public static function setMode($mode = 0, $severity = 1)
{
switch ($mode) {
case self::MODE_OFF:
self::$trackInput = false;
self::$trackActivity = false;
break;
case self::MODE_LOG_ALL:
self::$trackInput = true;
self::$trackActivity = true;
break;
case self::MODE_LOG_UNSANITIZED:
self::$trackInput = true;
break;
case self::MODE_LOG_ACTIVITY:
self::$trackActivity = true;
break;
}
self::$minSeverity = $severity;
}
protected static function addAlert($type, $key, $message, $severity = 0, $save = false)
{
// If the severity is greater than 0, this alert can be tracked by the system to learn more about it.
// This may be useful for diagnosing potential threats, or seeing where problems are frequently occuring.
if ($severity > 0) {
// Identify where the alert was called: the class, file, file line, etc.
$backtrace = debug_backtrace();
$origin = $backtrace[2];
// Record the information discovered about the alert
self::$debuggingInfo[] = array($message, isset($origin['class']) ? $origin['class'] . $origin['type'] : "", isset($origin['function']) ? $origin['function'] : "", isset($origin['args']) ? $origin['args'] : array(), $origin['file'], $backtrace[1]['line'], $severity, Me::$id);
// If debug mode is verbose, display the alert information directly in the browser
if (Debug::$verbose == 1 and Debug::$adminDisplay == false) {
Debug::$adminDisplay = true;
register_shutdown_function(array('Debug', 'run'));
}
// If Security_ThreatTracker mode is set to logging, log these results in the database for later review
if (Security_ThreatTracker::$trackActivity == true and Security_ThreatTracker::$minSeverity <= $severity) {
// Prepare Values
$function = (isset($origin['class']) ? $origin['class'] . $origin['type'] : "") . (isset($origin['function']) ? $origin['function'] : "");
$params = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : "";
// Log the threat
Security_ThreatTracker::log("activity", $severity, $message, array(), $function, $params, $origin['file'], $backtrace[1]['line']);
}
}
// Now we can load the alert as intended for normal users:
if ($save == false) {
// This alert is a regular alert, and will only load on this page:
switch ($type) {
case "success":
self::$successList[$key] = $message;
break;
case "warning":
self::$warningList[$key] = $message;
break;
case "error":
self::$errorList[$key] = $message;
break;
case "info":
self::$infoList[$key] = $message;
break;
default:
return false;
}
return true;
}
// This is a saved alert, so it will generally load on the next page (unless you don't display alerts there)
// Filter out any invalid alert types
if (!in_array($type, array("success", "warning", "error", "info"))) {
return false;
}
// Prepare the Session Variable
if (!isset($_SESSION[SITE_HANDLE]['alert'])) {
$_SESSION[SITE_HANDLE]['alert'] = array($type => array());
} else {
if (!isset($_SESSION[SITE_HANDLE]['alert'][$type])) {
$_SESSION[SITE_HANDLE]['alert'][$type] = array();
}
}
// Save the Alert into the Session
$_SESSION[SITE_HANDLE]['alert'][$type][$key] = $message;
return true;
}
private static function warnOfPotentialAttack($unsafeContent, $threatText = "", $severity = 0, $traceDepth = 0)
{
// Record this if the system is tracking input of this severity level
if (Security_ThreatTracker::$trackInput == true and Security_ThreatTracker::$minSeverity <= $severity) {
// Prepare Values
$threatData = array("Input Caught" => $unsafeContent, "Illegal Characters" => '');
$backtrace = debug_backtrace();
$origin = $backtrace[2 + $traceDepth];
$function = (isset($origin['class']) ? $origin['class'] . $origin['type'] : "") . (isset($origin['function']) ? $origin['function'] : "");
$params = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : "";
// Log the threat
Security_ThreatTracker::log("input", $severity, $threatText, $threatData, $function, $params, $origin['file'], $backtrace[1 + $traceDepth]['line']);
}
}
