Skip to content
Browse files

Merge branch 'master' of https://github.com/ZendExperts/ZeSecurity

  • Loading branch information...
2 parents a587eb6 + ac342b1 commit 095f0fcc20591aaedc6d151d2b63fdc40e388fb7 @cosmin-harangus cosmin-harangus committed
Showing with 34 additions and 9,838 deletions.
  1. +5 −5 composer.json
  2. +7 −4 config/module.config.php
  3. +2 −0 src/ZeSecurity/IDS/Monitor.php
  4. +20 −0 src/ZeSecurity/IDS/Util/Locator.php
  5. +0 −5 vendor/IDS/.htaccess
  6. +0 −84 vendor/IDS/Caching.php
  7. +0 −149 vendor/IDS/Caching/Apc.php
  8. +0 −289 vendor/IDS/Caching/Database.php
  9. +0 −185 vendor/IDS/Caching/File.php
  10. +0 −73 vendor/IDS/Caching/Interface.php
  11. +0 −193 vendor/IDS/Caching/Memcached.php
  12. +0 −144 vendor/IDS/Caching/Session.php
  13. +0 −89 vendor/IDS/Config/Config.ini.php
  14. +0 −750 vendor/IDS/Converter.php
  15. +0 −235 vendor/IDS/Event.php
  16. +0 −187 vendor/IDS/Filter.php
  17. +0 −376 vendor/IDS/Filter/Storage.php
  18. +0 −229 vendor/IDS/Init.php
  19. +0 −136 vendor/IDS/Log/Composite.php
  20. +0 −300 vendor/IDS/Log/Database.php
  21. +0 −400 vendor/IDS/Log/Email.php
  22. +0 −229 vendor/IDS/Log/File.php
  23. +0 −65 vendor/IDS/Log/Interface.php
  24. +0 −775 vendor/IDS/Monitor.php
  25. +0 −341 vendor/IDS/Report.php
  26. +0 −49 vendor/IDS/Version.php
  27. +0 −1 vendor/IDS/default_filter.json
  28. +0 −799 vendor/IDS/default_filter.xml
  29. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
  30. +0 −26 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.autoload.php
  31. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.func.php
  32. +0 −214 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.includes.php
  33. +0 −30 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.kses.php
  34. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.path.php
  35. +0 −237 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.php
  36. +0 −208 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.safe-includes.php
  37. +0 −128 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrCollections.php
  38. +0 −123 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef.php
  39. +0 −87 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
  40. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
  41. +0 −87 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
  42. +0 −133 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
  43. +0 −43 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
  44. +0 −78 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
  45. +0 −38 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
  46. +0 −28 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
  47. +0 −54 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
  48. +0 −149 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
  49. +0 −197 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
  50. +0 −40 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
  51. +0 −47 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
  52. +0 −78 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
  53. +0 −58 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
  54. +0 −69 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
  55. +0 −40 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
  56. +0 −38 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
  57. +0 −61 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
  58. +0 −65 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
  59. +0 −28 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
  60. +0 −34 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
  61. +0 −32 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
  62. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
  63. +0 −70 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
  64. +0 −41 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
  65. +0 −53 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
  66. +0 −41 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
  67. +0 −52 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
  68. +0 −48 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
  69. +0 −73 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
  70. +0 −73 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
  71. +0 −34 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
  72. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Text.php
  73. +0 −77 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI.php
  74. +0 −17 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
  75. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
  76. +0 −68 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
  77. +0 −39 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
  78. +0 −99 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
  79. +0 −56 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform.php
  80. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
  81. +0 −19 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
  82. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
  83. +0 −36 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
  84. +0 −18 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
  85. +0 −58 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
  86. +0 −43 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
  87. +0 −44 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
  88. +0 −40 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
  89. +0 −28 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
Sorry, we could not display the entire diff because too many files (390) changed.
