgent, 'remoteaddress' => $RemoteAddress, 'information' => $PrettyData), array('%s', '%s', '%s', '%s', '%s', '%s')); } } return $LogViolation; }
public static function plugin_uninstall() { global $wpdb; $wpdb->query("DROP TABLE IF EXISTS " . wpCSPclass::LogTableName()); unregister_setting(wpCSPclass::SETTINGS_OPTIONS_SECTION, wpCSPclass::SETTINGS_OPTIONS_ALLOPTIONS); delete_option(self::wpCSPDBVersionOptionName); delete_option(wpCSPclass::SETTINGS_OPTIONS_ALLOPTIONS); wp_clear_scheduled_hook(self::wpCSPDBCronJobName); }