public static function OnBeforeProlog()
{
if (CSecuritySystemInformation::isCliMode())
return;
if(CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"]))
return;
if(self::currentUserHaveRightsForSkip())
{
if(
check_bitrix_sessid()
&& (
!isset($_POST['____SECFILTER_CONVERT_JS'])
|| !$_POST['____SECFILTER_CONVERT_JS']
)
)
{
return;
}
}
$filter = new CSecurityFilter;
$filter->process();
}
/**
* @param $pContent
*/
public static function OnEndBufferContent(&$pContent)
{
if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"])) {
return;
}
$filter = new CSecurityXSSDetect();
$pContent = $filter->process($pContent);
}
/**
*
*/
public static function OnBeforeProlog()
{
if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"])) {
return;
}
$filter = new CSecurityFilter();
$filter->process();
}
/**
* @param $content
*/
public static function OnEndBufferContent(&$content)
{
if (CSecuritySystemInformation::isCliMode()) {
return;
}
if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"])) {
return;
}
$filter = new CSecurityXSSDetect();
$content = $filter->process($content);
}
/**
* @param $content
*/
public static function OnEndBufferContent(&$content)
{
if (CSecuritySystemInformation::isCliMode())
return;
if (CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"]))
return;
if (!preg_match('#</script#', $content)) // Probably does not include the scripts
return;
$filter = new CSecurityXSSDetect();
$filter->process($content);
}
<?php
echo EndNote();
?>
</td>
</tr>
<?php
$tabControl->BeginNextTab();
$arMasks = array();
if ($bVarsFromForm) {
if (is_array($_POST["FILTER_MASKS"])) {
foreach ($_POST["FILTER_MASKS"] as $i => $POST_MASK) {
$arMasks[] = array("SITE_ID" => htmlspecialcharsbx($POST_MASK["SITE_ID"]), "FILTER_MASK" => htmlspecialcharsbx($POST_MASK["FILTER_MASK"]));
}
}
} else {
$rs = CSecurityFilterMask::GetList();
while ($ar = $rs->Fetch()) {
$arMasks[] = array("SITE_ID" => htmlspecialcharsbx($ar["SITE_ID"]), "FILTER_MASK" => htmlspecialcharsbx($ar["FILTER_MASK"]));
}
}
?>
<tr>
<td class="adm-detail-valign-top" width="40%"><?php
echo GetMessage("SEC_FILTER_MASKS");
?>
</td>
<td width="60%">
<table cellpadding="0" cellspacing="0" border="0" class="nopadding" width="100%" id="tbFILTER_MASKS">
<?php
foreach ($arMasks as $i => $arMask) {
?>
$criticalResultsCount = 0;
}
if (isset($lastTestingInfo["test_date"])) {
$lastDate = $lastTestingInfo["test_date"];
} else {
$lastDate = GetMessage("SEC_PANEL_SCANNER_NEVER_START");
}
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_LAST_SCAN"), "KPI_VALUE" => $lastDate, "KPI_RECOMMENDATION" => !CSecuritySiteChecker::isNewTestNeeded() ? ' ' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_RUN") . '</a>' : GetMessage("SEC_PANEL_SCANNER_RUN")));
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_PROBLEM_COUNT"), "KPI_VALUE" => count($lastResults), "KPI_RECOMMENDATION" => count($lastResults) <= 0 ? ' ' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_FIX_IT") . '</a>' : GetMessage("SEC_PANEL_SCANNER_FIX_IT")));
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_CRITICAL_PROBLEM_COUNT"), "KPI_VALUE" => $criticalResultsCount, "KPI_RECOMMENDATION" => $criticalResultsCount <= 0 ? ' ' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_FIX_IT") . '</a>' : GetMessage("SEC_PANEL_SCANNER_FIX_IT")));
unset($lastTestingInfo);
unset($lastResults);
unset($criticalResultsCount);
$bSecurityFilter = CSecurityFilter::IsActive();