View
10 composer.json
@@ -12,18 +12,18 @@
}
],
"require": {
- "php": ">=5.3.3"
+ "php": ">=5.3.3",
+ "ZendExperts/phpids": "0.7.x"
},
- "autoload": {
+ "autoload": {
"psr-0": {
- "ZeSecurity": "src/",
- "IDS_": "vendor/"
+ "ZeSecurity": "src/"
},
"classmap":[
"./"
]
},
- "extra": {
+ "extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
View
11 config/module.config.php
@@ -1,4 +1,7 @@
<?php
+namespace ZeSecurity;
+use ZeSecurity\IDS\Util\Locator;
+
return array(
'zendexperts_security' => array(
'IDS'=>array(
@@ -25,15 +28,15 @@
'options'=>array(
'General'=>array(
'filter_type' => 'xml',
- 'filter_path' => __DIR__ . '/../vendor/IDS/default_filter.xml',
- // 'base_path' => __DIR__ . '/../vendor/IDS/',
+ 'filter_path' => Locator::expandFilePath('IDS/default_filter.xml'),
+ // 'base_path' => 'IDS/',
'use_base_path' => false,
// 'tmp_path' => __DIR__ . '/../../../data/tmp/',
'scan_keys' => false,
// in case you want to use a different HTMLPurifier source, specify it here
// By default, those files are used that are being shipped with PHPIDS
- 'HTML_Purifier_Path' => 'vendors/htmlpurifier/HTMLPurifier.auto.php',
- 'HTML_Purifier_Cache' => 'vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer',
+ 'HTML_Purifier_Path' => Locator::expandFilePath('IDS/vendors/htmlpurifier/HTMLPurifier.auto.php'),
+ 'HTML_Purifier_Cache' => 'IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer',
// define which fields contain html and need preparation before hitting the PHPIDS rules(new in PHPIDS 0.5)
'html' => array(),
// define which fields contain JSON data and should be treated as such; for fewer false positives(new in PHPIDS 0.5.3)
View
2 src/ZeSecurity/IDS/Monitor.php
@@ -54,6 +54,8 @@ public function setConfig($config)
public function initMonitor()
{
try {
+ require_once('IDS/Init.php');
+ require_once('IDS/Monitor.php');
$init = IDS_Init::init();
$init->setConfig($this->config['options']);
$request = $this->getRequest();
View
20 src/ZeSecurity/IDS/Util/Locator.php
@@ -0,0 +1,20 @@
+<?php
+namespace ZeSecurity\IDS\Util;
+
+class Locator
+{
+ /**
+ * Expand the file path using the current include path
+ * @static
+ * @param string $file
+ * @return string
+ */
+ public static function expandFilePath($file)
+ {
+ $ps = explode(PATH_SEPARATOR, ini_get('include_path'));
+ foreach ($ps as $path) {
+ if (file_exists($path . '/' . $file)) return $path . '/' . $file;
+ }
+ return $file;
+ }
+}
View
5 vendor/IDS/.htaccess
@@ -1,5 +0,0 @@
-# in case PHPIDS is placed in the web-root
-deny from all
-
-# silence is golden
-php_flag display_errors off
View
84 vendor/IDS/Caching.php
@@ -1,84 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * Caching factory
- *
- * This class is used as a factory to load the correct concrete caching
- * implementation.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Factory.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching
-{
-
- /**
- * Factory method
- *
- * @param object $init the IDS_Init object
- * @param string $type the caching type
- *
- * @return object the caching facility
- */
- public static function factory($init, $type)
- {
-
- $object = false;
- $wrapper = preg_replace(
- '/\W+/m',
- null,
- ucfirst($init->config['Caching']['caching'])
- );
- $class = 'IDS_Caching_' . $wrapper;
- $object = call_user_func(array($class, 'getInstance'),
- $type, $init);
- return $object;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
149 vendor/IDS/Caching/Apc.php
@@ -1,149 +0,0 @@
-<?php
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * APC caching wrapper
- *
- * This class inhabits functionality to get and set cache via memcached.
- *
- * @category Security
- * @package PHPIDS
- * @author Yves Berkholz <godzilla80@gmx.net>
- * @copyright 2007-2009 The PHPIDS Groupoup
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id$
- * @link http://php-ids.org/
- * @since Version 0.6.5
- */
-class IDS_Caching_Apc implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Flag if the filter storage has been found in memcached
- *
- * @var boolean
- */
- private $isCached = false;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param array $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Apc($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data
- *
- * @param array $data the caching data
- *
- * @return object $this
- */
- public function setCache(array $data)
- {
- if(!$this->isCached)
- apc_store($this->config['key_prefix'] . '.storage',
- $data, $this->config['expiration_time']);
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
- $data = apc_fetch($this->config['key_prefix'] . '.storage');
- $this->isCached = !empty($data);
- return $data;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
289 vendor/IDS/Caching/Database.php
@@ -1,289 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * Needed SQL:
- *
-
- #create the database
-
- CREATE DATABASE IF NOT EXISTS `phpids` DEFAULT CHARACTER
- SET utf8 COLLATE utf8_general_ci;
- DROP TABLE IF EXISTS `cache`;
-
- #now select the created datbase and create the table
-
- CREATE TABLE `cache` (
- `type` VARCHAR( 32 ) NOT null ,
- `data` TEXT NOT null ,
- `created` DATETIME NOT null ,
- `modified` DATETIME NOT null
- ) ENGINE = MYISAM ;
- */
-
-/**
- * Database caching wrapper
- *
- * This class inhabits functionality to get and set cache via a database.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Groupup
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Database.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_Database implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * DBH
- *
- * @var object
- */
- private $handle = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
- /**
- * Constructor
- *
- * Connects to database.
