/** * Writes $auditName with $auditAttributes as content * to file name that will be fetched from ini settings by auditNameSettings() for logging. * * @param string $auditName * @param array $auditAttributes * @return bool */ static function writeAudit( $auditName, $auditAttributes = array() ) { $enabled = eZAudit::isAuditEnabled(); if ( !$enabled ) return false; $auditNameSettings = eZAudit::auditNameSettings(); if ( !isset( $auditNameSettings[$auditName] ) ) return false; $ip = eZSys::clientIP(); if ( !$ip ) $ip = eZSys::serverVariable( 'HOSTNAME', true ); $user = eZUser::currentUser(); $userID = $user->attribute( 'contentobject_id' ); $userLogin = $user->attribute( 'login' ); $message = "[$ip] [$userLogin:$userID]\n"; foreach ( array_keys( $auditAttributes ) as $attributeKey ) { $attributeValue = $auditAttributes[$attributeKey]; $message .= "$attributeKey: $attributeValue\n"; } $logName = $auditNameSettings[$auditName]['file_name']; $dir = $auditNameSettings[$auditName]['dir']; eZLog::write( $message, $logName, $dir ); return true; }
public function reset() { $this->_logData = array( 'guid' => uniqid(), 'cluster' => \ClusterTool::clusterIdentifier(), 'dateGMT' => gmdate('Y-m-d H:i:s'), 'dateLocal' => date('Y-m-d H:i:s'), 'action' => null, 'step' => null, 'uuid' => null, 'esb_status' => null, 'msg' => null, 'referer' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', 'ip' => \eZSys::clientIP(), 'method' => $_SERVER['REQUEST_METHOD'], ); }
private static function isAllowedByCurrentIP($allowedIpList) { $ipAddress = eZSys::clientIP(); if ($ipAddress) { foreach ($allowedIpList as $itemToMatch) { if (preg_match("/^(([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+))(\\/([0-9]+)\$|\$)/", $itemToMatch, $matches)) { if ($matches[6]) { if (self::isIPInNet($ipAddress, $matches[1], $matches[7])) { return true; } } else { if ($matches[1] == $ipAddress) { return true; } } } } return false; } else { return eZSys::isShellExecution() && in_array('commandline', $allowedIpList); } }
function checkServerIP() { $remoteHostIP = eZSys::clientIP(); $serverIPList = $this->ini->variable('ServerSettings', 'ServerIP'); if ($serverIPList === false) { $this->logger->writeTimedString("Skipped the IP check because ServerIP is not set in the settings. Remote host is: {$remoteHostIP}.", 'checkServerIP'); return true; } if (is_array($serverIPList) && in_array($remoteHostIP, $serverIPList)) { return true; } $this->logger->writeTimedString("server with ip = {$remoteHostIP} does not exist.", 'checkServerIP failed'); $this->logger->writeTimedString($serverIPList, 'serverIPList from ini file is'); return false; }
static function isUserIPInList($ipList) { $ipAddress = eZSys::clientIP(); if ($ipAddress) { $result = false; foreach ($ipList as $itemToMatch) { if (preg_match("/^(([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+))(\\/([0-9]+)\$|\$)/", $itemToMatch, $matches)) { if ($matches[6]) { if (eZDebug::isIPInNet($ipAddress, $matches[1], $matches[7])) { $result = true; break; } } else { if ($matches[1] == $ipAddress) { $result = true; break; } } } } } else { $result = in_array('commandline', $ipList) && php_sapi_name() == 'cli'; } return $result; }
/** * This method gets called by self::filter() */ public static function doLog($method, array $values, &$output) { switch ($method) { case 'apache': foreach ($values as $varName => $value) { /// @todo should remove any " or space chars in the value for proper parsing by updateperfstats.php apache_note($varName, $value); } break; case 'piwik': $text = ''; foreach (eZPerfLoggerINI::variable('GeneralSettings', 'TrackVariables') as $i => $var) { $text .= "\npiwikTracker.setCustomVariable( {$i}, \"{$var}\", \"{$values[$var]}\", \"page\" );"; } $text .= "\npiwikTracker.trackPageView();"; $output = preg_replace('/piwikTracker\\.trackPageView\\( *\\);?/', $text, $output); break; case 'googleanalytics': $text = ''; foreach (eZPerfLoggerINI::variable('GeneralSettings', 'TrackVariables') as $i => $var) { $text .= "\n_gaq.push([{$i}, '{$var}', '{$values[$var]}', 3]);"; } $text .= "\n_gaq.push(['_trackPageview']);"; $output = preg_replace("/_gaq.push\\( *[ *['\"]_trackPageview['\"] *] *\\);?/", $text, $output); break; case 'logfile': case 'syslog': /// same format as Apache "combined" by default $size = self::$outputSize; if ($size == 0) { $size = '-'; } $text = eZPerfLoggerApacheLogger::apacheLogLine('combined', $size, self::$returnCode) . ' '; foreach ($values as $value) { // do same as apache does: replace nulls with "-" if ((string) $value === '') { $text .