function get_chain_verification_results($chain_length, $url) { $result_array = array(); $tag = str_replace('.', '_', get_domain_from_url($url)); for ($x = 0; $x < $chain_length; $x++) { $result = file_get_contents(CDIR . $tag . '_result' . $x . '.txt'); preg_match("/0x\\S+\\s(\\w+)\n/", $result, $matches); array_push($result_array, $matches[1]); } return $result_array; }
} // var_dump($urls); // echo "<br/>urls: [".$urls."]"; // TESTS // $var_test = ()? PASS:FAIL; $verify_url_test = $urls == $expected ? PASS : FAIL; echo "<br/>verify_url_test: [" . $verify_url_test . "]"; $array_test = verify_chain($good_array) == 1 && verify_chain($bad_array) != 1 ? PASS : FAIL; echo "<br/>array_test: [" . $array_test . "]"; $get_url_test = get_url($bofa_json) == $bofa_url ? PASS : get_url($bofa_json); echo "<br/>get_url_test: [" . $get_url_test . "]"; $get_empty_url_test = get_url(null) == '' ? PASS : get_url(null); echo "<br/>get_empty_url_test: [" . $get_empty_url_test . "]"; $match_domains_test = match_urls('www.foo.bar', 'xxx.foo.bar') && match_urls('www.foo.bar', '*.foo.bar') && match_urls('foo.bar', '*.foo.bar') && match_urls('foo.bar', 'www.foo.bar') && match_urls('cert-002.blockchain.info', 'www.blockchain.info') ? PASS : FAIL; echo "<br/>match_domains_test: [" . $match_domains_test . "]"; $get_domain_from_url_test = get_domain_from_url($bofa_url) == 'www.bankofamerica.com' ? PASS : FAIL; echo "<br/>get_domain_from_url_test: [" . $get_domain_from_url_test . "]"; $nothing = verify_domain_json(null); $null_test = $nothing["company_name"] == "" && $nothing["verification_result"] == 'FAIL' && $nothing["url_matching"] == 'false' ? PASS : FAIL; echo "<br/>null_test: [" . $null_test . "]"; if ($null_test == FAIL) { var_dump($nothing); } $blank = verify_domain_json(''); $blank_test = $blank["company_name"] == "" && $blank["verification_result"] == 'FAIL' && $blank["url_matching"] == 'false' ? PASS : FAIL; echo "<br/>blank_test: [" . $blank_test . "]"; if ($blank_test == FAIL) { var_dump($blank); } $empty = verify_domain_json(' '); $empty_test = $empty["company_name"] == "" && $empty["verification_result"] == 'FAIL' && $empty["url_matching"] == 'false' ? PASS : FAIL;
function the_marchand($string) { $marchand = explode(';', $string); foreach ($marchand as $a_marchand) { echo '<a href="' . $a_marchand . '">' . get_domain_from_url($a_marchand) . '</a>'; } }
function verify_sns($message, $region, $account, $topics) { $msg = json_decode($message); // Check that region, account and topic match $topicarn = explode(':', $msg->TopicArn); if ($topicarn[3] != $region || $topicarn[4] != $account || !in_array($topicarn[5], $topics)) { return false; } $_region = $topicarn[3]; $_account = $topicarn[4]; $_topic = $topicarn[5]; // Check that the domain in message ends with '.amazonaws.com' if (!endswith(get_domain_from_url($msg->SigningCertURL), '.amazonaws.com')) { return false; } // Load certificate and extract public key from it $surl = $msg->SigningCertURL; $curlOptions = array(CURLOPT_URL => $surl, CURLOPT_VERBOSE => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_SSL_VERIFYPEER => TRUE, CURLOPT_SSL_VERIFYHOST => 2); $ch = curl_init(); curl_setopt_array($ch, $curlOptions); $cert = curl_exec($ch); $pubkey = openssl_get_publickey($cert); if (!$pubkey) { return false; } // Generate a message string for comparison in Amazon-specified format $text = ""; if ($msg->Type == 'Notification') { $text .= "Message\n"; $text .= $msg->Message . "\n"; $text .= "MessageId\n"; $text .= $msg->MessageId . "\n"; if (isset($msg->Subject)) { if ($msg->Subject != "") { $text .= "Subject\n"; $text .= $msg->Subject . "\n"; } } $text .= "Timestamp\n"; $text .= $msg->Timestamp . "\n"; $text .= "TopicArn\n"; $text .= $msg->TopicArn . "\n"; $text .= "Type\n"; $text .= $msg->Type . "\n"; } elseif ($msg->Type == 'SubscriptionConfirmation') { $text .= "Message\n"; $text .= $msg->Message . "\n"; $text .= "MessageId\n"; $text .= $msg->MessageId . "\n"; $text .= "SubscribeURL\n"; $text .= $msg->SubscribeURL . "\n"; $text .= "Timestamp\n"; $text .= $msg->Timestamp . "\n"; $text .= "Token\n"; $text .= $msg->Token . "\n"; $text .= "TopicArn\n"; $text .= $msg->TopicArn . "\n"; $text .= "Type\n"; $text .= $msg->Type . "\n"; } else { return false; } // Get a raw binary message signature $signature = base64_decode($msg->Signature); // ..and finally, verify the message if (openssl_verify($text, $signature, $pubkey, OPENSSL_ALGO_SHA1)) { return true; } return false; }
| */ $config['cookie_prefix'] = ''; $config['cookie_path'] = '/'; $config['cookie_httponly'] = TRUE; if (defined('CONF_COOKIE_DOMAIN')) { // The developer has specified the specific domain to use for cookies $config['cookie_domain'] = CONF_COOKIE_DOMAIN; } else { // No specific domain has been specified, set a cookie which spans // the use of all specified BASE_URLs, i.e BASE_URL and SECURE_BASE_URL $config['cookie_domain'] = ''; // Are the BASE_URL and SECURE_BASE_URL on the same domain? // if so, cool, if not then... $_base_domain = get_domain_from_url(BASE_URL); $_secure_base_domain = defined('SECURE_BASE_URL') ? get_domain_from_url(SECURE_BASE_URL) : $_base_domain; if ($_base_domain == $_secure_base_domain) { // If the two match, then define it $config['cookie_domain'] = $_base_domain; } else { $_ERROR = 'The <code>BASE_URL</code> and <code>SECURE_BASE_URL</code> constants do not share the same domain, this can cause issues with sessions.'; include NAILS_PATH . 'errors/startup_error.php'; } } /* |-------------------------------------------------------------------------- | Global XSS Filtering |-------------------------------------------------------------------------- | | Determines whether the XSS filter is always active when GET, POST or | COOKIE data is encountered