Merge branch 'work-3.0.5.4p3' into 'stable-3.0.5'
Work for 3.0.5.4p4
See merge request !123
209 files modified
31 files added
1,685 files deleted
| | |
|---|
| | | |
|---|
| | | function configure_postfix($options = '') |
|---|
| | | { |
|---|
| | | global $conf; |
|---|
| | | global $conf,$autoinstall; |
|---|
| | | $cf = $conf['postfix']; |
|---|
| | | $config_dir = $cf['config_dir']; |
|---|
| | | |
|---|
| | |
|---|
| | | //* copy the ISPConfig server part |
|---|
| | | $command = "cp -rf ../server $install_dir"; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make a backup of the security settings |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~'); |
|---|
| | | |
|---|
| | | //* copy the ISPConfig security part |
|---|
| | | $command = 'cp -rf ../security '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Apply changed security_settings.ini values to new security_settings.ini file |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) { |
|---|
| | | $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~')); |
|---|
| | | $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini')); |
|---|
| | | if(is_array($security_settings_new) && is_array($security_settings_old)) { |
|---|
| | | foreach($security_settings_new as $section => $sval) { |
|---|
| | | if(is_array($sval)) { |
|---|
| | | foreach($sval as $key => $val) { |
|---|
| | | if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) { |
|---|
| | | $security_settings_new[$section][$key] = $security_settings_old[$section][$key]; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Create a symlink, so ISPConfig is accessible via web |
|---|
| | | // Replaced by a separate vhost definition for port 8080 |
|---|
| | |
|---|
| | | $this->db->query($sql); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Chmod the files |
|---|
| | | $command = "chmod -R 750 $install_dir"; |
|---|
| | | // chown install dir to root and chmod 755 |
|---|
| | | $command = 'chown root:root '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chmod 755 '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the files to the ispconfig user and group |
|---|
| | | $command = "chown -R ispconfig:ispconfig $install_dir"; |
|---|
| | | //* Chmod the files and directories in the install dir |
|---|
| | | $command = 'chmod -R 750 '.$install_dir.'/*'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the interface files to the ispconfig user and group |
|---|
| | | $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the server files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/server'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security directory and security_settings.ini to root:ispconfig |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make the global language file directory group writable |
|---|
| | |
|---|
| | | |
|---|
| | | public function configure_postfix($options = '') |
|---|
| | | { |
|---|
| | | global $conf; |
|---|
| | | global $conf,$autoinstall; |
|---|
| | | |
|---|
| | | $cf = $conf['postfix']; |
|---|
| | | $config_dir = $cf['config_dir']; |
|---|
| | |
|---|
| | | $command = 'cd '.$config_dir.'; ' |
|---|
| | | .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509'; |
|---|
| | | } |
|---|
| | | exec($command); |
|---|
| | | |
|---|
| | | $command = 'chmod o= '.$config_dir.'/smtpd.key'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command); |
|---|
| | |
|---|
| | | //* copy the ISPConfig server part |
|---|
| | | $command = "cp -rf ../server $install_dir"; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make a backup of the security settings |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~'); |
|---|
| | | |
|---|
| | | //* copy the ISPConfig security part |
|---|
| | | $command = 'cp -rf ../security '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Apply changed security_settings.ini values to new security_settings.ini file |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) { |
|---|
| | | $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~')); |
|---|
| | | $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini')); |
|---|
| | | if(is_array($security_settings_new) && is_array($security_settings_old)) { |
|---|
| | | foreach($security_settings_new as $section => $sval) { |
|---|
| | | if(is_array($sval)) { |
|---|
| | | foreach($sval as $key => $val) { |
|---|
| | | if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) { |
|---|
| | | $security_settings_new[$section][$key] = $security_settings_old[$section][$key]; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | //* Create the config file for ISPConfig interface |
|---|
| | |
|---|
| | | $this->db->query($sql); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Chmod the files |
|---|
| | | $command = "chmod -R 750 $install_dir"; |
|---|
| | | // chown install dir to root and chmod 755 |
|---|
| | | $command = 'chown root:root '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chmod 755 '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the files to the ispconfig user and group |
|---|
| | | $command = "chown -R ispconfig:ispconfig $install_dir"; |
|---|
| | | //* Chmod the files and directories in the install dir |
|---|
| | | $command = 'chmod -R 750 '.$install_dir.'/*'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the interface files to the ispconfig user and group |
|---|
| | | $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the server files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/server'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security directory and security_settings.ini to root:ispconfig |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make the global language file directory group writable |
|---|
| | |
|---|
| | | |
|---|
| | | function configure_postfix($options = '') |
|---|
| | | { |
|---|
| | | global $conf; |
|---|
| | | global $conf,$autoinstall; |
|---|
| | | $cf = $conf['postfix']; |
|---|
| | | $config_dir = $cf['config_dir']; |
|---|
| | | |
|---|
| | |
|---|
| | | $command = 'cd '.$config_dir.'; ' |
|---|
| | | .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509'; |
|---|
| | | } |
|---|
| | | exec($command); |
|---|
| | | |
|---|
| | | $command = 'chmod o= '.$config_dir.'/smtpd.key'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command); |
|---|
| | |
|---|
| | | //* copy the ISPConfig server part |
|---|
| | | $command = "cp -rf ../server $install_dir"; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make a backup of the security settings |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~'); |
|---|
| | | |
|---|
| | | //* copy the ISPConfig security part |
|---|
| | | $command = 'cp -rf ../security '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Apply changed security_settings.ini values to new security_settings.ini file |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) { |
|---|
| | | $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~')); |
|---|
| | | $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini')); |
|---|
| | | if(is_array($security_settings_new) && is_array($security_settings_old)) { |
|---|
| | | foreach($security_settings_new as $section => $sval) { |
|---|
| | | if(is_array($sval)) { |
|---|
| | | foreach($sval as $key => $val) { |
|---|
| | | if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) { |
|---|
| | | $security_settings_new[$section][$key] = $security_settings_old[$section][$key]; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Create a symlink, so ISPConfig is accessible via web |
|---|
| | | // Replaced by a separate vhost definition for port 8080 |
|---|
| | |
|---|
| | | $this->db->query($sql); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Chmod the files |
|---|
| | | $command = "chmod -R 750 $install_dir"; |
|---|
| | | // chown install dir to root and chmod 755 |
|---|
| | | $command = 'chown root:root '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chmod 755 '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the files to the ispconfig user and group |
|---|
| | | $command = "chown -R ispconfig:ispconfig $install_dir"; |
|---|
| | | //* Chmod the files and directories in the install dir |
|---|
| | | $command = 'chmod -R 750 '.$install_dir.'/*'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the interface files to the ispconfig user and group |
|---|
| | | $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the server files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/server'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security directory and security_settings.ini to root:ispconfig |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make the global language file directory group writable |
|---|
| | |
|---|
| | | |
|---|
| | | } //* << $install_mode / 'Standard' or Genius |
|---|
| | | |
|---|
| | | //* Create md5 filelist |
|---|
| | | $md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5'; |
|---|
| | | exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename); |
|---|
| | | chmod($md5_filename,0700); |
|---|
| | | |
|---|
| | | |
|---|
| | | echo "Installation completed.\n"; |
|---|
| | | |
|---|
| | |
|---|
| | | copy('tpl/mailman-virtual_to_transport.sh', $full_file_name); |
|---|
| | | } |
|---|
| | | chgrp($full_file_name, 'list'); |
|---|
| | | chmod($full_file_name, 0750); |
|---|
| | | chmod($full_file_name, 0755); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Create aliasaes |
|---|
| | |
|---|
| | | //* copy the ISPConfig server part |
|---|
| | | $command = 'cp -rf ../server '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make a backup of the security settings |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~'); |
|---|
| | | |
|---|
| | | //* copy the ISPConfig security part |
|---|
| | | $command = 'cp -rf ../security '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Apply changed security_settings.ini values to new security_settings.ini file |
|---|
| | | if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) { |
|---|
| | | $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~')); |
|---|
| | | $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini')); |
|---|
| | | if(is_array($security_settings_new) && is_array($security_settings_old)) { |
|---|
| | | foreach($security_settings_new as $section => $sval) { |
|---|
| | | if(is_array($sval)) { |
|---|
| | | foreach($sval as $key => $val) { |
|---|
| | | if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) { |
|---|
| | | $security_settings_new[$section][$key] = $security_settings_old[$section][$key]; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Create a symlink, so ISPConfig is accessible via web |
|---|
| | | // Replaced by a separate vhost definition for port 8080 |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | //* Chmod the files |
|---|
| | | $command = 'chmod -R 750 '.$install_dir; |
|---|
| | | // chown install dir to root and chmod 755 |
|---|
| | | $command = 'chown root:root '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chmod 755 '.$install_dir; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the files to the ispconfig user and group |
|---|
| | | $command = 'chown -R ispconfig:ispconfig '.$install_dir; |
|---|
| | | //* Chmod the files and directories in the install dir |
|---|
| | | $command = 'chmod -R 750 '.$install_dir.'/*'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the interface files to the ispconfig user and group |
|---|
| | | $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the server files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/server'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security files to the root user and group |
|---|
| | | $command = 'chown -R root:root '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* chown the security directory and security_settings.ini to root:ispconfig |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist'; |
|---|
| | | caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
|---|
| | | |
|---|
| | | //* Make the global language file directory group writable |
|---|
| | |
|---|
| | | |
|---|
| | | // Add symlink for patch tool |
|---|
| | | if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch'); |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function configure_dbserver() { |
|---|
| | |
|---|
| | | chmod($conf['ispconfig_log_dir'].'/cron.log', 0660); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | // This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases |
|---|
| | | public function cleanup_ispconfig() { |
|---|
| | | global $app,$conf; |
|---|
| | | |
|---|
| | | // Remove directories recursively |
|---|
| | | if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer'); |
|---|
| | | if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304'); |
|---|
| | | |
|---|
| | | // Remove files |
|---|
| | | if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php'); |
|---|
| | | if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php'); |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function getinitcommand($servicename, $action, $init_script_directory = ''){ |
|---|
| | | global $conf; |
|---|
| | |
|---|
| | | -- Dumping data for table `sys_config` |
|---|
| | | -- |
|---|
| | | |
|---|
| | | INSERT INTO sys_config VALUES ('db','db_version','3.0.5.4p2'); |
|---|
| | | INSERT INTO sys_config VALUES ('db','db_version','3.0.5.4p3'); |
|---|
| | | INSERT INTO sys_config VALUES ('interface','session_timeout','0'); |
|---|
| | | |
|---|
| | | SET FOREIGN_KEY_CHECKS = 1; |
|---|
| | |
|---|
| | | export PHPRC |
|---|
| | | export PHP_FCGI_MAX_REQUESTS=5000 |
|---|
| | | export PHP_FCGI_CHILDREN=1 |
|---|
| | | exec {fastcgi_bin} -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/server/temp |
|---|
| | | exec {fastcgi_bin} -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/interface/temp |
|---|
| | |
|---|
| | | |
|---|
| | | //** Application |
|---|
| | | define('ISPC_APP_TITLE', 'ISPConfig'); |
|---|
| | | define('ISPC_APP_VERSION', '3.0.5.4p2'); |
|---|
| | | define('ISPC_APP_VERSION', '3.0.5.4p3'); |
|---|
| | | define('DEVSYSTEM', 0); |
|---|
| | | |
|---|
| | | |
|---|
| | |
|---|
| | | chdir = / |
|---|
| | | |
|---|
| | | ; php_admin_value[open_basedir] = /usr/local/ispconfig/interface:/usr/share |
|---|
| | | php_admin_value[session.save_path] = /usr/local/ispconfig/server/temp |
|---|
| | | php_admin_value[session.save_path] = /usr/local/ispconfig/interface/temp |
|---|
| | | php_admin_flag[magic_quotes_gpc] = off |
|---|
| | |
|---|
| | | |
|---|
| | | $inst->install_ispconfig(); |
|---|
| | | |
|---|
| | | // Cleanup |
|---|
| | | $inst->cleanup_ispconfig(); |
|---|
| | | |
|---|
| | | //** Configure Crontab |
|---|
| | | $update_crontab_answer = $inst->simple_query('Reconfigure Crontab?', array('yes', 'no'), 'yes','reconfigure_crontab'); |
|---|
| | | if($update_crontab_answer == 'yes') { |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Create md5 filelist |
|---|
| | | $md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5'; |
|---|
| | | exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename); |
|---|
| | | chmod($md5_filename,0700); |
|---|
| | | |
|---|
| | | echo "Update finished.\n"; |
|---|
| | | |
|---|
| | | ?> |
|---|
| | |
|---|
| | | private $_wb; |
|---|
| | | private $_loaded_classes = array(); |
|---|
| | | private $_conf; |
|---|
| | | private $_security_config; |
|---|
| | | |
|---|
| | | public $loaded_plugins = array(); |
|---|
| | | |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->uses('functions'); // we need this before all others! |
|---|
| | | $this->uses('auth,plugin'); |
|---|
| | | $this->uses('auth,plugin,ini_parser,getconf'); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function __get($prop) { |
|---|
| | |
|---|
| | | //* possible future = new app($conf); |
|---|
| | | $app = new app(); |
|---|
| | | |
|---|
| | | // load and enable PHP Intrusion Detection System (PHPIDS) |
|---|
| | | $ids_security_config = $app->getconf->get_security_config('ids'); |
|---|
| | | |
|---|
| | | if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') { |
|---|
| | | $app->uses('ids'); |
|---|
| | | $app->ids->start(); |
|---|
| | | } |
|---|
| | | unset($ids_security_config); |
|---|
| | | |
|---|
| | | ?> |
|---|
| New file |
| | |
|---|
| | | # in case PHPIDS is placed in the web-root |
|---|
| | | deny from all |
|---|
| | | |
|---|
| | | # silence is golden |
|---|
| | | php_flag display_errors off |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | |
|---|
| | | namespace IDS\Caching; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * APC caching wrapper |
|---|
| | | * |
|---|
| | | * This class inhabits functionality to get and set cache via memcached. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Yves Berkholz <godzilla80@gmx.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Groupoup |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.6.5 |
|---|
| | | */ |
|---|
| | | class ApcCache implements CacheInterface |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Caching type |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $type = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Cache configuration |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $config = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Flag if the filter storage has been found in memcached |
|---|
| | | * |
|---|
| | | * @var boolean |
|---|
| | | */ |
|---|
| | | private $isCached = false; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Holds an instance of this class |
|---|
| | | * |
|---|
| | | * @var object |
|---|
| | | */ |
|---|
| | | private static $cachingInstance = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param array $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function __construct($type, $init) |
|---|
| | | { |
|---|
| | | $this->type = $type; |
|---|
| | | $this->config = $init->config['Caching']; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns an instance of this class |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public static function getInstance($type, $init) |
|---|
| | | { |
|---|
| | | if (!self::$cachingInstance) { |
|---|
| | | self::$cachingInstance = new ApcCache($type, $init); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return self::$cachingInstance; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Writes cache data |
|---|
| | | * |
|---|
| | | * @param array $data the caching data |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public function setCache(array $data) |
|---|
| | | { |
|---|
| | | if (!$this->isCached) { |
|---|
| | | apc_store( |
|---|
| | | $this->config['key_prefix'] . '.storage', |
|---|
| | | $data, |
|---|
| | | $this->config['expiration_time'] |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns the cached data |
|---|
| | | * |
|---|
| | | * Note that this method returns false if either type or file cache is |
|---|
| | | * not set |
|---|
| | | * |
|---|
| | | * @return mixed cache data or false |
|---|
| | | */ |
|---|
| | | public function getCache() |
|---|
| | | { |
|---|
| | | $data = apc_fetch($this->config['key_prefix'] . '.storage'); |
|---|
| | | $this->isCached = !empty($data); |
|---|
| | | |
|---|
| | | return $data; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS\Caching; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Caching factory |
|---|
| | | * |
|---|
| | | * This class is used as a factory to load the correct concrete caching |
|---|
| | | * implementation. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.4 |
|---|
| | | */ |
|---|
| | | class CacheFactory |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Factory method |
|---|
| | | * |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * @param string $type the caching type |
|---|
| | | * |
|---|
| | | * @return object the caching facility |
|---|
| | | */ |
|---|
| | | public static function factory($init, $type) |
|---|
| | | { |
|---|
| | | $object = false; |
|---|
| | | $wrapper = preg_replace( |
|---|
| | | '/\W+/m', |
|---|
| | | null, |
|---|
| | | ucfirst($init->config['Caching']['caching']) |
|---|
| | | ); |
|---|
| | | $class = '\\IDS\\Caching\\' . $wrapper . 'Cache'; |
|---|
| | | $path = dirname(__FILE__) . DIRECTORY_SEPARATOR . $wrapper . 'Cache.php'; |
|---|
| | | |
|---|
| | | if (file_exists($path)) { |
|---|
| | | include_once $path; |
|---|
| | | |
|---|
| | | if (class_exists($class)) { |
|---|
| | | $object = call_user_func( |
|---|
| | | array('' . $class, 'getInstance'), |
|---|
| | | $type, |
|---|
| | | $init |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $object; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS\Caching; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Caching wrapper interface |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @since Version 0.4 |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | interface CacheInterface |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Interface method |
|---|
| | | * |
|---|
| | | * @param array $data the cache data |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function setCache(array $data); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Interface method |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function getCache(); |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS\Caching; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * |
|---|
| | | */ |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Database caching wrapper |
|---|
| | | * |
|---|
| | | * This class inhabits functionality to get and set cache via a database. |
|---|
| | | * |
|---|
| | | * Needed SQL: |
|---|
| | | * |
|---|
| | | |
|---|
| | | #create the database |
|---|
| | | |
|---|
| | | CREATE DATABASE IF NOT EXISTS `phpids` DEFAULT CHARACTER |
|---|
| | | SET utf8 COLLATE utf8_general_ci; |
|---|
| | | DROP TABLE IF EXISTS `cache`; |
|---|
| | | |
|---|
| | | #now select the created datbase and create the table |
|---|
| | | |
|---|
| | | CREATE TABLE `cache` ( |
|---|
| | | `type` VARCHAR( 32 ) NOT null , |
|---|
| | | `data` TEXT NOT null , |
|---|
| | | `created` DATETIME NOT null , |
|---|
| | | `modified` DATETIME NOT null |
|---|
| | | ) ENGINE = MYISAM ; |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Groupup |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.4 |
|---|
| | | */ |
|---|
| | | class DatabaseCache implements CacheInterface |
|---|
| | | { |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Caching type |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $type = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Cache configuration |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $config = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * DBH |
|---|
| | | * |
|---|
| | | * @var object |
|---|
| | | */ |
|---|
| | | private $handle = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Holds an instance of this class |
|---|
| | | * |
|---|
| | | * @var object |
|---|
| | | */ |
|---|
| | | private static $cachingInstance = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * Connects to database. |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function __construct($type, $init) |
|---|
| | | { |
|---|
| | | $this->type = $type; |
|---|
| | | $this->config = $init->config['Caching']; |
|---|
| | | $this->handle = $this->connect(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns an instance of this class |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public static function getInstance($type, $init) |
|---|
| | | { |
|---|
| | | |
|---|
| | | if (!self::$cachingInstance) { |
|---|
| | | self::$cachingInstance = new DatabaseCache($type, $init); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return self::$cachingInstance; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Writes cache data into the database |
|---|
| | | * |
|---|
| | | * @param array $data the caching data |
|---|
| | | * |
|---|
| | | * @throws PDOException if a db error occurred |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public function setCache(array $data) |
|---|
| | | { |
|---|
| | | $handle = $this->handle; |
|---|
| | | |
|---|
| | | $rows = $handle->query('SELECT created FROM `' . $this->config['table'].'`'); |
|---|
| | | |
|---|
| | | if (!$rows || $rows->rowCount() === 0) { |
|---|
| | | |
|---|
| | | $this->write($handle, $data); |
|---|
| | | } else { |
|---|
| | | |
|---|
| | | foreach ($rows as $row) { |
|---|
| | | |
|---|
| | | if ((time()-strtotime($row['created'])) > |
|---|
| | | $this->config['expiration_time']) { |
|---|
| | | |
|---|
| | | $this->write($handle, $data); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns the cached data |
|---|
| | | * |
|---|
| | | * Note that this method returns false if either type or file cache is |
|---|
| | | * not set |
|---|
| | | * |
|---|
| | | * @throws PDOException if a db error occurred |
|---|
| | | * @return mixed cache data or false |
|---|
| | | */ |
|---|
| | | public function getCache() |
|---|
| | | { |
|---|
| | | try { |
|---|
| | | $handle = $this->handle; |
|---|
| | | $result = $handle->prepare( |
|---|
| | | 'SELECT * FROM `' . |
|---|
| | | $this->config['table'] . |
|---|
| | | '` where type=?' |
|---|
| | | ); |
|---|
| | | $result->execute(array($this->type)); |
|---|
| | | |
|---|
| | | foreach ($result as $row) { |
|---|
| | | return unserialize($row['data']); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } catch (\PDOException $e) { |
|---|
| | | throw new \PDOException('PDOException: ' . $e->getMessage()); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Connect to database and return a handle |
|---|
| | | * |
|---|
| | | * @return object PDO |
|---|
| | | * @throws Exception if connection parameters are faulty |
|---|
| | | * @throws PDOException if a db error occurred |
|---|
| | | */ |
|---|
| | | private function connect() |
|---|
| | | { |
|---|
| | | // validate connection parameters |
|---|
| | | if (!$this->config['wrapper'] |
|---|
| | | || !$this->config['user'] |
|---|
| | | || !$this->config['password'] |
|---|
| | | || !$this->config['table']) { |
|---|
| | | |
|---|
| | | throw new \Exception('Insufficient connection parameters'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // try to connect |
|---|
| | | try { |
|---|
| | | $handle = new \PDO( |
|---|
| | | $this->config['wrapper'], |
|---|
| | | $this->config['user'], |
|---|
| | | $this->config['password'] |
|---|
| | | ); |
|---|
| | | $handle->setAttribute(\PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true); |
|---|
| | | |
|---|
| | | } catch (\PDOException $e) { |
|---|
| | | throw new \PDOException('PDOException: ' . $e->getMessage()); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $handle; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Write the cache data to the table |
|---|
| | | * |
|---|
| | | * @param object $handle the database handle |
|---|
| | | * @param array $data the caching data |
|---|
| | | * |
|---|
| | | * @return object PDO |
|---|
| | | * @throws PDOException if a db error occurred |
|---|
| | | */ |
|---|
| | | private function write($handle, $data) |
|---|
| | | { |
|---|
| | | try { |
|---|
| | | $handle->query('TRUNCATE ' . $this->config['table'].''); |
|---|
| | | $statement = $handle->prepare( |
|---|
| | | 'INSERT INTO `' . |
|---|
| | | $this->config['table'].'` ( |
|---|
| | | type, |
|---|
| | | data, |
|---|
| | | created, |
|---|
| | | modified |
|---|
| | | ) |
|---|
| | | VALUES ( |
|---|
| | | :type, |
|---|
| | | :data, |
|---|
| | | now(), |
|---|
| | | now() |
|---|
| | | )' |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $statement->bindValue( |
|---|
| | | 'type', |
|---|
| | | $handle->quote($this->type) |
|---|
| | | ); |
|---|
| | | $statement->bindValue('data', serialize($data)); |
|---|
| | | |
|---|
| | | if (!$statement->execute()) { |
|---|
| | | throw new \PDOException($statement->errorCode()); |
|---|
| | | } |
|---|
| | | } catch (\PDOException $e) { |
|---|
| | | throw new \PDOException('PDOException: ' . $e->getMessage()); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS\Caching; |
|---|
| | | |
|---|
| | | use IDS\Init; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * File caching wrapper |
|---|
| | | * |
|---|
| | | * This class inhabits functionality to get and set cache via a static flatfile. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.4 |
|---|
| | | */ |
|---|
| | | class FileCache implements CacheInterface |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Caching type |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $type; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Cache configuration |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $config; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Path to cache file |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $path; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Holds an instance of this class |
|---|
| | | * |
|---|
| | | * @var object |
|---|
| | | */ |
|---|
| | | private static $cachingInstance; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * @throws \Exception |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function __construct($type, Init $init) |
|---|
| | | { |
|---|
| | | $this->type = $type; |
|---|
| | | $this->config = $init->config['Caching']; |
|---|
| | | $this->path = $init->getBasePath() . $this->config['path']; |
|---|
| | | |
|---|
| | | if (file_exists($this->path) && !is_writable($this->path)) { |
|---|
| | | throw new \Exception( |
|---|
| | | 'Make sure all files in ' . |
|---|
| | | htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') . |
|---|
| | | 'are writeable!' |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns an instance of this class |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public static function getInstance($type, $init) |
|---|
| | | { |
|---|
| | | if (!self::$cachingInstance) { |
|---|
| | | self::$cachingInstance = new FileCache($type, $init); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return self::$cachingInstance; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Writes cache data into the file |
|---|
| | | * |
|---|
| | | * @param array $data the cache data |
|---|
| | | * |
|---|
| | | * @throws Exception if cache file couldn't be created |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public function setCache(array $data) |
|---|
| | | { |
|---|
| | | if (!is_writable(preg_replace('/[\/][^\/]+\.[^\/]++$/', null, $this->path))) { |
|---|
| | | throw new \Exception( |
|---|
| | | 'Temp directory ' . |
|---|
| | | htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') . |
|---|
| | | ' seems not writable' |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!$this->isValidFile($this->path)) { |
|---|
| | | $handle = @fopen($this->path, 'w+'); |
|---|
| | | |
|---|
| | | if (!$handle) { |
|---|
| | | throw new \Exception("Cache file couldn't be created"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $serialized = @serialize($data); |
|---|
| | | if (!$serialized) { |
|---|
| | | throw new \Exception("Cache data couldn't be serialized"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | fwrite($handle, $serialized); |
|---|
| | | fclose($handle); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns the cached data |
|---|
| | | * |
|---|
| | | * Note that this method returns false if either type or file cache is |
|---|
| | | * not set |
|---|
| | | * |
|---|
| | | * @return mixed cache data or false |
|---|
| | | */ |
|---|
| | | public function getCache() |
|---|
| | | { |
|---|
| | | // make sure filters are parsed again if cache expired |
|---|
| | | if (!$this->isValidFile($this->path)) { |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $data = unserialize(file_get_contents($this->path)); |
|---|
| | | |
|---|
| | | return $data; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns true if the cache file is still valid |
|---|
| | | * |
|---|
| | | * @param string $file |
|---|
| | | * @return bool |
|---|
| | | */ |
|---|
| | | private function isValidFile($file) |
|---|
| | | { |
|---|
| | | return file_exists($file) && time() - filectime($file) <= $this->config['expiration_time']; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS\Caching; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * File caching wrapper |
|---|
| | | * |
|---|
| | | * This class inhabits functionality to get and set cache via memcached. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Groupoup |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.4 |
|---|
| | | */ |
|---|
| | | class MemcachedCache implements CacheInterface |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Caching type |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $type = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Cache configuration |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $config = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Flag if the filter storage has been found in memcached |
|---|
| | | * |
|---|
| | | * @var boolean |
|---|
| | | */ |
|---|
| | | private $isCached = false; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Memcache object |
|---|
| | | * |
|---|
| | | * @var object |
|---|
| | | */ |
|---|
| | | private $memcache = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Holds an instance of this class |
|---|
| | | * |
|---|
| | | * @var object |
|---|
| | | */ |
|---|
| | | private static $cachingInstance = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param array $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function __construct($type, $init) |
|---|
| | | { |
|---|
| | | |
|---|
| | | $this->type = $type; |
|---|
| | | $this->config = $init->config['Caching']; |
|---|
| | | |
|---|
| | | $this->connect(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns an instance of this class |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public static function getInstance($type, $init) |
|---|
| | | { |
|---|
| | | if (!self::$cachingInstance) { |
|---|
| | | self::$cachingInstance = new MemcachedCache($type, $init); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return self::$cachingInstance; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Writes cache data |
|---|
| | | * |
|---|
| | | * @param array $data the caching data |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public function setCache(array $data) |
|---|
| | | { |
|---|
| | | if (!$this->isCached) { |
|---|
| | | $this->memcache->set( |
|---|
| | | $this->config['key_prefix'] . '.storage', |
|---|
| | | $data, |
|---|
| | | false, |
|---|
| | | $this->config['expiration_time'] |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns the cached data |
|---|
| | | * |
|---|
| | | * Note that this method returns false if either type or file cache is |
|---|
| | | * not set |
|---|
| | | * |
|---|
