Changeset 13259
- Timestamp:
- 11/18/09 00:00:14 (3 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
inc/classes/BxDolInstallerUtils.php (modified) (3 diffs)
-
inc/security.inc.php (modified) (4 diffs)
-
install/sql/v70.sql (modified) (1 diff)
-
modules/boonex/open_social/integration/html/index.php (modified) (1 diff)
-
modules/boonex/open_social/shindig/php/index.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/inc/classes/BxDolInstallerUtils.php
r13238 r13259 83 83 $s = getParam('sys_exceptions_fields'); 84 84 if (!$s) { 85 return; 86 } 87 $a = unserialize($s); 88 unset($a['system_email_templates']); 85 $a = array (); 86 } else { 87 $a = unserialize($s); 88 unset($a['system_email_templates']); 89 } 89 90 $a['system_email_templates'] = $this->_getEmailTemplatesHtmlFields(); 90 91 $s = serialize ($a); … … 98 99 $s = getParam('sys_html_fields'); 99 100 if (!$s) { 100 return; 101 } 102 $a = unserialize($s); 103 unset($a['system_profile_html']); 101 $a = array (); 102 } else { 103 $a = unserialize($s); 104 unset($a['system_profile_html']); 105 } 104 106 $a['system_profile_html'] = $this->_getSystemProfileHtmlFields(); 105 107 $s = serialize ($a); … … 116 118 $a = $GLOBALS['MySQL']->getAll ("SELECT `Name` FROM `sys_email_templates`"); 117 119 foreach ($a as $r) { 118 $aRet[] = 'POST.'.$r['Name']; 119 $aRet[] = 'REQUEST.'.$r['Name']; 120 $aRet[] = 'POST.' . $r['Name'] . '_Body'; 121 $aRet[] = 'REQUEST.' . $r['Name'] . '_Body'; 122 $aRet[] = 'POST.' . $r['Name'] . '_Subject'; 123 $aRet[] = 'REQUEST.' . $r['Name'] . '_Subject'; 120 124 } 121 125 return $aRet; -
trunk/inc/security.inc.php
r13217 r13259 46 46 47 47 $ids = new IDS_Monitor($request, $init); 48 $result = $ids->run(); 48 $result = $ids->run(); 49 49 50 if (!$result->isEmpty()) { 50 list ($iImpactLog, $iImpactBlock) = bx_sys_security_get_impact_threshold (); 51 52 if (!$result->isEmpty() && $result->getImpact() >= $iImpactLog) { 53 51 54 require_once( BX_DIRECTORY_PATH_CLASSES . "BxDolService.php" ); 52 55 require_once( BX_DIRECTORY_PATH_INC . 'design.inc.php' ); … … 57 60 $s .= "\nHTTP_X_FORWARDED_FOR: " . $_SERVER['HTTP_X_FORWARDED_FOR']; 58 61 $s .= "\nHTTP_CLIENT_IP: " . $_SERVER['HTTP_CLIENT_IP']; 59 sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' - possible attack!', $s, 0, array(), 'text'); 60 echo 'Possible attack!!! All data has been collected and sent to the site owner for analysis.'; 61 exit; 62 $s .= "\nSCRIPT_FILENAME: " . $_SERVER['SCRIPT_FILENAME']; 63 $s .= "\nQUERY_STRING: " . $_SERVER['QUERY_STRING']; 64 $s .= "\nREQUEST_URI: " . $_SERVER['REQUEST_URI']; 65 $s .= "\nQUERY_STRING: " . $_SERVER['QUERY_STRING']; 66 $s .= "\nSCRIPT_NAME: " . $_SERVER['SCRIPT_NAME']; 67 $s .= "\nPHP_SELF: " . $_SERVER['PHP_SELF']; 68 if ($result->getImpact() >= $iImpactBlock) { 69 sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' - security attack was stopped!', $s, 0, array(), 'text'); 70 echo 'Possible security attack!!! All data has been collected and sent to the site owner for analysis.'; 71 exit; 72 } else { 73 sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' - possible security attack!', $s, 0, array(), 'text'); 74 } 62 75 } 63 76 } else { … … 79 92 if (!file_exists($sCacheFile)) { 80 93 require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' ); 81 $mixedVar = $GLOBALS['MySQL']->fromCache ("sys_{$sType}_fields", 'getOne', "SELECT `VALUE` FROM `sys_options` WHERE `Name` = 'sys_ html_fields' LIMIT 1");94 $mixedVar = $GLOBALS['MySQL']->fromCache ("sys_{$sType}_fields", 'getOne', "SELECT `VALUE` FROM `sys_options` WHERE `Name` = 'sys_{$sType}_fields' LIMIT 1"); 82 95 } else { 83 96 include $sCacheFile; … … 92 105 } 93 106 107 function bx_sys_security_get_impact_threshold () { 108 $sCacheFile = BX_DIRECTORY_PATH_CACHE . "sys_options.php"; 109 if (!file_exists($sCacheFile)) { 110 require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' ); 111 return array (getParam('sys_security_impact_threshold_log'), getParam('sys_security_impact_threshold_block')); 112 } else { 113 include $sCacheFile; 114 } 115 return array ($mixedData['sys_security_impact_threshold_log'], $mixedData['sys_security_impact_threshold_block']); 116 } 117 94 118 ?> -
trunk/install/sql/v70.sql
r13257 r13259 1156 1156 INSERT INTO `sys_options` VALUES('categ_show_limit', '50', 27, 'Number of categories to show limit', 'digit', '', '', 2, ''); 1157 1157 INSERT INTO `sys_options` VALUES('categ_show_columns', '5', 27, 'Number of columns to show categories', 'digit', '', '', 3, ''); 1158 INSERT INTO `sys_options` VALUES('sys_security_impact_threshold_log', '9', 3, 'Total security impact threshold to send report', 'digit', '', '', 0, ''); 1159 INSERT INTO `sys_options` VALUES('sys_security_impact_threshold_block', '27', 3, 'Total security impact threshold to send report and block aggressor', 'digit', '', '', 0, ''); 1158 1160 1159 1161 -- -------------------------------------------------------- -
trunk/modules/boonex/open_social/integration/html/index.php
r11396 r13259 18 18 * 19 19 */ 20 21 define('BX_SECURITY_EXCEPTIONS', true); 22 $aBxSecurityExceptions = array( 23 'POST.request', 24 'GET.request', 25 'REQUEST.request', 26 ); 27 20 28 $aPathInfo = pathinfo(__FILE__); 21 29 require_once ($aPathInfo['dirname'] . '/../../../../../inc/header.inc.php'); -
trunk/modules/boonex/open_social/shindig/php/index.php
r11396 r13259 18 18 * under the License. 19 19 */ 20 21 define('BX_SECURITY_EXCEPTIONS', true); 22 $aBxSecurityExceptions = array( 23 'POST.request', 24 'GET.request', 25 'REQUEST.request', 26 ); 20 27 21 28 // 'A' configuration
Note: See TracChangeset
for help on using the changeset viewer.