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
- $this->handle = $this->_connect();
- }
-
- /**
- * Returns an instance of this class
- *
- * @static
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Database($type, $init);
- }
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data into the database
- *
- * @param array $data the caching data
- *
- * @throws PDOException if a db error occurred
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- $handle = $this->handle;
-
- $rows = $handle->query('SELECT created FROM `' .
- $this->config['table'].'`');
-
- if (!$rows || $rows->rowCount() === 0) {
-
- $this->_write($handle, $data);
- } else {
-
- foreach ($rows as $row) {
-
- if ((time()-strtotime($row['created'])) >
- $this->config['expiration_time']) {
-
- $this->_write($handle, $data);
- }
- }
- }
-
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @throws PDOException if a db error occurred
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- try{
- $handle = $this->handle;
- $result = $handle->prepare('SELECT * FROM `' .
- $this->config['table'] .
- '` where type=?');
- $result->execute(array($this->type));
-
- foreach ($result as $row) {
- return unserialize($row['data']);
- }
-
- } catch (PDOException $e) {
- throw new PDOException('PDOException: ' . $e->getMessage());
- }
- return false;
- }
-
- /**
- * Connect to database and return a handle
- *
- * @return object PDO
- * @throws Exception if connection parameters are faulty
- * @throws PDOException if a db error occurred
- */
- private function _connect()
- {
-
- // validate connection parameters
- if (!$this->config['wrapper']
- || !$this->config['user']
- || !$this->config['password']
- || !$this->config['table']) {
-
- throw new Exception('
- Insufficient connection parameters'
- );
- }
-
- // try to connect
- try {
- $handle = new PDO(
- $this->config['wrapper'],
- $this->config['user'],
- $this->config['password']
- );
- $handle->setAttribute(
- PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true
- );
-
- } catch (PDOException $e) {
- throw new PDOException('PDOException: ' . $e->getMessage());
- }
- return $handle;
- }
-
- /**
- * Write the cache data to the table
- *
- * @param object $handle the database handle
- * @param array $data the caching data
- *
- * @return object PDO
- * @throws PDOException if a db error occurred
- */
- private function _write($handle, $data)
- {
-
- try {
- $handle->query('TRUNCATE ' .
- $this->config['table'].'');
- $statement = $handle->prepare('
- INSERT INTO `' .
- $this->config['table'].'` (
- type,
- data,
- created,
- modified
- )
- VALUES (
- :type,
- :data,
- now(),
- now()
- )
- ');
-
- $statement->bindParam('type',
- $handle->quote($this->type));
- $statement->bindParam('data', serialize($data));
-
- if (!$statement->execute()) {
- throw new PDOException($statement->errorCode());
- }
-
- } catch (PDOException $e) {
- throw new PDOException('PDOException: ' . $e->getMessage());
- }
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
185 vendor/IDS/Caching/File.php
@@ -1,185 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * File caching wrapper
- *
- * This class inhabits functionality to get and set cache via a static flatfile.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:File.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_File implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Path to cache file
- *
- * @var string
- */
- private $path = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
- $this->path = $init->getBasePath() . $this->config['path'];
-
- if (file_exists($this->path) && !is_writable($this->path)) {
- throw new Exception('Make sure all files in ' .
- htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') .
- 'are writeable!');
- }
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_File($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data into the file
- *
- * @param array $data the cache data
- *
- * @throws Exception if cache file couldn't be created
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- if (!is_writable(preg_replace('/[\/][^\/]+\.[^\/]++$/', null,
- $this->path))) {
- throw new Exception('Temp directory ' .
- htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') .
- ' seems not writable');
- }
-
- if ((!file_exists($this->path) || (time()-filectime($this->path)) >
- $this->config['expiration_time'])) {
- $handle = @fopen($this->path, 'w+');
- $serialized = @serialize($data);
-
- if (!$handle) {
- throw new Exception("Cache file couldn't be created");
- }
- if (!$serialized) {
- throw new Exception("Cache data couldn't be serialized");
- }
-
- fwrite($handle, $serialized);
- fclose($handle);
- }
-
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- // make sure filters are parsed again if cache expired
- if (file_exists($this->path) && (time()-filectime($this->path)) <
- $this->config['expiration_time']) {
- $data = unserialize(file_get_contents($this->path));
- return $data;
- }
-
- return false;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
73 vendor/IDS/Caching/Interface.php
@@ -1,73 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * Caching wrapper interface
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @version SVN: $Id:Interface.php 517 2007-09-15 15:04:13Z mario $
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @since Version 0.4
- * @link http://php-ids.org/
- */
-interface IDS_Caching_Interface
-{
- /**
- * Interface method
- *
- * @param array $data the cache data
- *
- * @return void
- */
- public function setCache(array $data);
-
- /**
- * Interface method
- *
- * @return void
- */
- public function getCache();
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
193 vendor/IDS/Caching/Memcached.php
@@ -1,193 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * File caching wrapper
- *
- * This class inhabits functionality to get and set cache via memcached.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Groupoup
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Memcached.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_Memcached implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Flag if the filter storage has been found in memcached
- *
- * @var boolean
- */
- private $isCached = false;
-
- /**
- * Memcache object
- *
- * @var object
- */
- private $memcache = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param array $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
-
- $this->_connect();
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Memcached($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data
- *
- * @param array $data the caching data
- *
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- if(!$this->isCached) {
- $this->memcache->set(
- $this->config['key_prefix'] . '.storage',
- $data, false, $this->config['expiration_time']
- );
- }
-
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- $data = $this->memcache->get(
- $this->config['key_prefix'] .
