Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'master' of https://github.com/ZendExperts/ZeSecurity

  • Loading branch information...
commit 095f0fcc20591aaedc6d151d2b63fdc40e388fb7 2 parents a587eb6 + ac342b1
@cosmin-harangus cosmin-harangus authored
Showing with 34 additions and 18,885 deletions.
  1. +5 −5 composer.json
  2. +7 −4 config/module.config.php
  3. +2 −0  src/ZeSecurity/IDS/Monitor.php
  4. +20 −0 src/ZeSecurity/IDS/Util/Locator.php
  5. +0 −5 vendor/IDS/.htaccess
  6. +0 −84 vendor/IDS/Caching.php
  7. +0 −149 vendor/IDS/Caching/Apc.php
  8. +0 −289 vendor/IDS/Caching/Database.php
  9. +0 −185 vendor/IDS/Caching/File.php
  10. +0 −73 vendor/IDS/Caching/Interface.php
  11. +0 −193 vendor/IDS/Caching/Memcached.php
  12. +0 −144 vendor/IDS/Caching/Session.php
  13. +0 −89 vendor/IDS/Config/Config.ini.php
  14. +0 −750 vendor/IDS/Converter.php
  15. +0 −235 vendor/IDS/Event.php
  16. +0 −187 vendor/IDS/Filter.php
  17. +0 −376 vendor/IDS/Filter/Storage.php
  18. +0 −229 vendor/IDS/Init.php
  19. +0 −136 vendor/IDS/Log/Composite.php
  20. +0 −300 vendor/IDS/Log/Database.php
  21. +0 −400 vendor/IDS/Log/Email.php
  22. +0 −229 vendor/IDS/Log/File.php
  23. +0 −65 vendor/IDS/Log/Interface.php
  24. +0 −775 vendor/IDS/Monitor.php
  25. +0 −341 vendor/IDS/Report.php
  26. +0 −49 vendor/IDS/Version.php
  27. +0 −1  vendor/IDS/default_filter.json
  28. +0 −799 vendor/IDS/default_filter.xml
  29. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
  30. +0 −26 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.autoload.php
  31. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.func.php
  32. +0 −214 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.includes.php
  33. +0 −30 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.kses.php
  34. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.path.php
  35. +0 −237 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.php
  36. +0 −208 vendor/IDS/vendors/htmlpurifier/HTMLPurifier.safe-includes.php
  37. +0 −128 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrCollections.php
  38. +0 −123 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef.php
  39. +0 −87 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS.php
  40. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/AlphaValue.php
  41. +0 −87 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Background.php
  42. +0 −133 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
  43. +0 −43 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Border.php
  44. +0 −78 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Color.php
  45. +0 −38 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Composite.php
  46. +0 −28 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
  47. +0 −54 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Filter.php
  48. +0 −149 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Font.php
  49. +0 −197 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/FontFamily.php
  50. +0 −40 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
  51. +0 −47 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Length.php
  52. +0 −78 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/ListStyle.php
  53. +0 −58 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Multiple.php
  54. +0 −69 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Number.php
  55. +0 −40 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/Percentage.php
  56. +0 −38 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/TextDecoration.php
  57. +0 −61 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/CSS/URI.php
  58. +0 −65 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Enum.php
  59. +0 −28 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Bool.php
  60. +0 −34 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Class.php
  61. +0 −32 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Color.php
  62. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/FrameTarget.php
  63. +0 −70 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/ID.php
  64. +0 −41 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Length.php
  65. +0 −53 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/LinkTypes.php
  66. +0 −41 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/MultiLength.php
  67. +0 −52 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Nmtokens.php
  68. +0 −48 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/HTML/Pixels.php
  69. +0 −73 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Integer.php
  70. +0 −73 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Lang.php
  71. +0 −34 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Switch.php
  72. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/Text.php
  73. +0 −77 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI.php
  74. +0 −17 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Email.php
  75. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
  76. +0 −68 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/Host.php
  77. +0 −39 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv4.php
  78. +0 −99 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrDef/URI/IPv6.php
  79. +0 −56 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform.php
  80. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Background.php
  81. +0 −19 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/BdoDir.php
  82. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/BgColor.php
  83. +0 −36 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/BoolToCSS.php
  84. +0 −18 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Border.php
  85. +0 −58 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/EnumToCSS.php
  86. +0 −43 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/ImgRequired.php
  87. +0 −44 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/ImgSpace.php
  88. +0 −40 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Input.php
  89. +0 −28 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Lang.php
  90. +0 −27 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Length.php
  91. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Name.php
  92. +0 −27 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/NameSync.php
  93. +0 −41 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Nofollow.php
  94. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/SafeEmbed.php
  95. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/SafeObject.php
  96. +0 −64 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/SafeParam.php
  97. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/ScriptRequired.php
  98. +0 −18 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTransform/Textarea.php
  99. +0 −77 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrTypes.php
  100. +0 −162 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/AttrValidator.php
  101. +0 −104 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Bootstrap.php
  102. +0 −322 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/CSSDefinition.php
  103. +0 −48 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef.php
  104. +0 −48 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/Chameleon.php
  105. +0 −90 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/Custom.php
  106. +0 −20 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/Empty.php
  107. +0 −26 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/Optional.php
  108. +0 −117 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/Required.php
  109. +0 −88 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/StrictBlockquote.php
  110. +0 −142 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ChildDef/Table.php
  111. +0 −709 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Config.php
  112. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigDef.php
  113. +0 −55 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigDef/Directive.php
  114. +0 −24 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigDef/DirectiveAlias.php
  115. +0 −10 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigDef/Namespace.php
  116. +0 −164 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema.php
  117. +0 −44 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
