public static function validate($type, $input = "") { switch ($type) { case _EW_INPUT_IP: $inputModified = $input; if (@strstr($inputModified, _EW_IP_SEPARATOR)) { //has multiple entries splitted by "," ? self::splitAndValidateMultipleIp($inputModified); return $inputModified; } else { $inputModified = self::replaceWildcardWithRealNumber($inputModified); if (!(filter_var($inputModified, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var($inputModified, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) { throw new ExtraWatchInputException(_EW_INPUT_IP, $input); } } return $input; case _EW_INPUT_URL: if (!filter_var($input, FILTER_VALIDATE_URL)) { throw new ExtraWatchInputException(_EW_INPUT_URL, $input); } return $input; case _EW_INPUT_ONE_STRING: if (@$input && !filter_var($input, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH)) { throw new ExtraWatchInputException(_EW_INPUT_ONE_STRING, $input); } return $input; case _EW_INPUT_FILE_PATH: $dir = realpath(dirname(__FILE__) . DS . ".."); if (!ExtraWatchHelper::startsWith($input, $dir)) { throw new ExtraWatchInputException(_EW_INPUT_FILE_PATH, $input); } return $input; case _EW_INPUT_FILE_PATH_TMP: $dir = self::getUploadTmpDir(); if (!ExtraWatchHelper::startsWith($input, $dir)) { throw new ExtraWatchInputException(_EW_INPUT_FILE_PATH_TMP, $input); } return $input; case _EW_INPUT_FILE_ROOT_PATH_HTACCESS: $env = ExtraWatchEnvFactory::getEnvironment(); $rootPath = $env->getRootPath(); $dir = $rootPath . DS . ".htaccess"; if (!ExtraWatchHelper::startsWith($input, $dir)) { throw new ExtraWatchInputException(_EW_INPUT_FILE_ROOT_PATH_HTACCESS, $input); } return $input; case _EW_INPUT_EXTRACT: if (@$input && $input != "getParams=") { $object = @$input['params']; if ($object) { if ($object && $object != "getParams=") { $getParams = ExtraWatchHelper::convertUrlQuery($object); if ($getParams) { foreach ($getParams as $getParam => $getParamValue) { if ($getParam && !array_search($getParam, unserialize(_EW_ALLOWED_PARAMS_TO_EXTRACT))) { throw new ExtraWatchInputException(_EW_INPUT_EXTRACT, $getParam); } } } else { $reflector = new ReflectionClass(get_class($object)); $classFileName = dirname($reflector->getFileName()); if (!self::validate(_EW_INPUT_FILE_PATH, $classFileName)) { throw new ExtraWatchInputException(_EW_INPUT_EXTRACT, $classFileName); } } } } } return $input; break; case _EW_INPUT_EMAIL: if (filter_var($input, FILTER_VALIDATE_EMAIL) === false) { throw new ExtraWatchInputException(_EW_INPUT_EMAIL, $input); } return $input; break; case _EW_INPUT_FILE_NAME: $tmpUploadDir = self::getUploadTmpDir(); $tmpUploadDir = str_replace("/", DS, $tmpUploadDir); if (!ExtraWatchHelper::startsWith($input['file']['tmp_name'], $tmpUploadDir)) { throw new ExtraWatchInputException(_EW_INPUT_FILE_NAME, $input); } return $input; case _EW_INPUT_FILE_EXTERNAL_PATH: case _EW_INPUT_DIR: $env = ExtraWatchEnvFactory::getEnvironment(); if (!ExtraWatchHelper::startsWith(realpath($input), realpath($env->getCMSFileSystemRootPath()))) { throw new ExtraWatchInputException(_EW_INPUT_FILE_EXTERNAL_PATH, $input); } return $input; case _EW_INPUT_HOST: $isIpValid = filter_var($input, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var($input, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); $isHostValid = preg_match("/^([a-z\\d](-*[a-z\\d])*)(\\.([a-z\\d](-*[a-z\\d])*))*\$/i", $input) && preg_match("/^.{1,253}\$/", $input) && preg_match("/^[^\\.]{1,63}(\\.[^\\.]{1,63})*\$/", $input); //length of each label if (!($isIpValid || $isHostValid)) { throw new ExtraWatchInputException(_EW_INPUT_HOST, $input); } return $input; case _EW_INPUT_REFERRER_SAME_SITE: $env = ExtraWatchEnvFactory::getEnvironment(); if (!ExtraWatchHelper::startsWith($_SERVER["HTTP_REFERER"], $env->getCMSBaseURL())) { throw new ExtraWatchInputException(_EW_INPUT_REFERRER_SAME_SITE, $_SERVER["HTTP_REFERER"]); } return $input; case _EW_INPUT_LANGUAGE: $input = ExtraWatchInput::validate(_EW_INPUT_ONE_STRING, $input); //prevent from using anything else than single string ! $langDir = realpath(dirname(__FILE__) . DS . ".." . DS . "lang" . DS . $input . ".php"); if (!file_exists($langDir)) { throw new ExtraWatchInputException(_EW_INPUT_LANGUAGE, $langDir); } return $input; default: return $input; } }
$jBasePath = realpath(dirname(__FILE__) . DS . ".." . DS . ".." . DS . "..". DS); define('JPATH_BASE2', $jBasePath);*/ include_once JPATH_BASE2 . DS . "components" . DS . "com_extrawatch" . DS . "includes.php"; $extraWatch = new ExtraWatchMain(); $extraWatch->helper->setNoindexHttpHeaders(); //setting explicitly for ajax requests $extraWatch->block->checkFrontendTokenFromUrl(); $params = ExtraWatchHelper::requestGet("params"); /// $params = str_replace("?", "", $params); //remove trailing ? $queryParams = ExtraWatchHelper::getUrlQueryParams(); /// $getParamsFromQuery = ExtraWatchHelper::convertUrlQuery($queryParams['params']); /// $getParams = ExtraWatchHelper::convertUrlQuery(urldecode(@$getParamsFromQuery['getParams'])); /// if (@$getParams["ip"]) { $ip = ExtraWatchInput::validate(_EW_INPUT_IP, @$getParams["ip"]); /// } //$queryParams = ExtraWatchHelper::convertUrlQuery($params); //print_r($queryParams); $title = @$queryParams['title']; /// $uri = ExtraWatchInput::validate(_EW_INPUT_URI, ExtraWatchHelper::unescapeSlash(@$queryParams['uri'])); /// //echo("url: $uri title: $title"); $extraWatch->visit->addUri2Title($uri, $title); $uri2titleId = $extraWatch->visit->getUri2TitleId($uri, $title); ExtraWatchLog::debug("heatmap.include.js.php - title: " . $title . " uri: " . $uri . " uri2titleId: " . $uri2titleId . " ip: {$ip} queryParams: " . print_r($queryParams, true));