- '.storage'
- );
- $this->isCached = !empty($data);
-
- return $data;
- }
-
- /**
- * Connect to the memcached server
- *
- * @throws Exception if connection parameters are insufficient
- * @return void
- */
- private function _connect()
- {
-
- if ($this->config['host'] && $this->config['port']) {
- // establish the memcache connection
- $this->memcache = new Memcache;
- $this->memcache->pconnect(
- $this->config['host'],
- $this->config['port']
- );
-
- } else {
- throw new Exception('Insufficient connection parameters');
- }
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
144 vendor/IDS/Caching/Session.php
@@ -1,144 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * File caching wrapper
- *
- * This class inhabits functionality to get and set cache via session.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Session.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_Session implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
- $this->type = $type;
- $this->config = $init->config['Caching'];
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Session($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data into the session
- *
- * @param array $data the caching data
- *
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- $_SESSION['PHPIDS'][$this->type] = $data;
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- if ($this->type && $_SESSION['PHPIDS'][$this->type]) {
- return $_SESSION['PHPIDS'][$this->type];
- }
-
- return false;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
89 vendor/IDS/Config/Config.ini.php
@@ -1,89 +0,0 @@
-; <?php die(); ?>
-
-; PHPIDS Config.ini
-
-; General configuration settings
-
-
-[General]
-
- ; basic settings - customize to make the PHPIDS work at all
- filter_type = xml
-
- base_path = /full/path/to/IDS/
- use_base_path = false
-
- filter_path = default_filter.xml
- tmp_path = tmp
- scan_keys = false
-
- ; in case you want to use a different HTMLPurifier source, specify it here
- ; By default, those files are used that are being shipped with PHPIDS
- HTML_Purifier_Path = vendors/htmlpurifier/HTMLPurifier.auto.php
- HTML_Purifier_Cache = vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
-
- ; define which fields contain html and need preparation before
- ; hitting the PHPIDS rules (new in PHPIDS 0.5)
- ;html[] = POST.__wysiwyg
-
- ; define which fields contain JSON data and should be treated as such
- ; for fewer false positives (new in PHPIDS 0.5.3)
- ;json[] = POST.__jsondata
-
- ; define which fields shouldn't be monitored (a[b]=c should be referenced via a.b)
- exceptions[] = GET.__utmz
- exceptions[] = GET.__utmc
-
- ; you can use regular expressions for wildcard exceptions - example: /.*foo/i
-
- ; PHPIDS should run with PHP 5.1.2 but this is untested - set
- ; this value to force compatibilty with minor versions
- min_php_version = 5.1.6
-
-; If you use the PHPIDS logger you can define specific configuration here
-
-[Logging]
-
- ; file logging
- path = tmp/phpids_log.txt
-
- ; email logging
-
- ; note that enabling safemode you can prevent spam attempts,
- ; see documentation
- recipients[] = test@test.com.invalid
- subject = "PHPIDS detected an intrusion attempt!"
- header = "From: <PHPIDS> info@phpids.org"
- envelope = ""
- safemode = true
- urlencode = true
- allowed_rate = 15
-
- ; database logging
-
- wrapper = "mysql:host=localhost;port=3306;dbname=phpids"
- user = phpids_user
- password = 123456
- table = intrusions
-
-; If you would like to use other methods than file caching you can configure them here
-
-[Caching]
-
- ; caching: session|file|database|memcached|none
- caching = file
- expiration_time = 600
-
- ; file cache
- path = tmp/default_filter.cache
-
- ; database cache
- wrapper = "mysql:host=localhost;port=3306;dbname=phpids"
- user = phpids_user
- password = 123456
- table = cache
-
- ; memcached
- ;host = localhost
- ;port = 11211
- ;key_prefix = PHPIDS
View
750 vendor/IDS/Converter.php
@@ -1,750 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * PHPIDS specific utility class to convert charsets manually
- *
- * Note that if you make use of IDS_Converter::runAll(), existing class
- * methods will be executed in the same order as they are implemented in the
- * class tree!
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Converter.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- */
-class IDS_Converter
-{
- /**
- * Runs all converter functions
- *
- * Note that if you make use of IDS_Converter::runAll(), existing class
- * methods will be executed in the same order as they are implemented in the
- * class tree!