  118. +0 −106 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Builder/Xml.php
  119. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Exception.php
  120. +0 −42 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange.php
  121. +0 −77 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Directive.php
  122. +0 −37 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Id.php
  123. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Interchange/Namespace.php
  124. +0 −180 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
  125. +0 −206 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/Validator.php
  126. +0 −66 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/ValidatorAtom.php
  127. BIN  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema.ser
  128. +0 −8 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
  129. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
  130. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
  131. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
  132. +0 −19 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
  133. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
  134. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
  135. +0 −8 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
  136. +0 −10 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
  137. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
  138. +0 −8 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
  139. +0 −5 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
  140. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
  141. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
  142. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
  143. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Attr.txt
  144. +0 −31 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
  145. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
  146. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
  147. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
  148. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
  149. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
  150. +0 −11 .../IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
  151. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
  152. +0 −46 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
  153. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
  154. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormat.txt
  155. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormatParam.PurifierLinkifyDocURL.txt
  156. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/AutoFormatParam.txt
  157. +0 −8 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
  158. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
  159. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
  160. +0 −18 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
  161. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
  162. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
  163. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
  164. +0 −10 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
  165. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
  166. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/CSS.txt
  167. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
  168. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
  169. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
  170. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Cache.txt
  171. +0 −18 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
  172. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
  173. +0 −28 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
  174. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
  175. +0 −17 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
  176. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
  177. +0 −10 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
  178. +0 −7 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
  179. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
  180. +0 −19 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
  181. +0 −10 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
  182. +0 −34 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
  183. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
  184. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
  185. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
  186. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
  187. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
  188. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Core.txt
  189. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
  190. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
  191. +0 −29 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
  192. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
  193. +0 −74 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
  194. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
  195. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Filter.txt
  196. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksEscaping.txt
  197. +0 −29 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksScope.txt
  198. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.ExtractStyleBlocksTidyImpl.txt
  199. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/FilterParam.txt
  200. +0 −25 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
  201. +0 −19 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
  202. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
  203. +0 −20 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
  204. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
  205. +0 −18 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
  206. +0 −23 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
  207. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
  208. +0 −33 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
  209. +0 −16 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
  210. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
  211. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
  212. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
  213. +0 −20 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
  214. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
  215. +0 −7 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
  216. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
  217. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
  218. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
  219. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
  220. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
  221. +0 −8 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
  222. +0 −24 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
  223. +0 −8 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
  224. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
  225. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
  226. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/HTML.txt
  227. +0 −10 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
  228. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
  229. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
  230. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
  231. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
  232. +0 −25 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
  233. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Output.txt
  234. +0 −7 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
  235. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/Test.txt
  236. +0 −17 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
  237. +0 −17 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
  238. +0 −10 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
  239. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
  240. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
  241. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
  242. +0 −11 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
  243. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