| | | * @return mixed cache data or false |
|---|
| | | */ |
|---|
| | | public function getCache() |
|---|
| | | { |
|---|
| | | $data = $this->memcache->get( |
|---|
| | | $this->config['key_prefix'] . |
|---|
| | | '.storage' |
|---|
| | | ); |
|---|
| | | $this->isCached = !empty($data); |
|---|
| | | |
|---|
| | | return $data; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Connect to the memcached server |
|---|
| | | * |
|---|
| | | * @throws Exception if connection parameters are insufficient |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | private function connect() |
|---|
| | | { |
|---|
| | | |
|---|
| | | if ($this->config['host'] && $this->config['port']) { |
|---|
| | | // establish the memcache connection |
|---|
| | | $this->memcache = new \Memcache; |
|---|
| | | $this->memcache->pconnect( |
|---|
| | | $this->config['host'], |
|---|
| | | $this->config['port'] |
|---|
| | | ); |
|---|
| | | |
|---|
| | | } else { |
|---|
| | | throw new \Exception('Insufficient connection parameters'); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | |
|---|
| | | namespace IDS\Caching; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * File caching wrapper |
|---|
| | | * |
|---|
| | | * This class inhabits functionality to get and set cache via session. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.4 |
|---|
| | | */ |
|---|
| | | class SessionCache implements CacheInterface |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Caching type |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $type = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Cache configuration |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $config = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Holds an instance of this class |
|---|
| | | * |
|---|
| | | * @var object |
|---|
| | | */ |
|---|
| | | private static $cachingInstance = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function __construct($type, $init) |
|---|
| | | { |
|---|
| | | $this->type = $type; |
|---|
| | | $this->config = $init->config['Caching']; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns an instance of this class |
|---|
| | | * |
|---|
| | | * @param string $type caching type |
|---|
| | | * @param object $init the IDS_Init object |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public static function getInstance($type, $init) |
|---|
| | | { |
|---|
| | | |
|---|
| | | if (!self::$cachingInstance) { |
|---|
| | | self::$cachingInstance = new SessionCache($type, $init); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return self::$cachingInstance; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Writes cache data into the session |
|---|
| | | * |
|---|
| | | * @param array $data the caching data |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public function setCache(array $data) |
|---|
| | | { |
|---|
| | | |
|---|
| | | $_SESSION['PHPIDS'][$this->type] = $data; |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns the cached data |
|---|
| | | * |
|---|
| | | * Note that this method returns false if either type or file cache is not set |
|---|
| | | * |
|---|
| | | * @return mixed cache data or false |
|---|
| | | */ |
|---|
| | | public function getCache() |
|---|
| | | { |
|---|
| | | |
|---|
| | | if ($this->type && $_SESSION['PHPIDS'][$this->type]) { |
|---|
| | | return $_SESSION['PHPIDS'][$this->type]; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | ; <?php die(); ?> |
|---|
| | | |
|---|
| | | ; PHPIDS Config.ini |
|---|
| | | |
|---|
| | | ; General configuration settings |
|---|
| | | |
|---|
| | | [General] |
|---|
| | | |
|---|
| | | ; basic settings - customize to make the PHPIDS work at all |
|---|
| | | filter_type = xml |
|---|
| | | |
|---|
| | | base_path = /full/path/to/IDS/ |
|---|
| | | use_base_path = false |
|---|
| | | |
|---|
| | | filter_path = default_filter.xml |
|---|
| | | tmp_path = tmp |
|---|
| | | scan_keys = false |
|---|
| | | |
|---|
| | | ; in case you want to use a different HTMLPurifier source, specify it here |
|---|
| | | ; By default, those files are used that are being shipped with PHPIDS |
|---|
| | | HTML_Purifier_Cache = vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer |
|---|
| | | |
|---|
| | | ; define which fields contain html and need preparation before |
|---|
| | | ; hitting the PHPIDS rules (new in PHPIDS 0.5) |
|---|
| | | ;html[] = POST.__wysiwyg |
|---|
| | | |
|---|
| | | ; define which fields contain JSON data and should be treated as such |
|---|
| | | ; for fewer false positives (new in PHPIDS 0.5.3) |
|---|
| | | ;json[] = POST.__jsondata |
|---|
| | | |
|---|
| | | ; define which fields shouldn't be monitored (a[b]=c should be referenced via a.b) |
|---|
| | | exceptions[] = GET.__utmz |
|---|
| | | exceptions[] = GET.__utmc |
|---|
| | | exceptions[] = POST.maildir_path |
|---|
| | | |
|---|
| | | ; you can use regular expressions for wildcard exceptions - example: /.*foo/i |
|---|
| | | |
|---|
| | | [Caching] |
|---|
| | | |
|---|
| | | ; caching: session|file|database|memcached|apc|none |
|---|
| | | caching = file |
|---|
| | | expiration_time = 600 |
|---|
| | | |
|---|
| | | ; file cache |
|---|
| | | path = tmp/default_filter.cache |
|---|
| | | |
|---|
| | | ; database cache |
|---|
| | | wrapper = "mysql:host=localhost;port=3306;dbname=phpids" |
|---|
| | | user = phpids_user |
|---|
| | | password = 123456 |
|---|
| | | table = cache |
|---|
| | | |
|---|
| | | ; memcached |
|---|
| | | ;host = localhost |
|---|
| | | ;port = 11211 |
|---|
| | | ;key_prefix = PHPIDS |
|---|
| | | |
|---|
| | | ; apc |
|---|
| | | ;key_prefix = PHPIDS |
|---|
| New file |
| | |
|---|
| | | ; <?php die(); ?> |
|---|
| | | |
|---|
| | | ; PHPIDS Config.ini |
|---|
| | | |
|---|
| | | ; General configuration settings |
|---|
| | | |
|---|
| | | [General] |
|---|
| | | |
|---|
| | | ; basic settings - customize to make the PHPIDS work at all |
|---|
| | | filter_type = xml |
|---|
| | | |
|---|
| | | base_path = /full/path/to/IDS/ |
|---|
| | | use_base_path = false |
|---|
| | | |
|---|
| | | filter_path = default_filter.xml |
|---|
| | | tmp_path = tmp |
|---|
| | | scan_keys = false |
|---|
| | | |
|---|
| | | ; in case you want to use a different HTMLPurifier source, specify it here |
|---|
| | | ; By default, those files are used that are being shipped with PHPIDS |
|---|
| | | HTML_Purifier_Cache = vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer |
|---|
| | | |
|---|
| | | ; define which fields contain html and need preparation before |
|---|
| | | ; hitting the PHPIDS rules (new in PHPIDS 0.5) |
|---|
| | | ;html[] = POST.__wysiwyg |
|---|
| | | ;html[] = POST.records |
|---|
| | | ;html[] = REQUEST.records |
|---|
| | | |
|---|
| | | ; define which fields contain JSON data and should be treated as such |
|---|
| | | ; for fewer false positives (new in PHPIDS 0.5.3) |
|---|
| | | ;json[] = POST.__jsondata |
|---|
| | | |
|---|
| | | ; define which fields shouldn't be monitored (a[b]=c should be referenced via a.b) |
|---|
| | | ; exceptions[] = GET.__utmz |
|---|
| | | ; exceptions[] = GET.__utmc |
|---|
| | | ; exceptions[] = POST.maildir_path |
|---|
| | | ; exceptions[] = REQUEST.maildir_path |
|---|
| | | ; exceptions[] = REQUEST.website_path |
|---|
| | | ; exceptions[] = REQUEST.website_symlinks |
|---|
| | | ; exceptions[] = REQUEST.vhost_conf_dir |
|---|
| | | ; exceptions[] = REQUEST.vhost_conf_enabled_dir |
|---|
| | | ; exceptions[] = REQUEST.nginx_vhost_conf_dir |
|---|
| | | ; exceptions[] = REQUEST.nginx_vhost_conf_enabled_dir |
|---|
| | | ; exceptions[] = REQUEST.php_open_basedir |
|---|
| | | ; exceptions[] = REQUEST.awstats_pl |
|---|
| | | ; exceptions[] = POST.website_path |
|---|
| | | ; exceptions[] = POST.website_symlinks |
|---|
| | | ; exceptions[] = POST.vhost_conf_dir |
|---|
| | | ; exceptions[] = POST.vhost_conf_enabled_dir |
|---|
| | | ; exceptions[] = POST.nginx_vhost_conf_dir |
|---|
| | | ; exceptions[] = POST.nginx_vhost_conf_enabled_dir |
|---|
| | | ; exceptions[] = POST.php_open_basedir |
|---|
| | | ; exceptions[] = POST.awstats_pl |
|---|
| | | ; exceptions[] = REQUEST.fastcgi_starter_path |
|---|
| | | ; exceptions[] = REQUEST.fastcgi_bin |
|---|
| | | ; exceptions[] = POST.fastcgi_starter_path |
|---|
| | | ; exceptions[] = POST.fastcgi_bin |
|---|
| | | ; exceptions[] = REQUEST.jailkit_chroot_home |
|---|
| | | ; exceptions[] = POST.jailkit_chroot_home |
|---|
| | | ; exceptions[] = REQUEST.phpmyadmin_url |
|---|
| | | ; exceptions[] = REQUEST.phpmyadmin_url |
|---|
| | | ; exceptions[] = REQUEST.records.weak_password_txt |
|---|
| | | ; exceptions[] = POST.records.weak_password_txt |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | ; you can use regular expressions for wildcard exceptions - example: /.*foo/i |
|---|
| | | |
|---|
| | | [Caching] |
|---|
| | | |
|---|
| | | ; caching: session|file|database|memcached|apc|none |
|---|
| | | caching = file |
|---|
| | | expiration_time = 600 |
|---|
| | | |
|---|
| | | ; file cache |
|---|
| | | path = tmp/default_filter.cache |
|---|
| | | |
|---|
| | | ; database cache |
|---|
| | | wrapper = "mysql:host=localhost;port=3306;dbname=phpids" |
|---|
| | | user = phpids_user |
|---|
| | | password = 123456 |
|---|
| | | table = cache |
|---|
| | | |
|---|
| | | ; memcached |
|---|
| | | ;host = localhost |
|---|
| | | ;port = 11211 |
|---|
| | | ;key_prefix = PHPIDS |
|---|
| | | |
|---|
| | | ; apc |
|---|
| | | ;key_prefix = PHPIDS |
|---|
| | | |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * PHPIDS specific utility class to convert charsets manually |
|---|
| | | * |
|---|
| | | * Note that if you make use of IDS_Converter::runAll(), existing class |
|---|
| | | * methods will be executed in the same order as they are implemented in the |
|---|
| | | * class tree! |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | |
|---|
| | | namespace IDS; |
|---|
| | | |
|---|
| | | class Converter |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Runs all converter functions |
|---|
| | | * |
|---|
| | | * Note that if you make use of IDS_Converter::runAll(), existing class |
|---|
| | | * methods will be executed in the same order as they are implemented in the |
|---|
| | | * class tree! |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function runAll($value) |
|---|
| | | { |
|---|
| | | foreach (get_class_methods(__CLASS__) as $method) { |
|---|
| | | if (strpos($method, 'run') !== 0) { |
|---|
| | | $value = self::$method($value); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Check for comments and erases them if available |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromCommented($value) |
|---|
| | | { |
|---|
| | | // check for existing comments |
|---|
| | | if (preg_match('/(?:\<!-|-->|\/\*|\*\/|\/\/\W*\w+\s*$)|(?:--[^-]*-)/ms', $value)) { |
|---|
| | | |
|---|
| | | $pattern = array( |
|---|
| | | '/(?:(?:<!)(?:(?:--(?:[^-]*(?:-[^-]+)*)--\s*)*)(?:>))/ms', |
|---|
| | | '/(?:(?:\/\*\/*[^\/\*]*)+\*\/)/ms', |
|---|
| | | '/(?:--[^-]*-)/ms' |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $converted = preg_replace($pattern, ';', $value); |
|---|
| | | $value .= "\n" . $converted; |
|---|
| | | } |
|---|
| | | |
|---|
| | | //make sure inline comments are detected and converted correctly |
|---|
| | | $value = preg_replace('/(<\w+)\/+(\w+=?)/m', '$1/$2', $value); |
|---|
| | | $value = preg_replace('/[^\\\:]\/\/(.*)$/m', '/**/$1', $value); |
|---|
| | | $value = preg_replace('/([^\-&])#.*[\r\n\v\f]/m', '$1', $value); |
|---|
| | | $value = preg_replace('/([^&\-])#.*\n/m', '$1 ', $value); |
|---|
| | | $value = preg_replace('/^#.*\n/m', ' ', $value); |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Strip newlines |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromWhiteSpace($value) |
|---|
| | | { |
|---|
| | | //check for inline linebreaks |
|---|
| | | $search = array('\r', '\n', '\f', '\t', '\v'); |
|---|
| | | $value = str_replace($search, ';', $value); |
|---|
| | | |
|---|
| | | // replace replacement characters regular spaces |
|---|
| | | $value = str_replace('�', ' ', $value); |
|---|
| | | |
|---|
| | | //convert real linebreaks |
|---|
| | | return preg_replace('/(?:\n|\r|\v)/m', ' ', $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Checks for common charcode pattern and decodes them |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromJSCharcode($value) |
|---|
| | | { |
|---|
| | | $matches = array(); |
|---|
| | | |
|---|
| | | // check if value matches typical charCode pattern |
|---|
| | | if (preg_match_all('/(?:[\d+-=\/\* ]+(?:\s?,\s?[\d+-=\/\* ]+)){4,}/ms', $value, $matches)) { |
|---|
| | | $converted = ''; |
|---|
| | | $string = implode(',', $matches[0]); |
|---|
| | | $string = preg_replace('/\s/', '', $string); |
|---|
| | | $string = preg_replace('/\w+=/', '', $string); |
|---|
| | | $charcode = explode(',', $string); |
|---|
| | | |
|---|
| | | foreach ($charcode as $char) { |
|---|
| | | $char = preg_replace('/\W0/s', '', $char); |
|---|
| | | |
|---|
| | | if (preg_match_all('/\d*[+-\/\* ]\d+/', $char, $matches)) { |
|---|
| | | $match = preg_split('/(\W?\d+)/', implode('', $matches[0]), null, PREG_SPLIT_DELIM_CAPTURE); |
|---|
| | | |
|---|
| | | if (array_sum($match) >= 20 && array_sum($match) <= 127) { |
|---|
| | | $converted .= chr(array_sum($match)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } elseif (!empty($char) && $char >= 20 && $char <= 127) { |
|---|
| | | $converted .= chr($char); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $value .= "\n" . $converted; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check for octal charcode pattern |
|---|
| | | if (preg_match_all('/(?:(?:[\\\]+\d+[ \t]*){8,})/ims', $value, $matches)) { |
|---|
| | | $converted = ''; |
|---|
| | | $charcode = explode('\\', preg_replace('/\s/', '', implode(',', $matches[0]))); |
|---|
| | | |
|---|
| | | foreach (array_map('octdec', array_filter($charcode)) as $char) { |
|---|
| | | if (20 <= $char && $char <= 127) { |
|---|
| | | $converted .= chr($char); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $value .= "\n" . $converted; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check for hexadecimal charcode pattern |
|---|
| | | if (preg_match_all('/(?:(?:[\\\]+\w+\s*){8,})/ims', $value, $matches)) { |
|---|
| | | $converted = ''; |
|---|
| | | $charcode = explode('\\', preg_replace('/[ux]/', '', implode(',', $matches[0]))); |
|---|
| | | |
|---|
| | | foreach (array_map('hexdec', array_filter($charcode)) as $char) { |
|---|
| | | if (20 <= $char && $char <= 127) { |
|---|
| | | $converted .= chr($char); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $value .= "\n" . $converted; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Eliminate JS regex modifiers |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertJSRegexModifiers($value) |
|---|
| | | { |
|---|
| | | return preg_replace('/\/[gim]+/', '/', $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Converts from hex/dec entities |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertEntities($value) |
|---|
| | | { |
|---|
| | | $converted = null; |
|---|
| | | |
|---|
| | | //deal with double encoded payload |
|---|
| | | $value = preg_replace('/&/', '&', $value); |
|---|
| | | |
|---|
| | | if (preg_match('/&#x?[\w]+/ms', $value)) { |
|---|
| | | $converted = preg_replace('/(&#x?[\w]{2}\d?);?/ms', '$1;', $value); |
|---|
| | | $converted = html_entity_decode($converted, ENT_QUOTES, 'UTF-8'); |
|---|
| | | $value .= "\n" . str_replace(';;', ';', $converted); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // normalize obfuscated protocol handlers |
|---|
| | | $value = preg_replace( |
|---|
| | | '/(?:j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:)|(d\s*a\s*t\s*a\s*:)/ms', |
|---|
| | | 'javascript:', |
|---|
| | | $value |
|---|
| | | ); |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Normalize quotes |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertQuotes($value) |
|---|
| | | { |
|---|
| | | // normalize different quotes to " |
|---|
| | | $pattern = array('\'', '`', '´', '’', '‘'); |
|---|
| | | $value = str_replace($pattern, '"', $value); |
|---|
| | | |
|---|
| | | //make sure harmless quoted strings don't generate false alerts |
|---|
| | | $value = preg_replace('/^"([^"=\\!><~]+)"$/', '$1', $value); |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Converts SQLHEX to plain text |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromSQLHex($value) |
|---|
| | | { |
|---|
| | | $matches = array(); |
|---|
| | | if (preg_match_all('/(?:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+/im', $value, $matches)) { |
|---|
| | | foreach ($matches[0] as $match) { |
|---|
| | | $converted = ''; |
|---|
| | | foreach (str_split($match, 2) as $hex_index) { |
|---|
| | | if (preg_match('/[a-f\d]{2,3}/i', $hex_index)) { |
|---|
| | | $converted .= chr(hexdec($hex_index)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $value = str_replace($match, $converted, $value); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | // take care of hex encoded ctrl chars |
|---|
| | | $value = preg_replace('/0x\d+/m', ' 1 ', $value); |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Converts basic SQL keywords and obfuscations |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromSQLKeywords($value) |
|---|
| | | { |
|---|
| | | $pattern = array( |
|---|
| | | '/(?:is\s+null)|(like\s+null)|' . |
|---|
| | | '(?:(?:^|\W)in[+\s]*\([\s\d"]+[^()]*\))/ims' |
|---|
| | | ); |
|---|
| | | $value = preg_replace($pattern, '"=0', $value); |
|---|
| | | |
|---|
| | | $value = preg_replace('/[^\w\)]+\s*like\s*[^\w\s]+/ims', '1" OR "1"', $value); |
|---|
| | | $value = preg_replace('/null([,"\s])/ims', '0$1', $value); |
|---|
| | | $value = preg_replace('/\d+\./ims', ' 1', $value); |
|---|
| | | $value = preg_replace('/,null/ims', ',0', $value); |
|---|
| | | $value = preg_replace('/(?:between)/ims', 'or', $value); |
|---|
| | | $value = preg_replace('/(?:and\s+\d+\.?\d*)/ims', '', $value); |
|---|
| | | $value = preg_replace('/(?:\s+and\s+)/ims', ' or ', $value); |
|---|
| | | |
|---|
| | | $pattern = array( |
|---|
| | | '/(?:not\s+between)|(?:is\s+not)|(?:not\s+in)|' . |
|---|
| | | '(?:xor|<>|rlike(?:\s+binary)?)|' . |
|---|
| | | '(?:regexp\s+binary)|' . |
|---|
| | | '(?:sounds\s+like)/ims' |
|---|
| | | ); |
|---|
| | | $value = preg_replace($pattern, '!', $value); |
|---|
| | | $value = preg_replace('/"\s+\d/', '"', $value); |
|---|
| | | $value = preg_replace('/(\W)div(\W)/ims', '$1 OR $2', $value); |
|---|
| | | $value = preg_replace('/\/(?:\d+|null)/', null, $value); |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Detects nullbytes and controls chars via ord() |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromControlChars($value) |
|---|
| | | { |
|---|
| | | // critical ctrl values |
|---|
| | | $search = array( |
|---|
| | | chr(0), chr(1), chr(2), chr(3), chr(4), chr(5), |
|---|
| | | chr(6), chr(7), chr(8), chr(11), chr(12), chr(14), |
|---|
| | | chr(15), chr(16), chr(17), chr(18), chr(19), chr(24), |
|---|
| | | chr(25), chr(192), chr(193), chr(238), chr(255), '\\0' |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $value = str_replace($search, '%00', $value); |
|---|
| | | |
|---|
| | | //take care for malicious unicode characters |
|---|
| | | $value = urldecode( |
|---|
| | | preg_replace( |
|---|
| | | '/(?:%E(?:2|3)%8(?:0|1)%(?:A|8|9)\w|%EF%BB%BF|%EF%BF%BD)|(?:&#(?:65|8)\d{3};?)/i', |
|---|
| | | null, |
|---|
| | | urlencode($value) |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | $value = urlencode($value); |
|---|
| | | $value = preg_replace('/(?:%F0%80%BE)/i', '>', $value); |
|---|
| | | $value = preg_replace('/(?:%F0%80%BC)/i', '<', $value); |
|---|
| | | $value = preg_replace('/(?:%F0%80%A2)/i', '"', $value); |
|---|
| | | $value = preg_replace('/(?:%F0%80%A7)/i', '\'', $value); |
|---|
| | | $value = urldecode($value); |
|---|
| | | |
|---|
| | | $value = preg_replace('/(?:%ff1c)/', '<', $value); |
|---|
| | | $value = preg_replace('/(?:&[#x]*(200|820|200|820|zwn?j|lrm|rlm)\w?;?)/i', null, $value); |
|---|
| | | $value = preg_replace( |
|---|
| | | '/(?:&#(?:65|8)\d{3};?)|' . |
|---|
| | | '(?:&#(?:56|7)3\d{2};?)|' . |
|---|
| | | '(?:&#x(?:fe|20)\w{2};?)|' . |
|---|
| | | '(?:&#x(?:d[c-f])\w{2};?)/i', |
|---|
| | | null, |
|---|
| | | $value |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $value = str_replace( |
|---|
| | | array( |
|---|
| | | '«', |
|---|
| | | '〈', |
|---|
| | | '<', |
|---|
| | | '‹', |
|---|
| | | '〈', |
|---|
| | | '⟨' |
|---|
| | | ), |
|---|
| | | '<', |
|---|
| | | $value |
|---|
| | | ); |
|---|
| | | $value = str_replace( |
|---|
| | | array( |
|---|
| | | '»', |
|---|
| | | '〉', |
|---|
| | | '>', |
|---|
| | | '›', |
|---|
| | | '〉', |
|---|
| | | '⟩' |
|---|
| | | ), |
|---|
| | | '>', |
|---|
| | | $value |
|---|
| | | ); |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method matches and translates base64 strings and fragments |
|---|
| | | * used in data URIs |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromNestedBase64($value) |
|---|
| | | { |
|---|
| | | $matches = array(); |
|---|
| | | preg_match_all('/(?:^|[,&?])\s*([a-z0-9]{50,}=*)(?:\W|$)/im', $value, $matches); |
|---|
| | | |
|---|
| | | foreach ($matches[1] as $item) { |
|---|
| | | if (isset($item) && !preg_match('/[a-f0-9]{32}/i', $item)) { |
|---|
| | | $base64_item = base64_decode($item); |
|---|
| | | $value = str_replace($item, $base64_item, $value); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Detects nullbytes and controls chars via ord() |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromOutOfRangeChars($value) |
|---|
| | | { |
|---|
| | | $values = str_split($value); |
|---|
| | | foreach ($values as $item) { |
|---|
| | | if (ord($item) >= 127) { |
|---|
| | | $value = str_replace($item, ' ', $value); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Strip XML patterns |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromXML($value) |
|---|
| | | { |
|---|
| | | $converted = strip_tags($value); |
|---|
| | | if (!$converted || $converted === $value) { |
|---|
| | | return $value; |
|---|
| | | } else { |
|---|
| | | return $value . "\n" . $converted; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method converts JS unicode code points to |
|---|
| | | * regular characters |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromJSUnicode($value) |
|---|
| | | { |
|---|
| | | $matches = array(); |
|---|
| | | preg_match_all('/\\\u[0-9a-f]{4}/ims', $value, $matches); |
|---|
| | | |
|---|
| | | if (!empty($matches[0])) { |
|---|
| | | foreach ($matches[0] as $match) { |
|---|
| | | $chr = chr(hexdec(substr($match, 2, 4))); |
|---|
| | | $value = str_replace($match, $chr, $value); |
|---|
| | | } |
|---|
| | | $value .= "\n\u0001"; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Converts relevant UTF-7 tags to UTF-8 |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromUTF7($value) |
|---|
| | | { |
|---|
| | | if (preg_match('/\+A\w+-?/m', $value)) { |
|---|
| | | if (function_exists('mb_convert_encoding')) { |
|---|
| | | if (version_compare(PHP_VERSION, '5.2.8', '<')) { |
|---|
| | | $tmp_chars = str_split($value); |
|---|
| | | $value = ''; |
|---|
| | | foreach ($tmp_chars as $char) { |
|---|
| | | if (ord($char) <= 127) { |
|---|
| | | $value .= $char; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $value .= "\n" . mb_convert_encoding($value, 'UTF-8', 'UTF-7'); |
|---|
| | | } else { |
|---|
| | | //list of all critical UTF7 codepoints |
|---|
| | | $schemes = array( |
|---|
| | | '+ACI-' => '"', |
|---|
| | | '+ADw-' => '<', |
|---|
| | | '+AD4-' => '>', |
|---|
| | | '+AFs-' => '[', |
|---|
| | | '+AF0-' => ']', |
|---|
| | | '+AHs-' => '{', |
|---|
| | | '+AH0-' => '}', |
|---|
| | | '+AFw-' => '\\', |
|---|
| | | '+ADs-' => ';', |
|---|
| | | '+ACM-' => '#', |
|---|
| | | '+ACY-' => '&', |
|---|
| | | '+ACU-' => '%', |
|---|
| | | '+ACQ-' => '$', |
|---|
| | | '+AD0-' => '=', |
|---|
| | | '+AGA-' => '`', |
|---|
| | | '+ALQ-' => '"', |
|---|
| | | '+IBg-' => '"', |
|---|
| | | '+IBk-' => '"', |
|---|
| | | '+AHw-' => '|', |
|---|
| | | '+ACo-' => '*', |
|---|
| | | '+AF4-' => '^', |
|---|
| | | '+ACIAPg-' => '">', |
|---|
| | | '+ACIAPgA8-' => '">' |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $value = str_ireplace( |
|---|
| | | array_keys($schemes), |
|---|
| | | array_values($schemes), |
|---|
| | | $value |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Converts basic concatenations |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromConcatenated($value) |
|---|
| | | { |
|---|
| | | //normalize remaining backslashes |
|---|
| | | if ($value != preg_replace('/(\w)\\\/', "$1", $value)) { |
|---|
| | | $value .= preg_replace('/(\w)\\\/', "$1", $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $compare = stripslashes($value); |
|---|
| | | |
|---|
| | | $pattern = array( |
|---|
| | | '/(?:<\/\w+>\+<\w+>)/s', |
|---|
| | | '/(?:":\d+[^"[]+")/s', |
|---|
| | | '/(?:"?"\+\w+\+")/s', |
|---|
| | | '/(?:"\s*;[^"]+")|(?:";[^"]+:\s*")/s', |
|---|
| | | '/(?:"\s*(?:;|\+).{8,18}:\s*")/s', |
|---|
| | | '/(?:";\w+=)|(?:!""&&")|(?:~)/s', |
|---|
| | | '/(?:"?"\+""?\+?"?)|(?:;\w+=")|(?:"[|&]{2,})/s', |
|---|
| | | '/(?:"\s*\W+")/s', |
|---|
| | | '/(?:";\w\s*\+=\s*\w?\s*")/s', |
|---|
| | | '/(?:"[|&;]+\s*[^|&\n]*[|&]+\s*"?)/s', |
|---|
| | | '/(?:";\s*\w+\W+\w*\s*[|&]*")/s', |
|---|
| | | '/(?:"\s*"\s*\.)/s', |
|---|
| | | '/(?:\s*new\s+\w+\s*[+",])/', |
|---|
| | | '/(?:(?:^|\s+)(?:do|else)\s+)/', |
|---|
| | | '/(?:[{(]\s*new\s+\w+\s*[)}])/', |
|---|
| | | '/(?:(this|self)\.)/', |
|---|
| | | '/(?:undefined)/', |
|---|
| | | '/(?:in\s+)/' |
|---|
| | | ); |
|---|
| | | |
|---|
| | | // strip out concatenations |
|---|
| | | $converted = preg_replace($pattern, null, $compare); |
|---|
| | | |
|---|
| | | //strip object traversal |
|---|
| | | $converted = preg_replace('/\w(\.\w\()/', "$1", $converted); |
|---|
| | | |
|---|
| | | // normalize obfuscated method calls |
|---|
| | | $converted = preg_replace('/\)\s*\+/', ")", $converted); |
|---|
| | | |
|---|
| | | //convert JS special numbers |
|---|
| | | $converted = preg_replace( |
|---|
| | | '/(?:\(*[.\d]e[+-]*[^a-z\W]+\)*)|(?:NaN|Infinity)\W/ims', |
|---|
| | | 1, |
|---|
| | | $converted |
|---|
| | | ); |
|---|
| | | |
|---|
| | | if ($converted && ($compare != $converted)) { |
|---|
| | | $value .= "\n" . $converted; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method collects and decodes proprietary encoding types |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromProprietaryEncodings($value) |
|---|
| | | { |
|---|
| | | //Xajax error reportings |
|---|
| | | $value = preg_replace('/<!\[CDATA\[(\W+)\]\]>/im', '$1', $value); |
|---|
| | | |
|---|
| | | //strip false alert triggering apostrophes |
|---|
| | | $value = preg_replace('/(\w)\"(s)/m', '$1$2', $value); |
|---|
| | | |
|---|
| | | //strip quotes within typical search patterns |
|---|
| | | $value = preg_replace('/^"([^"=\\!><~]+)"$/', '$1', $value); |
|---|
| | | |
|---|
| | | //OpenID login tokens |
|---|
| | | $value = preg_replace('/{[\w-]{8,9}\}(?:\{[\w=]{8}\}){2}/', null, $value); |
|---|
| | | |
|---|
| | | //convert Content and \sdo\s to null |
|---|
| | | $value = preg_replace('/Content|\Wdo\s/', null, $value); |
|---|
| | | |
|---|
| | | //strip emoticons |
|---|
| | | $value = preg_replace( |
|---|
| | | '/(?:\s[:;]-[)\/PD]+)|(?:\s;[)PD]+)|(?:\s:[)PD]+)|-\.-|\^\^/m', |
|---|
| | | null, |
|---|
| | | $value |
|---|
| | | ); |
|---|
| | | |
|---|
| | | //normalize separation char repetion |
|---|
| | | $value = preg_replace('/([.+~=*_\-;])\1{2,}/m', '$1', $value); |
|---|
| | | |
|---|
| | | //normalize multiple single quotes |
|---|
| | | $value = preg_replace('/"{2,}/m', '"', $value); |
|---|
| | | |
|---|
| | | //normalize quoted numerical values and asterisks |
|---|
| | | $value = preg_replace('/"(\d+)"/m', '$1', $value); |
|---|
| | | |
|---|
| | | //normalize pipe separated request parameters |
|---|
| | | $value = preg_replace('/\|(\w+=\w+)/m', '&$1', $value); |
|---|
| | | |
|---|
| | | //normalize ampersand listings |
|---|
| | | $value = preg_replace('/(\w\s)&\s(\w)/', '$1$2', $value); |
|---|
| | | |
|---|
| | | //normalize escaped RegExp modifiers |
|---|
| | | $value = preg_replace('/\/\\\(\w)/', '/$1', $value); |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method removes encoded sql # comments |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function convertFromUrlencodeSqlComment($value) |
|---|
| | | { |
|---|
| | | if (preg_match_all('/(?:\%23.*?\%0a)/im',$value,$matches)){ |
|---|
| | | $converted = $value; |
|---|
| | | foreach($matches[0] as $match){ |
|---|
| | | $converted = str_replace($match,' ',$converted); |
|---|
| | | } |
|---|
| | | $value .= "\n" . $converted; |
|---|
| | | } |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method is the centrifuge prototype |
|---|
| | | * |
|---|
| | | * @param string $value the value to convert |
|---|
| | | * @param Monitor $monitor the monitor object |
|---|
| | | * |
|---|
| | | * @static |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public static function runCentrifuge($value, Monitor $monitor = null) |
|---|
| | | { |
|---|
| | | $threshold = 3.49; |
|---|
| | | if (strlen($value) > 25) { |
|---|
| | | //strip padding |
|---|
| | | $tmp_value = preg_replace('/\s{4}|==$/m', null, $value); |
|---|
| | | $tmp_value = preg_replace( |
|---|
| | | '/\s{4}|[\p{L}\d\+\-=,.%()]{8,}/m', |
|---|
| | | 'aaa', |
|---|
| | | $tmp_value |
|---|
| | | ); |
|---|
| | | |
|---|
| | | // Check for the attack char ratio |
|---|
| | | $tmp_value = preg_replace('/([*.!?+-])\1{1,}/m', '$1', $tmp_value); |
|---|
| | | $tmp_value = preg_replace('/"[\p{L}\d\s]+"/m', null, $tmp_value); |
|---|
| | | |
|---|
| | | $stripped_length = strlen( |
|---|
| | | preg_replace( |
|---|
| | | '/[\d\s\p{L}\.:,%&\/><\-)!|]+/m', |
|---|
| | | null, |
|---|
| | | $tmp_value |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | $overall_length = strlen( |
|---|
| | | preg_replace( |
|---|
| | | '/([\d\s\p{L}:,\.]{3,})+/m', |
|---|
| | | 'aaa', |
|---|
| | | preg_replace('/\s{2,}/m', null, $tmp_value) |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | |
|---|
| | | if ($stripped_length != 0 && $overall_length/$stripped_length <= $threshold) { |
|---|
| | | $monitor->centrifuge['ratio'] = $overall_length / $stripped_length; |
|---|
| | | $monitor->centrifuge['threshold'] =$threshold; |
|---|
| | | |
|---|
| | | $value .= "\n$[!!!]"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (strlen($value) > 40) { |
|---|
| | | // Replace all non-special chars |
|---|
| | | $converted = preg_replace('/[\w\s\p{L},.:!]/', null, $value); |
|---|
| | | |
|---|
| | | // Split string into an array, unify and sort |
|---|
| | | $array = str_split($converted); |
|---|
| | | $array = array_unique($array); |
|---|
| | | asort($array); |
|---|
| | | |
|---|
| | | // Normalize certain tokens |
|---|
| | | $schemes = array( |
|---|
| | | '~' => '+', |
|---|
| | | '^' => '+', |
|---|
| | | '|' => '+', |
|---|
| | | '*' => '+', |
|---|
| | | '%' => '+', |
|---|
| | | '&' => '+', |
|---|
| | | '/' => '+' |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $converted = implode($array); |
|---|
| | | |
|---|
| | | $_keys = array_keys($schemes); |
|---|
| | | $_values = array_values($schemes); |
|---|
| | | |
|---|
| | | $converted = str_replace($_keys, $_values, $converted); |
|---|
| | | |
|---|
| | | $converted = preg_replace('/[+-]\s*\d+/', '+', $converted); |
|---|
| | | $converted = preg_replace('/[()[\]{}]/', '(', $converted); |
|---|
| | | $converted = preg_replace('/[!?:=]/', ':', $converted); |
|---|
| | | $converted = preg_replace('/[^:(+]/', null, stripslashes($converted)); |
|---|
| | | |
|---|
| | | // Sort again and implode |
|---|
| | | $array = str_split($converted); |
|---|
| | | asort($array); |
|---|
| | | $converted = implode($array); |
|---|
| | | |
|---|
| | | if (preg_match('/(?:\({2,}\+{2,}:{2,})|(?:\({2,}\+{2,}:+)|(?:\({3,}\++:{2,})/', $converted)) { |
|---|
| | | $monitor->centrifuge['converted'] = $converted; |
|---|
| | | |
|---|
| | | return $value . "\n" . $converted; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $value; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * PHPIDS event object |
|---|
| | | * |
|---|
| | | * This class represents a certain event that occured while applying the filters |
|---|
| | | * to the supplied data. It aggregates a bunch of IDS_Filter implementations and |
|---|
| | | * is a assembled in IDS_Report. |
|---|
| | | * |
|---|
| | | * Note that this class implements both Countable and IteratorAggregate |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | class Event implements \Countable, \IteratorAggregate |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Event name |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | protected $name = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Value of the event |
|---|
| | | * |
|---|
| | | * @var mixed |
|---|
| | | */ |
|---|
| | | protected $value = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * List of filter objects |
|---|
| | | * |
|---|
| | | * Filter objects in this array are those that matched the events value |
|---|
| | | * |
|---|
| | | * @var Filter[]|array |
|---|
| | | */ |
|---|
| | | protected $filters = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Calculated impact |
|---|
| | | * |
|---|
| | | * Total impact of the event |
|---|
| | | * |
|---|
| | | * @var integer |
|---|
| | | */ |
|---|
| | | protected $impact = 0; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Affecte tags |
|---|
| | | * |
|---|
| | | * @var string[]|array |
|---|
| | | */ |
|---|
| | | protected $tags = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * Fills event properties |
|---|
| | | * |
|---|
| | | * @param string $name the event name |
|---|
| | | * @param mixed $value the event value |
|---|
| | | * @param Filter[]|array $filters the corresponding filters |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException |
|---|
| | | * @return \IDS\Event |
|---|
| | | */ |
|---|
| | | public function __construct($name, $value, array $filters) |
|---|
| | | { |
|---|
| | | if (!is_scalar($name)) { |
|---|
| | | throw new \InvalidArgumentException( |
|---|
| | | 'Expected $name to be a scalar,' . gettype($name) . ' given' |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!is_scalar($value)) { |
|---|
| | | throw new \InvalidArgumentException( |
|---|
| | | 'Expected $value to be a scalar,' . gettype($value) . ' given' |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->name = $name; |
|---|
| | | $this->value = $value; |
|---|
| | | |
|---|
| | | foreach ($filters as $filter) { |
|---|