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function runAll($value)
- {
- foreach (get_class_methods(__CLASS__) as $method) {
-
- if (strpos($method, 'run') === 0) {
- continue;
- }
- $value = self::$method($value);
- }
-
- return $value;
- }
-
- /**
- * Check for comments and erases them if available
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromCommented($value)
- {
- // check for existing comments
- if (preg_match('/(?:\<!-|-->|\/\*|\*\/|\/\/\W*\w+\s*$)|' .
- '(?:--[^-]*-)/ms', $value)) {
-
- $pattern = array(
- '/(?:(?:<!)(?:(?:--(?:[^-]*(?:-[^-]+)*)--\s*)*)(?:>))/ms',
- '/(?:(?:\/\*\/*[^\/\*]*)+\*\/)/ms',
- '/(?:--[^-]*-)/ms'
- );
-
- $converted = preg_replace($pattern, ';', $value);
- $value .= "\n" . $converted;
- }
-
- //make sure inline comments are detected and converted correctly
- $value = preg_replace('/(<\w+)\/+(\w+=?)/m', '$1/$2', $value);
- $value = preg_replace('/[^\\\:]\/\/(.*)$/m', '/**/$1', $value);
- $value = preg_replace('/([^\-&])#.*[\r\n\v\f]/m', '$1', $value);
- $value = preg_replace('/([^&\-])#.*\n/m', '$1 ', $value);
- $value = preg_replace('/^#.*\n/m', ' ', $value);
-
- return $value;
- }
-
- /**
- * Strip newlines
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromWhiteSpace($value)
- {
- //check for inline linebreaks
- $search = array('\r', '\n', '\f', '\t', '\v');
- $value = str_replace($search, ';', $value);
-
- // replace replacement characters regular spaces
- $value = str_replace('', ' ', $value);
-
- //convert real linebreaks
- return preg_replace('/(?:\n|\r|\v)/m', ' ', $value);
- }
-
- /**
- * Checks for common charcode pattern and decodes them
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromJSCharcode($value)
- {
- $matches = array();
-
- // check if value matches typical charCode pattern
- if (preg_match_all('/(?:[\d+-=\/\* ]+(?:\s?,\s?[\d+-=\/\* ]+)){4,}/ms',
- $value, $matches)) {
-
- $converted = '';
- $string = implode(',', $matches[0]);
- $string = preg_replace('/\s/', '', $string);
- $string = preg_replace('/\w+=/', '', $string);
- $charcode = explode(',', $string);
-
- foreach ($charcode as $char) {
- $char = preg_replace('/\W0/s', '', $char);
-
- if (preg_match_all('/\d*[+-\/\* ]\d+/', $char, $matches)) {
- $match = preg_split('/(\W?\d+)/',
- (implode('', $matches[0])),
- null,
- PREG_SPLIT_DELIM_CAPTURE);
-
- if (array_sum($match) >= 20 && array_sum($match) <= 127) {
- $converted .= chr(array_sum($match));
- }
-
- } elseif (!empty($char) && $char >= 20 && $char <= 127) {
- $converted .= chr($char);
- }
- }
-
- $value .= "\n" . $converted;
- }
-
- // check for octal charcode pattern
- if (preg_match_all('/(?:(?:[\\\]+\d+[ \t]*){8,})/ims', $value, $matches)) {
-
- $converted = '';
- $charcode = explode('\\', preg_replace('/\s/', '', implode(',',
- $matches[0])));
-
- foreach ($charcode as $char) {
- if (!empty($char)) {
- if (octdec($char) >= 20 && octdec($char) <= 127) {
- $converted .= chr(octdec($char));
- }
- }
- }
- $value .= "\n" . $converted;
- }
-
- // check for hexadecimal charcode pattern
- if (preg_match_all('/(?:(?:[\\\]+\w+\s*){8,})/ims', $value, $matches)) {
-
- $converted = '';
- $charcode = explode('\\', preg_replace('/[ux]/', '', implode(',',
- $matches[0])));
-
- foreach ($charcode as $char) {
- if (!empty($char)) {
- if (hexdec($char) >= 20 && hexdec($char) <= 127) {
- $converted .= chr(hexdec($char));
- }
- }
- }
- $value .= "\n" . $converted;
- }
-
- return $value;
- }
-
- /**
- * Eliminate JS regex modifiers
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertJSRegexModifiers($value)
- {
- $value = preg_replace('/\/[gim]+/', '/', $value);
-
- return $value;
- }
-
- /**
- * Converts from hex/dec entities
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertEntities($value)
- {
- $converted = null;
-
- //deal with double encoded payload