  244. +0 −15 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
  245. +0 −19 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
  246. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
  247. +0 −13 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
  248. +0 −83 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
  249. +0 −17 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
  250. +0 −30 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
  251. +0 −9 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
  252. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/URI.txt
  253. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ConfigSchema/schema/info.ini
  254. +0 −155 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ContentSets.php
  255. +0 −82 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Context.php
  256. +0 −50 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Definition.php
  257. +0 −108 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache.php
  258. +0 −62 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator.php
  259. +0 −43 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php
  260. +0 −46 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Memory.php
  261. +0 −47 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Decorator/Template.php.in
  262. +0 −39 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Null.php
  263. +0 −191 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php
  264. BIN  ...ndors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/CSS/4.1.0,801ad73acbcf9d3127e1d01768d26453,1.ser
  265. BIN  ...dors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/HTML/4.1.0,ddc9b993d7fc8d4a185e8dbf5b9a0996,1.ser
  266. +0 −3  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README
  267. BIN  ...ndors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/URI/4.0.0,05c766101e813c246917b022f97b5e6e,1.ser
  268. +0 −91 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCacheFactory.php
  269. +0 −60 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Doctype.php
  270. +0 −103 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/DoctypeRegistry.php
  271. +0 −183 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ElementDef.php
  272. +0 −426 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Encoder.php
  273. +0 −44 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/EntityLookup.php
  274. +0 −1  vendor/IDS/vendors/htmlpurifier/HTMLPurifier/EntityLookup/entities.ser
  275. +0 −144 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/EntityParser.php
  276. +0 −209 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ErrorCollector.php
  277. +0 −60 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/ErrorStruct.php
  278. +0 −12 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Exception.php
  279. +0 −46 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Filter.php
  280. +0 −135 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Filter/ExtractStyleBlocks.php
  281. +0 −39 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Filter/YouTube.php
  282. +0 −254 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/Generator.php
  283. +0 −425 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLDefinition.php
  284. +0 −244 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule.php
  285. +0 −31 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Bdo.php
  286. +0 −26 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/CommonAttributes.php
  287. +0 −38 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Edit.php
  288. +0 −118 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Forms.php
  289. +0 −31 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Hypertext.php
  290. +0 −40 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Image.php
  291. +0 −143 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Legacy.php
  292. +0 −37 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/List.php
  293. +0 −21 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Name.php
  294. +0 −19 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Nofollow.php
  295. +0 −14 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php
  296. +0 −47 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Object.php
  297. +0 −36 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Presentation.php
  298. +0 −33 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Proprietary.php
  299. +0 −27 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/Ruby.php
  300. +0 −34 vendor/IDS/vendors/htmlpurifier/HTMLPurifier/HTMLModule/SafeEmbed.php
Sorry, we could not display the entire diff because too many files (390) changed.
View
10 composer.json
@@ -12,18 +12,18 @@
}
],
"require": {
- "php": ">=5.3.3"
+ "php": ">=5.3.3",
+ "ZendExperts/phpids": "0.7.x"
},
- "autoload": {
+ "autoload": {
"psr-0": {
- "ZeSecurity": "src/",
- "IDS_": "vendor/"
+ "ZeSecurity": "src/"
},
"classmap":[
"./"
]
},
- "extra": {
+ "extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
View
11 config/module.config.php
@@ -1,4 +1,7 @@
<?php
+namespace ZeSecurity;
+use ZeSecurity\IDS\Util\Locator;
+
return array(
'zendexperts_security' => array(
'IDS'=>array(
@@ -25,15 +28,15 @@
'options'=>array(
'General'=>array(
'filter_type' => 'xml',
- 'filter_path' => __DIR__ . '/../vendor/IDS/default_filter.xml',
- // 'base_path' => __DIR__ . '/../vendor/IDS/',
+ 'filter_path' => Locator::expandFilePath('IDS/default_filter.xml'),
+ // 'base_path' => 'IDS/',
'use_base_path' => false,
// 'tmp_path' => __DIR__ . '/../../../data/tmp/',
'scan_keys' => false,
// in case you want to use a different HTMLPurifier source, specify it here
// By default, those files are used that are being shipped with PHPIDS
- 'HTML_Purifier_Path' => 'vendors/htmlpurifier/HTMLPurifier.auto.php',
- 'HTML_Purifier_Cache' => 'vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer',
+ 'HTML_Purifier_Path' => Locator::expandFilePath('IDS/vendors/htmlpurifier/HTMLPurifier.auto.php'),
+ 'HTML_Purifier_Cache' => 'IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer',
// define which fields contain html and need preparation before hitting the PHPIDS rules(new in PHPIDS 0.5)
'html' => array(),
// define which fields contain JSON data and should be treated as such; for fewer false positives(new in PHPIDS 0.5.3)
View
2  src/ZeSecurity/IDS/Monitor.php
@@ -54,6 +54,8 @@ public function setConfig($config)
public function initMonitor()
{
try {
+ require_once('IDS/Init.php');
+ require_once('IDS/Monitor.php');
$init = IDS_Init::init();
$init->setConfig($this->config['options']);
$request = $this->getRequest();
View
20 src/ZeSecurity/IDS/Util/Locator.php
@@ -0,0 +1,20 @@
+<?php
+namespace ZeSecurity\IDS\Util;
+
+class Locator
+{
+ /**
+ * Expand the file path using the current include path
+ * @static
+ * @param string $file
+ * @return string
+ */
+ public static function expandFilePath($file)
+ {
+ $ps = explode(PATH_SEPARATOR, ini_get('include_path'));
+ foreach ($ps as $path) {
+ if (file_exists($path . '/' . $file)) return $path . '/' . $file;
+ }
+ return $file;
+ }
+}
View
5 vendor/IDS/.htaccess
@@ -1,5 +0,0 @@
-# in case PHPIDS is placed in the web-root
-deny from all
-
-# silence is golden
-php_flag display_errors off
View
84 vendor/IDS/Caching.php
@@ -1,84 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * Caching factory
- *
- * This class is used as a factory to load the correct concrete caching
- * implementation.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Factory.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching
-{
-
- /**
- * Factory method
- *
- * @param object $init the IDS_Init object
- * @param string $type the caching type
- *
- * @return object the caching facility
- */
- public static function factory($init, $type)
- {
-
- $object = false;
- $wrapper = preg_replace(
- '/\W+/m',
- null,
- ucfirst($init->config['Caching']['caching'])
- );
- $class = 'IDS_Caching_' . $wrapper;
- $object = call_user_func(array($class, 'getInstance'),
- $type, $init);
- return $object;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
149 vendor/IDS/Caching/Apc.php
@@ -1,149 +0,0 @@
-<?php
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * APC caching wrapper
- *
- * This class inhabits functionality to get and set cache via memcached.
