/** * @return string */ public static function CleanUpAgent() { global $DB; $maxlifetime = intval(ini_get("session.gc_maxlifetime")); if ($maxlifetime && !CSecuritySessionMC::isStorageEnabled()) { $strSql = "\n\t\t\t\tdelete from b_sec_session\n\t\t\t\twhere TIMESTAMP_X < " . CSecurityDB::SecondsAgo($maxlifetime) . "\n\t\t\t"; if (CSecurityDB::Init()) { CSecurityDB::Query($strSql, "Module: security; Class: CSecuritySession; Function: CleanUpAgent; File: " . __FILE__ . "; Line: " . __LINE__); } else { $DB->Query($strSql, false, "Module: security; Class: CSecuritySession; Function: CleanUpAgent; File: " . __FILE__ . "; Line: " . __LINE__); } } return self::GC_AGENT_NAME; }
function CleanUpAgent() { global $DB; $maxlifetime = intval(ini_get("session.gc_maxlifetime")); if ($maxlifetime && !defined("BX_SECURITY_SESSION_MEMCACHE_HOST")) { $strSql = "\n\t\t\t\tdelete from b_sec_session\n\t\t\t\twhere TIMESTAMP_X < " . CSecurityDB::SecondsAgo($maxlifetime) . "\n\t\t\t"; if (CSecurityDB::Init()) { CSecurityDB::Query($strSql, "Module: security; Class: CSecuritySession; Function: CleanUpAgent; File: " . __FILE__ . "; Line: " . __LINE__); } else { $DB->Query($strSql, false, "Module: security; Class: CSecuritySession; Function: CleanUpAgent; File: " . __FILE__ . "; Line: " . __LINE__); } } return "CSecuritySession::CleanUpAgent();"; }
public static function Query($strSql, $error_position) { global $SECURITY_SESSION_DBH; if (!is_resource($SECURITY_SESSION_DBH)) { CSecurityDB::Init(true); } if (is_resource($SECURITY_SESSION_DBH)) { $strSql = preg_replace("/^\\s*SELECT\\s+(?!GET_LOCK|RELEASE_LOCK)/i", "SELECT SQL_NO_CACHE ", $strSql); $result = @mysql_query($strSql, $SECURITY_SESSION_DBH); if ($result) { return $result; } else { $db_Error = mysql_error(); AddMessage2Log($error_position . " MySql Query Error: " . $strSql . " [" . $db_Error . "]", "security"); } } return false; }
function OnPageStart() { if (self::isSafetyRequest()) { //Check only GET and POST request return; } global $APPLICATION, $DB, $BX_SECURITY_AV_TIMEOUT, $BX_SECURITY_AV_ACTION; $BX_SECURITY_AV_TIMEOUT = COption::GetOptionInt("security", "antivirus_timeout"); $BX_SECURITY_AV_ACTION = COption::GetOptionInt("security", "antivirus_action"); //user white list global $BX_SECURITY_AV_WHITE_LIST, $CACHE_MANAGER; if ($CACHE_MANAGER->Read(36000, "b_sec_white_list")) { $BX_SECURITY_AV_WHITE_LIST = $CACHE_MANAGER->Get("b_sec_white_list"); } else { $BX_SECURITY_AV_WHITE_LIST = array(); $res = CSecurityAntiVirus::GetWhiteList(); while ($ar = $res->Fetch()) { $BX_SECURITY_AV_WHITE_LIST[] = $ar["WHITE_SUBSTR"]; } $CACHE_MANAGER->Set("b_sec_white_list", $BX_SECURITY_AV_WHITE_LIST); } //Init DB in order to be able to register the event in the shutdown function CSecurityDB::Init(); //Check if we started output buffering in auto_prepend_file //so we'll have chances to detect virus before prolog if (defined("BX_SECURITY_AV_STARTED")) { $content = ob_get_contents(); ob_end_clean(); if (strlen($content)) { $Antivirus = new CSecurityAntiVirus("pre"); $Antivirus->Analyze($content); echo $content; } } //Initiate monitoring of output that can be after working antivirus. register_shutdown_function(array('CSecurityAntiVirus', 'PHPShutdown')); //Check notification from previous hit $fname = $_SERVER["DOCUMENT_ROOT"] . BX_PERSONAL_ROOT . "/managed_cache/b_sec_virus"; if (file_exists($fname)) { $rsInfo = $DB->Query("select * from b_sec_virus where SENT='N'"); if ($arInfo = $rsInfo->Fetch()) { if ($table_lock = CSecurityDB::LockTable('b_sec_virus', $APPLICATION->GetServerUniqID() . "_virus")) { $SITE_ID = false; do { $SITE_ID = $arInfo["SITE_ID"]; if (strlen($arInfo["INFO"])) { $arEvent = unserialize(base64_decode($arInfo["INFO"])); if (is_array($arEvent)) { $DB->Add("b_event_log", $arEvent, array("DESCRIPTION")); } } CSecurityDB::Query("update b_sec_virus set SENT='Y' where ID='" . $arInfo["ID"] . "'", ''); } while ($arInfo = $rsInfo->Fetch()); CTimeZone::Disable(); $arDate = localtime(time()); $date = mktime($arDate[2], $arDate[1] - $BX_SECURITY_AV_TIMEOUT, 0, $arDate[4] + 1, $arDate[3], 1900 + $arDate[5]); CSecurityDB::Query("DELETE FROM b_sec_virus WHERE TIMESTAMP_X <= " . $DB->CharToDateFunction(ConvertTimeStamp($date, "FULL")), ''); CTimeZone::Enable(); CEvent::Send("VIRUS_DETECTED", $SITE_ID ? $SITE_ID : SITE_ID, array("EMAIL" => COption::GetOptionString("main", "email_from", ""))); CSecurityDB::UnlockTable($table_lock); @unlink($fname); } } } }
/** * @param string $savePath - unused on this handler * @param string $sessionName - unused on this handler * @return bool */ public static function open($savePath, $sessionName) { return CSecurityDB::Init(); }
function open($save_path, $session_name) { return CSecurityDB::Init(); }