/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function check(&$args)
{
// lets bypass a few civicrm urls from this check
static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates');
$path = implode('/', $args);
if (in_array($path, $skip)) {
return;
}
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
require_once 'IDS/Init.php';
// init the PHPIDS and pass the REQUEST array
$config =& CRM_Core_Config::singleton();
$configFile = $config->configAndLogDir . 'Config.IDS.ini';
if (!file_exists($configFile)) {
$tmpDir = empty($config->uploadDir) ? CIVICRM_TEMPLATE_COMPILEDIR : $config->uploadDir;
// also clear the stat cache in case we are upgrading
clearstatcache();
global $civicrm_root;
$contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$tmpDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$tmpDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n exceptions[] = msg_text\n exceptions[] = msg_subject\n exceptions[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = thankyou_footer_text\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n html[] = report_header\n html[] = report_footer\n html[] = data\n html[] = instructions\n";
if (file_put_contents($configFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($configFile);
}
// also create the .htaccess file so we prevent the reading of the log and ini files
// via a browser, CRM-3875
require_once 'CRM/Utils/File.php';
CRM_Utils_File::restrictAccess($config->configAndLogDir);
}
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
/**
* Create the default config file for the IDS system.
*
* @param bool $force
* Should we recreate it irrespective if it exists or not.
*
* @return string
* the full path to the config file
*/
public static function createConfigFile($force = FALSE)
{
$config = CRM_Core_Config::singleton();
$configFile = $config->configAndLogDir . 'Config.IDS.ini';
if (!$force && file_exists($configFile)) {
return $configFile;
}
$tmpDir = empty($config->uploadDir) ? CIVICRM_TEMPLATE_COMPILEDIR : $config->uploadDir;
// also clear the stat cache in case we are upgrading
clearstatcache();
global $civicrm_root;
$contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$tmpDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$tmpDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = text_message\n exceptions[] = body_html\n exceptions[] = msg_html\n exceptions[] = msg_text\n exceptions[] = msg_subject\n exceptions[] = description\n exceptions[] = intro\n exceptions[] = thankyou_text\n exceptions[] = intro_text\n exceptions[] = body_text\n exceptions[] = footer_text\n exceptions[] = thankyou_text\n exceptions[] = tf_thankyou_text\n exceptions[] = thankyou_footer\n exceptions[] = thankyou_footer_text\n exceptions[] = new_text\n exceptions[] = renewal_text\n exceptions[] = help_pre\n exceptions[] = help_post\n exceptions[] = confirm_title\n exceptions[] = confirm_text\n exceptions[] = confirm_footer_text\n exceptions[] = confirm_email_text\n exceptions[] = report_header\n exceptions[] = report_footer\n exceptions[] = data\n exceptions[] = json\n exceptions[] = instructions\n exceptions[] = suggested_message\n exceptions[] = page_text\n";
if (file_put_contents($configFile, $contents) === FALSE) {
CRM_Core_Error::movedSiteError($configFile);
}
// also create the .htaccess file so we prevent the reading of the log and ini files
// via a browser, CRM-3875
CRM_Utils_File::restrictAccess($config->configAndLogDir);
return $configFile;
}
/**
* Restrict access to a given directory (by planting there a restrictive .htaccess file)
*
* @param string $dir
* The directory to be secured.
* @param bool $overwrite
*/
public static function restrictAccess($dir, $overwrite = FALSE)
{
// note: empty value for $dir can play havoc, since that might result in putting '.htaccess' to root dir
// of site, causing site to stop functioning.
// FIXME: we should do more checks here -
if (!empty($dir) && is_dir($dir)) {
$htaccess = <<<HTACCESS
<Files "*">
Order allow,deny
Deny from all
</Files>
HTACCESS;
$file = $dir . '.htaccess';
if ($overwrite || !file_exists($file)) {
if (file_put_contents($file, $htaccess) === FALSE) {
CRM_Core_Error::movedSiteError($file);
}
}
}
}
/**
* Export data to a CSV file
*
* @param string $filename
* @param array $header
* @param data $data
*
* @return void
* @access public
*/
static function exportCSV($fileName, $header, $data)
{
if (file_exists($fileName) && !is_writable($fileName)) {
CRM_Core_Error::movedSiteError($fileName);
}
//hack to remove '_status', '_statusMsg' and '_id' from error file
$errorValues = array();
$dbRecordStatus = array('IMPORTED', 'ERROR', 'DUPLICATE', 'INVALID', 'NEW');
foreach ($data as $rowCount => $rowValues) {
$count = 0;
foreach ($rowValues as $key => $val) {
if (in_array($val, $dbRecordStatus) && $count == count($rowValues) - 3) {
break;
}
$errorValues[$rowCount][$key] = $val;
$count++;
}
}
$data = $errorValues;
$output = array();
$fd = fopen($fileName, 'w');
foreach ($header as $key => $value) {
$header[$key] = "\"{$value}\"";
}
$config = CRM_Core_Config::singleton();
$output[] = implode($config->fieldSeparator, $header);
foreach ($data as $datum) {
foreach ($datum as $key => $value) {
$datum[$key] = "\"{$value}\"";
}
$output[] = implode($config->fieldSeparator, $datum);
}
fwrite($fd, implode("\n", $output));
fclose($fd);
}
/**
* This function includes the IDS vendor parts and runs the
* detection routines on the request array.
*
* @param object cake controller object
* @return boolean
*/
public function check(&$args)
{
// lets bypass a few civicrm urls from this check
static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend');
$path = implode('/', $args);
if (in_array($path, $skip)) {
return;
}
#add request url and user agent
$_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
}
require_once 'IDS/Init.php';
// init the PHPIDS and pass the REQUEST array
$config =& CRM_Core_Config::singleton();
$configFile = $config->configAndLogDir . 'Config.IDS.ini';
if (!file_exists($configFile)) {
global $civicrm_root;
$contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$config->uploadDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$config->uploadDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n html[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = msg_html\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n";
if (file_put_contents($configFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($configFile);
}
// also create the .htaccess file so we prevent the reading of the log and ini files
// via a browser, CRM-3875
$htaccessFile = $config->configAndLogDir . '.htaccess';
if (!file_exists($htaccessFile)) {
$contents = '
# Protect files and directories from prying eyes.
<FilesMatch "\\.(log|ini)$">
Order allow,deny
</FilesMatch>
';
if (file_put_contents($htaccessFile, $contents) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($htaccessFile);
}
}
}
$init = IDS_Init::init($configFile);
$ids = new IDS_Monitor($_REQUEST, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$this->react($result);
}
return true;
}
/**
* Restrict access to a given directory (by planting there a restrictive .htaccess file)
*
* @param string $dir the directory to be secured
*/
static function restrictAccess($dir)
{
// note: empty value for $dir can play havoc, since that might result in putting '.htaccess' to root dir
// of site, causing site to stop functioning.
// FIXME: we should do more checks here -
if (!empty($dir)) {
$htaccess = <<<HTACCESS
<Files "*">
Order allow,deny
Deny from all
</Files>
HTACCESS;
$file = $dir . '.htaccess';
if (file_put_contents($file, $htaccess) === false) {
require_once 'CRM/Core/Error.php';
CRM_Core_Error::movedSiteError($file);
}
}
}