- *
- * @category Security
- * @package PHPIDS
- * @author Yves Berkholz <godzilla80@gmx.net>
- * @copyright 2007-2009 The PHPIDS Groupoup
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id$
- * @link http://php-ids.org/
- * @since Version 0.6.5
- */
-class IDS_Caching_Apc implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Flag if the filter storage has been found in memcached
- *
- * @var boolean
- */
- private $isCached = false;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param array $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Apc($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data
- *
- * @param array $data the caching data
- *
- * @return object $this
- */
- public function setCache(array $data)
- {
- if(!$this->isCached)
- apc_store($this->config['key_prefix'] . '.storage',
- $data, $this->config['expiration_time']);
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
- $data = apc_fetch($this->config['key_prefix'] . '.storage');
- $this->isCached = !empty($data);
- return $data;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
289 vendor/IDS/Caching/Database.php
@@ -1,289 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * Needed SQL:
- *
-
- #create the database
-
- CREATE DATABASE IF NOT EXISTS `phpids` DEFAULT CHARACTER
- SET utf8 COLLATE utf8_general_ci;
- DROP TABLE IF EXISTS `cache`;
-
- #now select the created datbase and create the table
-
- CREATE TABLE `cache` (
- `type` VARCHAR( 32 ) NOT null ,
- `data` TEXT NOT null ,
- `created` DATETIME NOT null ,
- `modified` DATETIME NOT null
- ) ENGINE = MYISAM ;
- */
-
-/**
- * Database caching wrapper
- *
- * This class inhabits functionality to get and set cache via a database.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Groupup
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Database.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_Database implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * DBH
- *
- * @var object
- */
- private $handle = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
- /**
- * Constructor
- *
- * Connects to database.
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
- $this->handle = $this->_connect();
- }
-
- /**
- * Returns an instance of this class
- *
- * @static
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Database($type, $init);
- }
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data into the database
- *
- * @param array $data the caching data
- *
- * @throws PDOException if a db error occurred
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- $handle = $this->handle;
-
- $rows = $handle->query('SELECT created FROM `' .
- $this->config['table'].'`');
-
- if (!$rows || $rows->rowCount() === 0) {
-
- $this->_write($handle, $data);
- } else {
-
- foreach ($rows as $row) {
-
- if ((time()-strtotime($row['created'])) >
- $this->config['expiration_time']) {
-
- $this->_write($handle, $data);
- }
- }
- }
-
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @throws PDOException if a db error occurred
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- try{
- $handle = $this->handle;
- $result = $handle->prepare('SELECT * FROM `' .
- $this->config['table'] .
- '` where type=?');
- $result->execute(array($this->type));
-
- foreach ($result as $row) {
- return unserialize($row['data']);
- }
-
- } catch (PDOException $e) {
- throw new PDOException('PDOException: ' . $e->getMessage());
- }
- return false;
- }
-
- /**
- * Connect to database and return a handle
- *
- * @return object PDO
- * @throws Exception if connection parameters are faulty
- * @throws PDOException if a db error occurred
- */
- private function _connect()
- {
-
- // validate connection parameters
- if (!$this->config['wrapper']
- || !$this->config['user']
- || !$this->config['password']
- || !$this->config['table']) {
-
- throw new Exception('
- Insufficient connection parameters'
- );
- }
-
- // try to connect
- try {
- $handle = new PDO(
- $this->config['wrapper'],
- $this->config['user'],
- $this->config['password']
- );
- $handle->setAttribute(
- PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true
- );
-
- } catch (PDOException $e) {
- throw new PDOException('PDOException: ' . $e->getMessage());
- }
- return $handle;
- }
-
- /**
- * Write the cache data to the table
- *
- * @param object $handle the database handle
- * @param array $data the caching data
- *
- * @return object PDO
- * @throws PDOException if a db error occurred
- */
- private function _write($handle, $data)
- {
-
- try {
- $handle->query('TRUNCATE ' .
- $this->config['table'].'');
- $statement = $handle->prepare('
- INSERT INTO `' .