| | | if (!$filter instanceof Filter) { |
|---|
| | | throw new \InvalidArgumentException( |
|---|
| | | 'Filter must be derived from IDS_Filter' |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->filters[] = $filter; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns event name |
|---|
| | | * |
|---|
| | | * The name of the event usually is the key of the variable that was |
|---|
| | | * considered to be malicious |
|---|
| | | * |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public function getName() |
|---|
| | | { |
|---|
| | | return $this->name; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns event value |
|---|
| | | * |
|---|
| | | * @return mixed |
|---|
| | | */ |
|---|
| | | public function getValue() |
|---|
| | | { |
|---|
| | | return $this->value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns calculated impact |
|---|
| | | * |
|---|
| | | * @return integer |
|---|
| | | */ |
|---|
| | | public function getImpact() |
|---|
| | | { |
|---|
| | | if (!$this->impact) { |
|---|
| | | $this->impact = 0; |
|---|
| | | foreach ($this->filters as $filter) { |
|---|
| | | $this->impact += $filter->getImpact(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this->impact; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns affected tags |
|---|
| | | * |
|---|
| | | * @return string[]|array |
|---|
| | | */ |
|---|
| | | public function getTags() |
|---|
| | | { |
|---|
| | | foreach ($this->getFilters() as $filter) { |
|---|
| | | $this->tags = array_merge($this->tags, $filter->getTags()); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this->tags = array_values(array_unique($this->tags)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns list of filter objects |
|---|
| | | * |
|---|
| | | * @return Filter[]|array |
|---|
| | | */ |
|---|
| | | public function getFilters() |
|---|
| | | { |
|---|
| | | return $this->filters; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns number of filters |
|---|
| | | * |
|---|
| | | * To implement interface Countable this returns the number of filters |
|---|
| | | * appended. |
|---|
| | | * |
|---|
| | | * @return integer |
|---|
| | | */ |
|---|
| | | public function count() |
|---|
| | | { |
|---|
| | | return count($this->getFilters()); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * IteratorAggregate iterator getter |
|---|
| | | * |
|---|
| | | * Returns an iterator to iterate over the appended filters. |
|---|
| | | * |
|---|
| | | * @return \Iterator the filter collection |
|---|
| | | */ |
|---|
| | | public function getIterator() |
|---|
| | | { |
|---|
| | | return new \ArrayIterator($this->getFilters()); |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * PHPIDS Filter object |
|---|
| | | * |
|---|
| | | * Each object of this class serves as a container for a specific filter. The |
|---|
| | | * object provides methods to get information about this particular filter and |
|---|
| | | * also to match an arbitrary string against it. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.4 |
|---|
| | | */ |
|---|
| | | class Filter |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Filter rule |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | protected $rule; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * List of tags of the filter |
|---|
| | | * |
|---|
| | | * @var string[]|array |
|---|
| | | */ |
|---|
| | | protected $tags = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Filter impact level |
|---|
| | | * |
|---|
| | | * @var integer |
|---|
| | | */ |
|---|
| | | protected $impact = 0; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Filter description |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | protected $description = ''; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * @param integer $id filter id |
|---|
| | | * @param string $rule filter rule |
|---|
| | | * @param string $description filter description |
|---|
| | | * @param string[]|array $tags list of tags |
|---|
| | | * @param integer $impact filter impact level |
|---|
| | | * |
|---|
| | | * @return \IDS\Filter |
|---|
| | | */ |
|---|
| | | public function __construct($id, $rule, $description, array $tags, $impact) |
|---|
| | | { |
|---|
| | | $this->id = $id; |
|---|
| | | $this->rule = $rule; |
|---|
| | | $this->tags = $tags; |
|---|
| | | $this->impact = $impact; |
|---|
| | | $this->description = $description; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Matches a string against current filter |
|---|
| | | * |
|---|
| | | * Matches given string against the filter rule the specific object of this |
|---|
| | | * class represents |
|---|
| | | * |
|---|
| | | * @param string $input the string input to match |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException if argument is no string |
|---|
| | | * @return boolean |
|---|
| | | */ |
|---|
| | | public function match($input) |
|---|
| | | { |
|---|
| | | if (!is_string($input)) { |
|---|
| | | throw new \InvalidArgumentException( |
|---|
| | | 'Invalid argument. Expected a string, received ' . gettype($input) |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return (bool) preg_match('/' . $this->getRule() . '/ms', strtolower($input)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns filter description |
|---|
| | | * |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public function getDescription() |
|---|
| | | { |
|---|
| | | return $this->description; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Return list of affected tags |
|---|
| | | * |
|---|
| | | * Each filter rule is concerned with a certain kind of attack vectors. |
|---|
| | | * This method returns those affected kinds. |
|---|
| | | * |
|---|
| | | * @return string[]|array |
|---|
| | | */ |
|---|
| | | public function getTags() |
|---|
| | | { |
|---|
| | | return $this->tags; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns filter rule |
|---|
| | | * |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public function getRule() |
|---|
| | | { |
|---|
| | | return $this->rule; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Get filter impact level |
|---|
| | | * |
|---|
| | | * @return integer |
|---|
| | | */ |
|---|
| | | public function getImpact() |
|---|
| | | { |
|---|
| | | return $this->impact; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Get filter ID |
|---|
| | | * |
|---|
| | | * @return integer |
|---|
| | | */ |
|---|
| | | public function getId() |
|---|
| | | { |
|---|
| | | return $this->id; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS\Filter; |
|---|
| | | |
|---|
| | | use IDS\Init; |
|---|
| | | use IDS\Caching\CacheFactory; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Filter Storage |
|---|
| | | * |
|---|
| | | * This class provides various default functions for gathering filter patterns |
|---|
| | | * to be used later on by the detection mechanism. You might extend this class |
|---|
| | | * to your requirements. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | class Storage |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Filter source file |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | protected $source = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Holds caching settings |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | protected $cacheSettings = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Cache container |
|---|
| | | * |
|---|
| | | * @var object IDS_Caching wrapper |
|---|
| | | */ |
|---|
| | | protected $cache = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Filter container |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | protected $filterSet = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * Loads filters based on provided IDS_Init settings. |
|---|
| | | * |
|---|
| | | * @param object $init IDS_Init instance |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException if unsupported filter type is given |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | final public function __construct(Init $init) |
|---|
| | | { |
|---|
| | | if ($init->config) { |
|---|
| | | |
|---|
| | | $caching = isset($init->config['Caching']['caching']) ? $init->config['Caching']['caching'] : 'none'; |
|---|
| | | |
|---|
| | | $type = $init->config['General']['filter_type']; |
|---|
| | | $this->source = $init->getBasePath(). $init->config['General']['filter_path']; |
|---|
| | | |
|---|
| | | if ($caching && $caching !== 'none') { |
|---|
| | | $this->cacheSettings = $init->config['Caching']; |
|---|
| | | $this->cache = CacheFactory::factory($init, 'storage'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | switch ($type) { |
|---|
| | | case 'xml': |
|---|
| | | return $this->getFilterFromXML(); |
|---|
| | | case 'json': |
|---|
| | | return $this->getFilterFromJson(); |
|---|
| | | default: |
|---|
| | | throw new \InvalidArgumentException('Unsupported filter type.'); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Sets the filter array |
|---|
| | | * |
|---|
| | | * @param array $filterSet array containing multiple IDS_Filter instances |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | final public function setFilterSet($filterSet) |
|---|
| | | { |
|---|
| | | foreach ($filterSet as $filter) { |
|---|
| | | $this->addFilter($filter); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns registered filters |
|---|
| | | * |
|---|
| | | * @return array |
|---|
| | | */ |
|---|
| | | final public function getFilterSet() |
|---|
| | | { |
|---|
| | | return $this->filterSet; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Adds a filter |
|---|
| | | * |
|---|
| | | * @param object $filter IDS_Filter instance |
|---|
| | | * |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | final public function addFilter(\IDS\Filter $filter) |
|---|
| | | { |
|---|
| | | $this->filterSet[] = $filter; |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Checks if any filters are cached |
|---|
| | | * |
|---|
| | | * @return mixed $filters cached filters or false |
|---|
| | | */ |
|---|
| | | private function isCached() |
|---|
| | | { |
|---|
| | | $filters = false; |
|---|
| | | |
|---|
| | | if ($this->cacheSettings) { |
|---|
| | | if ($this->cache) { |
|---|
| | | $filters = $this->cache->getCache(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $filters; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Loads filters from XML using SimpleXML |
|---|
| | | * |
|---|
| | | * This function parses the provided source file and stores the result. |
|---|
| | | * If caching mode is enabled the result will be cached to increase |
|---|
| | | * the performance. |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException if source file doesn't exist |
|---|
| | | * @throws \RuntimeException if problems with fetching the XML data occur |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public function getFilterFromXML() |
|---|
| | | { |
|---|
| | | if (extension_loaded('SimpleXML')) { |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * See if filters are already available in the cache |
|---|
| | | */ |
|---|
| | | $filters = $this->isCached(); |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * If they aren't, parse the source file |
|---|
| | | */ |
|---|
| | | if (!$filters) { |
|---|
| | | |
|---|
| | | if (!file_exists($this->source)) { |
|---|
| | | throw new \InvalidArgumentException( |
|---|
| | | sprintf('Invalid config: %s doesn\'t exist.', $this->source) |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (LIBXML_VERSION >= 20621) { |
|---|
| | | $filters = simplexml_load_file($this->source, null, LIBXML_COMPACT); |
|---|
| | | } else { |
|---|
| | | $filters = simplexml_load_file($this->source); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * In case we still don't have any filters loaded and exception |
|---|
| | | * will be thrown |
|---|
| | | */ |
|---|
| | | if (empty($filters)) { |
|---|
| | | throw new \RuntimeException( |
|---|
| | | 'XML data could not be loaded.' . |
|---|
| | | ' Make sure you specified the correct path.' |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * Now the storage will be filled with IDS_Filter objects |
|---|
| | | */ |
|---|
| | | $nocache = $filters instanceof \SimpleXMLElement; |
|---|
| | | |
|---|
| | | if ($nocache) |
|---|
| | | { |
|---|
| | | // build filters and cache them for re-use on next run |
|---|
| | | $data = array(); |
|---|
| | | $filters = $filters->filter; |
|---|
| | | |
|---|
| | | foreach ($filters as $filter) { |
|---|
| | | $id = (string) $filter->id; |
|---|
| | | $rule = (string) $filter->rule; |
|---|
| | | $impact = (string) $filter->impact; |
|---|
| | | $tags = array_values((array) $filter->tags); |
|---|
| | | $description = (string) $filter->description; |
|---|
| | | |
|---|
| | | $this->addFilter( |
|---|
| | | new \IDS\Filter( |
|---|
| | | $id, |
|---|
| | | $rule, |
|---|
| | | $description, |
|---|
| | | (array) $tags[0], |
|---|
| | | (int) $impact |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $data[] = array( |
|---|
| | | 'id' => $id, |
|---|
| | | 'rule' => $rule, |
|---|
| | | 'impact' => $impact, |
|---|
| | | 'tags' => $tags, |
|---|
| | | 'description' => $description |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * If caching is enabled, the fetched data will be cached |
|---|
| | | */ |
|---|
| | | if ($this->cacheSettings) { |
|---|
| | | $this->cache->setCache($data); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } else { |
|---|
| | | |
|---|
| | | // build filters from cached content |
|---|
| | | $this->addFiltersFromArray($filters); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | throw new \RuntimeException('SimpleXML is not loaded.'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Loads filters from Json file using ext/Json |
|---|
| | | * |
|---|
| | | * This function parses the provided source file and stores the result. |
|---|
| | | * If caching mode is enabled the result will be cached to increase |
|---|
| | | * the performance. |
|---|
| | | * |
|---|
| | | * @throws \RuntimeException if problems with fetching the JSON data occur |
|---|
| | | * @return object $this |
|---|
| | | */ |
|---|
| | | public function getFilterFromJson() |
|---|
| | | { |
|---|
| | | |
|---|
| | | if (extension_loaded('Json')) { |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * See if filters are already available in the cache |
|---|
| | | */ |
|---|
| | | $filters = $this->isCached(); |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * If they aren't, parse the source file |
|---|
| | | */ |
|---|
| | | if (!$filters) { |
|---|
| | | if (!file_exists($this->source)) { |
|---|
| | | throw new \InvalidArgumentException( |
|---|
| | | sprintf('Invalid config: %s doesn\'t exist.', $this->source) |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | $filters = json_decode(file_get_contents($this->source)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!$filters) { |
|---|
| | | throw new \RuntimeException('JSON data could not be loaded. Make sure you specified the correct path.'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * Now the storage will be filled with IDS_Filter objects |
|---|
| | | */ |
|---|
| | | $nocache = !is_array($filters); |
|---|
| | | |
|---|
| | | if ($nocache) { |
|---|
| | | |
|---|
| | | // build filters and cache them for re-use on next run |
|---|
| | | $data = array(); |
|---|
| | | $filters = $filters->filters->filter; |
|---|
| | | |
|---|
| | | foreach ($filters as $filter) { |
|---|
| | | |
|---|
| | | $id = (string) $filter->id; |
|---|
| | | $rule = (string) $filter->rule; |
|---|
| | | $impact = (string) $filter->impact; |
|---|
| | | $tags = array_values((array) $filter->tags); |
|---|
| | | $description = (string) $filter->description; |
|---|
| | | |
|---|
| | | $this->addFilter( |
|---|
| | | new \IDS\Filter( |
|---|
| | | $id, |
|---|
| | | $rule, |
|---|
| | | $description, |
|---|
| | | (array) $tags[0], |
|---|
| | | (int) $impact |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $data[] = array( |
|---|
| | | 'id' => $id, |
|---|
| | | 'rule' => $rule, |
|---|
| | | 'impact' => $impact, |
|---|
| | | 'tags' => $tags, |
|---|
| | | 'description' => $description |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * If caching is enabled, the fetched data will be cached |
|---|
| | | */ |
|---|
| | | if ($this->cacheSettings) { |
|---|
| | | $this->cache->setCache($data); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } else { |
|---|
| | | |
|---|
| | | // build filters from cached content |
|---|
| | | $this->addFiltersFromArray($filters); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | throw new \RuntimeException('json extension is not loaded.'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This functions adds an array of filters to the IDS_Storage object. |
|---|
| | | * Each entry within the array is expected to be an simple array containing all parts of the filter. |
|---|
| | | * |
|---|
| | | * @param array $filters |
|---|
| | | */ |
|---|
| | | private function addFiltersFromArray(array $filters) |
|---|
| | | { |
|---|
| | | foreach ($filters as $filter) { |
|---|
| | | |
|---|
| | | $id = $filter['id']; |
|---|
| | | $rule = $filter['rule']; |
|---|
| | | $impact = $filter['impact']; |
|---|
| | | $tags = $filter['tags']; |
|---|
| | | $description = $filter['description']; |
|---|
| | | |
|---|
| | | $this->addFilter( |
|---|
| | | new \IDS\Filter( |
|---|
| | | $id, |
|---|
| | | $rule, |
|---|
| | | $description, |
|---|
| | | (array) $tags[0], |
|---|
| | | (int) $impact |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Framework initiation |
|---|
| | | * |
|---|
| | | * This class is used for the purpose to initiate the framework and inhabits |
|---|
| | | * functionality to parse the needed configuration file. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Groupup |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | * @since Version 0.4 |
|---|
| | | */ |
|---|
| | | class Init |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Holds config settings |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | public $config = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Instance of this class depending on the supplied config file |
|---|
| | | * |
|---|
| | | * @var Init[]|array |
|---|
| | | * @static |
|---|
| | | */ |
|---|
| | | private static $instances = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * Includes needed classes and parses the configuration file |
|---|
| | | * |
|---|
| | | * @param array $config |
|---|
| | | * |
|---|
| | | * @return \IDS\Init $this |
|---|
| | | */ |
|---|
| | | public function __construct(array $config = array()) |
|---|
| | | { |
|---|
| | | $this->config = $config; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns an instance of this class. Also a PHP version check |
|---|
| | | * is being performed to avoid compatibility problems with PHP < 5.1.6 |
|---|
| | | * |
|---|
| | | * @param string|null $configPath the path to the config file |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException |
|---|
| | | * @return self |
|---|
| | | */ |
|---|
| | | public static function init($configPath = null) |
|---|
| | | { |
|---|
| | | if (!$configPath) { |
|---|
| | | return new self(); |
|---|
| | | } |
|---|
| | | if (!isset(self::$instances[$configPath])) { |
|---|
| | | if (!file_exists($configPath) || !is_readable($configPath)) { |
|---|
| | | throw new \InvalidArgumentException("Invalid config path '$configPath'"); |
|---|
| | | } |
|---|
| | | self::$instances[$configPath] = new static(parse_ini_file($configPath, true)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return self::$instances[$configPath]; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method checks if a base path is given and usage is set to true. |
|---|
| | | * If all that tests succeed the base path will be returned as a string - |
|---|
| | | * else null will be returned. |
|---|
| | | * |
|---|
| | | * @return string|null the base path or null |
|---|
| | | */ |
|---|
| | | public function getBasePath() |
|---|
| | | { |
|---|
| | | return (!empty($this->config['General']['base_path']) |
|---|
| | | && !empty($this->config['General']['use_base_path'])) |
|---|
| | | ? $this->config['General']['base_path'] : null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Merges new settings into the exsiting ones or overwrites them |
|---|
| | | * |
|---|
| | | * @param array $config the config array |
|---|
| | | * @param boolean $overwrite config overwrite flag |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function setConfig(array $config, $overwrite = false) |
|---|
| | | { |
|---|
| | | if ($overwrite) { |
|---|
| | | $this->config = $this->mergeConfig($this->config, $config); |
|---|
| | | } else { |
|---|
| | | $this->config = $this->mergeConfig($config, $this->config); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Merge config hashes recursivly |
|---|
| | | * |
|---|
| | | * The algorithm merges configuration arrays recursively. If an element is |
|---|
| | | * an array in both, the values will be appended. If it is a scalar in both, |
|---|
| | | * the value will be replaced. |
|---|
| | | * |
|---|
| | | * @param array $current The legacy hash |
|---|
| | | * @param array $successor The hash which values count more when in doubt |
|---|
| | | * @return array Merged hash |
|---|
| | | */ |
|---|
| | | protected function mergeConfig($current, $successor) |
|---|
| | | { |
|---|
| | | if (is_array($current) and is_array($successor)) { |
|---|
| | | foreach ($successor as $key => $value) { |
|---|
| | | if (isset($current[$key]) |
|---|
| | | and is_array($value) |
|---|
| | | and is_array($current[$key])) { |
|---|
| | | |
|---|
| | | $current[$key] = $this->mergeConfig($current[$key], $value); |
|---|
| | | } else { |
|---|
| | | $current[$key] = $successor[$key]; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $current; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns the config array |
|---|
| | | * |
|---|
| | | * @return array the config array |
|---|
| | | */ |
|---|
| | | public function getConfig() |
|---|
| | | { |
|---|
| | | return $this->config; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS; |
|---|
| | | |
|---|
| | | use IDS\Filter\Storage; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Monitoring engine |
|---|
| | | * |
|---|
| | | * This class represents the core of the frameworks attack detection mechanism |
|---|
| | | * and provides functions to scan incoming data for malicious appearing script |
|---|
| | | * fragments. |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | class Monitor |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Tags to define what to search for |
|---|
| | | * |
|---|
| | | * Accepted values are xss, csrf, sqli, dt, id, lfi, rfe, spam, dos |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $tags = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Container for filter rules |
|---|
| | | * |
|---|
| | | * Holds an instance of Storage |
|---|
| | | * |
|---|
| | | * @var Storage |
|---|
| | | */ |
|---|
| | | private $storage = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Scan keys switch |
|---|
| | | * |
|---|
| | | * Enabling this property will cause the monitor to scan both the key and |
|---|
| | | * the value of variables |
|---|
| | | * |
|---|
| | | * @var boolean |
|---|
| | | */ |
|---|
| | | public $scanKeys = false; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Exception container |
|---|
| | | * |
|---|
| | | * Using this array it is possible to define variables that must not be |
|---|
| | | * scanned. Per default, utmz google analytics parameters are permitted. |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $exceptions = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Html container |
|---|
| | | * |
|---|
| | | * Using this array it is possible to define variables that legally |
|---|
| | | * contain html and have to be prepared before hitting the rules to |
|---|
| | | * avoid too many false alerts |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $html = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * JSON container |
|---|
| | | * |
|---|
| | | * Using this array it is possible to define variables that contain |
|---|
| | | * JSON data - and should be treated as such |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | private $json = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Holds HTMLPurifier object |
|---|
| | | * |
|---|
| | | * @var \HTMLPurifier |
|---|
| | | */ |
|---|
| | | private $htmlPurifier = null; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * HTMLPurifier cache directory |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $HTMLPurifierCache = ''; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This property holds the tmp JSON string from the _jsonDecodeValues() callback |
|---|
| | | * |
|---|
| | | * @var string |
|---|
| | | */ |
|---|
| | | private $tmpJsonString = ''; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException When PHP version is less than what the library supports |
|---|
| | | * @throws \Exception |
|---|
| | | * @param Init $init instance of IDS_Init |
|---|
| | | * @param array|null $tags list of tags to which filters should be applied |
|---|
| | | * @return Monitor |
|---|
| | | */ |
|---|
| | | public function __construct(Init $init, array $tags = null) |
|---|
| | | { |
|---|
| | | $this->storage = new Storage($init); |
|---|
| | | $this->tags = $tags; |
|---|
| | | $this->scanKeys = $init->config['General']['scan_keys']; |
|---|
| | | $this->exceptions = isset($init->config['General']['exceptions']) ? $init->config['General']['exceptions'] : array(); |
|---|
| | | $this->html = isset($init->config['General']['html']) ? $init->config['General']['html'] : array(); |
|---|
| | | $this->json = isset($init->config['General']['json']) ? $init->config['General']['json'] : array(); |
|---|
| | | |
|---|
| | | if (isset($init->config['General']['HTML_Purifier_Cache'])) { |
|---|
| | | $this->HTMLPurifierCache = $init->getBasePath() . $init->config['General']['HTML_Purifier_Cache']; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $tmpPath = $init->getBasePath() . $init->config['General']['tmp_path']; |
|---|
| | | |
|---|
| | | if (!is_writeable($tmpPath)) { |
|---|
| | | throw new \InvalidArgumentException("Please make sure the folder '$tmpPath' is writable"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Starts the scan mechanism |
|---|
| | | * |
|---|
| | | * @param array $request |
|---|
| | | * @return Report |
|---|
| | | */ |
|---|
| | | public function run(array $request) |
|---|
| | | { |
|---|
| | | $report = new Report; |
|---|
| | | foreach ($request as $key => $value) { |
|---|
| | | $report = $this->iterate($key, $value, $report); |
|---|
| | | } |
|---|
| | | return $report; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Iterates through given data and delegates it to IDS_Monitor::_detect() in |
|---|
| | | * order to check for malicious appearing fragments |
|---|
| | | * |
|---|
| | | * @param string $key the former array key |
|---|
| | | * @param array|string $value the former array value |
|---|
| | | * @param Report $report |
|---|
| | | * @return Report |
|---|
| | | */ |
|---|
| | | private function iterate($key, $value, Report $report) |
|---|
| | | { |
|---|
| | | if (is_array($value)) { |
|---|
| | | foreach ($value as $subKey => $subValue) { |
|---|
| | | $this->iterate("$key.$subKey", $subValue, $report); |
|---|
| | | } |
|---|
| | | } elseif (is_string($value)) { |
|---|
| | | if ($filter = $this->detect($key, $value)) { |
|---|
| | | $report->addEvent(new Event($key, $value, $filter)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | return $report; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Checks whether given value matches any of the supplied filter patterns |
|---|
| | | * |
|---|
| | | * @param mixed $key the key of the value to scan |
|---|
| | | * @param mixed $value the value to scan |
|---|
| | | * |
|---|
| | | * @return Filter[] array of filter(s) that matched the value |
|---|
| | | */ |
|---|
| | | private function detect($key, $value) |
|---|
| | | { |
|---|
| | | // define the pre-filter |
|---|
| | | $preFilter = '([^\w\s/@!?\.]+|(?:\./)|(?:@@\w+)|(?:\+ADw)|(?:union\s+select))i'; |
|---|
| | | |
|---|
| | | // to increase performance, only start detection if value isn't alphanumeric |
|---|
| | | if ((!$this->scanKeys || !$key || !preg_match($preFilter, $key)) && (!$value || !preg_match($preFilter, $value))) { |
|---|
| | | return array(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check if this field is part of the exceptions |
|---|
| | | foreach ($this->exceptions as $exception) { |
|---|
| | | $matches = array(); |
|---|
| | | if (($exception === $key) || preg_match('((/.*/[^eE]*)$)', $exception, $matches) && isset($matches[1]) && preg_match($matches[1], $key)) { |
|---|
| | | return array(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check for magic quotes and remove them if necessary |
|---|
| | | if (function_exists('get_magic_quotes_gpc') && !get_magic_quotes_gpc()) { |
|---|
| | | $value = preg_replace('(\\\(["\'/]))im', '$1', $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // if html monitoring is enabled for this field - then do it! |
|---|
| | | if (is_array($this->html) && in_array($key, $this->html, true)) { |
|---|
| | | list($key, $value) = $this->purifyValues($key, $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // check if json monitoring is enabled for this field |
|---|
| | | if (is_array($this->json) && in_array($key, $this->json, true)) { |
|---|
| | | list($key, $value) = $this->jsonDecodeValues($key, $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // use the converter |
|---|
| | | $value = Converter::runAll($value); |
|---|
| | | $value = Converter::runCentrifuge($value, $this); |
|---|
| | | |
|---|
| | | // scan keys if activated via config |
|---|
| | | $key = $this->scanKeys ? Converter::runAll($key) : $key; |
|---|
| | | $key = $this->scanKeys ? Converter::runCentrifuge($key, $this) : $key; |
|---|
| | | |
|---|
| | | $filterSet = $this->storage->getFilterSet(); |
|---|
| | | |
|---|
| | | if ($tags = $this->tags) { |
|---|
| | | $filterSet = array_filter( |
|---|
| | | $filterSet, |
|---|
| | | function (Filter $filter) use ($tags) { |
|---|
| | | return (bool) array_intersect($tags, $filter->getTags()); |
|---|
| | | } |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $scanKeys = $this->scanKeys; |
|---|
| | | $filterSet = array_filter( |
|---|
| | | $filterSet, |
|---|
| | | function (Filter $filter) use ($key, $value, $scanKeys) { |
|---|
| | | return $filter->match($value) || $scanKeys && $filter->match($key); |
|---|
| | | } |
|---|
| | | ); |
|---|
| | | |
|---|
| | | return $filterSet; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Purifies given key and value variables using HTMLPurifier |
|---|
| | | * |
|---|
| | | * This function is needed whenever there is variables for which HTML |
|---|
| | | * might be allowed like e.g. WYSIWYG post bodies. It will detect malicious |
|---|
| | | * code fragments and leaves harmless parts untouched. |
|---|
| | | * |
|---|
| | | * @param mixed $key |
|---|
| | | * @param mixed $value |
|---|
| | | * @since 0.5 |
|---|
| | | * @throws \Exception |
|---|
| | | * |
|---|
| | | * @return array tuple [key,value] |
|---|
| | | */ |
|---|
| | | private function purifyValues($key, $value) |
|---|
| | | { |
|---|
| | | /* |
|---|
| | | * Perform a pre-check if string is valid for purification |
|---|
| | | */ |
|---|
| | | if ($this->purifierPreCheck($key, $value)) { |
|---|
| | | if (!is_writeable($this->HTMLPurifierCache)) { |
|---|
| | | throw new \Exception($this->HTMLPurifierCache . ' must be writeable'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** @var $config \HTMLPurifier_Config */ |
|---|
| | | $config = \HTMLPurifier_Config::createDefault(); |
|---|
| | | $config->set('Attr.EnableID', true); |
|---|
| | | $config->set('Cache.SerializerPath', $this->HTMLPurifierCache); |
|---|
| | | $config->set('Output.Newline', "\n"); |
|---|
| | | $this->htmlPurifier = new \HTMLPurifier($config); |
|---|
| | | |
|---|
| | | $value = preg_replace('([\x0b-\x0c])', ' ', $value); |
|---|
| | | $key = preg_replace('([\x0b-\x0c])', ' ', $key); |
|---|
| | | |
|---|
| | | $purifiedValue = $this->htmlPurifier->purify($value); |
|---|
| | | $purifiedKey = $this->htmlPurifier->purify($key); |
|---|
| | | |
|---|
| | | $plainValue = strip_tags($value); |
|---|
| | | $plainKey = strip_tags($key); |
|---|
| | | |
|---|
| | | $value = $value != $purifiedValue || $plainValue ? $this->diff($value, $purifiedValue, $plainValue) : null; |
|---|
| | | $key = $key != $purifiedKey ? $this->diff($key, $purifiedKey, $plainKey) : null; |
|---|
| | | } |
|---|
| | | return array($key, $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method makes sure no dangerous markup can be smuggled in |
|---|
| | | * attributes when HTML mode is switched on. |
|---|
| | | * |
|---|
| | | * If the precheck considers the string too dangerous for |
|---|
| | | * purification false is being returned. |
|---|
| | | * |
|---|
| | | * @param string $key |
|---|
| | | * @param string $value |
|---|
| | | * @since 0.6 |
|---|
| | | * |
|---|
| | | * @return boolean |
|---|
| | | */ |
|---|
| | | private function purifierPreCheck($key = '', $value = '') |
|---|
| | | { |
|---|
| | | /* |
|---|
| | | * Remove control chars before pre-check |
|---|
| | | */ |
|---|
| | | $tmpValue = preg_replace('/\p{C}/', null, $value); |
|---|
| | | $tmpKey = preg_replace('/\p{C}/', null, $key); |
|---|
| | | |
|---|
| | | $preCheck = '/<(script|iframe|applet|object)\W/i'; |
|---|
| | | return !(preg_match($preCheck, $tmpKey) || preg_match($preCheck, $tmpValue)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method calculates the difference between the original |
|---|
| | | * and the purified markup strings. |
|---|
| | | * |
|---|
| | | * @param string $original the original markup |
|---|
| | | * @param string $purified the purified markup |
|---|
| | | * @param string $plain the string without html |
|---|
| | | * @since 0.5 |
|---|
| | | * |
|---|
| | | * @return string the difference between the strings |
|---|
| | | */ |
|---|
| | | private function diff($original, $purified, $plain) |
|---|
| | | { |
|---|
| | | /* |
|---|
| | | * deal with over-sensitive alt-attribute addition of the purifier |
|---|
| | | * and other common html formatting problems |
|---|
| | | */ |
|---|
| | | $purified = preg_replace('/\s+alt="[^"]*"/m', null, $purified); |
|---|
| | | $purified = preg_replace('/=?\s*"\s*"/m', null, $purified); |
|---|
| | | $original = preg_replace('/\s+alt="[^"]*"/m', null, $original); |