- $value = preg_replace('/&amp;/', '&', $value);
-
- if (preg_match('/&#x?[\w]+/ms', $value)) {
- $converted = preg_replace('/(&#x?[\w]{2}\d?);?/ms', '$1;', $value);
- $converted = html_entity_decode($converted, ENT_QUOTES, 'UTF-8');
- $value .= "\n" . str_replace(';;', ';', $converted);
- }
- // normalize obfuscated protocol handlers
- $value = preg_replace(
- '/(?:j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:)|(d\s*a\s*t\s*a\s*:)/ms',
- 'javascript:', $value
- );
-
- return $value;
- }
-
- /**
- * Normalize quotes
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertQuotes($value)
- {
- // normalize different quotes to "
- $pattern = array('\'', '`', '´', '', '');
- $value = str_replace($pattern, '"', $value);
-
- //make sure harmless quoted strings don't generate false alerts
- $value = preg_replace('/^"([^"=\\!><~]+)"$/', '$1', $value);
-
- return $value;
- }
-
- /**
- * Converts SQLHEX to plain text
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromSQLHex($value)
- {
- $matches = array();
- if(preg_match_all('/(?:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+/im', $value, $matches)) {
- foreach($matches[0] as $match) {
- $converted = '';
- foreach(str_split($match, 2) as $hex_index) {
- if(preg_match('/[a-f\d]{2,3}/i', $hex_index)) {
- $converted .= chr(hexdec($hex_index));
- }
- }
- $value = str_replace($match, $converted, $value);
- }
- }
- // take care of hex encoded ctrl chars
- $value = preg_replace('/0x\d+/m', ' 1 ', $value);
-
- return $value;
- }
-
- /**
- * Converts basic SQL keywords and obfuscations
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromSQLKeywords($value)
- {
- $pattern = array('/(?:is\s+null)|(like\s+null)|' .
- '(?:(?:^|\W)in[+\s]*\([\s\d"]+[^()]*\))/ims');
- $value = preg_replace($pattern, '"=0', $value);
-
- $value = preg_replace('/[^\w\)]+\s*like\s*[^\w\s]+/ims', '1" OR "1"', $value);
- $value = preg_replace('/null([,"\s])/ims', '0$1', $value);
- $value = preg_replace('/\d+\./ims', ' 1', $value);
- $value = preg_replace('/,null/ims', ',0', $value);
- $value = preg_replace('/(?:between)/ims', 'or', $value);
- $value = preg_replace('/(?:and\s+\d+\.?\d*)/ims', '', $value);
- $value = preg_replace('/(?:\s+and\s+)/ims', ' or ', $value);
-
- $pattern = array('/(?:not\s+between)|(?:is\s+not)|(?:not\s+in)|' .
- '(?:xor|<>|rlike(?:\s+binary)?)|' .
- '(?:regexp\s+binary)|' .
- '(?:sounds\s+like)/ims');
- $value = preg_replace($pattern, '!', $value);
- $value = preg_replace('/"\s+\d/', '"', $value);
- $value = preg_replace('/(\W)div(\W)/ims', '$1 OR $2', $value);
- $value = preg_replace('/\/(?:\d+|null)/', null, $value);
-
- return $value;
- }
-
- /**
- * Detects nullbytes and controls chars via ord()
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromControlChars($value)
- {
- // critical ctrl values
- $search = array(
- chr(0), chr(1), chr(2), chr(3), chr(4), chr(5),
- chr(6), chr(7), chr(8), chr(11), chr(12), chr(14),
- chr(15), chr(16), chr(17), chr(18), chr(19), chr(24),
- chr(25), chr(192), chr(193), chr(238), chr(255), '\\0'
- );
-
- $value = str_replace($search, '%00', $value);
-
- //take care for malicious unicode characters
- $value = urldecode(preg_replace('/(?:%E(?:2|3)%8(?:0|1)%(?:A|8|9)' .
- '\w|%EF%BB%BF|%EF%BF%BD)|(?:&#(?:65|8)\d{3};?)/i', null,
- urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%BE)/i', '>', urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%BC)/i', '<', urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%A2)/i', '"', urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%A7)/i', '\'', urlencode($value)));
-
- $value = preg_replace('/(?:%ff1c)/', '<', $value);
- $value = preg_replace(
- '/(?:&[#x]*(200|820|200|820|zwn?j|lrm|rlm)\w?;?)/i', null,$value
- );
- $value = preg_replace('/(?:&#(?:65|8)\d{3};?)|' .
- '(?:&#(?:56|7)3\d{2};?)|' .
- '(?:&#x(?:fe|20)\w{2};?)|' .