- $this->config['table'].'` (
- type,
- data,
- created,
- modified
- )
- VALUES (
- :type,
- :data,
- now(),
- now()
- )
- ');
-
- $statement->bindParam('type',
- $handle->quote($this->type));
- $statement->bindParam('data', serialize($data));
-
- if (!$statement->execute()) {
- throw new PDOException($statement->errorCode());
- }
-
- } catch (PDOException $e) {
- throw new PDOException('PDOException: ' . $e->getMessage());
- }
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
185 vendor/IDS/Caching/File.php
@@ -1,185 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * File caching wrapper
- *
- * This class inhabits functionality to get and set cache via a static flatfile.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:File.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_File implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Path to cache file
- *
- * @var string
- */
- private $path = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
- $this->path = $init->getBasePath() . $this->config['path'];
-
- if (file_exists($this->path) && !is_writable($this->path)) {
- throw new Exception('Make sure all files in ' .
- htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') .
- 'are writeable!');
- }
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_File($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data into the file
- *
- * @param array $data the cache data
- *
- * @throws Exception if cache file couldn't be created
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- if (!is_writable(preg_replace('/[\/][^\/]+\.[^\/]++$/', null,
- $this->path))) {
- throw new Exception('Temp directory ' .
- htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') .
- ' seems not writable');
- }
-
- if ((!file_exists($this->path) || (time()-filectime($this->path)) >
- $this->config['expiration_time'])) {
- $handle = @fopen($this->path, 'w+');
- $serialized = @serialize($data);
-
- if (!$handle) {
- throw new Exception("Cache file couldn't be created");
- }
- if (!$serialized) {
- throw new Exception("Cache data couldn't be serialized");
- }
-
- fwrite($handle, $serialized);
- fclose($handle);
- }
-
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- // make sure filters are parsed again if cache expired
- if (file_exists($this->path) && (time()-filectime($this->path)) <
- $this->config['expiration_time']) {
- $data = unserialize(file_get_contents($this->path));
- return $data;
- }
-
- return false;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
73 vendor/IDS/Caching/Interface.php
@@ -1,73 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * Caching wrapper interface
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @version SVN: $Id:Interface.php 517 2007-09-15 15:04:13Z mario $
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @since Version 0.4
- * @link http://php-ids.org/
- */
-interface IDS_Caching_Interface
-{
- /**
- * Interface method
- *
- * @param array $data the cache data
- *
- * @return void
- */
- public function setCache(array $data);
-
- /**
- * Interface method
- *
- * @return void
- */
- public function getCache();
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
193 vendor/IDS/Caching/Memcached.php
@@ -1,193 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * File caching wrapper
- *
- * This class inhabits functionality to get and set cache via memcached.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Groupoup
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Memcached.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_Memcached implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Flag if the filter storage has been found in memcached
- *
- * @var boolean
- */
- private $isCached = false;
-
- /**
- * Memcache object
- *
- * @var object
- */
- private $memcache = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param array $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
-
- $this->type = $type;
- $this->config = $init->config['Caching'];
-
- $this->_connect();
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Memcached($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data
- *
- * @param array $data the caching data
- *
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- if(!$this->isCached) {
- $this->memcache->set(
- $this->config['key_prefix'] . '.storage',
- $data, false, $this->config['expiration_time']
- );
- }
-
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is
- * not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- $data = $this->memcache->get(
- $this->config['key_prefix'] .
- '.storage'
- );
- $this->isCached = !empty($data);
-
- return $data;
- }
-
- /**
- * Connect to the memcached server
- *
- * @throws Exception if connection parameters are insufficient
- * @return void
- */
- private function _connect()
- {
-
- if ($this->config['host'] && $this->config['port']) {
- // establish the memcache connection
- $this->memcache = new Memcache;
- $this->memcache->pconnect(
- $this->config['host'],
- $this->config['port']
- );
-
- } else {
- throw new Exception('Insufficient connection parameters');
- }
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
144 vendor/IDS/Caching/Session.php
@@ -1,144 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * File caching wrapper
- *
- * This class inhabits functionality to get and set cache via session.