|---|
| | | $original = preg_replace('/=?\s*"\s*"/m', null, $original); |
|---|
| | | $original = preg_replace('/style\s*=\s*([^"])/m', 'style = "$1', $original); |
|---|
| | | |
|---|
| | | # deal with oversensitive CSS normalization |
|---|
| | | $original = preg_replace('/(?:([\w\-]+:)+\s*([^;]+;\s*))/m', '$1$2', $original); |
|---|
| | | |
|---|
| | | # strip whitespace between tags |
|---|
| | | $original = trim(preg_replace('/>\s*</m', '><', $original)); |
|---|
| | | $purified = trim(preg_replace('/>\s*</m', '><', $purified)); |
|---|
| | | |
|---|
| | | $original = preg_replace('/(=\s*(["\'`])[^>"\'`]*>[^>"\'`]*["\'`])/m', 'alt$1', $original); |
|---|
| | | |
|---|
| | | // no purified html is left |
|---|
| | | if (!$purified) { |
|---|
| | | return $original; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // calculate the diff length |
|---|
| | | $length = mb_strlen($original) - mb_strlen($purified); |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * Calculate the difference between the original html input |
|---|
| | | * and the purified string. |
|---|
| | | */ |
|---|
| | | $array1 = preg_split('/(?<!^)(?!$)/u', html_entity_decode(urldecode($original))); |
|---|
| | | $array2 = preg_split('/(?<!^)(?!$)/u', $purified); |
|---|
| | | |
|---|
| | | // create an array containing the single character differences |
|---|
| | | $differences = array_diff_assoc($array1, $array2); |
|---|
| | | |
|---|
| | | // return the diff - ready to hit the converter and the rules |
|---|
| | | $differences = trim(implode('', $differences)); |
|---|
| | | $diff = $length <= 10 ? $differences : mb_substr($differences, 0, strlen($original)); |
|---|
| | | |
|---|
| | | // clean up spaces between tag delimiters |
|---|
| | | $diff = preg_replace('/>\s*</m', '><', $diff); |
|---|
| | | |
|---|
| | | // correct over-sensitively stripped bad html elements |
|---|
| | | $diff = preg_replace('/[^<](iframe|script|embed|object|applet|base|img|style)/m', '<$1', $diff ); |
|---|
| | | |
|---|
| | | return mb_strlen($diff) >= 4 ? $diff . $plain : null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method prepares incoming JSON data for the PHPIDS detection |
|---|
| | | * process. It utilizes _jsonConcatContents() as callback and returns a |
|---|
| | | * string version of the JSON data structures. |
|---|
| | | * |
|---|
| | | * @param string $key |
|---|
| | | * @param string $value |
|---|
| | | * @since 0.5.3 |
|---|
| | | * |
|---|
| | | * @return array tuple [key,value] |
|---|
| | | */ |
|---|
| | | private function jsonDecodeValues($key, $value) |
|---|
| | | { |
|---|
| | | $decodedKey = json_decode($key); |
|---|
| | | $decodedValue = json_decode($value); |
|---|
| | | |
|---|
| | | if ($decodedValue && is_array($decodedValue) || is_object($decodedValue)) { |
|---|
| | | array_walk_recursive($decodedValue, array($this, 'jsonConcatContents')); |
|---|
| | | $value = $this->tmpJsonString; |
|---|
| | | } else { |
|---|
| | | $this->tmpJsonString .= " " . $decodedValue . "\n"; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if ($decodedKey && is_array($decodedKey) || is_object($decodedKey)) { |
|---|
| | | array_walk_recursive($decodedKey, array($this, 'jsonConcatContents')); |
|---|
| | | $key = $this->tmpJsonString; |
|---|
| | | } else { |
|---|
| | | $this->tmpJsonString .= " " . $decodedKey . "\n"; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return array($key, $value); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This is the callback used in _jsonDecodeValues(). The method |
|---|
| | | * concatenates key and value and stores them in $this->tmpJsonString. |
|---|
| | | * |
|---|
| | | * @param mixed $key |
|---|
| | | * @param mixed $value |
|---|
| | | * @since 0.5.3 |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | private function jsonConcatContents($key, $value) |
|---|
| | | { |
|---|
| | | if (is_string($key) && is_string($value)) { |
|---|
| | | $this->tmpJsonString .= $key . " " . $value . "\n"; |
|---|
| | | } else { |
|---|
| | | $this->jsonDecodeValues(json_encode($key), json_encode($value)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Sets exception array |
|---|
| | | * |
|---|
| | | * @param string[]|string $exceptions the thrown exceptions |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function setExceptions($exceptions) |
|---|
| | | { |
|---|
| | | $this->exceptions = (array) $exceptions; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns exception array |
|---|
| | | * |
|---|
| | | * @return array |
|---|
| | | */ |
|---|
| | | public function getExceptions() |
|---|
| | | { |
|---|
| | | return $this->exceptions; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Sets html array |
|---|
| | | * |
|---|
| | | * @param string[]|string $html the fields containing html |
|---|
| | | * @since 0.5 |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function setHtml($html) |
|---|
| | | { |
|---|
| | | $this->html = (array) $html; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Adds a value to the html array |
|---|
| | | * |
|---|
| | | * @since 0.5 |
|---|
| | | * |
|---|
| | | * @param mixed $value |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function addHtml($value) |
|---|
| | | { |
|---|
| | | $this->html[] = $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns html array |
|---|
| | | * |
|---|
| | | * @since 0.5 |
|---|
| | | * |
|---|
| | | * @return array the fields that contain allowed html |
|---|
| | | */ |
|---|
| | | public function getHtml() |
|---|
| | | { |
|---|
| | | return $this->html; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Sets json array |
|---|
| | | * |
|---|
| | | * @param string[]|string $json the fields containing json |
|---|
| | | * @since 0.5.3 |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function setJson($json) |
|---|
| | | { |
|---|
| | | $this->json = (array) $json; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Adds a value to the json array |
|---|
| | | * |
|---|
| | | * @param string $value the value containing JSON data |
|---|
| | | * @since 0.5.3 |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function addJson($value) |
|---|
| | | { |
|---|
| | | $this->json[] = $value; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns json array |
|---|
| | | * |
|---|
| | | * @since 0.5.3 |
|---|
| | | * |
|---|
| | | * @return array the fields that contain json |
|---|
| | | */ |
|---|
| | | public function getJson() |
|---|
| | | { |
|---|
| | | return $this->json; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns storage container |
|---|
| | | * |
|---|
| | | * @return array |
|---|
| | | */ |
|---|
| | | public function getStorage() |
|---|
| | | { |
|---|
| | | return $this->storage; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * PHPIDS report object |
|---|
| | | * |
|---|
| | | * The report objects collects a number of events and thereby presents the |
|---|
| | | * detected results. It provides a convenient API to work with the results. |
|---|
| | | * |
|---|
| | | * Note that this class implements Countable, IteratorAggregate and |
|---|
| | | * a __toString() method |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | class Report implements \Countable, \IteratorAggregate |
|---|
| | | { |
|---|
| | | /** |
|---|
| | | * Event container |
|---|
| | | * |
|---|
| | | * @var Event[]|array |
|---|
| | | */ |
|---|
| | | protected $events = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * List of affected tags |
|---|
| | | * |
|---|
| | | * This list of tags is collected from the collected event objects on |
|---|
| | | * demand when IDS_Report->getTags() is called |
|---|
| | | * |
|---|
| | | * @var string[]|array |
|---|
| | | */ |
|---|
| | | protected $tags = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Impact level |
|---|
| | | * |
|---|
| | | * The impact level is calculated on demand by adding the results of the |
|---|
| | | * event objects on IDS\Report->getImpact() |
|---|
| | | * |
|---|
| | | * @var integer |
|---|
| | | */ |
|---|
| | | protected $impact = 0; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Centrifuge data |
|---|
| | | * |
|---|
| | | * This variable - initiated as an empty array - carries all information |
|---|
| | | * about the centrifuge data if available |
|---|
| | | * |
|---|
| | | * @var array |
|---|
| | | */ |
|---|
| | | protected $centrifuge = array(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Constructor |
|---|
| | | * |
|---|
| | | * @param array $events the events the report should include |
|---|
| | | * |
|---|
| | | * @return Report |
|---|
| | | */ |
|---|
| | | public function __construct(array $events = null) |
|---|
| | | { |
|---|
| | | foreach ((array) $events as $event) { |
|---|
| | | $this->addEvent($event); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Adds an IDS_Event object to the report |
|---|
| | | * |
|---|
| | | * @param Event $event IDS_Event |
|---|
| | | * |
|---|
| | | * @return self $this |
|---|
| | | */ |
|---|
| | | public function addEvent(Event $event) |
|---|
| | | { |
|---|
| | | $this->clear(); |
|---|
| | | $this->events[$event->getName()] = $event; |
|---|
| | | |
|---|
| | | return $this; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Get event by name |
|---|
| | | * |
|---|
| | | * In most cases an event is identified by the key of the variable that |
|---|
| | | * contained maliciously appearing content |
|---|
| | | * |
|---|
| | | * @param string|integer $name the event name |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException if argument is invalid |
|---|
| | | * @return Event|null IDS_Event object or false if the event does not exist |
|---|
| | | */ |
|---|
| | | public function getEvent($name) |
|---|
| | | { |
|---|
| | | if (!is_scalar($name)) { |
|---|
| | | throw new \InvalidArgumentException('Invalid argument type given'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this->hasEvent($name) ? $this->events[$name] : null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns list of events |
|---|
| | | * |
|---|
| | | * @return string[]|array |
|---|
| | | */ |
|---|
| | | |
|---|
| | | public function getEvents() |
|---|
| | | { |
|---|
| | | return $this->events; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns list of affected tags |
|---|
| | | * |
|---|
| | | * @return string[]|array |
|---|
| | | */ |
|---|
| | | public function getTags() |
|---|
| | | { |
|---|
| | | if (!$this->tags) { |
|---|
| | | $this->tags = array(); |
|---|
| | | |
|---|
| | | foreach ($this->events as $event) { |
|---|
| | | $this->tags = array_merge($this->tags, $event->getTags()); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->tags = array_values(array_unique($this->tags)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this->tags; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns total impact |
|---|
| | | * |
|---|
| | | * Each stored IDS_Event object and its IDS_Filter sub-object are called |
|---|
| | | * to calculate the overall impact level of this request |
|---|
| | | * |
|---|
| | | * @return integer |
|---|
| | | */ |
|---|
| | | public function getImpact() |
|---|
| | | { |
|---|
| | | if (!$this->impact) { |
|---|
| | | $this->impact = 0; |
|---|
| | | foreach ($this->events as $event) { |
|---|
| | | $this->impact += $event->getImpact(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this->impact; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Checks if a specific event with given name exists |
|---|
| | | * |
|---|
| | | * @param string|integer $name the event name |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException if argument is illegal |
|---|
| | | * @return boolean |
|---|
| | | */ |
|---|
| | | public function hasEvent($name) |
|---|
| | | { |
|---|
| | | if (!is_scalar($name)) { |
|---|
| | | throw new \InvalidArgumentException('Invalid argument given'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return isset($this->events[$name]); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Returns total amount of events |
|---|
| | | * |
|---|
| | | * @return integer |
|---|
| | | */ |
|---|
| | | public function count() |
|---|
| | | { |
|---|
| | | return count($this->events); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Return iterator object |
|---|
| | | * |
|---|
| | | * In order to provide the possibility to directly iterate over the |
|---|
| | | * IDS_Event object the IteratorAggregate is implemented. One can easily |
|---|
| | | * use foreach() to iterate through all stored IDS_Event objects. |
|---|
| | | * |
|---|
| | | * @return \Iterator the event collection |
|---|
| | | */ |
|---|
| | | public function getIterator() |
|---|
| | | { |
|---|
| | | return new \ArrayIterator($this->events); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Checks if any events are registered |
|---|
| | | * |
|---|
| | | * @return boolean |
|---|
| | | */ |
|---|
| | | public function isEmpty() |
|---|
| | | { |
|---|
| | | return empty($this->events); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Clears calculated/collected values |
|---|
| | | * |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | protected function clear() |
|---|
| | | { |
|---|
| | | $this->impact = 0; |
|---|
| | | $this->tags = array(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method returns the centrifuge property or null if not |
|---|
| | | * filled with data |
|---|
| | | * |
|---|
| | | * @return array |
|---|
| | | */ |
|---|
| | | public function getCentrifuge() |
|---|
| | | { |
|---|
| | | return $this->centrifuge; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This method sets the centrifuge property |
|---|
| | | * |
|---|
| | | * @param array $centrifuge the centrifuge data |
|---|
| | | * |
|---|
| | | * @throws \InvalidArgumentException if argument is illegal |
|---|
| | | * @return void |
|---|
| | | */ |
|---|
| | | public function setCentrifuge(array $centrifuge = array()) |
|---|
| | | { |
|---|
| | | if (!$centrifuge) { |
|---|
| | | throw new \InvalidArgumentException('Empty centrifuge given'); |
|---|
| | | } |
|---|
| | | $this->centrifuge = $centrifuge; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Directly outputs all available information |
|---|
| | | * |
|---|
| | | * @return string |
|---|
| | | */ |
|---|
| | | public function __toString() |
|---|
| | | { |
|---|
| | | $output = ''; |
|---|
| | | if (!$this->isEmpty()) { |
|---|
| | | $output .= vsprintf( |
|---|
| | | "Total impact: %d<br/>\nAffected tags: %s<br/>\n", |
|---|
| | | array( |
|---|
| | | $this->getImpact(), |
|---|
| | | implode(', ', $this->getTags()) |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | |
|---|
| | | foreach ($this->events as $event) { |
|---|
| | | $output .= vsprintf( |
|---|
| | | "<br/>\nVariable: %s | Value: %s<br/>\nImpact: %d | Tags: %s<br/>\n", |
|---|
| | | array( |
|---|
| | | htmlspecialchars($event->getName()), |
|---|
| | | htmlspecialchars($event->getValue()), |
|---|
| | | $event->getImpact(), |
|---|
| | | implode(', ', $event->getTags()) |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | |
|---|
| | | foreach ($event as $filter) { |
|---|
| | | $output .= vsprintf( |
|---|
| | | "Description: %s | Tags: %s | ID %s<br/>\n", |
|---|
| | | array( |
|---|
| | | $filter->getDescription(), |
|---|
| | | implode(', ', $filter->getTags()), |
|---|
| | | $filter->getId() |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $output .= '<br/>'; |
|---|
| | | |
|---|
| | | if ($centrifuge = $this->getCentrifuge()) { |
|---|
| | | $output .= vsprintf( |
|---|
| | | "Centrifuge detection data<br/> Threshold: %s<br/> Ratio: %s", |
|---|
| | | array( |
|---|
| | | isset($centrifuge['threshold']) && $centrifuge['threshold'] ? $centrifuge['threshold'] : '---', |
|---|
| | | isset($centrifuge['ratio']) && $centrifuge['ratio'] ? $centrifuge['ratio'] : '---' |
|---|
| | | ) |
|---|
| | | ); |
|---|
| | | if (isset($centrifuge['converted'])) { |
|---|
| | | $output .= '<br/> Converted: ' . $centrifuge['converted']; |
|---|
| | | } |
|---|
| | | $output .= "<br/><br/>\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $output; |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | /** |
|---|
| | | * PHPIDS |
|---|
| | | * |
|---|
| | | * Requirements: PHP5, SimpleXML |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | | * |
|---|
| | | * PHP version 5.1.6+ |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | namespace IDS; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * PHPIDS version class |
|---|
| | | * |
|---|
| | | * @category Security |
|---|
| | | * @package PHPIDS |
|---|
| | | * @author Christian Matthies <ch0012@gmail.com> |
|---|
| | | * @author Mario Heiderich <mario.heiderich@gmail.com> |
|---|
| | | * @author Lars Strojny <lars@strojny.net> |
|---|
| | | * @copyright 2007-2009 The PHPIDS Group |
|---|
| | | * @license http://www.gnu.org/licenses/lgpl.html LGPL |
|---|
| | | * @link http://php-ids.org/ |
|---|
| | | */ |
|---|
| | | abstract class Version |
|---|
| | | { |
|---|
| | | const VERSION = 'master'; |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | { |
|---|
| | | "filters":{ |
|---|
| | | "filter":[ |
|---|
| | | { |
|---|
| | | "id":"1", |
|---|
| | | "rule":"(?:\"[^\"]*[^-]?>)|(?:[^\\w\\s]\\s*\\\/>)|(?:>\")", |
|---|
| | | "description":"Finds html breaking injections including whitespace attacks", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"2", |
|---|
| | | "rule":"(?:\"+.*[<=]\\s*\"[^\"]+\")|(?:\"\\s*\\w+\\s*=)|(?:>\\w=\\\/)|(?:#.+\\)[\"\\s]*>)|(?:\"\\s*(?:src|style|on\\w+)\\s*=\\s*\")|(?:[^\"]?\"[,;\\s]+\\w*[\\[\\(])", |
|---|
| | | "description":"Finds attribute breaking injections including whitespace attacks", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"3", |
|---|
| | | "rule":"(?:^>[\\w\\s]*<\\\/?\\w{2,}>)", |
|---|
| | | "description":"Finds unquoted attribute breaking injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"2" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"4", |
|---|
| | | "rule":"(?:[+\\\/]\\s*name[\\W\\d]*[)+])|(?:;\\W*url\\s*=)|(?:[^\\w\\s\\\/?:>]\\s*(?:location|referrer|name)\\s*[^\\\/\\w\\s-])", |
|---|
| | | "description":"Detects url-, name-, JSON, and referrer-contained payload attacks", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"5", |
|---|
| | | "rule":"(?:\\W\\s*hash\\s*[^\\w\\s-])|(?:\\w+=\\W*[^,]*,[^\\s(]\\s*\\()|(?:\\?\"[^\\s\"]\":)|(?:(?<!\\\/)__[a-z]+__)|(?:(?:^|[\\s)\\]\\}])(?:s|g)etter\\s*=)", |
|---|
| | | "description":"Detects hash-contained xss payload attacks, setter usage and property overloading", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"6", |
|---|
| | | "rule":"(?:with\\s*\\(\\s*.+\\s*\\)\\s*\\w+\\s*\\()|(?:(?:do|while|for)\\s*\\([^)]*\\)\\s*\\{)|(?:\\\/[\\w\\s]*\\[\\W*\\w)", |
|---|
| | | "description":"Detects self contained xss via with(), common loops and regex to string conversion", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"7", |
|---|
| | | "rule":"(?:[=(].+\\?.+:)|(?:with\\([^)]*\\)\\))|(?:\\.\\s*source\\W)", |
|---|
| | | "description":"Detects JavaScript with(), ternary operators and XML predicate attacks", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"8", |
|---|
| | | "rule":"(?:\\\/\\w*\\s*\\)\\s*\\()|(?:\\([\\w\\s]+\\([\\w\\s]+\\)[\\w\\s]+\\))|(?:(?<!(?:mozilla\\\/\\d\\.\\d\\s))\\([^)[]+\\[[^\\]]+\\][^)]*\\))|(?:[^\\s!][{([][^({[]+[{([][^}\\])]+[}\\])][\\s+\",\\d]*[}\\])])|(?:\"\\)?\\]\\W*\\[)|(?:=\\s*[^\\s:;]+\\s*[{([][^}\\])]+[}\\])];)", |
|---|
| | | "description":"Detects self-executing JavaScript functions", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"9", |
|---|
| | | "rule":"(?:\\\\u00[a-f0-9]{2})|(?:\\\\x0*[a-f0-9]{2})|(?:\\\\\\d{2,3})", |
|---|
| | | "description":"Detects the IE octal, hex and unicode entities", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"2" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"10", |
|---|
| | | "rule":"(?:(?:\\\/|\\\\)?\\.+(\\\/|\\\\)(?:\\.+)?)|(?:\\w+\\.exe\\??\\s)|(?:;\\s*\\w+\\s*\\\/[\\w*-]+\\\/)|(?:\\d\\.\\dx\\|)|(?:%(?:c0\\.|af\\.|5c\\.))|(?:\\\/(?:%2e){2})", |
|---|
| | | "description":"Detects basic directory traversal", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "dt", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"11", |
|---|
| | | "rule":"(?:%c0%ae\\\/)|(?:(?:\\\/|\\\\)(home|conf|usr|etc|proc|opt|s?bin|local|dev|tmp|kern|[br]oot|sys|system|windows|winnt|program|%[a-z_-]{3,}%)(?:\\\/|\\\\))|(?:(?:\\\/|\\\\)inetpub|localstart\\.asp|boot\\.ini)", |
|---|
| | | "description":"Detects specific directory and path traversal", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "dt", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"12", |
|---|
| | | "rule":"(?:etc\\\/\\W*passwd)", |
|---|
| | | "description":"Detects etc\/passwd inclusion attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "dt", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"13", |
|---|
| | | "rule":"(?:%u(?:ff|00|e\\d)\\w\\w)|(?:(?:%(?:e\\w|c[^3\\W]|))(?:%\\w\\w)(?:%\\w\\w)?)", |
|---|
| | | "description":"Detects halfwidth\/fullwidth encoded unicode HTML breaking attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"3" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"14", |
|---|
| | | "rule":"(?:#@~\\^\\w+)|(?:\\w+script:|@import[^\\w]|;base64|base64,)|(?:\\w\\s*\\([\\w\\s]+,[\\w\\s]+,[\\w\\s]+,[\\w\\s]+,[\\w\\s]+,[\\w\\s]+\\))", |
|---|
| | | "description":"Detects possible includes, VBSCript\/JScript encodeed and packed functions", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"15", |
|---|
| | | "rule":"([^*:\\s\\w,.\\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\\/_@\\-\\|])(\\s*return\\s*)?(?:create(?:element|attribute|textnode)|[a-z]+events?|setattribute|getelement\\w+|appendchild|createrange|createcontextualfragment|removenode|parentnode|decodeuricomponent|\\wettimeout|(?:ms)?setimmediate|option|useragent)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%\",.+\\-]))", |
|---|
| | | "description":"Detects JavaScript DOM\/miscellaneous properties and methods", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"16", |
|---|
| | | "rule":"([^*\\s\\w,.\\\/?+-]\\s*)?(?<![a-mo-z]\\s)(?<![a-z\\\/_@])(\\s*return\\s*)?(?:alert|inputbox|showmod(?:al|eless)dialog|showhelp|infinity|isnan|isnull|iterator|msgbox|executeglobal|expression|prompt|write(?:ln)?|confirm|dialog|urn|(?:un)?eval|exec|execscript|tostring|status|execute|window|unescape|navigate|jquery|getscript|extend|prototype)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%\",.:\\\/+\\-]))", |
|---|
| | | "description":"Detects possible includes and typical script methods", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"17", |
|---|
| | | "rule":"([^*:\\s\\w,.\\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\\/_@])(\\s*return\\s*)?(?:hash|name|href|navigateandfind|source|pathname|close|constructor|port|protocol|assign|replace|back|forward|document|ownerdocument|window|top|this|self|parent|frames|_?content|date|cookie|innerhtml|innertext|csstext+?|outerhtml|print|moveby|resizeto|createstylesheet|stylesheets)(?(1)[^\\w%\"]|(?:\\s*[^@\\\/\\s\\w%.+\\-]))", |
|---|
| | | "description":"Detects JavaScript object properties and methods", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"18", |
|---|
| | | "rule":"([^*:\\s\\w,.\\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\\/_@\\-\\|])(\\s*return\\s*)?(?:join|pop|push|reverse|reduce|concat|map|shift|sp?lice|sort|unshift)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%,.+\\-]))", |
|---|
| | | "description":"Detects JavaScript array properties and methods", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"19", |
|---|
| | | "rule":"([^*:\\s\\w,.\\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\\/_@\\-\\|])(\\s*return\\s*)?(?:set|atob|btoa|charat|charcodeat|charset|concat|crypto|frames|fromcharcode|indexof|lastindexof|match|navigator|toolbar|menubar|replace|regexp|slice|split|substr|substring|escape|\\w+codeuri\\w*)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%,.+\\-]))", |
|---|
| | | "description":"Detects JavaScript string properties and methods", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"20", |
|---|
| | | "rule":"(?:\\)\\s*\\[)|([^*\":\\s\\w,.\\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z_@\\|])(\\s*return\\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|object|array|string|math|if|for\\s*(?:each)?|elseif|case|switch|regex|boolean|location|(?:ms)?setimmediate|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%\".+\\-\\\/]))", |
|---|
| | | "description":"Detects JavaScript language constructs", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"21", |
|---|
| | | "rule":"(?:,\\s*(?:alert|showmodaldialog|eval)\\s*,)|(?::\\s*eval\\s*[^\\s])|([^:\\s\\w,.\\\/?+-]\\s*)?(?<![a-z\\\/_@])(\\s*return\\s*)?(?:(?:document\\s*\\.)?(?:.+\\\/)?(?:alert|eval|msgbox|showmod(?:al|eless)dialog|showhelp|prompt|write(?:ln)?|confirm|dialog|open))\\s*(?:[^.a-z\\s\\-]|(?:\\s*[^\\s\\w,.@\\\/+-]))|(?:java[\\s\\\/]*\\.[\\s\\\/]*lang)|(?:\\w\\s*=\\s*new\\s+\\w+)|(?:&\\s*\\w+\\s*\\)[^,])|(?:\\+[\\W\\d]*new\\s+\\w+[\\W\\d]*\\+)|(?:document\\.\\w)", |
|---|
| | | "description":"Detects very basic XSS probings", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"3" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"22", |
|---|
| | | "rule":"(?:=\\s*(?:top|this|window|content|self|frames|_content))|(?:\\\/\\s*[gimx]*\\s*[)}])|(?:[^\\s]\\s*=\\s*script)|(?:\\.\\s*constructor)|(?:default\\s+xml\\s+namespace\\s*=)|(?:\\\/\\s*\\+[^+]+\\s*\\+\\s*\\\/)", |
|---|
| | | "description":"Detects advanced XSS probings via Script(), RexExp, constructors and XML namespaces", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"23", |
|---|
| | | "rule":"(?:\\.\\s*\\w+\\W*=)|(?:\\W\\s*(?:location|document)\\s*\\W[^({[;]+[({[;])|(?:\\(\\w+\\?[:\\w]+\\))|(?:\\w{2,}\\s*=\\s*\\d+[^&\\w]\\w+)|(?:\\]\\s*\\(\\s*\\w+)", |
|---|
| | | "description":"Detects JavaScript location\/document property access and window access obfuscation", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"24", |
|---|
| | | "rule":"(?:[\".]script\\s*\\()|(?:\\$\\$?\\s*\\(\\s*[\\w\"])|(?:\\\/[\\w\\s]+\\\/\\.)|(?:=\\s*\\\/\\w+\\\/\\s*\\.)|(?:(?:this|window|top|parent|frames|self|content)\\[\\s*[(,\"]*\\s*[\\w\\$])|(?:,\\s*new\\s+\\w+\\s*[,;)])", |
|---|
| | | "description":"Detects basic obfuscated JavaScript script injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"25", |
|---|
| | | "rule":"(?:=\\s*[$\\w]\\s*[\\(\\[])|(?:\\(\\s*(?:this|top|window|self|parent|_?content)\\s*\\))|(?:src\\s*=s*(?:\\w+:|\\\/\\\/))|(?:\\w+\\[(\"\\w+\"|\\w+\\|\\|))|(?:[\\d\\W]\\|\\|[\\d\\W]|\\W=\\w+,)|(?:\\\/\\s*\\+\\s*[a-z\"])|(?:=\\s*\\$[^([]*\\()|(?:=\\s*\\(\\s*\")", |
|---|
| | | "description":"Detects obfuscated JavaScript script injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"26", |
|---|
| | | "rule":"(?:[^:\\s\\w]+\\s*[^\\w\\\/](href|protocol|host|hostname|pathname|hash|port|cookie)[^\\w])", |
|---|
| | | "description":"Detects JavaScript cookie stealing and redirection attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"27", |
|---|
| | | "rule":"(?:(?:vbs|vbscript|data):.*[,+])|(?:\\w+\\s*=\\W*(?!https?)\\w+:)|(jar:\\w+:)|(=\\s*\"?\\s*vbs(?:ript)?:)|(language\\s*=\\s?\"?\\s*vbs(?:ript)?)|on\\w+\\s*=\\*\\w+\\-\"?", |
|---|
| | | "description":"Detects data: URL injections, VBS injections and common URI schemes", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"28", |
|---|
| | | "rule":"(?:firefoxurl:\\w+\\|)|(?:(?:file|res|telnet|nntp|news|mailto|chrome)\\s*:\\s*[%&#xu\\\/]+)|(wyciwyg|firefoxurl\\s*:\\s*\\\/\\s*\\\/)", |
|---|
| | | "description":"Detects IE firefoxurl injections, cache poisoning attempts and local file inclusion\/execution", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "rfe", |
|---|
| | | "lfi", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"29", |
|---|
| | | "rule":"(?:binding\\s?=|moz-binding|behavior\\s?=)|(?:[\\s\\\/]style\\s*=\\s*[-\\\\])", |
|---|
| | | "description":"Detects bindings and behavior injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"30", |
|---|
| | | "rule":"(?:=\\s*\\w+\\s*\\+\\s*\")|(?:\\+=\\s*\\(\\s\")|(?:!+\\s*[\\d.,]+\\w?\\d*\\s*\\?)|(?:=\\s*\\[s*\\])|(?:\"\\s*\\+\\s*\")|(?:[^\\s]\\[\\s*\\d+\\s*\\]\\s*[;+])|(?:\"\\s*[&|]+\\s*\")|(?:\\\/\\s*\\?\\s*\")|(?:\\\/\\s*\\)\\s*\\[)|(?:\\d\\?.+:\\d)|(?:]\\s*\\[\\W*\\w)|(?:[^\\s]\\s*=\\s*\\\/)", |
|---|
| | | "description":"Detects common XSS concatenation patterns 1\/2", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"31", |
|---|
| | | "rule":"(?:=\\s*\\d*\\.\\d*\\?\\d*\\.\\d*)|(?:[|&]{2,}\\s*\")|(?:!\\d+\\.\\d*\\?\")|(?:\\\/:[\\w.]+,)|(?:=[\\d\\W\\s]*\\[[^]]+\\])|(?:\\?\\w+:\\w+)", |
|---|
| | | "description":"Detects common XSS concatenation patterns 2\/2", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"32", |
|---|
| | | "rule":"(?:[^\\w\\s=]on(?!g\\>)\\w+[^=_+-]*=[^$]+(?:\\W|\\>)?)", |
|---|
| | | "description":"Detects possible event handlers", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"33", |
|---|
| | | "rule":"(?:\\<\\w*:?\\s(?:[^\\>]*)t(?!rong))|(?:\\<scri)|(<\\w+:\\w+)", |
|---|
| | | "description":"Detects obfuscated script tags and XML wrapped HTML", |
|---|
| | | "tags":{ |
|---|
| | | "tag":"xss" |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"34", |
|---|
| | | "rule":"(?:\\<\\\/\\w+\\s\\w+)|(?:@(?:cc_on|set)[\\s@,\"=])", |
|---|
| | | "description":"Detects attributes in closing tags and conditional compilation tokens", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"35", |
|---|
| | | "rule":"(?:--[^\\n]*$)|(?:\\<!-|-->)|(?:[^*]\\\/\\*|\\*\\\/[^*])|(?:(?:[\\W\\d]#|--|{)$)|(?:\\\/{3,}.*$)|(?:<!\\[\\W)|(?:\\]!>)", |
|---|
| | | "description":"Detects common comment types", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"3" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"37", |
|---|
| | | "rule":"(?:\\<base\\s+)|(?:<!(?:element|entity|\\[CDATA))", |
|---|
| | | "description":"Detects base href injections and XML entity injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"38", |
|---|
| | | "rule":"(?:\\<[\\\/]?(?:[i]?frame|applet|isindex|marquee|keygen|script|audio|video|input|button|textarea|style|base|body|meta|link|object|embed|param|plaintext|xm\\w+|image|im(?:g|port)))", |
|---|
| | | "description":"Detects possibly malicious html elements including some attributes", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"39", |
|---|
| | | "rule":"(?:\\\\x[01fe][\\db-ce-f])|(?:%[01fe][\\db-ce-f])|(?:&#[01fe][\\db-ce-f])|(?:\\\\[01fe][\\db-ce-f])|(?:&#x[01fe][\\db-ce-f])", |
|---|
| | | "description":"Detects nullbytes and other dangerous characters", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "id", |
|---|
| | | "rfe", |
|---|
| | | "xss" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"40", |
|---|
| | | "rule":"(?:\\)\\s*when\\s*\\d+\\s*then)|(?:\"\\s*(?:#|--|{))|(?:\\\/\\*!\\s?\\d+)|(?:ch(?:a)?r\\s*\\(\\s*\\d)|(?:(?:(n?and|x?or|not)\\s+|\\|\\||\\&\\&)\\s*\\w+\\()", |
|---|
| | | "description":"Detects MySQL comments, conditions and ch(a)r injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"41", |
|---|
| | | "rule":"(?:[\\s()]case\\s*\\()|(?:\\)\\s*like\\s*\\()|(?:having\\s*[^\\s]+\\s*[^\\w\\s])|(?:if\\s?\\([\\d\\w]\\s*[=<>~])", |
|---|
| | | "description":"Detects conditional SQL injection attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"42", |
|---|
| | | "rule":"(?:\"\\s*or\\s*\"?\\d)|(?:\\\\x(?:23|27|3d))|(?:^.?\"$)|(?:(?:^[\"\\\\]*(?:[\\d\"]+|[^\"]+\"))+\\s*(?:n?and|x?or|not|\\|\\||\\&\\&)\\s*[\\w\"[+&!@(),.-])|(?:[^\\w\\s]\\w+\\s*[|-]\\s*\"\\s*\\w)|(?:@\\w+\\s+(and|or)\\s*[\"\\d]+)|(?:@[\\w-]+\\s(and|or)\\s*[^\\w\\s])|(?:[^\\w\\s:]\\s*\\d\\W+[^\\w\\s]\\s*\".)|(?:\\Winformation_schema|table_name\\W)", |
|---|
| | | "description":"Detects classic SQL injection probings 1\/2", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"43", |
|---|
| | | "rule":"(?:\"\\s*\\*.+(?:or|id)\\W*\"\\d)|(?:\\^\")|(?:^[\\w\\s\"-]+(?<=and\\s)(?<=or\\s)(?<=xor\\s)(?<=nand\\s)(?<=not\\s)(?<=\\|\\|)(?<=\\&\\&)\\w+\\()|(?:\"[\\s\\d]*[^\\w\\s]+\\W*\\d\\W*.*[\"\\d])|(?:\"\\s*[^\\w\\s?]+\\s*[^\\w\\s]+\\s*\")|(?:\"\\s*[^\\w\\s]+\\s*[\\W\\d].*(?:#|--))|(?:\".*\\*\\s*\\d)|(?:\"\\s*or\\s[^\\d]+[\\w-]+.*\\d)|(?:[()*<>%+-][\\w-]+[^\\w\\s]+\"[^,])", |
|---|
| | | "description":"Detects classic SQL injection probings 2\/2", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"44", |
|---|
| | | "rule":"(?:\\d\"\\s+\"\\s+\\d)|(?:^admin\\s*\"|(\\\/\\*)+\"+\\s?(?:--|#|\\\/\\*|{)?)|(?:\"\\s*or[\\w\\s-]+\\s*[+<>=(),-]\\s*[\\d\"])|(?:\"\\s*[^\\w\\s]?=\\s*\")|(?:\"\\W*[+=]+\\W*\")|(?:\"\\s*[!=|][\\d\\s!=+-]+.*[\"(].*$)|(?:\"\\s*[!=|][\\d\\s!=]+.*\\d+$)|(?:\"\\s*like\\W+[\\w\"(])|(?:\\sis\\s*0\\W)|(?:where\\s[\\s\\w\\.,-]+\\s=)|(?:\"[<>~]+\")", |
|---|
| | | "description":"Detects basic SQL authentication bypass attempts 1\/3", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"45", |
|---|
| | | "rule":"(?:union\\s*(?:all|distinct|[(!@]*)\\s*[([]*\\s*select)|(?:\\w+\\s+like\\s+\\\")|(?:like\\s*\"\\%)|(?:\"\\s*like\\W*[\"\\d])|(?:\"\\s*(?:n?and|x?or|not |\\|\\||\\&\\&)\\s+[\\s\\w]+=\\s*\\w+\\s*having)|(?:\"\\s*\\*\\s*\\w+\\W+\")|(?:\"\\s*[^?\\w\\s=.,;)(]+\\s*[(@\"]*\\s*\\w+\\W+\\w)|(?:select\\s*[\\[\\]()\\s\\w\\.,\"-]+from)|(?:find_in_set\\s*\\()", |
|---|
| | | "description":"Detects basic SQL authentication bypass attempts 2\/3", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"46", |
|---|
| | | "rule":"(?:in\\s*\\(+\\s*select)|(?:(?:n?and|x?or|not |\\|\\||\\&\\&)\\s+[\\s\\w+]+(?:regexp\\s*\\(|sounds\\s+like\\s*\"|[=\\d]+x))|(\"\\s*\\d\\s*(?:--|#))|(?:\"[%&<>^=]+\\d\\s*(=|or))|(?:\"\\W+[\\w+-]+\\s*=\\s*\\d\\W+\")|(?:\"\\s*is\\s*\\d.+\"?\\w)|(?:\"\\|?[\\w-]{3,}[^\\w\\s.,]+\")|(?:\"\\s*is\\s*[\\d.]+\\s*\\W.*\")", |
|---|
| | | "description":"Detects basic SQL authentication bypass attempts 3\/3", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"47", |
|---|
| | | "rule":"(?:[\\d\\W]\\s+as\\s*[\"\\w]+\\s*from)|(?:^[\\W\\d]+\\s*(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s+(?:(?:group_)concat|char|load_file)\\s?\\(?)|(?:end\\s*\\);)|(\"\\s+regexp\\W)|(?:[\\s(]load_file\\s*\\()", |
|---|
| | | "description":"Detects concatenated basic SQL injection and SQLLFI attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"48", |
|---|
| | | "rule":"(?:@.+=\\s*\\(\\s*select)|(?:\\d+\\s*or\\s*\\d+\\s*[\\-+])|(?:\\\/\\w+;?\\s+(?:having|and|or|select)\\W)|(?:\\d\\s+group\\s+by.+\\()|(?:(?:;|#|--)\\s*(?:drop|alter))|(?:(?:;|#|--)\\s*(?:update|insert)\\s*\\w{2,})|(?:[^\\w]SET\\s*@\\w+)|(?:(?:n?and|x?or|not |\\|\\||\\&\\&)[\\s(]+\\w+[\\s)]*[!=+]+[\\s\\d]*[\"=()])", |
|---|
| | | "description":"Detects chained SQL injection attempts 1\/2", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"49", |
|---|