- '(?:&#x(?:d[c-f])\w{2};?)/i', null,
- $value);
-
- $value = str_replace(
- array('«', '', '', '', '', ''), '<', $value
- );
- $value = str_replace(
- array('»', '', '', '', '', ''), '>', $value
- );
-
- return $value;
- }
-
- /**
- * This method matches and translates base64 strings and fragments
- * used in data URIs
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromNestedBase64($value)
- {
- $matches = array();
- preg_match_all('/(?:^|[,&?])\s*([a-z0-9]{30,}=*)(?:\W|$)/im',
- $value,
- $matches);
-
- foreach ($matches[1] as $item) {
- if (isset($item) && !preg_match('/[a-f0-9]{32}/i', $item)) {
- $base64_item = base64_decode($item);
- $value = str_replace($item, $base64_item, $value);
- }
- }
-
- return $value;
- }
-
- /**
- * Detects nullbytes and controls chars via ord()
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromOutOfRangeChars($value)
- {
- $values = str_split($value);
- foreach ($values as $item) {
- if (ord($item) >= 127) {
- $value = str_replace($item, ' ', $value);
- }
- }
-
- return $value;
- }
-
- /**
- * Strip XML patterns
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromXML($value)
- {
- $converted = strip_tags($value);
-
- if ($converted && ($converted != $value)) {
- return $value . "\n" . $converted;
- }
- return $value;
- }
-
- /**
- * This method converts JS unicode code points to
- * regular characters
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromJSUnicode($value)
- {
- $matches = array();
-
- preg_match_all('/\\\u[0-9a-f]{4}/ims', $value, $matches);
-
- if (!empty($matches[0])) {
- foreach ($matches[0] as $match) {
- $chr = chr(hexdec(substr($match, 2, 4)));
- $value = str_replace($match, $chr, $value);
- }
- $value .= "\n\u0001";
- }
-
- return $value;
- }
-
- /**
- * Converts relevant UTF-7 tags to UTF-8
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromUTF7($value)
- {
- if(preg_match('/\+A\w+-?/m', $value)) {
- if (function_exists('mb_convert_encoding')) {
- if(version_compare(PHP_VERSION, '5.2.8', '<')) {
- $tmp_chars = str_split($value);
- $value = '';
- foreach($tmp_chars as $char) {
- if(ord($char) <= 127) {
- $value .= $char;
- }
- }
- }
- $value .= "\n" . mb_convert_encoding($value, 'UTF-8', 'UTF-7');
- } else {
- //list of all critical UTF7 codepoints
- $schemes = array(
- '+ACI-' => '"',
- '+ADw-' => '<',
- '+AD4-' => '>',
- '+AFs-' => '[',
- '+AF0-' => ']',
- '+AHs-' => '{',
- '+AH0-' => '}',
- '+AFw-' => '\\',
- '+ADs-' => ';',
- '+ACM-' => '#',
- '+ACY-' => '&',
- '+ACU-' => '%',
- '+ACQ-' => '$',
- '+AD0-' => '=',
- '+AGA-' => '`',
- '+ALQ-' => '"',
- '+IBg-' => '"',
- '+IBk-' => '"',
- '+AHw-' => '|',
- '+ACo-' => '*',
- '+AF4-' => '^',
- '+ACIAPg-' => '">',
- '+ACIAPgA8-' => '">'
- );
-
- $value = str_ireplace(array_keys($schemes),
- array_values($schemes), $value);
- }
- }
- return $value;
- }
-
- /**
- * Converts basic concatenations
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromConcatenated($value)
- {
- //normalize remaining backslashes
- if ($value != preg_replace('/(\w)\\\/', "$1", $value)) {
- $value .= preg_replace('/(\w)\\\/', "$1", $value);
- }
-
- $compare = stripslashes($value);
-
- $pattern = array('/(?:<\/\w+>\+<\w+>)/s',
- '/(?:":\d+[^"[]+")/s',
- '/(?:"?"\+\w+\+")/s',
- '/(?:"\s*;[^"]+")|(?:";[^"]+:\s*")/s',
- '/(?:"\s*(?:;|\+).{8,18}:\s*")/s',
- '/(?:";\w+=)|(?:!""&&")|(?:~)/s',
- '/(?:"?"\+""?\+?"?)|(?:;\w+=")|(?:"[|&]{2,})/s',
- '/(?:"\s*\W+")/s',
- '/(?:";\w\s*\+=\s*\w?\s*")/s',
- '/(?:"[|&;]+\s*[^|&\n]*[|&]+\s*"?)/s',
- '/(?:";\s*\w+\W+\w*\s*[|&]*")/s',
- '/(?:"\s*"\s*\.)/s',
- '/(?:\s*new\s+\w+\s*[+",])/',
- '/(?:(?:^|\s+)(?:do|else)\s+)/',
- '/(?:[{(]\s*new\s+\w+\s*[)}])/',
- '/(?:(this|self)\.)/',
- '/(?:undefined)/',
- '/(?:in\s+)/');
-
- // strip out concatenations
- $converted = preg_replace($pattern, null, $compare);
-
- //strip object traversal
- $converted = preg_replace('/\w(\.\w\()/', "$1", $converted);
-
- // normalize obfuscated method calls
- $converted = preg_replace('/\)\s*\+/', ")", $converted);
-
- //convert JS special numbers
- $converted = preg_replace('/(?:\(*[.\d]e[+-]*[^a-z\W]+\)*)' .