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Session.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- * @since Version 0.4
- */
-class IDS_Caching_Session implements IDS_Caching_Interface
-{
-
- /**
- * Caching type
- *
- * @var string
- */
- private $type = null;
-
- /**
- * Cache configuration
- *
- * @var array
- */
- private $config = null;
-
- /**
- * Holds an instance of this class
- *
- * @var object
- */
- private static $cachingInstance = null;
-
- /**
- * Constructor
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return void
- */
- public function __construct($type, $init)
- {
- $this->type = $type;
- $this->config = $init->config['Caching'];
- }
-
- /**
- * Returns an instance of this class
- *
- * @param string $type caching type
- * @param object $init the IDS_Init object
- *
- * @return object $this
- */
- public static function getInstance($type, $init)
- {
-
- if (!self::$cachingInstance) {
- self::$cachingInstance = new IDS_Caching_Session($type, $init);
- }
-
- return self::$cachingInstance;
- }
-
- /**
- * Writes cache data into the session
- *
- * @param array $data the caching data
- *
- * @return object $this
- */
- public function setCache(array $data)
- {
-
- $_SESSION['PHPIDS'][$this->type] = $data;
- return $this;
- }
-
- /**
- * Returns the cached data
- *
- * Note that this method returns false if either type or file cache is not set
- *
- * @return mixed cache data or false
- */
- public function getCache()
- {
-
- if ($this->type && $_SESSION['PHPIDS'][$this->type]) {
- return $_SESSION['PHPIDS'][$this->type];
- }
-
- return false;
- }
-}
-
-/**
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: sw=4 ts=4 expandtab
- */
View
89 vendor/IDS/Config/Config.ini.php
@@ -1,89 +0,0 @@
-; <?php die(); ?>
-
-; PHPIDS Config.ini
-
-; General configuration settings
-
-
-[General]
-
- ; basic settings - customize to make the PHPIDS work at all
- filter_type = xml
-
- base_path = /full/path/to/IDS/
- use_base_path = false
-
- filter_path = default_filter.xml
- tmp_path = tmp
- scan_keys = false
-
- ; in case you want to use a different HTMLPurifier source, specify it here
- ; By default, those files are used that are being shipped with PHPIDS
- HTML_Purifier_Path = vendors/htmlpurifier/HTMLPurifier.auto.php
- HTML_Purifier_Cache = vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
-
- ; define which fields contain html and need preparation before
- ; hitting the PHPIDS rules (new in PHPIDS 0.5)
- ;html[] = POST.__wysiwyg
-
- ; define which fields contain JSON data and should be treated as such
- ; for fewer false positives (new in PHPIDS 0.5.3)
- ;json[] = POST.__jsondata
-
- ; define which fields shouldn't be monitored (a[b]=c should be referenced via a.b)
- exceptions[] = GET.__utmz
- exceptions[] = GET.__utmc
-
- ; you can use regular expressions for wildcard exceptions - example: /.*foo/i
-
- ; PHPIDS should run with PHP 5.1.2 but this is untested - set
- ; this value to force compatibilty with minor versions
- min_php_version = 5.1.6
-
-; If you use the PHPIDS logger you can define specific configuration here
-
-[Logging]
-
- ; file logging
- path = tmp/phpids_log.txt
-
- ; email logging
-
- ; note that enabling safemode you can prevent spam attempts,
- ; see documentation
- recipients[] = test@test.com.invalid
- subject = "PHPIDS detected an intrusion attempt!"
- header = "From: <PHPIDS> info@phpids.org"
- envelope = ""
- safemode = true
- urlencode = true
- allowed_rate = 15
-
- ; database logging
-
- wrapper = "mysql:host=localhost;port=3306;dbname=phpids"
- user = phpids_user
- password = 123456
- table = intrusions
-
-; If you would like to use other methods than file caching you can configure them here
-
-[Caching]
-
- ; caching: session|file|database|memcached|none
- caching = file
- expiration_time = 600
-
- ; file cache
- path = tmp/default_filter.cache
-
- ; database cache
- wrapper = "mysql:host=localhost;port=3306;dbname=phpids"
- user = phpids_user
- password = 123456
- table = cache
-
- ; memcached
- ;host = localhost
- ;port = 11211
- ;key_prefix = PHPIDS
View
750 vendor/IDS/Converter.php
@@ -1,750 +0,0 @@
-<?php
-
-/**
- * PHPIDS
- *
- * Requirements: PHP5, SimpleXML
- *
- * Copyright (c) 2008 PHPIDS group (https://phpids.org)
- *
- * PHPIDS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, version 3 of the License, or
- * (at your option) any later version.
- *
- * PHPIDS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
- *
- * PHP version 5.1.6+
- *
- * @category Security
- * @package PHPIDS
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @link http://php-ids.org/
- */
-
-/**
- * PHPIDS specific utility class to convert charsets manually
- *
- * Note that if you make use of IDS_Converter::runAll(), existing class
- * methods will be executed in the same order as they are implemented in the
- * class tree!
- *
- * @category Security
- * @package PHPIDS
- * @author Christian Matthies <ch0012@gmail.com>
- * @author Mario Heiderich <mario.heiderich@gmail.com>
- * @author Lars Strojny <lars@strojny.net>
- * @copyright 2007-2009 The PHPIDS Group
- * @license http://www.gnu.org/licenses/lgpl.html LGPL
- * @version Release: $Id:Converter.php 517 2007-09-15 15:04:13Z mario $
- * @link http://php-ids.org/
- */
-class IDS_Converter
-{
- /**
- * Runs all converter functions
- *
- * Note that if you make use of IDS_Converter::runAll(), existing class
- * methods will be executed in the same order as they are implemented in the
- * class tree!
