/** * Inserts detected attacks into the database * * @param object * @return boolean */ public function execute(IDS_Report $report_data) { global $wpdb, $current_user; if (!$current_user) { $user_id = 0; } else { $user_id = $current_user->ID; } if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'], 1); if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) { $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; } } $allowed = array('a' => array('href' => array()), 'strong' => array()); foreach ($report_data as $event) { $data['name'] = sanitize_text_field($event->getName()); $data['value'] = wp_kses($event->getValue(), $allowed); $data['page'] = isset($_SERVER['REQUEST_URI']) ? wp_kses($_SERVER['REQUEST_URI'], $allowed) : ''; $data['tags'] = implode(', ', $event->getTags()); $data['ip'] = sanitize_text_field($this->ip); $data['user_id'] = $user_id; //hassan $data['impact'] = $event->getImpact(); $data['total_impact'] = $report_data->getImpact(); //hassan //$data['origin'] = sanitize_text_field($_SERVER['SERVER_ADDR']); $c = countryCode($this->ip); if (!$c) { $c = ''; } $data['origin'] = sanitize_text_field($c); $data['created'] = date('Y-m-d H:i:s', time()); if (false === $wpdb->insert($wpdb->hmwp_ms_intrusions, $data)) { return false; } } return true; }
/** * Stores given data into the database * * @param object $data IDS_Report instance * * @throws Exception if db error occurred * @return boolean */ public function execute(IDS_Report $data) { if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'], 1); if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) { $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING']; } } foreach ($data as $event) { $page = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; $ip = $this->ip; $ip2 = $this->ip2; $name = $event->getName(); $value = $event->getValue(); $impact = $event->getImpact(); $tags = implode(', ', $event->getTags()); $this->statement->bindParam('name', $name); $this->statement->bindParam('value', $value); $this->statement->bindParam('page', $page); $this->statement->bindParam('tags', $tags); $this->statement->bindParam('ip', $ip); $this->statement->bindParam('ip2', $ip2); $this->statement->bindParam('impact', $impact); // $this->statement->bindParam('origin', $_SERVER['SERVER_ADDR']); $c = countryCode($ip); if (!$c) { $c = ''; } $this->statement->bindParam('origin', $c); if (!$this->statement->execute()) { $info = $this->statement->errorInfo(); throw new Exception($this->statement->errorCode() . ', ' . $info[1] . ', ' . $info[2]); } } return true; }