| | | "rule":"(?:\"\\s+and\\s*=\\W)|(?:\\(\\s*select\\s*\\w+\\s*\\()|(?:\\*\\\/from)|(?:\\+\\s*\\d+\\s*\\+\\s*@)|(?:\\w\"\\s*(?:[-+=|@]+\\s*)+[\\d(])|(?:coalesce\\s*\\(|@@\\w+\\s*[^\\w\\s])|(?:\\W!+\"\\w)|(?:\";\\s*(?:if|while|begin))|(?:\"[\\s\\d]+=\\s*\\d)|(?:order\\s+by\\s+if\\w*\\s*\\()|(?:[\\s(]+case\\d*\\W.+[tw]hen[\\s(])", |
|---|
| | | "description":"Detects chained SQL injection attempts 2\/2", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"50", |
|---|
| | | "rule":"(?:(select|;)\\s+(?:benchmark|if|sleep)\\s*?\\(\\s*\\(?\\s*\\w+)", |
|---|
| | | "description":"Detects SQL benchmark and sleep injection attempts including conditional queries", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"51", |
|---|
| | | "rule":"(?:create\\s+function\\s+\\w+\\s+returns)|(?:;\\s*(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s*[\\[(]?\\w{2,})", |
|---|
| | | "description":"Detects MySQL UDF injection and other data\/structure manipulation attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"52", |
|---|
| | | "rule":"(?:alter\\s*\\w+.*character\\s+set\\s+\\w+)|(\";\\s*waitfor\\s+time\\s+\")|(?:\";.*:\\s*goto)", |
|---|
| | | "description":"Detects MySQL charset switch and MSSQL DoS attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"53", |
|---|
| | | "rule":"(?:procedure\\s+analyse\\s*\\()|(?:;\\s*(declare|open)\\s+[\\w-]+)|(?:create\\s+(procedure|function)\\s*\\w+\\s*\\(\\s*\\)\\s*-)|(?:declare[^\\w]+[@#]\\s*\\w+)|(exec\\s*\\(\\s*@)", |
|---|
| | | "description":"Detects MySQL and PostgreSQL stored procedure\/function injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"54", |
|---|
| | | "rule":"(?:select\\s*pg_sleep)|(?:waitfor\\s*delay\\s?\"+\\s?\\d)|(?:;\\s*shutdown\\s*(?:;|--|#|\\\/\\*|{))", |
|---|
| | | "description":"Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"55", |
|---|
| | | "rule":"(?:\\sexec\\s+xp_cmdshell)|(?:\"\\s*!\\s*[\"\\w])|(?:from\\W+information_schema\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\s*\\([^\\)]*)|(?:\";?\\s*(?:select|union|having)\\s*[^\\s])|(?:\\wiif\\s*\\()|(?:exec\\s+master\\.)|(?:union select @)|(?:union[\\w(\\s]*select)|(?:select.*\\w?user\\()|(?:into[\\s+]+(?:dump|out)file\\s*\")", |
|---|
| | | "description":"Detects MSSQL code execution and information gathering attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"56", |
|---|
| | | "rule":"(?:merge.*using\\s*\\()|(execute\\s*immediate\\s*\")|(?:\\W+\\d*\\s*having\\s*[^\\s\\-])|(?:match\\s*[\\w(),+-]+\\s*against\\s*\\()", |
|---|
| | | "description":"Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"57", |
|---|
| | | "rule":"(?:,.*[)\\da-f\"]\"(?:\".*\"|\\Z|[^\"]+))|(?:\\Wselect.+\\W*from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s*\\(\\s*space\\s*\\()", |
|---|
| | | "description":"Detects MySQL comment-\/space-obfuscated injections and backtick termination", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"58", |
|---|
| | | "rule":"(?:@[\\w-]+\\s*\\()|(?:]\\s*\\(\\s*[\"!]\\s*\\w)|(?:<[?%](?:php)?.*(?:[?%]>)?)|(?:;[\\s\\w|]*\\$\\w+\\s*=)|(?:\\$\\w+\\s*=(?:(?:\\s*\\$?\\w+\\s*[(;])|\\s*\".*\"))|(?:;\\s*\\{\\W*\\w+\\s*\\()", |
|---|
| | | "description":"Detects code injection attempts 1\/3", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "id", |
|---|
| | | "rfe", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"59", |
|---|
| | | "rule":"(?:(?:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\\w+|execute)\\s*[\"(@])", |
|---|
| | | "description":"Detects code injection attempts 2\/3", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "id", |
|---|
| | | "rfe", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"60", |
|---|
| | | "rule":"(?:(?:[;]+|(<[?%](?:php)?)).*[^\\w](?:echo|print|print_r|var_dump|[fp]open))|(?:;\\s*rm\\s+-\\w+\\s+)|(?:;.*{.*\\$\\w+\\s*=)|(?:\\$\\w+\\s*\\[\\]\\s*=\\s*)", |
|---|
| | | "description":"Detects code injection attempts 3\/3", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "id", |
|---|
| | | "rfe", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"62", |
|---|
| | | "rule":"(?:function[^(]*\\([^)]*\\))|(?:(?:delete|void|throw|instanceof|new|typeof)[^\\w.]+\\w+\\s*[([])|([)\\]]\\s*\\.\\s*\\w+\\s*=)|(?:\\(\\s*new\\s+\\w+\\s*\\)\\.)", |
|---|
| | | "description":"Detects common function declarations and special JS operators", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "id", |
|---|
| | | "rfe", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"63", |
|---|
| | | "rule":"(?:[\\w.-]+@[\\w.-]+%(?:[01][\\db-ce-f])+\\w+:)", |
|---|
| | | "description":"Detects common mail header injections", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "id", |
|---|
| | | "spam" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"64", |
|---|
| | | "rule":"(?:\\.pl\\?\\w+=\\w?\\|\\w+;)|(?:\\|\\(\\w+=\\*)|(?:\\*\\s*\\)+\\s*;)", |
|---|
| | | "description":"Detects perl echo shellcode injection and LDAP vectors", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "lfi", |
|---|
| | | "rfe" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"65", |
|---|
| | | "rule":"(?:(^|\\W)const\\s+[\\w\\-]+\\s*=)|(?:(?:do|for|while)\\s*\\([^;]+;+\\))|(?:(?:^|\\W)on\\w+\\s*=[\\w\\W]*(?:on\\w+|alert|eval|print|confirm|prompt))|(?:groups=\\d+\\(\\w+\\))|(?:(.)\\1{128,})", |
|---|
| | | "description":"Detects basic XSS DoS attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "rfe", |
|---|
| | | "dos" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"5" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"67", |
|---|
| | | "rule":"(?:\\({2,}\\+{2,}:{2,})|(?:\\({2,}\\+{2,}:+)|(?:\\({3,}\\++:{2,})|(?:\\$\\[!!!\\])", |
|---|
| | | "description":"Detects unknown attack vectors based on PHPIDS Centrifuge detection", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf", |
|---|
| | | "id", |
|---|
| | | "rfe", |
|---|
| | | "lfi" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"7" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"68", |
|---|
| | | "rule":"(?:[\\s\\\/\"]+[-\\w\\\/\\\\\\*]+\\s*=.+(?:\\\/\\s*>))", |
|---|
| | | "description":"Finds attribute breaking injections including obfuscated attributes", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"69", |
|---|
| | | "rule":"(?:(?:msgbox|eval)\\s*\\+|(?:language\\s*=\\*vbscript))", |
|---|
| | | "description":"Finds basic VBScript injection attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"70", |
|---|
| | | "rule":"(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|or)\\])", |
|---|
| | | "description":"Finds basic MongoDB SQL injection attempts", |
|---|
| | | "tags":{ |
|---|
| | | "tag":"sqli" |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"71", |
|---|
| | | "rule":"(?:[\\s\\d\\\/\"]+(?:on\\w+|style|poster|background)=[$\"\\w])|(?:-type\\s*:\\s*multipart)", |
|---|
| | | "description":"Finds malicious attribute injection attempts and MHTML attacks", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "xss", |
|---|
| | | "csrf" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"6" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"72", |
|---|
| | | "rule":"(?:(sleep\\((\\s*)(\\d*)(\\s*)\\)|benchmark\\((.*)\\,(.*)\\)))", |
|---|
| | | "description":"Detects blind sqli tests using sleep() or benchmark().", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"73", |
|---|
| | | "rule":"(?:(\\%SYSTEMROOT\\%))", |
|---|
| | | "description":"An attacker is trying to locate a file to read or write.", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "files", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"75", |
|---|
| | | "rule":"(?:(((.*)\\%[c|d|i|e|f|g|o|s|u|x|p|n]){8}))", |
|---|
| | | "description":"Looking for a format string attack", |
|---|
| | | "tags":{ |
|---|
| | | "tag":"format string" |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"76", |
|---|
| | | "rule":"(?:(union(.*)select(.*)from))", |
|---|
| | | "description":"Looking for basic sql injection. Common attack string for mysql, oracle and others.", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"3" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"77", |
|---|
| | | "rule":"(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|1e309)$)", |
|---|
| | | "description":"Looking for integer overflow attacks, these are taken from skipfish, except 2.2250738585072007e-308 is the \"magic number\" crash", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "sqli", |
|---|
| | | "id" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"3" |
|---|
| | | }, |
|---|
| | | { |
|---|
| | | "id":"78", |
|---|
| | | "rule":"(?:%23.*?%0a)", |
|---|
| | | "description":"Detects SQL comment filter evasion", |
|---|
| | | "tags":{ |
|---|
| | | "tag":[ |
|---|
| | | "format string" |
|---|
| | | ] |
|---|
| | | }, |
|---|
| | | "impact":"4" |
|---|
| | | } |
|---|
| | | ] |
|---|
| | | } |
|---|
| | | } |
|---|
| New file |
| | |
|---|
| | | <filters> |
|---|
| | | <filter> |
|---|
| | | <id>1</id> |
|---|
| | | <rule><![CDATA[(?:"[^"]*[^-]?>)|(?:[^\w\s]\s*\/>)|(?:>")]]></rule> |
|---|
| | | <description>Finds html breaking injections including whitespace attacks</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>2</id> |
|---|
| | | <rule><![CDATA[(?:"+.*[<=]\s*"[^"]+")|(?:"\s*\w+\s*=)|(?:>\w=\/)|(?:#.+\)["\s]*>)|(?:"\s*(?:src|style|on\w+)\s*=\s*")|(?:[^"]?"[,;\s]+\w*[\[\(])]]></rule> |
|---|
| | | <description>Finds attribute breaking injections including whitespace attacks</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>3</id> |
|---|
| | | <rule><![CDATA[(?:^>[\w\s]*<\/?\w{2,}>)]]></rule> |
|---|
| | | <description>Finds unquoted attribute breaking injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>2</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>4</id> |
|---|
| | | <rule><![CDATA[(?:[+\/]\s*name[\W\d]*[)+])|(?:;\W*url\s*=)|(?:[^\w\s\/?:>]\s*(?:location|referrer|name)\s*[^\/\w\s-])]]></rule> |
|---|
| | | <description>Detects url-, name-, JSON, and referrer-contained payload attacks</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>5</id> |
|---|
| | | <rule><![CDATA[(?:\W\s*hash\s*[^\w\s-])|(?:\w+=\W*[^,]*,[^\s(]\s*\()|(?:\?"[^\s"]":)|(?:(?<!\/)__[a-z]+__)|(?:(?:^|[\s)\]\}])(?:s|g)etter\s*=)]]></rule> |
|---|
| | | <description>Detects hash-contained xss payload attacks, setter usage and property overloading</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>6</id> |
|---|
| | | <rule><![CDATA[(?:with\s*\(\s*.+\s*\)\s*\w+\s*\()|(?:(?:do|while|for)\s*\([^)]*\)\s*\{)|(?:\/[\w\s]*\[\W*\w)]]></rule> |
|---|
| | | <description>Detects self contained xss via with(), common loops and regex to string conversion</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>7</id> |
|---|
| | | <rule><![CDATA[(?:[=(].+\?.+:)|(?:with\([^)]*\)\))|(?:\.\s*source\W)]]></rule> |
|---|
| | | <description>Detects JavaScript with(), ternary operators and XML predicate attacks</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>8</id> |
|---|
| | | <rule><![CDATA[(?:\/\w*\s*\)\s*\()|(?:\([\w\s]+\([\w\s]+\)[\w\s]+\))|(?:(?<!(?:mozilla\/\d\.\d\s))\([^)[]+\[[^\]]+\][^)]*\))|(?:[^\s!][{([][^({[]+[{([][^}\])]+[}\])][\s+",\d]*[}\])])|(?:"\)?\]\W*\[)|(?:=\s*[^\s:;]+\s*[{([][^}\])]+[}\])];)]]></rule> |
|---|
| | | <description>Detects self-executing JavaScript functions</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>9</id> |
|---|
| | | <rule><![CDATA[(?:\\u00[a-f0-9]{2})|(?:\\x0*[a-f0-9]{2})|(?:\\\d{2,3})]]></rule> |
|---|
| | | <description>Detects the IE octal, hex and unicode entities</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>2</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>10</id> |
|---|
| | | <rule><![CDATA[(?:(?:\/|\\)?\.+(\/|\\)(?:\.+)?)|(?:\w+\.exe\??\s)|(?:;\s*\w+\s*\/[\w*-]+\/)|(?:\d\.\dx\|)|(?:%(?:c0\.|af\.|5c\.))|(?:\/(?:%2e){2})]]></rule> |
|---|
| | | <description>Detects basic directory traversal</description> |
|---|
| | | <tags> |
|---|
| | | <tag>dt</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>11</id> |
|---|
| | | <rule><![CDATA[(?:%c0%ae\/)|(?:(?:\/|\\)(home|conf|usr|etc|proc|opt|s?bin|local|dev|tmp|kern|[br]oot|sys|system|windows|winnt|program|%[a-z_-]{3,}%)(?:\/|\\))|(?:(?:\/|\\)inetpub|localstart\.asp|boot\.ini)]]></rule> |
|---|
| | | <description>Detects specific directory and path traversal</description> |
|---|
| | | <tags> |
|---|
| | | <tag>dt</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>12</id> |
|---|
| | | <rule><![CDATA[(?:etc\/\W*passwd)]]></rule> |
|---|
| | | <description>Detects etc/passwd inclusion attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>dt</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>13</id> |
|---|
| | | <rule><![CDATA[(?:%u(?:ff|00|e\d)\w\w)|(?:(?:%(?:e\w|c[^3\W]|))(?:%\w\w)(?:%\w\w)?)]]></rule> |
|---|
| | | <description>Detects halfwidth/fullwidth encoded unicode HTML breaking attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>3</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>14</id> |
|---|
| | | <rule><![CDATA[(?:#@~\^\w+)|(?:\w+script:|@import[^\w]|;base64|base64,)|(?:\w\s*\([\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+\))]]></rule> |
|---|
| | | <description>Detects possible includes, VBSCript/JScript encodeed and packed functions</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>15</id> |
|---|
| | | <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@\-\|])(\s*return\s*)?(?:create(?:element|attribute|textnode)|[a-z]+events?|setattribute|getelement\w+|appendchild|createrange|createcontextualfragment|removenode|parentnode|decodeuricomponent|\wettimeout|(?:ms)?setimmediate|option|useragent)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.+\-]))]]></rule> |
|---|
| | | <description>Detects JavaScript DOM/miscellaneous properties and methods</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>16</id> |
|---|
| | | <rule><![CDATA[([^*\s\w,.\/?+-]\s*)?(?<![a-mo-z]\s)(?<![a-z\/_@])(\s*return\s*)?(?:alert|inputbox|showmod(?:al|eless)dialog|showhelp|infinity|isnan|isnull|iterator|msgbox|executeglobal|expression|prompt|write(?:ln)?|confirm|dialog|urn|(?:un)?eval|exec|execscript|tostring|status|execute|window|unescape|navigate|jquery|getscript|extend|prototype)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.:\/+\-]))]]></rule> |
|---|
| | | <description>Detects possible includes and typical script methods</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>17</id> |
|---|
| | | <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@])(\s*return\s*)?(?:hash|name|href|navigateandfind|source|pathname|close|constructor|port|protocol|assign|replace|back|forward|document|ownerdocument|window|top|this|self|parent|frames|_?content|date|cookie|innerhtml|innertext|csstext+?|outerhtml|print|moveby|resizeto|createstylesheet|stylesheets)(?(1)[^\w%"]|(?:\s*[^@\/\s\w%.+\-]))]]></rule> |
|---|
| | | <description>Detects JavaScript object properties and methods</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>18</id> |
|---|
| | | <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@\-\|])(\s*return\s*)?(?:join|pop|push|reverse|reduce|concat|map|shift|sp?lice|sort|unshift)(?(1)[^\w%"]|(?:\s*[^@\s\w%,.+\-]))]]></rule> |
|---|
| | | <description>Detects JavaScript array properties and methods</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>19</id> |
|---|
| | | <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@\-\|])(\s*return\s*)?(?:set|atob|btoa|charat|charcodeat|charset|concat|crypto|frames|fromcharcode|indexof|lastindexof|match|navigator|toolbar|menubar|replace|regexp|slice|split|substr|substring|escape|\w+codeuri\w*)(?(1)[^\w%"]|(?:\s*[^@\s\w%,.+\-]))]]></rule> |
|---|
| | | <description>Detects JavaScript string properties and methods</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>20</id> |
|---|
| | | <rule><![CDATA[(?:\)\s*\[)|([^*":\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z_@\|])(\s*return\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|object|array|string|math|if|for\s*(?:each)?|elseif|case|switch|regex|boolean|location|(?:ms)?setimmediate|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\w%"]|(?:\s*[^@\s\w%".+\-\/]))]]></rule> |
|---|
| | | <description>Detects JavaScript language constructs</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>21</id> |
|---|
| | | <rule><![CDATA[(?:,\s*(?:alert|showmodaldialog|eval)\s*,)|(?::\s*eval\s*[^\s])|([^:\s\w,.\/?+-]\s*)?(?<![a-z\/_@])(\s*return\s*)?(?:(?:document\s*\.)?(?:.+\/)?(?:alert|eval|msgbox|showmod(?:al|eless)dialog|showhelp|prompt|write(?:ln)?|confirm|dialog|open))\s*(?:[^.a-z\s\-]|(?:\s*[^\s\w,.@\/+-]))|(?:java[\s\/]*\.[\s\/]*lang)|(?:\w\s*=\s*new\s+\w+)|(?:&\s*\w+\s*\)[^,])|(?:\+[\W\d]*new\s+\w+[\W\d]*\+)|(?:document\.\w)]]></rule> |
|---|
| | | <description>Detects very basic XSS probings</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>3</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>22</id> |
|---|
| | | <rule><![CDATA[(?:=\s*(?:top|this|window|content|self|frames|_content))|(?:\/\s*[gimx]*\s*[)}])|(?:[^\s]\s*=\s*script)|(?:\.\s*constructor)|(?:default\s+xml\s+namespace\s*=)|(?:\/\s*\+[^+]+\s*\+\s*\/)]]></rule> |
|---|
| | | <description>Detects advanced XSS probings via Script(), RexExp, constructors and XML namespaces</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>23</id> |
|---|
| | | <rule><![CDATA[(?:\.\s*\w+\W*=)|(?:\W\s*(?:location|document)\s*\W[^({[;]+[({[;])|(?:\(\w+\?[:\w]+\))|(?:\w{2,}\s*=\s*\d+[^&\w]\w+)|(?:\]\s*\(\s*\w+)]]></rule> |
|---|
| | | <description>Detects JavaScript location/document property access and window access obfuscation</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>24</id> |
|---|
| | | <rule><![CDATA[(?:[".]script\s*\()|(?:\$\$?\s*\(\s*[\w"])|(?:\/[\w\s]+\/\.)|(?:=\s*\/\w+\/\s*\.)|(?:(?:this|window|top|parent|frames|self|content)\[\s*[(,"]*\s*[\w\$])|(?:,\s*new\s+\w+\s*[,;)])]]></rule> |
|---|
| | | <description>Detects basic obfuscated JavaScript script injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>25</id> |
|---|
| | | <rule><![CDATA[(?:=\s*[$\w]\s*[\(\[])|(?:\(\s*(?:this|top|window|self|parent|_?content)\s*\))|(?:src\s*=s*(?:\w+:|\/\/))|(?:\w+\[("\w+"|\w+\|\|))|(?:[\d\W]\|\|[\d\W]|\W=\w+,)|(?:\/\s*\+\s*[a-z"])|(?:=\s*\$[^([]*\()|(?:=\s*\(\s*")]]></rule> |
|---|
| | | <description>Detects obfuscated JavaScript script injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>26</id> |
|---|
| | | <rule><![CDATA[(?:[^:\s\w]+\s*[^\w\/](href|protocol|host|hostname|pathname|hash|port|cookie)[^\w])]]></rule> |
|---|
| | | <description>Detects JavaScript cookie stealing and redirection attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>27</id> |
|---|
| | | <rule><![CDATA[(?:(?:vbs|vbscript|data):.*[,+])|(?:\w+\s*=\W*(?!https?)\w+:)|(jar:\w+:)|(=\s*"?\s*vbs(?:ript)?:)|(language\s*=\s?"?\s*vbs(?:ript)?)|on\w+\s*=\*\w+\-"?]]></rule> |
|---|
| | | <description>Detects data: URL injections, VBS injections and common URI schemes</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>28</id> |
|---|
| | | <rule><![CDATA[(?:firefoxurl:\w+\|)|(?:(?:file|res|telnet|nntp|news|mailto|chrome)\s*:\s*[%&#xu\/]+)|(wyciwyg|firefoxurl\s*:\s*\/\s*\/)]]></rule> |
|---|
| | | <description>Detects IE firefoxurl injections, cache poisoning attempts and local file inclusion/execution</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>29</id> |
|---|
| | | <rule><![CDATA[(?:binding\s?=|moz-binding|behavior\s?=)|(?:[\s\/]style\s*=\s*[-\\])]]></rule> |
|---|
| | | <description>Detects bindings and behavior injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>30</id> |
|---|
| | | <rule><![CDATA[(?:=\s*\w+\s*\+\s*")|(?:\+=\s*\(\s")|(?:!+\s*[\d.,]+\w?\d*\s*\?)|(?:=\s*\[s*\])|(?:"\s*\+\s*")|(?:[^\s]\[\s*\d+\s*\]\s*[;+])|(?:"\s*[&|]+\s*")|(?:\/\s*\?\s*")|(?:\/\s*\)\s*\[)|(?:\d\?.+:\d)|(?:]\s*\[\W*\w)|(?:[^\s]\s*=\s*\/)]]></rule> |
|---|
| | | <description>Detects common XSS concatenation patterns 1/2</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>31</id> |
|---|
| | | <rule><![CDATA[(?:=\s*\d*\.\d*\?\d*\.\d*)|(?:[|&]{2,}\s*")|(?:!\d+\.\d*\?")|(?:\/:[\w.]+,)|(?:=[\d\W\s]*\[[^]]+\])|(?:\?\w+:\w+)]]></rule> |
|---|
| | | <description>Detects common XSS concatenation patterns 2/2</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>32</id> |
|---|
| | | <rule><![CDATA[(?:[^\w\s=]on(?!g\>)\w+[^=_+-]*=[^$]+(?:\W|\>)?)]]></rule> |
|---|
| | | <description>Detects possible event handlers</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>33</id> |
|---|
| | | <rule><![CDATA[(?:\<\w*:?\s(?:[^\>]*)t(?!rong))|(?:\<scri)|(<\w+:\w+)]]></rule> |
|---|
| | | <description>Detects obfuscated script tags and XML wrapped HTML</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>34</id> |
|---|
| | | <rule><![CDATA[(?:\<\/\w+\s\w+)|(?:@(?:cc_on|set)[\s@,"=])]]></rule> |
|---|
| | | <description>Detects attributes in closing tags and conditional compilation tokens</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>35</id> |
|---|
| | | <rule><![CDATA[(?:--[^\n]*$)|(?:\<!-|-->)|(?:[^*]\/\*|\*\/[^*])|(?:(?:[\W\d]#|--|{)$)|(?:\/{3,}.*$)|(?:<!\[\W)|(?:\]!>)]]></rule> |
|---|
| | | <description>Detects common comment types</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>3</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>37</id> |
|---|
| | | <rule><![CDATA[(?:\<base\s+)|(?:<!(?:element|entity|\[CDATA))]]></rule> |
|---|
| | | <description>Detects base href injections and XML entity injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>38</id> |
|---|
| | | <rule><![CDATA[(?:\<[\/]?(?:[i]?frame|applet|isindex|marquee|keygen|script|audio|video|input|button|textarea|style|base|body|meta|link|object|embed|param|plaintext|xm\w+|image|im(?:g|port)))]]></rule> |
|---|
| | | <description>Detects possibly malicious html elements including some attributes</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>39</id> |
|---|
| | | <rule><![CDATA[(?:\\x[01fe][\db-ce-f])|(?:%[01fe][\db-ce-f])|(?:&#[01fe][\db-ce-f])|(?:\\[01fe][\db-ce-f])|(?:&#x[01fe][\db-ce-f])]]></rule> |
|---|
| | | <description>Detects nullbytes and other dangerous characters</description> |
|---|
| | | <tags> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>xss</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>40</id> |
|---|
| | | <rule><![CDATA[(?:\)\s*when\s*\d+\s*then)|(?:"\s*(?:#|--|{))|(?:\/\*!\s?\d+)|(?:ch(?:a)?r\s*\(\s*\d)|(?:(?:(n?and|x?or|not)\s+|\|\||\&\&)\s*\w+\()]]></rule> |
|---|
| | | <description>Detects MySQL comments, conditions and ch(a)r injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>41</id> |
|---|
| | | <rule><![CDATA[(?:[\s()]case\s*\()|(?:\)\s*like\s*\()|(?:having\s*[^\s]+\s*[^\w\s])|(?:if\s?\([\d\w]\s*[=<>~])]]></rule> |
|---|
| | | <description>Detects conditional SQL injection attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>42</id> |
|---|
| | | <rule><![CDATA[(?:"\s*or\s*"?\d)|(?:\\x(?:23|27|3d))|(?:^.?"$)|(?:(?:^["\\]*(?:[\d"]+|[^"]+"))+\s*(?:n?and|x?or|not|\|\||\&\&)\s*[\w"[+&!@(),.-])|(?:[^\w\s]\w+\s*[|-]\s*"\s*\w)|(?:@\w+\s+(and|or)\s*["\d]+)|(?:@[\w-]+\s(and|or)\s*[^\w\s])|(?:[^\w\s:]\s*\d\W+[^\w\s]\s*".)|(?:\Winformation_schema|table_name\W)]]></rule> |
|---|
| | | <description>Detects classic SQL injection probings 1/2</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>43</id> |
|---|
| | | <rule><![CDATA[(?:"\s*\*.+(?:or|id)\W*"\d)|(?:\^")|(?:^[\w\s"-]+(?<=and\s)(?<=or\s)(?<=xor\s)(?<=nand\s)(?<=not\s)(?<=\|\|)(?<=\&\&)\w+\()|(?:"[\s\d]*[^\w\s]+\W*\d\W*.*["\d])|(?:"\s*[^\w\s?]+\s*[^\w\s]+\s*")|(?:"\s*[^\w\s]+\s*[\W\d].*(?:#|--))|(?:".*\*\s*\d)|(?:"\s*or\s[^\d]+[\w-]+.*\d)|(?:[()*<>%+-][\w-]+[^\w\s]+"[^,])]]></rule> |
|---|
| | | <description>Detects classic SQL injection probings 2/2</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>44</id> |
|---|
| | | <rule><![CDATA[(?:\d"\s+"\s+\d)|(?:^admin\s*"|(\/\*)+"+\s?(?:--|#|\/\*|{)?)|(?:"\s*or[\w\s-]+\s*[+<>=(),-]\s*[\d"])|(?:"\s*[^\w\s]?=\s*")|(?:"\W*[+=]+\W*")|(?:"\s*[!=|][\d\s!=+-]+.*["(].*$)|(?:"\s*[!=|][\d\s!=]+.*\d+$)|(?:"\s*like\W+[\w"(])|(?:\sis\s*0\W)|(?:where\s[\s\w\.,-]+\s=)|(?:"[<>~]+")]]></rule> |
|---|
| | | <description>Detects basic SQL authentication bypass attempts 1/3</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>45</id> |
|---|
| | | <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]*)\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()]]></rule> |
|---|
| | | <description>Detects basic SQL authentication bypass attempts 2/3</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>46</id> |
|---|
| | | <rule><![CDATA[(?:in\s*\(+\s*select)|(?:(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w+]+(?:regexp\s*\(|sounds\s+like\s*"|[=\d]+x))|("\s*\d\s*(?:--|#))|(?:"[%&<>^=]+\d\s*(=|or))|(?:"\W+[\w+-]+\s*=\s*\d\W+")|(?:"\s*is\s*\d.+"?\w)|(?:"\|?[\w-]{3,}[^\w\s.,]+")|(?:"\s*is\s*[\d.]+\s*\W.*")]]></rule> |
|---|
| | | <description>Detects basic SQL authentication bypass attempts 3/3</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>47</id> |
|---|
| | | <rule><![CDATA[(?:[\d\W]\s+as\s*["\w]+\s*from)|(?:^[\W\d]+\s*(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s+(?:(?:group_)concat|char|load_file)\s?\(?)|(?:end\s*\);)|("\s+regexp\W)|(?:[\s(]load_file\s*\()]]></rule> |
|---|
| | | <description>Detects concatenated basic SQL injection and SQLLFI attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>48</id> |
|---|
| | | <rule><![CDATA[(?:@.+=\s*\(\s*select)|(?:\d+\s*or\s*\d+\s*[\-+])|(?:\/\w+;?\s+(?:having|and|or|select)\W)|(?:\d\s+group\s+by.+\()|(?:(?:;|#|--)\s*(?:drop|alter))|(?:(?:;|#|--)\s*(?:update|insert)\s*\w{2,})|(?:[^\w]SET\s*@\w+)|(?:(?:n?and|x?or|not |\|\||\&\&)[\s(]+\w+[\s)]*[!=+]+[\s\d]*["=()])]]></rule> |
|---|
| | | <description>Detects chained SQL injection attempts 1/2</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>49</id> |
|---|
| | | <rule><![CDATA[(?:"\s+and\s*=\W)|(?:\(\s*select\s*\w+\s*\()|(?:\*\/from)|(?:\+\s*\d+\s*\+\s*@)|(?:\w"\s*(?:[-+=|@]+\s*)+[\d(])|(?:coalesce\s*\(|@@\w+\s*[^\w\s])|(?:\W!+"\w)|(?:";\s*(?:if|while|begin))|(?:"[\s\d]+=\s*\d)|(?:order\s+by\s+if\w*\s*\()|(?:[\s(]+case\d*\W.+[tw]hen[\s(])]]></rule> |
|---|
| | | <description>Detects chained SQL injection attempts 2/2</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>50</id> |
|---|
| | | <rule><![CDATA[(?:(select|;)\s+(?:benchmark|if|sleep)\s*?\(\s*\(?\s*\w+)]]></rule> |
|---|
| | | <description>Detects SQL benchmark and sleep injection attempts including conditional queries</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>51</id> |
|---|
| | | <rule><![CDATA[(?:create\s+function\s+\w+\s+returns)|(?:;\s*(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*[\[(]?\w{2,})]]></rule> |
|---|
| | | <description>Detects MySQL UDF injection and other data/structure manipulation attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>52</id> |
|---|
| | | <rule><![CDATA[(?:alter\s*\w+.*character\s+set\s+\w+)|(";\s*waitfor\s+time\s+")|(?:";.*:\s*goto)]]></rule> |
|---|
| | | <description>Detects MySQL charset switch and MSSQL DoS attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>53</id> |
|---|
| | | <rule><![CDATA[(?:procedure\s+analyse\s*\()|(?:;\s*(declare|open)\s+[\w-]+)|(?:create\s+(procedure|function)\s*\w+\s*\(\s*\)\s*-)|(?:declare[^\w]+[@#]\s*\w+)|(exec\s*\(\s*@)]]></rule> |
|---|
| | | <description>Detects MySQL and PostgreSQL stored procedure/function injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>54</id> |
|---|
| | | <rule><![CDATA[(?:select\s*pg_sleep)|(?:waitfor\s*delay\s?"+\s?\d)|(?:;\s*shutdown\s*(?:;|--|#|\/\*|{))]]></rule> |
|---|
| | | <description>Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>55</id> |
|---|
| | | <rule><![CDATA[(?:\sexec\s+xp_cmdshell)|(?:"\s*!\s*["\w])|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*\([^\)]*)|(?:";?\s*(?:select|union|having)\s*[^\s])|(?:\wiif\s*\()|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*select)|(?:select.*\w?user\()|(?:into[\s+]+(?:dump|out)file\s*")]]></rule> |
|---|
| | | <description>Detects MSSQL code execution and information gathering attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>56</id> |
|---|
| | | <rule><![CDATA[(?:merge.*using\s*\()|(execute\s*immediate\s*")|(?:\W+\d*\s*having\s*[^\s\-])|(?:match\s*[\w(),+-]+\s*against\s*\()]]></rule> |
|---|
| | | <description>Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>57</id> |
|---|
| | | <rule><![CDATA[(?:,.*[)\da-f"]"(?:".*"|\Z|[^"]+))|(?:\Wselect.+\W*from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*\(\s*space\s*\()]]></rule> |
|---|
| | | <description>Detects MySQL comment-/space-obfuscated injections and backtick termination</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>58</id> |
|---|
| | | <rule><![CDATA[(?:@[\w-]+\s*\()|(?:]\s*\(\s*["!]\s*\w)|(?:<[?%](?:php)?.*(?:[?%]>)?)|(?:;[\s\w|]*\$\w+\s*=)|(?:\$\w+\s*=(?:(?:\s*\$?\w+\s*[(;])|\s*".*"))|(?:;\s*\{\W*\w+\s*\()]]></rule> |
|---|
| | | <description>Detects code injection attempts 1/3</description> |
|---|
| | | <tags> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>59</id> |
|---|
| | | <rule><![CDATA[(?:(?:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)\s*["(@])]]></rule> |
|---|
| | | <description>Detects code injection attempts 2/3</description> |
|---|
| | | <tags> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>60</id> |
|---|
| | | <rule><![CDATA[(?:(?:[;]+|(<[?%](?:php)?)).*[^\w](?:echo|print|print_r|var_dump|[fp]open))|(?:;\s*rm\s+-\w+\s+)|(?:;.*{.*\$\w+\s*=)|(?:\$\w+\s*\[\]\s*=\s*)]]></rule> |
|---|
| | | <description>Detects code injection attempts 3/3</description> |
|---|
| | | <tags> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>62</id> |
|---|
| | | <rule><![CDATA[(?:function[^(]*\([^)]*\))|(?:(?:delete|void|throw|instanceof|new|typeof)[^\w.]+\w+\s*[([])|([)\]]\s*\.\s*\w+\s*=)|(?:\(\s*new\s+\w+\s*\)\.)]]></rule> |
|---|
| | | <description>Detects common function declarations and special JS operators</description> |
|---|
| | | <tags> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>63</id> |
|---|
| | | <rule><![CDATA[(?:[\w.-]+@[\w.-]+%(?:[01][\db-ce-f])+\w+:)]]></rule> |
|---|
| | | <description>Detects common mail header injections</description> |
|---|
| | | <tags> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>spam</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>64</id> |
|---|
| | | <rule><![CDATA[(?:\.pl\?\w+=\w?\|\w+;)|(?:\|\(\w+=\*)|(?:\*\s*\)+\s*;)]]></rule> |
|---|
| | | <description>Detects perl echo shellcode injection and LDAP vectors</description> |
|---|
| | | <tags> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>65</id> |
|---|
| | | <rule><![CDATA[(?:(^|\W)const\s+[\w\-]+\s*=)|(?:(?:do|for|while)\s*\([^;]+;+\))|(?:(?:^|\W)on\w+\s*=[\w\W]*(?:on\w+|alert|eval|print|confirm|prompt))|(?:groups=\d+\(\w+\))|(?:(.)\1{128,})]]></rule> |
|---|
| | | <description>Detects basic XSS DoS attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>dos</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>5</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>67</id> |
|---|
| | | <rule><![CDATA[(?:\({2,}\+{2,}:{2,})|(?:\({2,}\+{2,}:+)|(?:\({3,}\++:{2,})|(?:\$\[!!!\])]]></rule> |
|---|
| | | <description>Detects unknown attack vectors based on PHPIDS Centrifuge detection</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | <tag>rfe</tag> |
|---|
| | | <tag>lfi</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>7</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>68</id> |
|---|
| | | <rule><![CDATA[(?:[\s\/"]+[-\w\/\\\*]+\s*=.+(?:\/\s*>))]]></rule> |
|---|
| | | <description>Finds attribute breaking injections including obfuscated attributes</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>69</id> |
|---|
| | | <rule><![CDATA[(?:(?:msgbox|eval)\s*\+|(?:language\s*=\*vbscript))]]></rule> |
|---|
| | | <description>Finds basic VBScript injection attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>70</id> |
|---|
| | | <rule><![CDATA[(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|or)\])]]></rule> |
|---|
| | | <description>Finds basic MongoDB SQL injection attempts</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>71</id> |
|---|
| | | <rule><![CDATA[(?:[\s\d\/"]+(?:on\w+|style|poster|background)=[$"\w])|(?:-type\s*:\s*multipart)]]></rule> |
|---|
| | | <description>Finds malicious attribute injection attempts and MHTML attacks</description> |
|---|
| | | <tags> |
|---|
| | | <tag>xss</tag> |
|---|
| | | <tag>csrf</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>6</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>72</id> |
|---|
| | | <rule><![CDATA[(?:(sleep\((\s*)(\d*)(\s*)\)|benchmark\((.*)\,(.*)\)))]]></rule> |
|---|
| | | <description>Detects blind sqli tests using sleep() or benchmark().</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>73</id> |
|---|
| | | <rule><![CDATA[(?:(\%SYSTEMROOT\%))]]></rule> |
|---|
| | | <description>An attacker is trying to locate a file to read or write.</description> |
|---|
| | | <tags> |
|---|
| | | <tag>files</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>75</id> |
|---|
| | | <rule><![CDATA[(?:(((.*)\%[c|d|i|e|f|g|o|s|u|x|p|n]){8}))]]></rule> |
|---|
| | | <description>Looking for a format string attack</description> |
|---|
| | | <tags> |
|---|
| | | <tag>format string</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>76</id> |
|---|
| | | <rule><![CDATA[(?:(union(.*)select(.*)from))]]></rule> |
|---|
| | | <description>Looking for basic sql injection. Common attack string for mysql, oracle and others.</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>3</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>77</id> |
|---|
| | | <rule><![CDATA[(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|1e309)$)]]></rule> |
|---|
| | | <description>Looking for integer overflow attacks, these are taken from skipfish, except 2.2250738585072007e-308 is the "magic number" crash</description> |
|---|
| | | <tags> |
|---|
| | | <tag>sqli</tag> |
|---|
| | | <tag>id</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>3</impact> |
|---|
| | | </filter> |
|---|
| | | <filter> |
|---|
| | | <id>78</id> |
|---|
| | | <rule><![CDATA[(?:%23.*?%0a)]]></rule> |
|---|
| | | <description>Detects SQL comment filter evasion</description> |
|---|
| | | <tags> |
|---|
| | | <tag>format string</tag> |
|---|
| | | </tags> |
|---|
| | | <impact>4</impact> |
|---|
| | | </filter> |
|---|
| | | </filters> |
|---|
| New file |
| | |
|---|
| | | * |
|---|
| | | * The files in the folder IDS and its subfolders belong to the |
|---|
| | | * PHP Intrusion Detection System software and are licensed under LGPL. |
|---|
| | | * |
|---|
| | | * Copyright (c) 2008 PHPIDS group (https://phpids.org) |
|---|
| | | * |
|---|
| | | * PHPIDS is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU Lesser General Public License as published by |
|---|
| | | * the Free Software Foundation, version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * PHPIDS is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU Lesser General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU Lesser General Public License |
|---|