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function runAll($value)
- {
- foreach (get_class_methods(__CLASS__) as $method) {
-
- if (strpos($method, 'run') === 0) {
- continue;
- }
- $value = self::$method($value);
- }
-
- return $value;
- }
-
- /**
- * Check for comments and erases them if available
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromCommented($value)
- {
- // check for existing comments
- if (preg_match('/(?:\<!-|-->|\/\*|\*\/|\/\/\W*\w+\s*$)|' .
- '(?:--[^-]*-)/ms', $value)) {
-
- $pattern = array(
- '/(?:(?:<!)(?:(?:--(?:[^-]*(?:-[^-]+)*)--\s*)*)(?:>))/ms',
- '/(?:(?:\/\*\/*[^\/\*]*)+\*\/)/ms',
- '/(?:--[^-]*-)/ms'
- );
-
- $converted = preg_replace($pattern, ';', $value);
- $value .= "\n" . $converted;
- }
-
- //make sure inline comments are detected and converted correctly
- $value = preg_replace('/(<\w+)\/+(\w+=?)/m', '$1/$2', $value);
- $value = preg_replace('/[^\\\:]\/\/(.*)$/m', '/**/$1', $value);
- $value = preg_replace('/([^\-&])#.*[\r\n\v\f]/m', '$1', $value);
- $value = preg_replace('/([^&\-])#.*\n/m', '$1 ', $value);
- $value = preg_replace('/^#.*\n/m', ' ', $value);
-
- return $value;
- }
-
- /**
- * Strip newlines
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromWhiteSpace($value)
- {
- //check for inline linebreaks
- $search = array('\r', '\n', '\f', '\t', '\v');
- $value = str_replace($search, ';', $value);
-
- // replace replacement characters regular spaces
- $value = str_replace('', ' ', $value);
-
- //convert real linebreaks
- return preg_replace('/(?:\n|\r|\v)/m', ' ', $value);
- }
-
- /**
- * Checks for common charcode pattern and decodes them
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromJSCharcode($value)
- {
- $matches = array();
-
- // check if value matches typical charCode pattern
- if (preg_match_all('/(?:[\d+-=\/\* ]+(?:\s?,\s?[\d+-=\/\* ]+)){4,}/ms',
- $value, $matches)) {
-
- $converted = '';
- $string = implode(',', $matches[0]);
- $string = preg_replace('/\s/', '', $string);
- $string = preg_replace('/\w+=/', '', $string);
- $charcode = explode(',', $string);
-
- foreach ($charcode as $char) {
- $char = preg_replace('/\W0/s', '', $char);
-
- if (preg_match_all('/\d*[+-\/\* ]\d+/', $char, $matches)) {
- $match = preg_split('/(\W?\d+)/',
- (implode('', $matches[0])),
- null,
- PREG_SPLIT_DELIM_CAPTURE);
-
- if (array_sum($match) >= 20 && array_sum($match) <= 127) {
- $converted .= chr(array_sum($match));
- }
-
- } elseif (!empty($char) && $char >= 20 && $char <= 127) {
- $converted .= chr($char);
- }
- }
-
- $value .= "\n" . $converted;
- }
-
- // check for octal charcode pattern
- if (preg_match_all('/(?:(?:[\\\]+\d+[ \t]*){8,})/ims', $value, $matches)) {
-
- $converted = '';
- $charcode = explode('\\', preg_replace('/\s/', '', implode(',',
- $matches[0])));
-
- foreach ($charcode as $char) {
- if (!empty($char)) {
- if (octdec($char) >= 20 && octdec($char) <= 127) {
- $converted .= chr(octdec($char));
- }
- }
- }
- $value .= "\n" . $converted;
- }
-
- // check for hexadecimal charcode pattern
- if (preg_match_all('/(?:(?:[\\\]+\w+\s*){8,})/ims', $value, $matches)) {
-
- $converted = '';
- $charcode = explode('\\', preg_replace('/[ux]/', '', implode(',',
- $matches[0])));
-
- foreach ($charcode as $char) {
- if (!empty($char)) {
- if (hexdec($char) >= 20 && hexdec($char) <= 127) {
- $converted .= chr(hexdec($char));
- }
- }
- }
- $value .= "\n" . $converted;
- }
-
- return $value;
- }
-
- /**
- * Eliminate JS regex modifiers
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertJSRegexModifiers($value)
- {
- $value = preg_replace('/\/[gim]+/', '/', $value);
-
- return $value;
- }
-
- /**
- * Converts from hex/dec entities
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertEntities($value)
- {
- $converted = null;
-
- //deal with double encoded payload
- $value = preg_replace('/&amp;/', '&', $value);
-
- if (preg_match('/&#x?[\w]+/ms', $value)) {