$data['std']['ITEMS'][] = array("IS_OK" => $bSecurityFilter, "KPI_NAME" => GetMessage("SEC_PANEL_FILTER_NAME"), "KPI_VALUE" => $bSecurityFilter ? GetMessage("SEC_PANEL_FILTER_VALUE_ON") : GetMessage("SEC_PANEL_FILTER_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityFilter ? ' ' : ($USER->CanDoOperation('security_filter_settings_write') ? '<a href="security_filter.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_FILTER_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILTER_RECOMMENDATION")));
$rsSecurityFilterExclMask = CSecurityFilterMask::GetList();
if ($rsSecurityFilterExclMask->Fetch()) {
$bSecurityFilterExcl = true;
} else {
$bSecurityFilterExcl = false;
}
$data['std']['ITEMS'][] = array("IS_OK" => !$bSecurityFilterExcl, "KPI_NAME" => GetMessage("SEC_PANEL_FILTER_EXCL_NAME"), "KPI_VALUE" => $bSecurityFilterExcl ? GetMessage("SEC_PANEL_FILTER_EXCL_VALUE_ON") : GetMessage("SEC_PANEL_FILTER_EXCL_VALUE_OFF"), "KPI_RECOMMENDATION" => !$bSecurityFilterExcl ? ' ' : ($USER->CanDoOperation('security_filter_settings_write') ? '<a href="security_filter.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=exceptions">' . GetMessage("SEC_PANEL_FILTER_EXCL_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILTER_EXCL_RECOMMENDATION")));
$days = COption::GetOptionInt("main", "event_log_cleanup_days", 7);
if ($days > 7) {
$days = 7;
}
$cntLog = 0;
$rsLog = CEventLog::GetList(array(), array("TIMESTAMP_X_1" => ConvertTimeStamp(time() - $days * 24 * 3600 + CTimeZone::GetOffset(), "FULL"), "AUDIT_TYPE_ID" => "SECURITY_FILTER_SQL|SECURITY_FILTER_XSS|SECURITY_FILTER_XSS2|SECURITY_FILTER_PHP|SECURITY_REDIRECT"));
while ($rsLog->Fetch()) {
$cntLog++;
}
function CheckSecurity($arParams)
{
global $DB;
$err = 1;
$arResult['STATUS'] = false;
switch ($arParams["ACTION"])
{
case "SECURITY_LEVEL":
if (IsModuleInstalled("security"))
{
if ($arMask = CSecurityFilterMask::GetList()->Fetch())
$arMessage.= $err++.". ".GetMessage("CL_FILTER_EXEPTION_FOUND")."\n";
if(!CSecurityFilter::IsActive())
$arMessage.=$err++.". ".GetMessage("CL_FILTER_NON_ACTIVE")."\n";
if(COption::GetOptionString("main", "captcha_registration", "N") == "N")
$arMessage.=$err++.". ".GetMessage("CL_CAPTCHA_NOT_USE")."\n";
if (CCheckListTools::AdminPolicyLevel() != "high")
$arMessage.=$err++.". ".GetMessage("CL_ADMIN_SECURITY_LEVEL")."\n";
if (COption::GetOptionInt("main", "error_reporting", E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR|E_PARSE) != (E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR|E_PARSE) && COption::GetOptionString("main","error_reporting","") != 0)
$arMessage.=$err++.". ".GetMessage("CL_ERROR_REPORTING_LEVEL")."\n";
if($DB->debug)
$arMessage.=$err++.". ".GetMessage("CL_DBDEBUG_TURN_ON")."\n";
if ($arMessage)
{
$arResult["STATUS"] = false;
$arResult["MESSAGE"]=Array(
"PREVIEW"=>GetMessage("CL_MIN_LEVEL_SECURITY"),
"DETAIL"=>GetMessage("CL_ERROR_FOUND")."\n".$arMessage
);
}
else
{
$arResult["STATUS"] = true;
$arResult["MESSAGE"]=Array(
"PREVIEW"=>GetMessage("CL_LEVEL_SECURITY")."\n"
);
}
}
else
$arResult = Array(
"STATUS" => false,
"MESSAGE"=>Array(
"PREVIEW"=>GetMessage("CL_SECURITY_MODULE_NOT_INSTALLED")."\n"
)
);
break;
case "ADMIN_POLICY":
if (CCheckListTools::AdminPolicyLevel() != "high")
$arResult["MESSAGE"]["PREVIEW"] = GetMessage("CL_ADMIN_SECURITY_LEVEL")."\n";
else
$arResult = Array(
"STATUS" => true,
"MESSAGE"=>Array(
"PREVIEW"=>GetMessage("CL_ADMIN_SECURITY_LEVEL_IS_HIGH")."\n"
)
);
break;
}
return $arResult;
}