| | | * along with PHPIDS. If not, see <http://www.gnu.org/licenses/>. |
|---|
| | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function is_superadmin() { |
|---|
| | | if($_SESSION['s']['user']['typ'] == 'admin' && $_SESSION['s']['user']['userid'] == 1) { |
|---|
| | | return true; |
|---|
| | | } else { |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function has_clients($userid) { |
|---|
| | | global $app, $conf; |
|---|
| | |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | $userid = $app->functions->intval($userid); |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$limitname)) $app->error('Invalid limit name '.$limitname); |
|---|
| | | |
|---|
| | | // simple query cache |
|---|
| | | if($this->client_limits===null) |
|---|
| | |
|---|
| | | |
|---|
| | | public function check_module_permissions($module) { |
|---|
| | | // Check if the current user has the permissions to access this module |
|---|
| | | if(!stristr($_SESSION["s"]["user"]["modules"], $module)) { |
|---|
| | | $user_modules = explode(',',$_SESSION["s"]["user"]["modules"]); |
|---|
| | | if(!in_array($module,$user_modules)) { |
|---|
| | | // echo "LOGIN_REDIRECT:/index.php"; |
|---|
| | | header("Location: /index.php"); |
|---|
| | | exit; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function check_security_permissions($permission) { |
|---|
| | | |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | $app->uses('getconf'); |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | |
|---|
| | | $security_check = false; |
|---|
| | | if($security_config[$permission] == 'yes') $security_check = true; |
|---|
| | | if($security_config[$permission] == 'superadmin' && $app->auth->is_superadmin()) $security_check = true; |
|---|
| | | if($security_check !== true) { |
|---|
| | | $app->error($app->lng('security_check1_txt').' '.$permission.' '.$app->lng('security_check2_txt')); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function get_random_password($length = 8) { |
|---|
| | | $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; |
|---|
| | |
|---|
| | | parent::query( 'SET NAMES '.$this->dbCharset); |
|---|
| | | parent::query( "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private function securityScan($string) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | // get security config |
|---|
| | | if(isset($app)) { |
|---|
| | | $app->uses('getconf'); |
|---|
| | | $ids_config = $app->getconf->get_security_config('ids'); |
|---|
| | | |
|---|
| | | if($ids_config['sql_scan_enabled'] == 'yes') { |
|---|
| | | |
|---|
| | | $string_orig = $string; |
|---|
| | | |
|---|
| | | //echo $string; |
|---|
| | | $chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"'); |
|---|
| | | |
|---|
| | | $string = str_replace('\\\\', '', $string); |
|---|
| | | $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string); |
|---|
| | | $ok = true; |
|---|
| | | |
|---|
| | | if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) { |
|---|
| | | $app->log("SQL injection warning (" . $string_orig . ")",2); |
|---|
| | | $ok = false; |
|---|
| | | } else { |
|---|
| | | foreach($chars as $char) { |
|---|
| | | if(strpos($string, $char) !== false) { |
|---|
| | | $ok = false; |
|---|
| | | $app->log("SQL injection warning (" . $string_orig . ")",2); |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if($ok == true) { |
|---|
| | | return true; |
|---|
| | | } else { |
|---|
| | | if($ids_config['sql_scan_action'] == 'warn') { |
|---|
| | | // we return false in warning level. |
|---|
| | | return false; |
|---|
| | | } else { |
|---|
| | | // if sql action = 'block' or anything else then stop here. |
|---|
| | | $app->error('Possible SQL injection. All actions have been logged.'); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function query($queryString) { |
|---|
| | | global $conf; |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } while($ok == false); |
|---|
| | | $this->securityScan($queryString); |
|---|
| | | $this->queryId = parent::query($queryString); |
|---|
| | | $this->updateError('DB::query('.$queryString.') -> mysqli_query'); |
|---|
| | | if($this->errorNumber && $conf['demo_mode'] === false) debug_print_backtrace(); |
|---|
| | |
|---|
| | | public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | // Insert backticks only for incomplete table names. |
|---|
| | | if(stristr($db_table, '.')) { |
|---|
| | | $escape = ''; |
|---|
| | | } else { |
|---|
| | | $escape = '`'; |
|---|
| | | } |
|---|
| | | // Check fields |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table); |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table); |
|---|
| | | |
|---|
| | | $primary_field = $this->quote($primary_field); |
|---|
| | | $primary_id = intval($primary_id); |
|---|
| | | |
|---|
| | | if($force_update == true) { |
|---|
| | | //* We force a update even if no record has changed |
|---|
| | |
|---|
| | | public function datalogInsert($tablename, $insert_data, $index_field) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | $tablename = $this->quote($tablename); |
|---|
| | | // Check fields |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename); |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename); |
|---|
| | | |
|---|
| | | if(strpos($tablename, '.') !== false) { |
|---|
| | | $tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename); |
|---|
| | | } else { |
|---|
| | | $tablename_escaped = '`' . $tablename . '`'; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $index_field = $this->quote($index_field); |
|---|
| | | |
|---|
| | | if(is_array($insert_data)) { |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | $old_rec = array(); |
|---|
| | | $this->query("INSERT INTO $tablename $insert_data_str"); |
|---|
| | | $this->query("INSERT INTO $tablename_escaped $insert_data_str"); |
|---|
| | | $index_value = $this->insertID(); |
|---|
| | | $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'"); |
|---|
| | | $new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'"); |
|---|
| | | $this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec); |
|---|
| | | |
|---|
| | | return $index_value; |
|---|
| | |
|---|
| | | public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | $tablename = $this->quote($tablename); |
|---|
| | | // Check fields |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename); |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename); |
|---|
| | | |
|---|
| | | if(strpos($tablename, '.') !== false) { |
|---|
| | | $tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename); |
|---|
| | | } else { |
|---|
| | | $tablename_escaped = '`' . $tablename . '`'; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $index_field = $this->quote($index_field); |
|---|
| | | $index_value = $this->quote($index_value); |
|---|
| | | |
|---|
| | | $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'"); |
|---|
| | | $old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'"); |
|---|
| | | |
|---|
| | | if(is_array($update_data)) { |
|---|
| | | $update_data_str = ''; |
|---|
| | |
|---|
| | | $update_data_str = $update_data; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->query("UPDATE $tablename SET $update_data_str WHERE $index_field = '$index_value'"); |
|---|
| | | $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'"); |
|---|
| | | $this->query("UPDATE $tablename_escaped SET $update_data_str WHERE $index_field = '$index_value'"); |
|---|
| | | $new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'"); |
|---|
| | | $this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update); |
|---|
| | | |
|---|
| | | return true; |
|---|
| | |
|---|
| | | public function datalogDelete($tablename, $index_field, $index_value) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | $tablename = $this->quote($tablename); |
|---|
| | | // Check fields |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename); |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename); |
|---|
| | | |
|---|
| | | if(strpos($tablename, '.') !== false) { |
|---|
| | | $tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename); |
|---|
| | | } else { |
|---|
| | | $tablename_escaped = '`' . $tablename . '`'; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $index_field = $this->quote($index_field); |
|---|
| | | $index_value = $this->quote($index_value); |
|---|
| | | |
|---|
| | | $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'"); |
|---|
| | | $this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'"); |
|---|
| | | $old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'"); |
|---|
| | | $this->query("DELETE FROM $tablename_escaped WHERE $index_field = '$index_value'"); |
|---|
| | | $new_rec = array(); |
|---|
| | | $this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec); |
|---|
| | | |
|---|
| | |
|---|
| | | class getconf { |
|---|
| | | |
|---|
| | | private $config; |
|---|
| | | private $security_config; |
|---|
| | | |
|---|
| | | public function get_server_config($server_id, $section = '') { |
|---|
| | | global $app; |
|---|
| | |
|---|
| | | } |
|---|
| | | return ($section == '') ? $this->config['global'] : $this->config['global'][$section]; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Function has been moved to $app->get_security_config($section) |
|---|
| | | public function get_security_config($section = '') { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | if(is_array($this->security_config)) { |
|---|
| | | return ($section == '') ? $this->security_config : $this->security_config[$section]; |
|---|
| | | } else { |
|---|
| | | $this->uses('ini_parser'); |
|---|
| | | $security_config_path = '/usr/local/ispconfig/security/security_settings.ini'; |
|---|
| | | if(!is_file($security_config_path)) $security_config_path = realpath(ISPC_ROOT_PATH.'/../security/security_settings.ini'); |
|---|
| | | $this->security_config = $this->ini_parser->parse_ini_string(file_get_contents($security_config_path)); |
|---|
| | | |
|---|
| | | return ($section == '') ? $this->security_config : $this->security_config[$section]; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | /* |
|---|
| | | Copyright (c) 2014, Till Brehm, ISPConfig UG |
|---|
| | | All rights reserved. |
|---|
| | | |
|---|
| | | Redistribution and use in source and binary forms, with or without modification, |
|---|
| | | are permitted provided that the following conditions are met: |
|---|
| | | |
|---|
| | | * Redistributions of source code must retain the above copyright notice, |
|---|
| | | this list of conditions and the following disclaimer. |
|---|
| | | * Redistributions in binary form must reproduce the above copyright notice, |
|---|
| | | this list of conditions and the following disclaimer in the documentation |
|---|
| | | and/or other materials provided with the distribution. |
|---|
| | | * Neither the name of ISPConfig nor the names of its contributors |
|---|
| | | may be used to endorse or promote products derived from this software without |
|---|
| | | specific prior written permission. |
|---|
| | | |
|---|
| | | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|---|
| | | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|---|
| | | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|---|
| | | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|---|
| | | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|---|
| | | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|---|
| | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|---|
| | | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|---|
| | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|---|
| | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|---|
| | | */ |
|---|
| | | |
|---|
| | | class ids { |
|---|
| | | |
|---|
| | | public function start() |
|---|
| | | { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('ids'); |
|---|
| | | |
|---|
| | | set_include_path( |
|---|
| | | get_include_path() |
|---|
| | | . PATH_SEPARATOR |
|---|
| | | . ISPC_CLASS_PATH.'/' |
|---|
| | | ); |
|---|
| | | |
|---|
| | | require_once(ISPC_CLASS_PATH.'/IDS/Init.php'); |
|---|
| | | require_once(ISPC_CLASS_PATH.'/IDS/Monitor.php'); |
|---|
| | | require_once(ISPC_CLASS_PATH.'/IDS/Filter.php'); |
|---|
| | | require_once(ISPC_CLASS_PATH.'/IDS/Filter/Storage.php'); |
|---|
| | | require_once(ISPC_CLASS_PATH.'/IDS/Report.php'); |
|---|
| | | require_once(ISPC_CLASS_PATH.'/IDS/Event.php'); |
|---|
| | | require_once(ISPC_CLASS_PATH.'/IDS/Converter.php'); |
|---|
| | | |
|---|
| | | $ids_request = array( |
|---|
| | | 'SESSION' => $_SESSION, |
|---|
| | | 'GET' => $_GET, |
|---|
| | | 'POST' => $_POST, |
|---|
| | | 'COOKIE' => $_COOKIE |
|---|
| | | ); |
|---|
| | | |
|---|
| | | $ids_init = IDS\Init::init(ISPC_CLASS_PATH.'/IDS/Config/Config.ini.php'); |
|---|
| | | |
|---|
| | | $ids_init->config['General']['base_path'] = ISPC_CLASS_PATH.'/IDS/'; |
|---|
| | | $ids_init->config['General']['tmp_path'] = '../../../temp'; |
|---|
| | | $ids_init->config['General']['use_base_path'] = true; |
|---|
| | | $ids_init->config['Caching']['caching'] = 'none'; |
|---|
| | | $ids_init->config['Logging']['path'] = '../../../temp/ids.log'; |
|---|
| | | |
|---|
| | | $current_script_name = trim($_SERVER['SCRIPT_NAME']); |
|---|
| | | |
|---|
| | | // Get whitelist |
|---|
| | | $whitelist_path = '/usr/local/ispconfig/security/ids.whitelist'; |
|---|
| | | if(is_file('/usr/local/ispconfig/security/ids.whitelist.custom')) $whitelist_path = '/usr/local/ispconfig/security/ids.whitelist.custom'; |
|---|
| | | if(!is_file($whitelist_path)) $whitelist_path = realpath(ISPC_ROOT_PATH.'/../security/ids.whitelist'); |
|---|
| | | |
|---|
| | | $whitelist_lines = file($whitelist_path); |
|---|
| | | if(is_array($whitelist_lines)) { |
|---|
| | | foreach($whitelist_lines as $line) { |
|---|
| | | $line = trim($line); |
|---|
| | | if(substr($line,0,1) != '#') { |
|---|
| | | list($user,$path,$varname) = explode(':',$line); |
|---|
| | | if($current_script_name == $path) { |
|---|
| | | if($user = 'any' |
|---|
| | | || ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin')) |
|---|
| | | || ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) { |
|---|
| | | $ids_init->config['General']['exceptions'][] = $varname; |
|---|
| | | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Get HTML fields |
|---|
| | | $htmlfield_path = '/usr/local/ispconfig/security/ids.htmlfield'; |
|---|
| | | if(is_file('/usr/local/ispconfig/security/ids.htmlfield.custom')) $htmlfield_path = '/usr/local/ispconfig/security/ids.htmlfield.custom'; |
|---|
| | | if(!is_file($htmlfield_path)) $htmlfield_path = realpath(ISPC_ROOT_PATH.'/../security/ids.htmlfield'); |
|---|
| | | |
|---|
| | | $htmlfield_lines = file($htmlfield_path); |
|---|
| | | if(is_array($htmlfield_lines)) { |
|---|
| | | foreach($htmlfield_lines as $line) { |
|---|
| | | $line = trim($line); |
|---|
| | | if(substr($line,0,1) != '#') { |
|---|
| | | list($user,$path,$varname) = explode(':',$line); |
|---|
| | | if($current_script_name == $path) { |
|---|
| | | if($user = 'any' |
|---|
| | | || ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin')) |
|---|
| | | || ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) { |
|---|
| | | $ids_init->config['General']['html'][] = $varname; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $ids = new IDS\Monitor($ids_init); |
|---|
| | | $ids_result = $ids->run($ids_request); |
|---|
| | | |
|---|
| | | if (!$ids_result->isEmpty()) { |
|---|
| | | |
|---|
| | | $impact = $ids_result->getImpact(); |
|---|
| | | |
|---|
| | | if($impact >= $security_config['ids_log_level']) { |
|---|
| | | $ids_log = ISPC_ROOT_PATH.'/temp/ids.log'; |
|---|
| | | if(!is_file($ids_log)) touch($ids_log); |
|---|
| | | |
|---|
| | | $user = isset($_SESSION['s']['user']['typ'])?$_SESSION['s']['user']['typ']:'any'; |
|---|
| | | |
|---|
| | | $log_lines = ''; |
|---|
| | | foreach ($ids_result->getEvents() as $event) { |
|---|
| | | $log_lines .= $user.':'.$current_script_name.':'.$event->getName()."\n"; |
|---|
| | | } |
|---|
| | | file_put_contents($ids_log,$log_lines,FILE_APPEND); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | if($impact >= $security_config['ids_warn_level']) { |
|---|
| | | $app->log("PHP IDS Alert.".$ids_result, 2); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if($impact >= $security_config['ids_block_level']) { |
|---|
| | | $app->error("Possible attack detected. This action has been logged.",'', true, 2); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | ?> |
|---|
| | |
|---|
| | | |
|---|
| | | public function client_add($session_id, $reseller_id, $params) |
|---|
| | | { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | if (!$this->checkPerm($session_id, 'client_add')) |
|---|
| | | { |
|---|
| | | $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id; |
|---|
| | | $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params); |
|---|
| | | |
|---|
| | | if($params['parent_client_id']) { |
|---|
| | | // check if this one is reseller |
|---|
| | | $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($client_id)); |
|---|
| | | if($check['limit_client'] == 0) { |
|---|
| | | $this->server->fault('Invalid reseller', 'Selected client is not a reseller.'); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(isset($params['limit_client']) && $params['limit_client'] != 0) { |
|---|
| | | $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.'); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params); |
|---|
| | | return $affected_rows; |
|---|
| | | |
|---|
| | | } |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | $app->uses('remoting_lib'); |
|---|
| | | $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php'); |
|---|
| | | $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php'); |
|---|
| | | $old_rec = $app->remoting_lib->getDataRecord($client_id); |
|---|
| | | |
|---|
| | | if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id; |
|---|
| | | |
|---|
| | | if($params['parent_client_id']) { |
|---|
| | | // check if this one is reseller |
|---|
| | | $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($client_id)); |
|---|
| | | if($check['limit_client'] == 0) { |
|---|
| | | $this->server->fault('Invalid reseller', 'Selected client is not a reseller.'); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(isset($params['limit_client']) && $params['limit_client'] != 0) { |
|---|
| | | $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.'); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // we need the previuos templates assigned here |
|---|
| | | $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id; |
|---|
| | | $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update'); |
|---|
| | | $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($params['parent_client_id'] ? 'reseller' : 'client') . ':on_after_update'); |
|---|
| | | |
|---|
| | | $app->remoting_lib->ispconfig_sysuser_update($params, $client_id); |
|---|
| | | |
|---|
| | |
|---|
| | | $this->id = $insert_id; |
|---|
| | | $this->dataRecord = $params; |
|---|
| | | |
|---|
| | | $app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . ':on_after_insert', $this); |
|---|
| | | $app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . ':on_after_insert', $this); |
|---|
| | | |
|---|
| | | /* |
|---|
| | | if($app->db->errorMessage != '') { |
|---|
| | |
|---|
| | | function ftp_dir($field_name, $field_value, $validator) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | if($app->tform->primary_id == 0) { |
|---|
| | | $primary_id = (isset($app->tform->primary_id) && $app->tform->primary_id > 0)?$app->tform->primary_id:$app->remoting_lib->primary_id; |
|---|
| | | $primary_id = $app->functions->intval($primary_id); |
|---|
| | | |
|---|
| | | if($primary_id == 0 && !isset($app->remoting_lib->dataRecord['parent_domain_id'])) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'"); |
|---|
| | | if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | if($primary_id > 0) { |
|---|
| | | //* get parent_domain_id from website |
|---|
| | | $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($primary_id)."'"); |
|---|
| | | if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | } else { |
|---|
| | | return $errmsg."<br>\r\n"; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | return $errmsg."<br>\r\n"; |
|---|
| | | $parent_domain_id = $ftp_data["parent_domain_id"]; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | //* get parent_domain_id from dataRecord when we have a insert operation trough remote API |
|---|
| | | $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($ftp_data["parent_domain_id"])."'"); |
|---|
| | | $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'"); |
|---|
| | | if(!is_array($domain_data) || $domain_data["domain_id"] < 1) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | |
|---|
| | | */ |
|---|
| | | |
|---|
| | | class validate_systemuser { |
|---|
| | | |
|---|
| | | function get_error($errmsg) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | } else { |
|---|
| | | return $errmsg."<br>\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | Validator function to check if a given user is ok. |
|---|
| | |
|---|
| | | function check_sysuser($field_name, $field_value, $validator) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | //* Skip Test if we have the placeholder input of the remote APi for the web_domain system_user field here. |
|---|
| | | if($field_name == 'system_user' && $field_value == '-') return ''; |
|---|
| | | |
|---|
| | | //* Check the input |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | $check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false; |
|---|
| | | |
|---|
| | | if($app->functions->is_allowed_user(trim(strtolower($field_value)),$check_names) == false) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | return $this->get_error($errmsg); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | function check_sysgroup($field_name, $field_value, $validator) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | //* Skip Test if we have the placeholder input of the remote APi for the web_domain system_group field here. |
|---|
| | | if($field_name == 'system_group' && $field_value == '-') return ''; |
|---|
| | | |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | $check_names = (isset($validator['check_names']) && $validator['check_names'] == true)?true:false; |
|---|
| | | |
|---|
| | | if($app->functions->is_allowed_group(trim(strtolower($field_value)),$check_names) == false) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | return $this->get_error($errmsg); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | Validator function to check if a given dir is ok. |
|---|
| | | */ |
|---|
| | | function shelluser_dir($field_name, $field_value, $validator) { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | $primary_id = (isset($app->tform->primary_id) && $app->tform->primary_id > 0)?$app->tform->primary_id:$app->remoting_lib->primary_id; |
|---|
| | | $primary_id = $app->functions->intval($primary_id); |
|---|
| | | |
|---|
| | | if($primary_id == 0 && !isset($app->remoting_lib->dataRecord['parent_domain_id'])) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | } else { |
|---|
| | | return $errmsg."<br>\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | if($primary_id > 0) { |
|---|
| | | //* get parent_domain_id from website |
|---|
| | | $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'"); |
|---|
| | | if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | } else { |
|---|
| | | return $errmsg."<br>\r\n"; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $parent_domain_id = $shell_data["parent_domain_id"]; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | //* get parent_domain_id from dataRecord when we have a insert operation trough remote API |
|---|
| | | $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'"); |
|---|
| | | if(!is_array($domain_data) || $domain_data["domain_id"] < 1) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | } else { |
|---|
| | | return $errmsg."<br>\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | $doc_root = $domain_data["document_root"]; |
|---|
| | | $is_ok = false; |
|---|
| | | if($doc_root == $field_value) $is_ok = true; |
|---|
| | | |
|---|
| | | $doc_root .= "/"; |
|---|
| | | if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true; |
|---|
| | | |
|---|
| | | if(stristr($field_value, '..') or stristr($field_value, './') or stristr($field_value, '/.')) $is_ok = false; |
|---|
| | | |
|---|
| | | //* Final check if docroot path of website is >= 5 chars |
|---|
| | | if(strlen($doc_root) < 5) $is_ok = false; |
|---|
| | | |
|---|
| | | if($is_ok == false) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($app->tform->wordbook[$errmsg])) { |
|---|
| | | return $app->tform->wordbook[$errmsg]."<br>\r\n"; |
|---|
| | | } else { |
|---|
| | | return $errmsg."<br>\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | |
|---|
| | | |
|---|
| | | //** Application |
|---|
| | | define('ISPC_APP_TITLE', 'ISPConfig'); |
|---|
| | | define('ISPC_APP_VERSION', '3.0.5.4p2'); |
|---|
| | | define('ISPC_APP_VERSION', '3.0.5.4p3'); |
|---|
| | | define('DEVSYSTEM', 0); |
|---|
| | | |
|---|
| | | |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Velmi silná'; |
|---|
| | | $wb['weak_password_txt'] = 'Zvolené heslo neodpovídá požadavkům zásad pro tvorbu hesel. Heslo musí být alespoň {chars} znaků dlouhé a mající sílu \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'Zvolené heslo neodpovídá požadavkům zásad pro tvorbu hesel. Heslo musí být alespoň {chars} znaků dlouhé.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Sehr stark'; |
|---|
| | | $wb['weak_password_txt'] = 'Das gewählte Passwort erfüllt die Sicherheitsanforderungen nicht. Es muss mindestens {chars} Zeichen lang sein und die Stärke \\"{strength}\\" besitzen.'; |
|---|
| | | $wb['weak_password_length_txt'] = 'Das gewählte Passwort erfüllt die Sicherheitsanforderungen nicht. Es muss mindestens {chars} Zeichen lang sein.'; |
|---|
| | | $wb['security_check1_txt'] = 'Sicherheitsüberprüfung für:'; |
|---|
| | | $wb['security_check2_txt'] = 'fehlgeschlagen.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['datalog_status_i_web_folder_user'] = 'Create folder protection user'; |
|---|
| | | $wb['datalog_status_u_web_folder_user'] = 'Update folder protection user'; |
|---|
| | | $wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user'; |
|---|
| | | |
|---|
| | | $wb['login_as_txt'] = 'Log in as'; |
|---|
| | | $wb["no_domain_perm"] = 'You have no permission for this domain.'; |
|---|
| | | $wb["no_destination_perm"] = 'You have no permission for this destination.'; |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of "{strength}".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | |
|---|
| | | ?> |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_3'] = 'Bra'; |
|---|
| | | $wb['strength_4'] = 'Starkt'; |
|---|
| | | $wb['strength_5'] = 'Väldigt starkt'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \"{strength}\".'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['strength_5'] = 'Very Strong'; |
|---|
| | | $wb['weak_password_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length and have a strength of \\"{strength}\\".'; |
|---|
| | | $wb['weak_password_length_txt'] = 'The chosen password does not match the security guidelines. It has to be at least {chars} chars in length.'; |
|---|
| | | $wb['security_check1_txt'] = 'Check for security permission:'; |
|---|
| | | $wb['security_check2_txt'] = 'failed.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | function openvz_vm_insert($event_name, $page_form) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $this->id = $page_form->id; |
|---|
| | | $this->id = $app->functions->intval($page_form->id); |
|---|
| | | $this->dataRecord = $page_form->dataRecord; |
|---|
| | | $this->oldDataRecord = $page_form->oldDataRecord; |
|---|
| | | |
|---|
| | |
|---|
| | | $this->applyTemplate(); |
|---|
| | | |
|---|
| | | // Set the IP address |
|---|
| | | $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$this->dataRecord['ip_address']."'"); |
|---|
| | | $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'"); |
|---|
| | | |
|---|
| | | // Create the OpenVZ config file and store it in config field |
|---|
| | | $this->makeOpenVZConfig(); |
|---|
| | |
|---|
| | | function openvz_vm_update($event_name, $page_form) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $this->id = $page_form->id; |
|---|
| | | $this->id = $app->functions->intval($page_form->id); |
|---|
| | | $this->dataRecord = $page_form->dataRecord; |
|---|
| | | $this->oldDataRecord = $page_form->oldDataRecord; |
|---|
| | | |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Set the IP address |
|---|
| | | if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$this->dataRecord['ip_address']."'"); |
|---|
| | | if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'"); |
|---|
| | | |
|---|
| | | // Create the OpenVZ config file and store it in config field |
|---|
| | | $this->makeOpenVZConfig(); |
|---|
| | |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | //* Free the IP address |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$page_form->id); |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id)); |
|---|
| | | $app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']); |
|---|
| | | unset($tmp); |
|---|
| | | |
|---|
| | |
|---|
| | | private function applyTemplate() { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$this->dataRecord["template_id"]); |
|---|
| | | $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"])); |
|---|
| | | |
|---|
| | | $sql = "UPDATE openvz_vm SET "; |
|---|
| | | $sql .= "diskspace = '".$tpl['diskspace']."', "; |
|---|
| | | $sql .= "ram = '".$tpl['ram']."', "; |
|---|
| | | $sql .= "ram_burst = '".$tpl['ram_burst']."', "; |
|---|
| | | $sql .= "cpu_units = '".$tpl['cpu_units']."', "; |
|---|
| | | $sql .= "cpu_num = '".$tpl['cpu_num']."', "; |
|---|
| | | $sql .= "cpu_limit = '".$tpl['cpu_limit']."', "; |
|---|
| | | $sql .= "io_priority = '".$tpl['io_priority']."', "; |
|---|
| | | $sql .= "nameserver = '".$tpl['nameserver']."', "; |
|---|
| | | $sql .= "create_dns = '".$tpl['create_dns']."', "; |
|---|
| | | $sql .= "capability = '".$tpl['capability']."' "; |
|---|
| | | $sql .= "WHERE vm_id = ".$this->id; |
|---|
| | | $sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', "; |
|---|
| | | $sql .= "ram = '".$app->db->quote($tpl['ram'])."', "; |
|---|
| | | $sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', "; |
|---|
| | | $sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', "; |
|---|
| | | $sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', "; |
|---|
| | | $sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', "; |
|---|
| | | $sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', "; |
|---|
| | | $sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', "; |
|---|
| | | $sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', "; |
|---|
| | | $sql .= "capability = '".$app->db->quote($tpl['capability'])."' "; |
|---|
| | | $sql .= "WHERE vm_id = ".$app->functions->intval($this->id); |
|---|
| | | $app->db->query($sql); |
|---|
| | | |
|---|
| | | } |
|---|
| | |
|---|
| | | private function makeOpenVZConfig() { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$this->id); |
|---|
| | | $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$vm['template_id']); |
|---|
| | | $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id)); |
|---|
| | | $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id'])); |
|---|
| | | $burst_ram = $vm['ram_burst']*256; |
|---|
| | | $guar_ram = $vm['ram']*256; |
|---|
| | | |
|---|
| | |
|---|
| | | $tpl->setVar('nameserver', $vm['nameserver']); |
|---|
| | | $tpl->setVar('capability', $vm['capability']); |
|---|
| | | |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$vm['ostemplate_id']); |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id'])); |
|---|
| | | $tpl->setVar('ostemplate', $tmp['template_file']); |
|---|
| | | unset($tmp); |
|---|
| | | |
|---|
| | | $openvz_config = $app->db->quote($tpl->grab()); |
|---|
| | | $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$this->id); |
|---|
| | | $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id)); |
|---|
| | | |
|---|
| | | unset($tpl); |
|---|
| | | |
|---|
| | |
|---|
| | | private function createDNS() { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$this->id); |
|---|
| | | $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id)); |
|---|
| | | |
|---|
| | | if($vm['create_dns'] != 'y') return; |
|---|
| | | |
|---|
| | | $full_hostname = str_replace('{VEID}', $vm['veid'], $vm['hostname']); |
|---|
| | | $hostname_parts = explode('.', $full_hostname); |
|---|
| | | $hostname = $hostname_parts[0]; |
|---|
| | | $hostname = $app->db->quote($hostname_parts[0]); |
|---|
| | | unset($hostname_parts[0]); |
|---|
| | | $zone = implode('.', $hostname_parts); |
|---|
| | | $zone = $app->db->quote((implode('.', $hostname_parts))); |
|---|
| | | unset($hostname_parts); |
|---|
| | | |
|---|
| | | // Find the dns zone |
|---|
| | | $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '$zone.'"); |
|---|
| | | $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$zone_rec['id']."' AND name = '$hostname'"); |
|---|
| | | $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'"); |
|---|
| | | $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'"); |
|---|
| | | |
|---|
| | | if($zone_rec['id'] > 0) { |
|---|
| | | $ip_address = $vm['ip_address']; |
|---|
| | | $sys_userid = $zone_rec['sys_userid']; |
|---|
| | | $sys_groupid = $zone_rec['sys_groupid']; |
|---|
| | | $server_id = $zone_rec['server_id']; |
|---|
| | | $dns_soa_id = $zone_rec['id']; |
|---|
| | | $ip_address = $app->db->quote($vm['ip_address']); |
|---|
| | | $sys_userid = $app->functions->intval($zone_rec['sys_userid']); |
|---|
| | | $sys_groupid = $app->functions->intval($zone_rec['sys_groupid']); |
|---|
| | | $server_id = $app->functions->intval($zone_rec['server_id']); |
|---|
| | | $dns_soa_id = $app->functions->intval($zone_rec['id']); |
|---|
| | | |
|---|
| | | if($rr_rec['id'] > 0) { |
|---|
| | | $app->uses('validate_dns'); |
|---|
| | | $app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $rr_rec['id']); |
|---|
| | | $app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $app->functions->intval($rr_rec['id'])); |
|---|
| | | $serial = $app->validate_dns->increase_serial($zone_rec['serial']); |
|---|
| | | $app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $zone_rec['id']); |
|---|
| | | $app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $app->functions->intval($zone_rec['id'])); |
|---|
| | | } else { |