= "- "; } else { /// @todo should remove any " or space chars in the value for proper parsing by updateperfstats.php $text .= $value . " "; } } if ($method == 'logfile') { $text .= "\n"; file_put_contents(eZPerfLoggerINI::variable('logfileSettings', 'FileName'), $text, FILE_APPEND); } else { // syslog: we use apache log format for lack of a better idea... openlog("eZPerfLog", LOG_PID, LOG_USER); syslog(LOG_INFO, $text); } break; case 'headers': $prefix = eZPerfLoggerINI::variable('HeadersSettings', 'HeaderPrefix'); foreach (eZPerfLoggerINI::variable('GeneralSettings', 'TrackVariables') as $i => $var) { header($prefix . str_replace(array('(', ')', '<', '>', '@', ',', ';', ':', '\\', '"', '/', '[', ']', '?', '=', '{', '}', ' ', "\t"), '-', $var) . ': ' . $values[$var]); } break; case 'database': case 'csv': case 'storage': if ($method == 'csv') { $storageClass = 'eZPerfLoggerCSVStorage'; } else { if ($method == 'database') { $storageClass = 'eZPerfLoggerDBStorage'; } else { $storageClass = eZPerfLoggerINI::variable('ParsingSettings', 'StorageClass'); } } /// @todo log error if storage class does not implement correct interface // when we deprecate php 5.2, we will be able to use $storageClass::insertStats... call_user_func(array($storageClass, 'insertStats'), array(array('url' => isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $_SERVER["PHP_SELF"], 'ip' => is_callable('eZSys::clientIP') ? eZSys::clientIP() : eZSys::serverVariable('REMOTE_ADDR'), 'time' => time(), 'response_status' => self::$returnCode, 'response_size' => self::$outputSize, 'counters' => $values))); break; /// @todo !important log a warning for default case (unhandled log format) } }
$server->showResponse('unknown_function_name', $namespaceURI, new ggWebservicesFault(ggWebservicesServer::INVALIDREQUESTERROR, ggWebservicesServer::INVALIDREQUESTSTRING)); eZExecution::cleanExit(); die; } if ($protocol == 'REST') { // hack! eZ is better at parsing the last path part than the REST request // on its own (in an eZP context...) $functionName = $Params['session']; } else { $functionName = $request->name(); } $params = $request->parameters(); $wsINI = eZINI::instance('wsproviders.ini'); // auth: validate incoming IP address first if ($wsINI->variable('GeneralSettings', 'ValidateClientIPs') == 'enabled') { $ip = is_callable('eZSys::clientIP') ? eZSys::clientIP() : eZSys::serverVariable('REMOTE_ADDR'); if (!in_array($ip, $wsINI->variable('GeneralSettings', 'ValidClientIPs'))) { // Error: access denied. We respond using an answer which is correct according // to the protocol used by the caller, instead of going through the standard // eZ access denied error handler, which displays in general an html page // with a 200 OK http return code $server->showResponse($functionName, $namespaceURI, new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING)); eZExecution::cleanExit(); die; // $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' ); } } // if integration with jscore is enabled, look up function there // NB: ezjscServerRouter::getInstance does internally perms checking, but // it does not return to us different values for method not found / perms not accorded if ($wsINI->variable('GeneralSettings', 'JscoreIntegration') == 'enabled' && class_exists('ezjscServerRouter')) {
/** * If debugging is allowed for the current IP address. * * @param array $allowedIpList * @return bool */ private static function isAllowedByCurrentIP($allowedIpList) { $ipAddresIPV4Pattern = "/^(([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+))(\\/([0-9]+)\$|\$)/"; $ipAddressIPV6Pattern = "/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))(\\/([0-9]+)\$|\$)\$/"; $ipAddress = eZSys::clientIP(); if ($ipAddress) { foreach ($allowedIpList as $itemToMatch) { // Test for IPv6 Addresses first instead of IPv4 addresses as IPv6 // addresses can contain dot separators within them if (preg_match("/:/", $ipAddress)) { if (preg_match($ipAddressIPV6Pattern, $itemToMatch, $matches)) { if ($matches[69]) { if (self::isIPInNetIPv6($ipAddress, $itemToMatch)) { return true; } } else { if ($matches[1] == $itemToMatch) { return true; } } } } elseif (preg_match("/\\./", $ipAddress)) { if (preg_match($ipAddresIPV4Pattern, $itemToMatch, $matches)) { if ($matches[6]) { if (self::isIPInNet($ipAddress, $matches[1], $matches[7])) { return true; } } else { if ($matches[1] == $ipAddress) { return true; } } } } } return false; } else { return eZSys::isShellExecution() && in_array('commandline', $allowedIpList); } }