- $converted = preg_replace('/(&#x?[\w]{2}\d?);?/ms', '$1;', $value);
- $converted = html_entity_decode($converted, ENT_QUOTES, 'UTF-8');
- $value .= "\n" . str_replace(';;', ';', $converted);
- }
- // normalize obfuscated protocol handlers
- $value = preg_replace(
- '/(?:j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:)|(d\s*a\s*t\s*a\s*:)/ms',
- 'javascript:', $value
- );
-
- return $value;
- }
-
- /**
- * Normalize quotes
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertQuotes($value)
- {
- // normalize different quotes to "
- $pattern = array('\'', '`', '´', '', '');
- $value = str_replace($pattern, '"', $value);
-
- //make sure harmless quoted strings don't generate false alerts
- $value = preg_replace('/^"([^"=\\!><~]+)"$/', '$1', $value);
-
- return $value;
- }
-
- /**
- * Converts SQLHEX to plain text
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromSQLHex($value)
- {
- $matches = array();
- if(preg_match_all('/(?:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+/im', $value, $matches)) {
- foreach($matches[0] as $match) {
- $converted = '';
- foreach(str_split($match, 2) as $hex_index) {
- if(preg_match('/[a-f\d]{2,3}/i', $hex_index)) {
- $converted .= chr(hexdec($hex_index));
- }
- }
- $value = str_replace($match, $converted, $value);
- }
- }
- // take care of hex encoded ctrl chars
- $value = preg_replace('/0x\d+/m', ' 1 ', $value);
-
- return $value;
- }
-
- /**
- * Converts basic SQL keywords and obfuscations
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromSQLKeywords($value)
- {
- $pattern = array('/(?:is\s+null)|(like\s+null)|' .
- '(?:(?:^|\W)in[+\s]*\([\s\d"]+[^()]*\))/ims');
- $value = preg_replace($pattern, '"=0', $value);
-
- $value = preg_replace('/[^\w\)]+\s*like\s*[^\w\s]+/ims', '1" OR "1"', $value);
- $value = preg_replace('/null([,"\s])/ims', '0$1', $value);
- $value = preg_replace('/\d+\./ims', ' 1', $value);
- $value = preg_replace('/,null/ims', ',0', $value);
- $value = preg_replace('/(?:between)/ims', 'or', $value);
- $value = preg_replace('/(?:and\s+\d+\.?\d*)/ims', '', $value);
- $value = preg_replace('/(?:\s+and\s+)/ims', ' or ', $value);
-
- $pattern = array('/(?:not\s+between)|(?:is\s+not)|(?:not\s+in)|' .
- '(?:xor|<>|rlike(?:\s+binary)?)|' .
- '(?:regexp\s+binary)|' .
- '(?:sounds\s+like)/ims');
- $value = preg_replace($pattern, '!', $value);
- $value = preg_replace('/"\s+\d/', '"', $value);
- $value = preg_replace('/(\W)div(\W)/ims', '$1 OR $2', $value);
- $value = preg_replace('/\/(?:\d+|null)/', null, $value);
-
- return $value;
- }
-
- /**
- * Detects nullbytes and controls chars via ord()
- *
- * @param string $value the value to convert
- *
- * @static
- * @return string
- */
- public static function convertFromControlChars($value)
- {
- // critical ctrl values
- $search = array(
- chr(0), chr(1), chr(2), chr(3), chr(4), chr(5),
- chr(6), chr(7), chr(8), chr(11), chr(12), chr(14),
- chr(15), chr(16), chr(17), chr(18), chr(19), chr(24),
- chr(25), chr(192), chr(193), chr(238), chr(255), '\\0'
- );
-
- $value = str_replace($search, '%00', $value);
-
- //take care for malicious unicode characters
- $value = urldecode(preg_replace('/(?:%E(?:2|3)%8(?:0|1)%(?:A|8|9)' .
- '\w|%EF%BB%BF|%EF%BF%BD)|(?:&#(?:65|8)\d{3};?)/i', null,
- urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%BE)/i', '>', urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%BC)/i', '<', urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%A2)/i', '"', urlencode($value)));
- $value = urldecode(
- preg_replace('/(?:%F0%80%A7)/i', '\'', urlencode($value)));
-
- $value = preg_replace('/(?:%ff1c)/', '<', $value);
- $value = preg_replace(
- '/(?:&[#x]*(200|820|200|820|zwn?j|lrm|rlm)\w?;?)/i', null,$value
- );
- $value = preg_replace('/(?:&#(?:65|8)\d{3};?)|' .
- '(?:&#(?:56|7)3\d{2};?)|' .
- '(?:&#x(?:fe|20)\w{2};?)|' .
- '(?:&#x(?:d[c-f])\w{2};?)/i', null,
- $value);
-
- $value = str_replace(
- array('«', '', '', '', '', ''), '<', $value
- );