|---|
| | | $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES |
|---|
| | | ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$hostname', 'A', '$ip_address', '0', '3600', 'Y')"; |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_firewall_config'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | | $app->tform_actions->onDelete(); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_firewall_config'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_cpuser_group'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | | $app->tform_actions->onDelete(); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_cpuser_group'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | |
|---|
| | | <?php |
|---|
| | | die('unused'); |
|---|
| | | /* |
|---|
| | | Copyright (c) 2011, Andrew "lathama" Latham, Till Brehm, projektfarm Gmbh |
|---|
| | | All rights reserved. |
|---|
| | |
|---|
| | | <?php |
|---|
| | | die('unused'); |
|---|
| | | /* |
|---|
| | | Copyright (c) 2011, Andrew "lathama" Latham, Till Brehm, projektfarm Gmbh |
|---|
| | | All rights reserved. |
|---|
| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | die('unused'); |
|---|
| | | /* |
|---|
| | | Copyright (c) 2011, Andrew "lathama" Latham, Till Brehm, projektfarm Gmbh |
|---|
| | | All rights reserved. |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_langedit'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | | if(!$app->auth->is_admin()) die('only allowed for administrators.'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_langedit'); |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_langedit'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | | if(!$app->auth->is_admin()) die('only allowed for administrators.'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_langedit'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | | if(!$app->auth->is_admin()) die('only allowed for administrators.'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_langedit'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | | if(!$app->auth->is_admin()) die('only allowed for administrators.'); |
|---|
| | |
|---|
| | | $wb['Domains'] = 'Domény'; |
|---|
| | | $wb['Misc'] = 'Různé'; |
|---|
| | | $wb['Software'] = 'Software'; |
|---|
| | | $wb['Repositories'] = 'Repozitáře'; |
|---|
| | | $wb['Repositories'] = 'Zdroje repozitářů'; |
|---|
| | | $wb['Packages'] = 'Balíčky'; |
|---|
| | | $wb['Updates'] = 'Aktualizace'; |
|---|
| | | $wb['Language Editor'] = 'Jazykový editor'; |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['repo_name_txt'] = 'Repozitář'; |
|---|
| | | $wb['repo_name_txt'] = 'Název zdroje'; |
|---|
| | | $wb['repo_url_txt'] = 'URL'; |
|---|
| | | $wb['repo_username_txt'] = 'Uživatel (volitelné)'; |
|---|
| | | $wb['repo_password_txt'] = 'Heslo (volitelné)'; |
|---|
| | |
|---|
| | | $wb['select_server_txt'] = 'Zvolit server'; |
|---|
| | | $wb['btn_do_txt'] = 'Provést akci'; |
|---|
| | | $wb['do_osupdate_caption'] = 'Aktualizace operačního systému na vzdáleném serveru.'; |
|---|
| | | $wb['do_osupdate_desc'] = 'Tato akce provede \\"aptitude -y\\" aktualizaci na vybraném serveru.<br><br><strong>POUŽITÍ TÉTO AKCE NA VLASTNÍ NEBEZPEČÍ !</strong>'; |
|---|
| | | $wb['do_osupdate_desc'] = 'Tato akce provede \"aptitude -y\" aktualizaci na vybraném serveru.<br><br><strong>POUŽITÍ TÉTO AKCE NA VLASTNÍ NEBEZPEČÍ !</strong>'; |
|---|
| | | $wb['do_ispcupdate_caption'] = 'Provedení ISPConfig 3 - aktualizace na vzdáleném serveru'; |
|---|
| | | $wb['do_ispcupdate_desc'] = 'Tato akce provede \\"ISPConfig 3\\" aktualizaci na vašem vybraném serveru.<br><br><strong>POUŽITÍ TÉTO AKCE NA VLASTNÍ NEBEZPEČÍ !</strong>'; |
|---|
| | | $wb['do_ispcupdate_desc'] = 'Tato akce provede \"ISPConfig 3\" aktualizaci na vašem vybraném serveru.<br><br><strong>POUŽITÍ TÉTO AKCE NA VLASTNÍ NEBEZPEČÍ !</strong>'; |
|---|
| | | $wb['action_scheduled'] = 'Akce je naplánována na provedení'; |
|---|
| | | $wb['select_all_server'] = 'Všechny servery'; |
|---|
| | | $wb['ispconfig_update_title'] = 'ISPConfig pokyny k aktualizaci'; |
|---|
| | |
|---|
| | | $wb['try_rescue_txt'] = 'Povolit monitorování služeb a restartovat při selhání'; |
|---|
| | | $wb['do_not_try_rescue_mysql_txt'] = 'Zakázat MySQL monitorování'; |
|---|
| | | $wb['do_not_try_rescue_mail_txt'] = 'Zakázat E-mail monitorování'; |
|---|
| | | $wb['rescue_description_txt'] = '<b>Informace:</b> Pokud chcete např. vypnout MySQL monitorování zatrhněte políčko \\"Zakázat MySQL monitorování\\" změna se provede do 2-3 minut.<br>Pokud nepočkáte 2-3 minuty, monitorování restartuje mysql!!'; |
|---|
| | | $wb['rescue_description_txt'] = '<b>Informace:</b> Pokud chcete např. vypnout MySQL monitorování zatrhněte políčko \"Zakázat MySQL monitorování\" změna se provede do 2-3 minut.<br>Pokud nepočkáte 2-3 minuty, monitorování restartuje mysql!!'; |
|---|
| | | $wb['enable_sni_txt'] = 'Aktivovat SNI (Server Name Indication)'; |
|---|
| | | $wb['do_not_try_rescue_httpd_txt'] = 'Zakázat HTTPD monitorování'; |
|---|
| | | $wb['set_folder_permissions_on_update_txt'] = 'Set folder permissions on update'; |
|---|
| | | $wb['set_folder_permissions_on_update_txt'] = 'Nastavení oprávnění složky při aktualizaci'; |
|---|
| | | $wb['add_web_users_to_sshusers_group_txt'] = 'Add web users to -sshusers- group'; |
|---|
| | | $wb['connect_userid_to_webid_txt'] = 'Connect Linux userid to webid'; |
|---|
| | | $wb['connect_userid_to_webid_start_txt'] = 'Start ID for userid/webid connect'; |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['repo_name_txt'] = 'Repozitář'; |
|---|
| | | $wb['repo_name_txt'] = 'Název zdroje'; |
|---|
| | | $wb['repo_url_txt'] = 'URL'; |
|---|
| | | $wb['repo_username_txt'] = 'Uživatel (volitelné)'; |
|---|
| | | $wb['repo_password_txt'] = 'Heslo (volitelné)'; |
|---|
| | | $wb['active_txt'] = 'Aktivní'; |
|---|
| | | $wb['Software Repository which may contain addons or updates'] = 'Software Repository which may contain addons or updates'; |
|---|
| | | $wb['Software Repository which may contain addons or updates'] = 'Softwarové zdroje, které mohou obsahovat addony nebo aktualizace'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['list_head_txt'] = 'Repozitář'; |
|---|
| | | $wb['list_head_txt'] = 'Zdroje repozitářů'; |
|---|
| | | $wb['active_txt'] = 'Aktivní'; |
|---|
| | | $wb['repo_name_txt'] = 'Repozitář'; |
|---|
| | | $wb['repo_name_txt'] = 'Název zdroje'; |
|---|
| | | $wb['repo_url_txt'] = 'URL'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['customer_no_start_txt'] = 'Zákaznické číslo - počáteční hodnota'; |
|---|
| | | $wb['customer_no_counter_txt'] = 'Zákaznické číslo - čítač'; |
|---|
| | | $wb['session_timeout_txt'] = 'Časový limit relace (minuty)'; |
|---|
| | | $wb['session_allow_endless_txt'] = 'Enable \\"stay logged in\\"'; |
|---|
| | | $wb['session_allow_endless_txt'] = 'Povolit - zůstat přihlášen'; |
|---|
| | | $wb['No'] = 'Ne'; |
|---|
| | | $wb['min_password_length_txt'] = 'Minimální délka hesla'; |
|---|
| | | $wb['min_password_strength_txt'] = 'Minimální síla hesla'; |
|---|
| | |
|---|
| | | $wb['customer_no_start_txt'] = 'Kundnummer startvärde'; |
|---|
| | | $wb['customer_no_counter_txt'] = 'Kundnummer räknare'; |
|---|
| | | $wb['session_timeout_txt'] = 'Session timeout (minuter)'; |
|---|
| | | $wb['session_allow_endless_txt'] = 'Aktivera \"håll mig inloggad\"'; |
|---|
| | | $wb['session_allow_endless_txt'] = 'Aktivera \\"håll mig inloggad\\"'; |
|---|
| | | $wb['No'] = 'Nej'; |
|---|
| | | $wb['min_password_length_txt'] = 'Minsta lösenordslängd'; |
|---|
| | | $wb['min_password_strength_txt'] = 'Minsta lösenordsstyrka'; |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_osupdate'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | | if(!$app->auth->is_admin()) die('only allowed for administrators.'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_remote_users'); |
|---|
| | | |
|---|
| | | $app->uses('tpl,tform'); |
|---|
| | | $app->load('tform_actions'); |
|---|
| | |
|---|
| | | die; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_remote_users'); |
|---|
| | | |
|---|
| | | // Disable this function in demo mode |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_config'); |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_config'); |
|---|
| | | |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_services'); |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_services'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_ip'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | | $app->tform_actions->onDelete(); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_ip'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_php'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | | $app->tform_actions->onDelete(); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_server_php'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_software_packages'); |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | $software_update_inst_id = $app->functions->intval($_GET['software_update_inst_id']); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_software_packages'); |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_software_packages'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | | if(!$app->auth->is_admin()) die('only allowed for administrators.'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_software_repo'); |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_software_repo'); |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_software_packages'); |
|---|
| | | |
|---|
| | | //* This is only allowed for administrators |
|---|
| | | if(!$app->auth->is_admin()) die('only allowed for administrators.'); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_system_config'); |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | |
|---|
| | | <?php |
|---|
| | | die('unused'); |
|---|
| | | /* |
|---|
| | | Copyright (c) 2007, Till Brehm, projektfarm Gmbh |
|---|
| | | All rights reserved. |
|---|
| | |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('admin'); |
|---|
| | | $app->auth->check_security_permissions('admin_allow_del_cpuser'); |
|---|
| | | if($conf['demo_mode'] == true && $_REQUEST['id'] <= 3) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | $app->uses("tform_actions"); |
|---|
| | |
|---|
| | | |
|---|
| | | function onBeforeInsert() { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | //* Security settings check |
|---|
| | | if(isset($this->dataRecord['typ']) && $this->dataRecord['typ'][0] == 'admin') { |
|---|
| | | $app->auth->check_security_permissions('admin_allow_new_admin'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(!in_array($this->dataRecord['startmodule'], $this->dataRecord['modules'])) { |
|---|
| | | $app->tform->errorMessage .= $app->tform->wordbook['startmodule_err']; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | function onBeforeUpdate() { |
|---|
| | |
|---|
| | | |
|---|
| | | if($conf['demo_mode'] == true && $_REQUEST['id'] <= 3) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | //* Security settings check |
|---|
| | | if(isset($this->dataRecord['typ']) && $this->dataRecord['typ'][0] == 'admin') { |
|---|
| | | $app->auth->check_security_permissions('admin_allow_new_admin'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(@is_array($this->dataRecord['modules']) && !in_array($this->dataRecord['startmodule'], $this->dataRecord['modules'])) { |
|---|
| | | $app->tform->errorMessage .= $app->tform->wordbook['startmodule_err']; |
|---|
| | | } |
|---|
| | |
|---|
| | | $wb['customer_no_error_unique'] = 'The customer no. must be unique (or empty).'; |
|---|
| | | $wb['paypal_email_error_isemail'] = 'Please enter a valid PayPal email address.'; |
|---|
| | | $wb['paypal_email_txt'] = 'PayPal epostadress'; |
|---|
| | | $wb['err_msg_master_tpl_set'] = 'All custom limit settings are ignored if any master template other than \"custom\" is selected.'; |
|---|
| | | $wb['err_msg_master_tpl_set'] = 'All custom limit settings are ignored if any master template other than \\"custom\\" is selected.'; |
|---|
| | | $wb['aps_limits_txt'] = 'APS Installer Limits'; |
|---|
| | | $wb['limit_aps_txt'] = 'Max. number of APS instances'; |
|---|
| | | $wb['limit_aps_error_notint'] = 'The APS instances limit must be a number.'; |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'Sekundární DNS-Zóny'; |
|---|
| | | $wb['active_txt'] = 'Aktivní'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zóna'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Přidat novou Sekundarní DNS-Zónu'; |
|---|
| | | $wb['eg_domain_tld'] = 'např. domena.cz'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Klient'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zóny'; |
|---|
| | | $wb['active_txt'] = 'Aktivní'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zóna'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'E-mail'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Přidat novou DNS zónu pomocí průvodce'; |
|---|
| | | $wb['add_new_record_txt'] = 'Přidat novou DNS zónu manuálně'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Klient'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'Secondary DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['list_head_txt'] = 'Secondary DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Secondary DNS-Zone'; |
|---|
| | | $wb['eg_domain_tld'] = 'e.g. domain.tld.'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb["list_head_txt"] = 'DNS-Zones'; |
|---|
| | | $wb["active_txt"] = 'Active'; |
|---|
| | | $wb["server_id_txt"] = 'Server'; |
|---|
| | | $wb["origin_txt"] = 'Zone'; |
|---|
| | | $wb["ns_txt"] = 'NS'; |
|---|
| | | $wb["mbox_txt"] = 'Email'; |
|---|
| | | $wb["add_new_record_wizard_txt"] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb["add_new_record_txt"] = 'Add new DNS Zone manually'; |
|---|
| | | $wb["sys_groupid_txt"] = 'Client'; |
|---|
| | | $wb['list_head_txt'] = 'DNS-Zones'; |
|---|
| | | $wb['active_txt'] = 'Active'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['origin_txt'] = 'Zone'; |
|---|
| | | $wb['ns_txt'] = 'NS'; |
|---|
| | | $wb['mbox_txt'] = 'Email'; |
|---|
| | | $wb['add_new_record_wizard_txt'] = 'Add new DNS Zone with Wizard'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new DNS Zone manually'; |
|---|
| | | $wb['sys_groupid_txt'] = 'Client'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | session_start(); |
|---|
| | | include '../../lib/config.inc.php'; |
|---|
| | | header('Content-Type: text/javascript; charset=utf-8'); // the config file sets the content type header so we have to override it here! |
|---|
| | | require_once '../../lib/app.inc.php'; |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | function changeTab(tab,target,force) { |
|---|
| | | if(requestsRunning > 0) return false; |
|---|
| | | |
|---|
| | | //document.forms[0].next_tab.value = tab; |
|---|
| | | document.pageForm.next_tab.value = tab; |
|---|
| | | |
|---|
| | |
|---|
| | | if(crypt(stripslashes($passwort), $salt) != $saved_password) { |
|---|
| | | $user = false; |
|---|
| | | } |
|---|
| | | } elseif(substr($saved_password, 0, 3) == '$5$') { |
|---|
| | | //* The password is crypt-sha256 encrypted |
|---|
| | | $salt = '$5$'.substr($saved_password, 3, 16).'$'; |
|---|
| | | |
|---|
| | | if(crypt(stripslashes($passwort), $salt) != $saved_password) { |
|---|
| | | $user = false; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | |
|---|
| | | //* The password is md5 encrypted |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['login_1_txt'] = 'Vill du loggga in som användare'; |
|---|
| | | $wb['login_2_txt'] = 'If you do so, you can \"go back\" by clicking at logout.'; |
|---|
| | | $wb['login_2_txt'] = 'If you do so, you can \\"go back\\" by clicking at logout.'; |
|---|
| | | $wb['btn_yes_txt'] = 'Ja, logga in som kund'; |
|---|
| | | $wb['btn_back_txt'] = 'Nej, tillbaka till listan'; |
|---|
| | | $wb['udp_port_help_txt'] = 'Avdelade med kommatecken'; |
|---|
| | | $wb['active_txt'] = 'Aktiv'; |
|---|
| | | $wb['firewall_error_unique'] = 'There is already a firewall record for this server.'; |
|---|
| | | $wb['tcp_ports_error_regex'] = 'Character not allowed in tcp port definition. Allowed characters are numbers, \":\" and \",\".'; |
|---|
| | | $wb['udp_ports_error_regex'] = 'Character not allowed in udp port definition. Allowed characters are numbers, \":\" and \",\".'; |
|---|
| | | $wb['tcp_ports_error_regex'] = 'Character not allowed in tcp port definition. Allowed characters are numbers, \\":\\" and \\",\\".'; |
|---|
| | | $wb['udp_ports_error_regex'] = 'Character not allowed in udp port definition. Allowed characters are numbers, \\":\\" and \\",\\".'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['Email Alias'] = 'E-mailové aliasy'; |
|---|
| | | $wb['Email Blacklist'] = 'Email černá listina'; |
|---|
| | | $wb['Email Blacklist'] = 'E-mailová černá listina'; |
|---|
| | | $wb['Blacklist'] = 'Černá listina'; |
|---|
| | | $wb['Mail Content Filter'] = 'Obsahový filtr'; |
|---|
| | | $wb['Filter'] = 'Filtr'; |
|---|
| | |
|---|
| | | $wb['Mail Filter'] = 'E-mailové filtry'; |
|---|
| | | $wb['Custom Rules'] = 'Vlastní pravidla'; |
|---|
| | | $wb['Email filter'] = 'E-mailový filtr'; |
|---|
| | | $wb['Email Whitelist'] = 'E-mail bílá listina'; |
|---|
| | | $wb['Email Whitelist'] = 'E-mailová bílá listina'; |
|---|
| | | $wb['Whitelist'] = 'Bílá listina'; |
|---|
| | | $wb['Spamfilter blacklist'] = 'Spamový filtr černá listina'; |
|---|
| | | $wb['Spamfilter Config'] = 'Konfigurace spamfiltru'; |
|---|
| | |
|---|
| | | $wb['password_match_txt'] = 'Hesla se shodují.'; |
|---|
| | | $wb['email_error_isascii'] = 'Please do not use special unicode characters for your password. This could lead to problems with your mail client.'; |
|---|
| | | $wb['cc_note_txt'] = '(Při přeposílání na více e-mailových adres, oddělte čárkami.)'; |
|---|
| | | $wb['disablesmtp_txt'] = 'Disable SMTP (sending)'; |
|---|
| | | $wb['disablesmtp_txt'] = 'Zakázat SMTP (pouze odesílání)'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['list_head_txt'] = 'Email bílá listina'; |
|---|
| | | $wb['list_head_txt'] = 'E-mailová bílá listina'; |
|---|
| | | $wb['active_txt'] = 'Aktivní'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['source_txt'] = 'Adresy na bílé listině'; |
|---|
| | |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['priority_txt'] = 'Priorita'; |
|---|
| | | $wb['rid_txt'] = 'Uživatel'; |
|---|
| | | $wb['email_txt'] = 'Emaily na bílé listině'; |
|---|
| | | $wb['email_txt'] = 'E-maily na bílé listině'; |
|---|
| | | $wb['add_new_record_txt'] = 'Přidat záznam na bílou listinu'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['destination_error_isemail'] = 'Ingen destination vald.'; |
|---|
| | | $wb['source_server_error_regex'] = 'POP3-/Imapserver är inte ett giltigt domännamn.'; |
|---|
| | | $wb['source_read_all_txt'] = 'Hämta all epost (även läst epost)'; |
|---|
| | | $wb['error_delete_read_all_combination'] = 'Illegal combination of options. You can not use \"Delete emails after retrieval\" = no together with \"Retrieve all emails\" = yes'; |
|---|
| | | $wb['error_delete_read_all_combination'] = 'Illegal combination of options. You can not use \\"Delete emails after retrieval\\" = no together with \\"Retrieve all emails\\" = yes'; |
|---|
| | | $wb['source_delete_note_txt'] = 'Vänligen kontrollera först om eposthämtning fungerar innan du aktiverar detta val..'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | |
|---|
| | | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|---|
| | | |
|---|
| | | $app->load('remoting'); |
|---|
| | | $app->load('remoting,getconf'); |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | if($security_config['remote_api_allowed'] != 'yes') die('Remote API is disabled in security settings.'); |
|---|
| | | |
|---|
| | | |
|---|
| | | $server = new SoapServer(null, array('uri' => $_SERVER['REQUEST_URI'])); |
|---|
| | | $server->setClass('remoting'); |
|---|
| | |
|---|
| | | 1 => array ( 'type' => 'REGEX', |
|---|
| | | 'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/', |
|---|
| | | 'errmsg'=> 'directory_error_regex'), |
|---|
| | | 2 => array ( 'type' => 'CUSTOM', |
|---|
| | | 'class' => 'validate_ftpuser', |
|---|
| | | 'function' => 'ftp_dir', |
|---|
| | | 'errmsg' => 'directory_error_notinweb'), |
|---|
| | | ), |
|---|
| | | 'default' => '', |
|---|
| | | 'value' => '', |
|---|
| | |
|---|
| | | 1 => array ( 'type' => 'REGEX', |
|---|
| | | 'regex' => '/^[\w\.\-]{0,32}$/', |
|---|
| | | 'errmsg'=> 'username_error_regex'), |
|---|
| | | 2 => array( |
|---|
| | | 'type' => 'CUSTOM', |
|---|
| | | 'class' => 'validate_systemuser', |
|---|
| | | 'function' => 'check_sysuser', |
|---|
| | | 'check_names' => false, |
|---|
| | | 'errmsg' => 'invalid_username_txt' |
|---|
| | | ), |
|---|
| | | ), |
|---|
| | | 'default' => '', |
|---|
| | | 'value' => '', |
|---|
| | |
|---|
| | | 1 => array ( 'type' => 'REGEX', |
|---|
| | | 'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/', |
|---|
| | | 'errmsg'=> 'directory_error_regex'), |
|---|
| | | 2 => array ( 'type' => 'CUSTOM', |
|---|
| | | 'class' => 'validate_systemuser', |
|---|
| | | 'function' => 'shelluser_dir', |
|---|
| | | 'errmsg' => 'directory_error_notinweb'), |
|---|
| | | ), |
|---|
| | | 'default' => '', |
|---|
| | | 'value' => '', |
|---|
| | |
|---|
| | | 'datatype' => 'VARCHAR', |
|---|
| | | 'formtype' => 'SELECT', |
|---|
| | | 'default' => 'webalizer', |
|---|
| | | 'value' => array('webalizer' => 'Webalizer', 'awstats' => 'AWStats') |
|---|
| | | 'value' => array('webalizer' => 'Webalizer', 'awstats' => 'AWStats', '' => 'None') |
|---|
| | | ), |
|---|
| | | //################################# |
|---|
| | | // ENDE Datatable fields |
|---|
| | |
|---|
| | | 'formtype' => 'TEXT', |
|---|
| | | 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', |
|---|
| | | 'errmsg'=> 'sysuser_error_empty'), |
|---|
| | | 1 => array( |
|---|
| | | 'type' => 'CUSTOM', |
|---|
| | | 'class' => 'validate_systemuser', |
|---|
| | | 'function' => 'check_sysuser', |
|---|
| | | 'check_names' => true, |
|---|
| | | 'errmsg' => 'invalid_system_user_or_group_txt' |
|---|
| | | ), |
|---|
| | | ), |
|---|
| | | 'default' => '', |
|---|
| | | 'value' => '', |
|---|
| | |
|---|
| | | 'formtype' => 'TEXT', |
|---|
| | | 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', |
|---|
| | | 'errmsg'=> 'sysgroup_error_empty'), |
|---|
| | | 1 => array( |
|---|
| | | 'type' => 'CUSTOM', |
|---|
| | | 'class' => 'validate_systemuser', |
|---|
| | | 'function' => 'check_sysgroup', |
|---|
| | | 'check_names' => true, |
|---|
| | | 'errmsg' => 'invalid_system_user_or_group_txt' |
|---|
| | | ), |
|---|
| | | ), |
|---|
| | | 'default' => '', |
|---|
| | | 'value' => '', |
|---|
| | |
|---|
| | | 'datatype' => 'VARCHAR', |
|---|
| | | 'formtype' => 'SELECT', |
|---|
| | | 'default' => 'webalizer', |
|---|
| | | 'value' => array('webalizer' => 'Webalizer', 'awstats' => 'AWStats') |
|---|
| | | 'value' => array('webalizer' => 'Webalizer', 'awstats' => 'AWStats', '' => 'None') |
|---|
| | | ), |
|---|
| | | //################################# |
|---|
| | | // ENDE Datatable fields |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['directory_error_empty'] = 'Adresář je prázdný.'; |
|---|
| | | $wb['directory_error_notinweb'] = 'Adresář není uvnitř webového kořenového adresáře.'; |
|---|
| | | $wb['parent_domain_id_error_empty'] = 'Nevybrána žádná webová stránka.'; |
|---|
| | | $wb['quota_size_error_regex'] = 'Quota: enter a -1 for unlimited or a number > 0'; |
|---|
| | | $wb['quota_size_error_regex'] = 'Kvóta: zadejte -1 je bez omezení nebo číslo > 0 '; |
|---|
| | | $wb['dir_dot_error'] = 'No .. in path allowed.'; |
|---|
| | | $wb['dir_slashdot_error'] = 'No ./ in path allowed.'; |
|---|
| | | $wb['generate_password_txt'] = 'Generovat heslo'; |
|---|
| | | $wb['repeat_password_txt'] = 'Opakujte heslo'; |
|---|
| | | $wb['password_mismatch_txt'] = 'Hesla se neshodují.'; |
|---|
| | | $wb['password_match_txt'] = 'Hesla se shodují.'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Neplatný systémový uživatel nebo skupina'; |
|---|
| | | $wb['directory_error_regex'] = 'Neplatný adresář'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['password_match_txt'] = 'Hesla se shodují.'; |
|---|
| | | $wb['username_must_not_exceed_32_chars_txt'] = 'The username must not exceed 32 characters.'; |
|---|
| | | $wb['username_not_allowed_txt'] = 'The username is not allowed.'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Neplatný systémový uživatel nebo skupina'; |
|---|
| | | $wb['directory_error_regex'] = 'Neplatný adresář'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['ssl_txt'] = 'SSL'; |
|---|
| | | $wb['suexec_txt'] = 'SuEXEC'; |
|---|
| | | $wb['php_txt'] = 'PHP'; |
|---|
| | | $wb['client_txt'] = 'Client'; |
|---|
| | | $wb['client_txt'] = 'Klient'; |
|---|
| | | $wb['limit_web_domain_txt'] = 'The max. number of web domains for your account is reached.'; |
|---|
| | | $wb['limit_web_aliasdomain_txt'] = 'The max. number of aliasdomains for your account is reached.'; |
|---|
| | | $wb['limit_web_subdomain_txt'] = 'The max. number of web subdomains for your account is reached.'; |
|---|
| | |
|---|
| | | $wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.'; |
|---|
| | | $wb['error_ssl_country_empty'] = 'SSL Country is empty.'; |
|---|
| | | $wb['error_ssl_cert_empty'] = 'SSL Certificate field is empty'; |
|---|
| | | $wb['client_group_id_txt'] = 'Client'; |
|---|
| | | $wb['client_group_id_txt'] = 'Klient'; |
|---|
| | | $wb['stats_password_txt'] = 'Set Webstatistics password'; |
|---|
| | | $wb['allow_override_txt'] = 'Apache AllowOverride'; |
|---|
| | | $wb['limit_web_quota_free_txt'] = 'Max. available Harddisk Quota'; |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Oddělte více adresářů čárkami. Vzor: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'Vyloučené adresáře obsahují neplatné znaky.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Neplatné nastavení php.ini'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['parent_domain_id_txt'] = 'Webové stránky'; |
|---|
| | | $wb['path_txt'] = 'Cesta'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Folder'; |
|---|
| | | $wb['add_new_record_txt'] = 'Přidat novou složku'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['active_txt'] = 'Aktivní'; |
|---|
| | | $wb['web_folder_id_txt'] = 'Složka'; |
|---|
| | | $wb['username_txt'] = 'Uživatelské jméno'; |
|---|
| | | $wb['add_new_record_txt'] = 'Add new Folder User'; |
|---|
| | | $wb['add_new_record_txt'] = 'Přidat nového uživatele složky'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['parent_domain_id_txt'] = 'Rodičovské webové stránky'; |
|---|
| | | $wb['web_folder_txt'] = 'Web folder'; |
|---|
| | | $wb['web_folder_txt'] = 'Webová složka'; |
|---|
| | | $wb['web_folder_invalid_txt'] = 'The web folder is invalid, please choose a different one.'; |
|---|
| | | $wb['web_folder_unique_txt'] = 'The web folder is already used, please choose a different one.'; |
|---|
| | | $wb['backup_interval_txt'] = 'Interval zálohování'; |
|---|
| | |
|---|
| | | <?php |
|---|
| | | $wb['dir_txt'] = 'Directory'; |
|---|
| | | $wb['dir_txt'] = 'Webdav adresář'; |
|---|
| | | $wb['server_id_txt'] = 'Server'; |
|---|
| | | $wb['parent_domain_id_txt'] = 'Webové stránky'; |
|---|
| | | $wb['username_txt'] = 'Uživatelské jméno'; |
|---|
| | | $wb['password_txt'] = 'Heslo'; |
|---|
| | | $wb['password_strength_txt'] = 'Síla hesla'; |
|---|
| | | $wb['active_txt'] = 'Aktivní'; |
|---|
| | | $wb['limit_webdav_user_txt'] = 'The max. number of webdav users for your account is reached.'; |
|---|
| | | $wb['username_error_empty'] = 'Username is empty.'; |
|---|
| | | $wb['username_error_unique'] = 'The username must be unique.'; |
|---|
| | | $wb['username_error_regex'] = 'The username contains characters that are not allowed.'; |
|---|
| | | $wb['directory_error_empty'] = 'Directory empty.'; |
|---|
| | | $wb['parent_domain_id_error_empty'] = 'No website selected.'; |
|---|
| | | $wb['limit_webdav_user_txt'] = 'Byl dosažen max. počet WebDAV uživatelů pro váš účet.'; |
|---|
| | | $wb['username_error_empty'] = 'Uživatelské jméno je prázdné.'; |
|---|
| | | $wb['username_error_unique'] = 'Uživatelské jméno musí být unikátní.'; |
|---|
| | | $wb['username_error_regex'] = 'Uživatelské jméno obsahuje znaky, které nejsou povoleny.'; |
|---|
| | | $wb['directory_error_empty'] = 'Webdav adresář je prázdný.'; |
|---|
| | | $wb['parent_domain_id_error_empty'] = 'Není vybrán žádný web.'; |
|---|
| | | $wb['dir_dot_error'] = 'No .. in path allowed.'; |
|---|
| | | $wb['dir_slashdot_error'] = 'No ./ in path allowed.'; |
|---|
| | | $wb['generate_password_txt'] = 'Generovat heslo'; |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Mehrere Verzeichnisse mit Kommas trennen. Beispiel: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'Die auszuschließenden Verzeichnisse enthalten ungültige Zeichen.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Unzulässige php.ini-Einstellungen'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['Installed packages'] = 'Installerade paket'; |
|---|
| | | $wb['Update Packagelist'] = 'Uppdatera paketlista'; |
|---|
| | | $wb['Subdomain (Vhost)'] = 'Underdomän (Vhost)'; |
|---|
| | | $wb['error_proxy_requires_url'] = 'Redirect Type \"proxy\" requires a URL as the redirect path.'; |
|---|
| | | $wb['error_proxy_requires_url'] = 'Redirect Type \\"proxy\\" requires a URL as the redirect path.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['error_license_agreement'] = 'In order to continue you have to accept the license agreement.'; |
|---|
| | | $wb['error_no_database_pw'] = 'You have provided no valid database password.'; |
|---|
| | | $wb['error_short_database_pw'] = 'Please choose a longer database password.'; |
|---|
| | | $wb['error_no_value_for'] = 'The field \"%s\" must not be empty.'; |
|---|
| | | $wb['error_short_value_for'] = 'The field \"%s\" requires a longer input value.'; |
|---|
| | | $wb['error_long_value_for'] = 'The field \"%s\" requires a shorter input value.'; |
|---|
| | | $wb['error_inv_value_for'] = 'You have entered an invalid value for the field \"%s\".'; |
|---|
| | | $wb['error_inv_email_for'] = 'You have entered an invalid mail address for the field \"%s\".'; |
|---|
| | | $wb['error_inv_domain_for'] = 'You have entered an invalid domain for the field \"%s\".'; |
|---|
| | | $wb['error_inv_integer_for'] = 'You have entered an invalid number for the field \"%s\".'; |
|---|
| | | $wb['error_inv_float_for'] = 'You have entered an invalid floating point number for the field \"%s\".'; |
|---|
| | | $wb['error_no_value_for'] = 'The field \\"%s\\" must not be empty.'; |
|---|
| | | $wb['error_short_value_for'] = 'The field \\"%s\\" requires a longer input value.'; |
|---|
| | | $wb['error_long_value_for'] = 'The field \\"%s\\" requires a shorter input value.'; |
|---|
| | | $wb['error_inv_value_for'] = 'You have entered an invalid value for the field \\"%s\\".'; |
|---|
| | | $wb['error_inv_email_for'] = 'You have entered an invalid mail address for the field \\"%s\\".'; |
|---|
| | | $wb['error_inv_domain_for'] = 'You have entered an invalid domain for the field \\"%s\\".'; |
|---|
| | | $wb['error_inv_integer_for'] = 'You have entered an invalid number for the field \\"%s\\".'; |
|---|
| | | $wb['error_inv_float_for'] = 'You have entered an invalid floating point number for the field \\"%s\\".'; |
|---|
| | | $wb['error_used_location'] = 'The installation path already contains a package installation.'; |
|---|
| | | $wb['installation_task_txt'] = 'Installation planerad'; |
|---|
| | | $wb['installation_error_txt'] = 'Installationsfel'; |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Ogiltiga php.ini-inställningar'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.'; |
|---|
| | | $wb['proxy_directives_txt'] = 'Proxy Directives'; |
|---|
| | | $wb['available_proxy_directive_snippets_txt'] = 'Available Proxy Directive Snippets:'; |
|---|
| | | $wb['error_proxy_requires_url'] = 'Redirect Type \"proxy\" requires a URL as the redirect path.'; |
|---|
| | | $wb['error_proxy_requires_url'] = 'Redirect Type \\"proxy\\" requires a URL as the redirect path.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | $wb['directory_error_regex'] = 'Invalid directory'; |
|---|
| | | $wb['shell_error_regex'] = 'Invalid shell'; |
|---|
| | | $wb['invalid_username_txt'] = 'Invalid Username'; |
|---|
| | | $wb['directory_error_notinweb'] = 'The directory has to be inside the web root.'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | $wb['backup_excludes_note_txt'] = '(Separate multiple directories with commas. Example: web/cache/*,web/backup)'; |
|---|
| | | $wb['backup_excludes_error_regex'] = 'The excluded directories contain invalid characters.'; |
|---|
| | | $wb['invalid_custom_php_ini_settings_txt'] = 'Invalid php.ini settings'; |
|---|
| | | $wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group'; |
|---|
| | | ?> |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | $ssl_domain_select = ''; |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$this->id); |
|---|
| | | $ssl_domains = array($tmp["domain"], 'www.'.$tmp["domain"], '*.'.$tmp["domain"]); |
|---|
| | | $ssl_domains = array(); |
|---|
| | | $tmpd = $app->db->queryAllRecords("SELECT domain, type FROM web_domain WHERE domain_id = ".$this->id." OR parent_domain_id = ".$this->id); |
|---|
| | | foreach($tmpd as $tmp) { |
|---|
| | | if($tmp['type'] == 'subdomain' || $tmp['type'] == 'vhostsubdomain') { |
|---|
| | | $ssl_domains[] = $tmp["domain"]; |
|---|
| | | } else { |
|---|
| | | $ssl_domains = array_merge($ssl_domains, array($tmp["domain"],'www.'.$tmp["domain"],'*.'.$tmp["domain"])); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if(is_array($ssl_domains)) { |
|---|
| | | foreach( $ssl_domains as $ssl_domain) { |
|---|
| | | $selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':''; |
|---|
| | |
|---|
| | | |
|---|
| | | jQuery('.ttip').tipsy({live: true, gravity: 'ne', html: true}); |
|---|
| | | |
|---|
| | | tabChangeDiscard = '<tmpl_var name="tabchange_discard_enabled>'; |
|---|
| | | tabChangeWarning = '<tmpl_var name="tabchange_warning_enabled>'; |
|---|
| | | tabChangeDiscard = '<tmpl_var name="tabchange_discard_enabled">'; |
|---|
| | | tabChangeWarning = '<tmpl_var name="tabchange_warning_enabled">'; |
|---|
| | | tabChangeWarningTxt = '<tmpl_var name="global_tabchange_warning_txt">'; |
|---|
| | | tabChangeDiscardTxt = '<tmpl_var name="global_tabchange_discard_txt">'; |
|---|
| | | |
|---|
| | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('tools'); |
|---|
| | | |
|---|
| | | if($_SESSION['s']['user']['typ'] == 'admin') { |
|---|