- '|(?:NaN|Infinity)\W/ims', 1, $converted);
-
- if ($converted && ($compare != $converted)) {
- $value .= "\n" . $converted;
- }
-
- return $value;
- }
-
- /**
- * This method collects and decodes proprietary encoding types
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromProprietaryEncodings($value) {
-
- //Xajax error reportings
- $value = preg_replace('/<!\[CDATA\[(\W+)\]\]>/im', '$1', $value);
-
- //strip false alert triggering apostrophes
- $value = preg_replace('/(\w)\"(s)/m', '$1$2', $value);
-
- //strip quotes within typical search patterns
- $value = preg_replace('/^"([^"=\\!><~]+)"$/', '$1', $value);
-
- //OpenID login tokens
- $value = preg_replace('/{[\w-]{8,9}\}(?:\{[\w=]{8}\}){2}/', null, $value);
-
- //convert Content and \sdo\s to null
- $value = preg_replace('/Content|\Wdo\s/', null, $value);
-
- //strip emoticons
- $value = preg_replace(
- '/(?:\s[:;]-[)\/PD]+)|(?:\s;[)PD]+)|(?:\s:[)PD]+)|-\.-|\^\^/m',
- null,
- $value
- );
-
- //normalize separation char repetion
- $value = preg_replace('/([.+~=*_\-;])\1{2,}/m', '$1', $value);
-
- //normalize multiple single quotes
- $value = preg_replace('/"{2,}/m', '"', $value);
-
- //normalize quoted numerical values and asterisks
- $value = preg_replace('/"(\d+)"/m', '$1', $value);
-
- //normalize pipe separated request parameters
- $value = preg_replace('/\|(\w+=\w+)/m', '&$1', $value);
-
- //normalize ampersand listings
- $value = preg_replace('/(\w\s)&\s(\w)/', '$1$2', $value);
-
- //normalize escaped RegExp modifiers
- $value = preg_replace('/\/\\\(\w)/', '/$1', $value);
-
- return $value;
- }
-
- /**
- * This method is the centrifuge prototype
- *
- * @param string $value the value to convert
- * @param IDS_Monitor $monitor the monitor object
- *
- * @static
- * @return string
- */
- public static function runCentrifuge($value, IDS_Monitor $monitor = null)
- {
- $threshold = 3.49;
- if (strlen($value) > 25) {
-
- //strip padding
- $tmp_value = preg_replace('/\s{4}|==$/m', null, $value);
- $tmp_value = preg_replace(
- '/\s{4}|[\p{L}\d\+\-=,.%()]{8,}/m',
- 'aaa',
- $tmp_value
- );
-
- // Check for the attack char ratio
- $tmp_value = preg_replace('/([*.!?+-])\1{1,}/m', '$1', $tmp_value);
- $tmp_value = preg_replace('/"[\p{L}\d\s]+"/m', null, $tmp_value);
-
- $stripped_length = strlen(preg_replace('/[\d\s\p{L}\.:,%&\/><\-)!|]+/m',
- null, $tmp_value));
- $overall_length = strlen(
- preg_replace('/([\d\s\p{L}:,\.]{3,})+/m', 'aaa',
- preg_replace('/\s{2,}/m', null, $tmp_value))
- );
-
- if ($stripped_length != 0
- && $overall_length/$stripped_length <= $threshold) {
-
- $monitor->centrifuge['ratio'] =
- $overall_length/$stripped_length;
- $monitor->centrifuge['threshold'] =
- $threshold;
-
- $value .= "\n$[!!!]";
- }
- }
-
- if (strlen($value) > 40) {
- // Replace all non-special chars
- $converted = preg_replace('/[\w\s\p{L},.:!]/', null, $value);
-
- // Split string into an array, unify and sort
- $array = str_split($converted);
- $array = array_unique($array);
- asort($array);
-
- // Normalize certain tokens
- $schemes = array(
- '~' => '+',
- '^' => '+',
- '|' => '+',
- '*' => '+',
- '%' => '+',
- '&' => '+',
- '/' => '+'
- );
-
- $converted = implode($array);
-
- $_keys = array_keys($schemes);
- $_values = array_values($schemes);
-
- $converted = str_replace($_keys, $_values, $converted);
-
- $converted = preg_replace('/[+-]\s*\d+/', '+', $converted);
- $converted = preg_replace('/[()[\]{}]/', '(', $converted);
- $converted = preg_replace('/[!?:=]/', ':', $converted);
- $converted = preg_replace('/[^:(+]/', null, stripslashes($converted));
-
- // Sort again and implode
- $array = str_split($converted);
- asort($array);
-
- $converted = implode($array);
-
- if (preg_match('/(?:\({2,}\+{2,}:{2,})|(?:\({2,}\+{2,}:+)|' .
- '(?:\({3,}\++:{2,})/', $converted)) {