| | | $app->auth->check_security_permissions('admin_allow_new_admin'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Loading classes |
|---|
| | | $app->uses('tpl,tform,tform_actions'); |
|---|
| | | $app->load('tform_actions'); |
|---|
| | |
|---|
| | | $params = array( |
|---|
| | | 'server_id' => 1, |
|---|
| | | 'parent_domain_id' => 1, |
|---|
| | | 'username' => 'threep', |
|---|
| | | 'password' => 'wood', |
|---|
| | | 'username' => 'tom', |
|---|
| | | 'password' => 'secret', |
|---|
| | | 'quota_size' => 10000, |
|---|
| | | 'active' => 'y', |
|---|
| | | 'uid' => '5000', |
|---|
| | | 'gid' => '5000', |
|---|
| | | 'dir' => 'maybe', |
|---|
| | | 'dir' => '/var/www/clients/client0/web1', |
|---|
| | | 'quota_files' => -1, |
|---|
| | | 'ul_ratio' => -1, |
|---|
| | | 'dl_ratio' => -1, |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Parameters |
|---|
| | | $client_id = 1; |
|---|
| | | $client_id = 0; |
|---|
| | | $ftp_user_id = 1; |
|---|
| | | |
|---|
| | | |
|---|
| | |
|---|
| | | $params = array( |
|---|
| | | 'server_id' => 1, |
|---|
| | | 'parent_domain_id' => 1, |
|---|
| | | 'username' => 'threep2', |
|---|
| | | 'password' => 'wood', |
|---|
| | | 'username' => 'tom', |
|---|
| | | 'password' => 'test', |
|---|
| | | 'quota_size' => 10000, |
|---|
| | | 'active' => 'y', |
|---|
| | | 'puser' => 'null', |
|---|
| | | 'pgroup' => 'null', |
|---|
| | | 'puser' => 'web1', |
|---|
| | | 'pgroup' => 'client0', |
|---|
| | | 'shell' => '/bin/bash', |
|---|
| | | 'dir' => 'maybe', |
|---|
| | | 'dir' => '/var/www/clients/client0/web1', |
|---|
| | | 'chroot' => '' |
|---|
| | | ); |
|---|
| | | |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Parameters |
|---|
| | | $client_id = 3; |
|---|
| | | $client_id = 0; |
|---|
| | | $shell_user_id = 1; |
|---|
| | | |
|---|
| | | |
|---|
| New file |
| | |
|---|
| | | |
|---|
| | | Description for security_settings.ini values. |
|---|
| | | |
|---|
| | | The option "superadmin" means that a setting is only available to the admin user with userid 1 in the interface. |
|---|
| | | If there are other amdins, then they cant access this setting. |
|---|
| | | |
|---|
| | | ----------------------------------------------------------- |
|---|
| | | Setting: allow_shell_user |
|---|
| | | Options: yes/no |
|---|
| | | Description: Disables the shell user plugins in ispconfig |
|---|
| | | |
|---|
| | | Setting: admin_allow_server_config |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Server config |
|---|
| | | |
|---|
| | | Setting: admin_allow_server_services |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Server services |
|---|
| | | |
|---|
| | | Setting: admin_allow_server_ip |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Server IP |
|---|
| | | |
|---|
| | | Setting: admin_allow_remote_users |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Remote Users |
|---|
| | | |
|---|
| | | Setting: admin_allow_system_config |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Interface > Main Config |
|---|
| | | |
|---|
| | | Setting: admin_allow_server_php |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Additional PHP versions |
|---|
| | | |
|---|
| | | Setting: admin_allow_langedit |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Language editor functions |
|---|
| | | |
|---|
| | | Setting: admin_allow_new_admin |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables the ability to add new admin users trough the interface |
|---|
| | | |
|---|
| | | Setting: admin_allow_del_cpuser |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables the ability to delete CP users |
|---|
| | | |
|---|
| | | Setting: admin_allow_cpuser_group |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables cp user group editing |
|---|
| | | |
|---|
| | | Setting: admin_allow_firewall_config |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Firewall |
|---|
| | | |
|---|
| | | Setting: admin_allow_osupdate |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > OS update |
|---|
| | | |
|---|
| | | Setting: admin_allow_software_packages |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Apps & Addons > Packages and Update |
|---|
| | | |
|---|
| | | Setting: admin_allow_software_repo |
|---|
| | | Options: yes/no/superadmin |
|---|
| | | Description: Disables System > Apps & Addons > Repo |
|---|
| | | |
|---|
| | | Setting: remote_api_allowed |
|---|
| | | Options: yes/no |
|---|
| | | Description: Disables the remote API |
|---|
| | | |
|---|
| | | Setting: security_admin_email |
|---|
| | | Options: email address |
|---|
| | | Description: Email address of the security admin |
|---|
| | | |
|---|
| | | Setting: security_admin_email_subject |
|---|
| | | Options: Text |
|---|
| | | Description: Subject of the notification email |
|---|
| | | |
|---|
| | | Setting: warn_new_admin |
|---|
| | | Options: yes/no |
|---|
| | | Description: Warn by email when a new admin user in ISPConfig has been added. |
|---|
| | | |
|---|
| | | Setting: warn_passwd_change |
|---|
| | | Options: yes/no |
|---|
| | | Description: Warn by email when /etc/passwd has been changed. |
|---|
| | | |
|---|
| | | Setting: warn_shadow_change |
|---|
| | | Options: yes/no |
|---|
| | | Description: Warn by email when /etc/shadow has been changed. |
|---|
| | | |
|---|
| | | Setting: warn_group_change |
|---|
| | | Options: yes/no |
|---|
| | | Description: Warn by email when /etc/group has been changed. |
|---|
| | | |
|---|
| | | |
|---|
| New file |
| | |
|---|
| | | /^\s*(LoadModule|LoadFile|Include)(\s+|[\\\\])/mi |
|---|
| | | /^\s*(SuexecUserGroup|suPHP_UserGroup|suPHP_PHPPath|suPHP_ConfigPath)(\s+|[\\\\])/mi |
|---|
| | | /^\s*(FCGIWrapper|FastCgiExternalServer)(\s+|[\\\\])/mi |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | /* |
|---|
| | | Copyright (c) 2014, Till Brehm, ISPConfig UG |
|---|
| | | All rights reserved. |
|---|
| | | |
|---|
| | | Redistribution and use in source and binary forms, with or without modification, |
|---|
| | | are permitted provided that the following conditions are met: |
|---|
| | | |
|---|
| | | * Redistributions of source code must retain the above copyright notice, |
|---|
| | | this list of conditions and the following disclaimer. |
|---|
| | | * Redistributions in binary form must reproduce the above copyright notice, |
|---|
| | | this list of conditions and the following disclaimer in the documentation |
|---|
| | | and/or other materials provided with the distribution. |
|---|
| | | * Neither the name of ISPConfig nor the names of its contributors |
|---|
| | | may be used to endorse or promote products derived from this software without |
|---|
| | | specific prior written permission. |
|---|
| | | |
|---|
| | | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|---|
| | | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|---|
| | | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|---|
| | | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|---|
| | | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|---|
| | | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|---|
| | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|---|
| | | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|---|
| | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|---|
| | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|---|
| | | */ |
|---|
| | | |
|---|
| | | require "/usr/local/ispconfig/server/lib/config.inc.php"; |
|---|
| | | require "/usr/local/ispconfig/server/lib/app.inc.php"; |
|---|
| | | |
|---|
| | | set_time_limit(0); |
|---|
| | | ini_set('error_reporting', E_ALL & ~E_NOTICE); |
|---|
| | | |
|---|
| | | // make sure server_id is always an int |
|---|
| | | $conf['server_id'] = intval($conf['server_id']); |
|---|
| | | |
|---|
| | | |
|---|
| | | // Load required base-classes |
|---|
| | | $app->uses('ini_parser,file,services,getconf,system'); |
|---|
| | | |
|---|
| | | // get security config |
|---|
| | | $security_config = $app->getconf->get_security_config('systemcheck'); |
|---|
| | | |
|---|
| | | $alert = ''; |
|---|
| | | $data_dir = '/usr/local/ispconfig/security/data'; |
|---|
| | | |
|---|
| | | |
|---|
| | | // Check if a new ispconfig user has been added |
|---|
| | | if($security_config['warn_new_admin'] == 'yes') { |
|---|
| | | $data_file = $data_dir.'/admincount'; |
|---|
| | | //get number of admins |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT count(userid) AS number FROM sys_user WHERE typ = 'admin'"); |
|---|
| | | $admin_user_count_new = intval($tmp['number']); |
|---|
| | | |
|---|
| | | if(is_file($data_file)) { |
|---|
| | | $admin_user_count_old = intval(file_get_contents($data_file)); |
|---|
| | | if($admin_user_count_new != $admin_user_count_old) { |
|---|
| | | $alert .= "The number of ISPConfig administrator users has changed. Old: $admin_user_count_old New: $admin_user_count_new \n"; |
|---|
| | | file_put_contents($data_file,$admin_user_count_new); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | // first run, so we save the current count |
|---|
| | | file_put_contents($data_file,$admin_user_count_new); |
|---|
| | | chmod($data_file,0700); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Check if /etc/passwd file has been changed |
|---|
| | | if($security_config['warn_passwd_change'] == 'yes') { |
|---|
| | | $data_file = $data_dir.'/passwd.md5'; |
|---|
| | | $md5sum_new = md5_file('/etc/passwd'); |
|---|
| | | |
|---|
| | | if(is_file($data_file)) { |
|---|
| | | $md5sum_old = trim(file_get_contents($data_file)); |
|---|
| | | if($md5sum_new != $md5sum_old) { |
|---|
| | | $alert .= "The file /etc/passwd has been changed.\n"; |
|---|
| | | file_put_contents($data_file,$md5sum_new); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | file_put_contents($data_file,$md5sum_new); |
|---|
| | | chmod($data_file,0700); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Check if /etc/shadow file has been changed |
|---|
| | | if($security_config['warn_shadow_change'] == 'yes') { |
|---|
| | | $data_file = $data_dir.'/shadow.md5'; |
|---|
| | | $md5sum_new = md5_file('/etc/shadow'); |
|---|
| | | |
|---|
| | | if(is_file($data_file)) { |
|---|
| | | $md5sum_old = trim(file_get_contents($data_file)); |
|---|
| | | if($md5sum_new != $md5sum_old) { |
|---|
| | | $alert .= "The file /etc/shadow has been changed.\n"; |
|---|
| | | file_put_contents($data_file,$md5sum_new); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | file_put_contents($data_file,$md5sum_new); |
|---|
| | | chmod($data_file,0700); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Check if /etc/group file has been changed |
|---|
| | | if($security_config['warn_group_change'] == 'yes') { |
|---|
| | | $data_file = $data_dir.'/group.md5'; |
|---|
| | | $md5sum_new = md5_file('/etc/group'); |
|---|
| | | |
|---|
| | | if(is_file($data_file)) { |
|---|
| | | $md5sum_old = trim(file_get_contents($data_file)); |
|---|
| | | if($md5sum_new != $md5sum_old) { |
|---|
| | | $alert .= "The file /etc/group has been changed.\n"; |
|---|
| | | file_put_contents($data_file,$md5sum_new); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | file_put_contents($data_file,$md5sum_new); |
|---|
| | | chmod($data_file,0700); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | if($alert != '') { |
|---|
| | | $admin_email = $security_config['security_admin_email']; |
|---|
| | | $admin_email_subject = $security_config['security_admin_email_subject']; |
|---|
| | | mail($admin_email, $admin_email_subject, $alert); |
|---|
| | | //$app->log(str_replace("\n"," -- ",$alert),1); |
|---|
| | | echo str_replace("\n"," -- ",$alert)."\n"; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | ?> |
|---|
| New file |
| | |
|---|
| | | # Format: usertype:url_path:field |
|---|
| | | # usertype can be: any/client/admin |
|---|
| | | # Example: |
|---|
| | | # admin:/admin/language_edit.php:POST.records.weak_password_txt |
|---|
| | | admin:/admin/language_edit.php:POST.records |
|---|
| New file |
| | |
|---|
| | | # Format: usertype:url_path:field |
|---|
| | | # usertype can be: any/client/admin |
|---|
| | | # Example: |
|---|
| | | # admin:/admin/language_edit.php:POST.records.weak_password_txt |
|---|
| | | admin:/admin/server_config_edit.php:POST.maildir_path |
|---|
| | | admin:/admin/server_config_edit.php:POST.website_path |
|---|
| | | admin:/admin/server_config_edit.php:POST.website_symlinks |
|---|
| | | admin:/admin/server_config_edit.php:POST.vhost_conf_dir |
|---|
| | | admin:/admin/server_config_edit.php:POST.vhost_conf_enabled_dir |
|---|
| | | admin:/admin/server_config_edit.php:POST.nginx_vhost_conf_dir |
|---|
| | | admin:/admin/server_config_edit.php:POST.nginx_vhost_conf_enabled_dir |
|---|
| | | admin:/admin/server_config_edit.php:POST.php_open_basedir |
|---|
| | | admin:/admin/server_config_edit.php:POST.awstats_pl |
|---|
| | | admin:/admin/server_config_edit.php:POST.fastcgi_starter_path |
|---|
| | | admin:/admin/server_config_edit.php:POST.fastcgi_bin |
|---|
| | | admin:/admin/server_config_edit.php:POST.jailkit_chroot_home |
|---|
| | | admin:/admin/remote_user_edit.php:POST.remote_functions.1 |
|---|
| | | admin:/admin/firewall_edit.php:POST.tcp_port |
|---|
| | | admin:/admin/system_config_edit.php:POST.admin_dashlets_right |
|---|
| | | admin:/admin/system_config_edit.php:POST.reseller_dashlets_left |
|---|
| | | admin:/admin/system_config_edit.php:POST.reseller_dashlets_right |
|---|
| | | admin:/admin/language_edit.php:POST.records.weak_password_txt |
|---|
| | | user:/client/client_message.php:POST.message |
|---|
| | | user:/client/message_template_edit.php:POST.subject |
|---|
| | | admin:/dns/dns_template_edit.php:POST.template |
|---|
| | | admin:/nav.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/show_sys_state.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/capp.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/keepalive.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/log_list.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/datalog_list.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/show_data.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/show_sys_state.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/show_monit.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/show_munin.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/show_data.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/show_log.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/monitor/log_del.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/keepalive.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/capp.php:SESSION.s.module.nav.1.items.0.title |
|---|
| | | admin:/sites/web_vhost_subdomain_edit.php:POST.php_open_basedir |
|---|
| | | admin:/sites/web_domain_edit.php:POST.php_open_basedir |
|---|
| | | admin:/sites/web_domain_edit.php:POST.apache_directives |
|---|
| | | user:/sites/shell_user_edit.php:POST.ssh_rsa |
|---|
| | | user:/sites/cron_edit.php:POST.command |
|---|
| New file |
| | |
|---|
| | | [permissions] |
|---|
| | | allow_shell_user=yes |
|---|
| | | admin_allow_server_config=superadmin |
|---|
| | | admin_allow_server_services=superadmin |
|---|
| | | admin_allow_server_ip=superadmin |
|---|
| | | admin_allow_remote_users=superadmin |
|---|
| | | admin_allow_system_config=superadmin |
|---|
| | | admin_allow_server_php=superadmin |
|---|
| | | admin_allow_langedit=superadmin |
|---|
| | | admin_allow_new_admin=superadmin |
|---|
| | | admin_allow_del_cpuser=superadmin |
|---|
| | | admin_allow_cpuser_group=superadmin |
|---|
| | | admin_allow_firewall_config=superadmin |
|---|
| | | admin_allow_osupdate=superadmin |
|---|
| | | admin_allow_software_packages=superadmin |
|---|
| | | admin_allow_software_repo=superadmin |
|---|
| | | remote_api_allowed=yes |
|---|
| | | |
|---|
| | | [ids] |
|---|
| | | ids_enabled=yes |
|---|
| | | ids_log_level=1 |
|---|
| | | ids_warn_level=5 |
|---|
| | | ids_block_level=30 |
|---|
| | | sql_scan_enabled=yes |
|---|
| | | sql_scan_action=warn |
|---|
| | | apache_directives_scan_enabled=yes |
|---|
| | | |
|---|
| | | [systemcheck] |
|---|
| | | security_admin_email=root@localhost |
|---|
| | | security_admin_email_subject=Security alert from server |
|---|
| | | warn_new_admin=yes |
|---|
| | | warn_passwd_change=no |
|---|
| | | warn_shadow_change=no |
|---|
| | | warn_group_change=no |
|---|
| | |
|---|
| | | } |
|---|
| | | return ($section == '') ? $this->config['global'] : $this->config['global'][$section]; |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function get_security_config($section = '') { |
|---|
| | | global $app; |
|---|
| | | |
|---|
| | | $app->uses('ini_parser'); |
|---|
| | | $security_config = $app->ini_parser->parse_ini_string(file_get_contents('/usr/local/ispconfig/security/security_settings.ini')); |
|---|
| | | |
|---|
| | | return ($section == '') ? $security_config : $security_config[$section]; |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | $tpl->setLoop('ccloop', $tmp_addresses_arr); |
|---|
| | | |
|---|
| | | // Custom filters |
|---|
| | | if($data["new"]["custom_mailfilter"] == 'NULL') $data["new"]["custom_mailfilter"] = ''; |
|---|
| | | $tpl->setVar('custom_mailfilter', $data["new"]["custom_mailfilter"]); |
|---|
| | | |
|---|
| | | // Move junk |
|---|
| | |
|---|
| | | |
|---|
| | | exec("nohup /usr/lib/mailman/bin/newlist -u ".escapeshellcmd($data["new"]["domain"])." -e ".escapeshellcmd($data["new"]["domain"])." ".escapeshellcmd($data["new"]["listname"])." ".escapeshellcmd($data["new"]["email"])." ".escapeshellcmd($data["new"]["password"])." >/dev/null 2>&1 &"); |
|---|
| | | if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman'); |
|---|
| | | if(is_file('/var/lib/mailman/data/transport-mailman')) exec('postmap /var/lib/mailman/data/transport-mailman'); |
|---|
| | | exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &'); |
|---|
| | | |
|---|
| | | $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id'])); |
|---|
| | |
|---|
| | | // The purpose of this plugin is to rewrite the main.cf file |
|---|
| | | function update($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $this->update_config(); |
|---|
| | | |
|---|
| | | if($data["new"]["password"] != $data["old"]["password"] && $data["new"]["password"] != '') { |
|---|
| | | exec("nohup /usr/lib/mailman/bin/change_pw -l ".escapeshellcmd($data["new"]["listname"])." -p ".escapeshellcmd($data["new"]["password"])." >/dev/null 2>&1 &"); |
|---|
| | | exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &'); |
|---|
| | | $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id'])); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman'); |
|---|
| | | if(is_file('/var/lib/mailman/data/transport-mailman')) exec('postmap /var/lib/mailman/data/transport-mailman'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | function delete($event_name, $data) { |
|---|
| | |
|---|
| | | exec("nohup /usr/lib/mailman/bin/rmlist -a ".escapeshellcmd($data["old"]["listname"])." >/dev/null 2>&1 &"); |
|---|
| | | |
|---|
| | | exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &'); |
|---|
| | | |
|---|
| | | if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman'); |
|---|
| | | if(is_file('/var/lib/mailman/data/transport-mailman')) exec('postmap /var/lib/mailman/data/transport-mailman'); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | if(is_file($conf['rootpath'] . '/conf-custom/index/robots.txt')) { |
|---|
| | | exec('cp ' . $conf['rootpath'] . '/conf-custom/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | | } |
|---|
| | | if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) { |
|---|
| | | exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | | } |
|---|
| | | //if(is_file($conf['rootpath'] . '/conf-custom/index/.htaccess')) { |
|---|
| | | // exec('cp ' . $conf['rootpath'] . '/conf-custom/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | | //} |
|---|
| | | } |
|---|
| | | else { |
|---|
| | | if (file_exists($conf['rootpath'] . '/conf-custom/index/standard_index.html')) { |
|---|
| | |
|---|
| | | exec('cp ' . $conf['rootpath'] . '/conf/index/standard_index.html_'.substr(escapeshellcmd($conf['language']), 0, 2).' '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/index.html'); |
|---|
| | | if(is_file($conf['rootpath'] . '/conf/index/favicon.ico')) exec('cp ' . $conf['rootpath'] . '/conf/index/favicon.ico '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | | if(is_file($conf['rootpath'] . '/conf/index/robots.txt')) exec('cp ' . $conf['rootpath'] . '/conf/index/robots.txt '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | | if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | | //if(is_file($conf['rootpath'] . '/conf/index/.htaccess')) exec('cp ' . $conf['rootpath'] . '/conf/index/.htaccess '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | exec('chmod -R a+r '.escapeshellcmd($data['new']['document_root']).'/' . $web_folder . '/'); |
|---|
| | |
|---|
| | | /* |
|---|
| | | Register for the events |
|---|
| | | */ |
|---|
| | | |
|---|
| | | |
|---|
| | | $app->plugins->registerEvent('shell_user_insert', $this->plugin_name, 'insert'); |
|---|
| | | $app->plugins->registerEvent('shell_user_update', $this->plugin_name, 'update'); |
|---|
| | | $app->plugins->registerEvent('shell_user_delete', $this->plugin_name, 'delete'); |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | function insert($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $app->uses('system'); |
|---|
| | | |
|---|
| | | $app->uses('system,getconf'); |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | if($security_config['allow_shell_user'] != 'yes') { |
|---|
| | | $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Check if the resulting path is inside the docroot |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id'])); |
|---|
| | |
|---|
| | | |
|---|
| | | if($app->system->is_user($data['new']['puser'])) { |
|---|
| | | |
|---|
| | | //* Remove webfolder protection |
|---|
| | | $app->system->web_folder_protection($web['document_root'], false); |
|---|
| | | |
|---|
| | | // Get the UID of the parent user |
|---|
| | | $uid = intval($app->system->getuid($data['new']['puser'])); |
|---|
| | | if($uid > $this->min_uid) { |
|---|
| | | //* Remove webfolder protection |
|---|
| | | $app->system->web_folder_protection($web['document_root'], false); |
|---|
| | | |
|---|
| | | if(!is_dir($data['new']['dir'])){ |
|---|
| | | $app->file->mkdirs(escapeshellcmd($data['new']['dir']), '0700'); |
|---|
| | | $app->system->chown(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['username'])); |
|---|
| | | $app->system->chgrp(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['pgroup'])); |
|---|
| | | } |
|---|
| | | $command = 'useradd'; |
|---|
| | | $command .= ' -d '.escapeshellcmd($data['new']['dir']); |
|---|
| | | $command .= ' -g '.escapeshellcmd($data['new']['pgroup']); |
|---|
| | |
|---|
| | | |
|---|
| | | //* Add webfolder protection again |
|---|
| | | $app->system->web_folder_protection($web['document_root'], true); |
|---|
| | | |
|---|
| | | } else { |
|---|
| | | $app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.", LOGLEVEL_ERROR); |
|---|
| | | } |
|---|
| | |
|---|
| | | function update($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $app->uses('system'); |
|---|
| | | $app->uses('system,getconf'); |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | if($security_config['allow_shell_user'] != 'yes') { |
|---|
| | | $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Check if the resulting path is inside the docroot |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id'])); |
|---|
| | |
|---|
| | | function delete($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $app->uses('system'); |
|---|
| | | $app->uses('system,getconf'); |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | if($security_config['allow_shell_user'] != 'yes') { |
|---|
| | | $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if($app->system->is_user($data['old']['username'])) { |
|---|
| | | // Get the UID of the user |
|---|
| | | $userid = intval($app->system->getuid($data['old']['username'])); |
|---|
| | | if($userid > $this->min_uid) { |
|---|
| | | // check if we have to delete the dir |
|---|
| | | $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = \'' . $app->db->quote($data['old']['dir']) . '\''); |
|---|
| | | if(!$check && is_dir($data['old']['dir'])) { |
|---|
| | | |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['old']['parent_domain_id'])); |
|---|
| | | |
|---|
| | | $app->system->web_folder_protection($web['document_root'], false); |
|---|
| | | |
|---|
| | | // delete dir |
|---|
| | | $homedir = $data['old']['dir']; |
|---|
| | | if(substr($homedir, -1) !== '/') $homedir .= '/'; |
|---|
| | | $files = array('.bash_logout', '.bash_history', '.bashrc', '.profile'); |
|---|
| | | $dirs = array('.ssh', '.cache'); |
|---|
| | | foreach($files as $delfile) { |
|---|
| | | if(is_file($homedir . $delfile) && fileowner($homedir . $delfile) == $userid) unlink($homedir . $delfile); |
|---|
| | | } |
|---|
| | | foreach($dirs as $deldir) { |
|---|
| | | if(is_dir($homedir . $deldir) && fileowner($homedir . $deldir) == $userid) exec('rm -rf ' . escapeshellarg($homedir . $deldir)); |
|---|
| | | } |
|---|
| | | $empty = true; |
|---|
| | | $dirres = opendir($homedir); |
|---|
| | | if($dirres) { |
|---|
| | | while(($entry = readdir($dirres)) !== false) { |
|---|
| | | if($entry != '.' && $entry != '..') { |
|---|
| | | $empty = false; |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | closedir($dirres); |
|---|
| | | } |
|---|
| | | if($empty == true) { |
|---|
| | | rmdir($homedir); |
|---|
| | | } |
|---|
| | | unset($files); |
|---|
| | | unset($dirs); |
|---|
| | | |
|---|
| | | $app->system->web_folder_protection($web['document_root'], true); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // We delete only non jailkit users, jailkit users will be deleted by the jailkit plugin. |
|---|
| | | if ($data['old']['chroot'] != "jailkit") { |
|---|
| | | $command = 'userdel -f'; |
|---|
| | | $command = 'killall -u '.escapeshellcmd($data['old']['username']).' ; userdel -f'; |
|---|
| | | $command .= ' '.escapeshellcmd($data['old']['username']).' &> /dev/null'; |
|---|
| | | exec($command); |
|---|
| | | $app->log("Deleted shelluser: ".$data['old']['username'], LOGLEVEL_DEBUG); |
|---|
| | |
|---|
| | | /* |
|---|
| | | Register for the events |
|---|
| | | */ |
|---|
| | | |
|---|
| | | |
|---|
| | | $app->plugins->registerEvent('shell_user_insert', $this->plugin_name, 'insert'); |
|---|
| | | $app->plugins->registerEvent('shell_user_update', $this->plugin_name, 'update'); |
|---|
| | | $app->plugins->registerEvent('shell_user_delete', $this->plugin_name, 'delete'); |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | function insert($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $app->uses('system'); |
|---|
| | | $app->uses('system,getconf'); |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | if($security_config['allow_shell_user'] != 'yes') { |
|---|
| | | $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']); |
|---|
| | | |
|---|
| | | if(!$app->system->is_allowed_user($data['new']['username'], false, false) |
|---|
| | |
|---|
| | | function update($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $app->uses('system'); |
|---|
| | | $app->uses('system,getconf'); |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | if($security_config['allow_shell_user'] != 'yes') { |
|---|
| | | $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']); |
|---|
| | | |
|---|
| | | if(!$app->system->is_allowed_user($data['new']['username'], false, false) |
|---|
| | |
|---|
| | | function delete($event_name, $data) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | $app->uses('system'); |
|---|
| | | $app->uses('system,getconf'); |
|---|
| | | |
|---|
| | | $security_config = $app->getconf->get_security_config('permissions'); |
|---|
| | | if($security_config['allow_shell_user'] != 'yes') { |
|---|
| | | $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']); |
|---|
| | | |
|---|
| | |
|---|
| | | $app->system->web_folder_protection($web['document_root'], false); |
|---|
| | | |
|---|
| | | if(@is_dir($data['old']['dir'].$jailkit_chroot_userhome)) { |
|---|
| | | $command = 'userdel -f'; |
|---|
| | | $userid = intval($app->system->getuid($data['old']['username'])); |
|---|
| | | $command = 'killall -u '.escapeshellcmd($data['old']['username']).' ; userdel -f'; |
|---|
| | | $command .= ' '.escapeshellcmd($data['old']['username']).' &> /dev/null'; |
|---|
| | | exec($command); |
|---|
| | | |
|---|
| | | $this->_delete_homedir($data['old']['dir'].$jailkit_chroot_userhome,$userid,$data['old']['parent_domain_id']); |
|---|
| | | |
|---|
| | | $app->log("Jailkit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | exec("chmod 600 '$sshkeys'"); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | private function _delete_homedir($homedir,$userid,$parent_domain_id) { |
|---|
| | | global $app, $conf; |
|---|
| | | |
|---|
| | | // check if we have to delete the dir |
|---|
| | | $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = \'' . $app->db->quote($homedir) . '\''); |
|---|
| | | |
|---|
| | | if(!$check && is_dir($homedir)) { |
|---|
| | | $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($parent_domain_id)); |
|---|
| | | $app->system->web_folder_protection($web['document_root'], false); |
|---|
| | | |
|---|
| | | // delete dir |
|---|
| | | if(substr($homedir, -1) !== '/') $homedir .= '/'; |
|---|
| | | $files = array('.bash_logout', '.bash_history', '.bashrc', '.profile'); |
|---|
| | | $dirs = array('.ssh', '.cache'); |
|---|
| | | foreach($files as $delfile) { |
|---|
| | | if(is_file($homedir . $delfile) && fileowner($homedir . $delfile) == $userid) unlink($homedir . $delfile); |
|---|
| | | } |
|---|
| | | foreach($dirs as $deldir) { |
|---|
| | | if(is_dir($homedir . $deldir) && fileowner($homedir . $deldir) == $userid) exec('rm -rf ' . escapeshellarg($homedir . $deldir)); |
|---|
| | | } |
|---|
| | | $empty = true; |
|---|
| | | $dirres = opendir($homedir); |
|---|
| | | if($dirres) { |
|---|
| | | while(($entry = readdir($dirres)) !== false) { |
|---|
| | | if($entry != '.' && $entry != '..') { |
|---|
| | | $empty = false; |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | closedir($dirres); |
|---|
| | | } |
|---|
| | | if($empty == true) { |
|---|
| | | rmdir($homedir); |
|---|
| | | } |
|---|
| | | unset($files); |
|---|
| | | unset($dirs); |
|---|
| | | |
|---|
| | | $app->system->web_folder_protection($web['document_root'], true); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | } // end class |
|---|
| | | |
|---|
| New file |
| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | /* |
|---|
| | | Copyright (c) 2014, Till Brehm, projektfarm Gmbh |
|---|
| | | All rights reserved. |
|---|
| | | |
|---|
| | | Redistribution and use in source and binary forms, with or without modification, |
|---|
| | | are permitted provided that the following conditions are met: |
|---|
| | | |
|---|
| | | * Redistributions of source code must retain the above copyright notice, |
|---|
| | | this list of conditions and the following disclaimer. |
|---|
| | | * Redistributions in binary form must reproduce the above copyright notice, |
|---|
| | | this list of conditions and the following disclaimer in the documentation |
|---|
| | | and/or other materials provided with the distribution. |
|---|
| | | * Neither the name of ISPConfig nor the names of its contributors |
|---|
| | | may be used to endorse or promote products derived from this software without |
|---|
| | | specific prior written permission. |
|---|
| | | |
|---|
| | | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|---|
| | | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|---|
| | | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|---|
| | | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|---|
| | | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|---|
| | | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|---|
| | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|---|
| | | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|---|
| | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|---|
| | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|---|
| | | */ |
|---|
| | | |
|---|
| | | |
|---|
| | | $path = realpath(dirname(__FILE__) . '/..'); |
|---|
| | | $iface_path = realpath(dirname(__FILE__) . '/../../interface/web'); |
|---|
| | | $iface_base_path = realpath(dirname(__FILE__) . '/../../interface'); |
|---|
| | | |
|---|
| | | require $path . '/lib/mysql_clientdb.conf'; |
|---|
| | | |
|---|
| | | if(isset($argv[1])) $dbname = $argv[1]; |
|---|
| | | else $dbname = 'dbispconfig'; |
|---|
| | | if(!preg_match('/^[a-zA-Z0-9]+$/', $dbname)) die("Invalid database name\n"); |
|---|
| | | |
|---|
| | | $link = mysqli_init(); |
|---|
| | | $con = mysqli_real_connect($link, $clientdb_host, $clientdb_user, $clientdb_password, $dbname); |
|---|
| | | if(!$con) die('DB CON ERROR' . "\n"); |
|---|
| | | |
|---|
| | | $qry = "SELECT username, passwort FROM sys_user WHERE active = '1'"; |
|---|
| | | $result = mysqli_query($link, $qry); |
|---|
| | | if(!$result) die('Could not read users' . "\n"); |
|---|
| | | |
|---|
| | | $cont = ''; |
|---|
| | | while($row = mysqli_fetch_assoc($result)) { |
|---|
| | | $cont .= $row['username'] . ':' . $row['passwort'] . "\n"; |
|---|
| | | } |
|---|
| | | mysqli_free_result($result); |
|---|
| | | mysqli_close($link); |
|---|
| | | |
|---|
| | | if($cont == '') die('No users found' . "\n"); |
|---|
| | | |
|---|
| | | if(file_exists($iface_base_path . '/.htpasswd')) rename($iface_base_path . '/.htpasswd', $iface_base_path . '/.htpasswd.old'); |
|---|
| | | file_put_contents($iface_base_path . '/.htpasswd', $cont); |
|---|
| | | chmod($iface_base_path . '/.htpasswd', 0644); |
|---|
| | | |
|---|
| | | $cont = 'AuthType Basic |
|---|
| | | AuthName "Login" |
|---|
| | | AuthUserFile ' . $iface_base_path . '/.htpasswd |
|---|
| | | require valid-user'; |
|---|
| | | |
|---|
| | | if(file_exists($iface_path . '/.htaccess')) rename($iface_path . '/.htaccess', $iface_path . '/.htaccess.old'); |
|---|
| | | file_put_contents($iface_path . '/.htaccess', $cont); |
|---|
| | | chmod($iface_path . '/.htaccess', 0644); |
|---|
| | | unset($cont); |
|---|
| | | |
|---|
| | | print 'Data written. Please check, if everything is working correctly.' . "\n"; |
|---|
| | | exit; |
|---|
| | | |
|---|
| | | ?> |
|---|
| | |
|---|
| | | |
|---|
| | | cd /usr/local/ispconfig/server |
|---|
| | | /usr/bin/php -q /usr/local/ispconfig/server/server.php |
|---|
| | | |
|---|
| | | cd /usr/local/ispconfig/security |
|---|
| | | /usr/bin/php -q /usr/local/ispconfig/security/check.php |
|---|
