3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2016 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2016
36 * Define the threshold for the ids reactions.
38 private $threshold = array(
52 * This function includes the IDS vendor parts and runs the
53 * detection routines on the request array.
60 public function check($args) {
61 // lets bypass a few civicrm urls from this check
62 $skip = array('civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates');
63 CRM_Utils_Hook
::idsException($skip);
64 $this->path
= implode('/', $args);
65 if (in_array($this->path
, $skip)) {
69 // Add request url and user agent.
70 $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI'];
71 if (isset($_SERVER['HTTP_USER_AGENT'])) {
72 $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
75 $configFile = self
::createConfigFile(FALSE);
77 // init the PHPIDS and pass the REQUEST array
78 require_once 'IDS/Init.php';
80 $init = IDS_Init
::init($configFile);
81 $ids = new IDS_Monitor($_REQUEST, $init);
83 catch (Exception
$e) {
84 // might be an old stale copy of Config.IDS.ini
85 // lets try to rebuild it again and see if it works
86 $configFile = self
::createConfigFile(TRUE);
87 $init = IDS_Init
::init($configFile);
88 $ids = new IDS_Monitor($_REQUEST, $init);
91 $result = $ids->run();
92 if (!$result->isEmpty()) {
93 $this->react($result);
100 * Create the default config file for the IDS system.
103 * Should we recreate it irrespective if it exists or not.
106 * the full path to the config file
108 public static function createConfigFile($force = FALSE) {
109 $config = CRM_Core_Config
::singleton();
110 $configFile = $config->configAndLogDir
. 'Config.IDS.ini';
111 if (!$force && file_exists($configFile)) {
115 $tmpDir = empty($config->uploadDir
) ? CIVICRM_TEMPLATE_COMPILEDIR
: $config->uploadDir
;
117 // also clear the stat cache in case we are upgrading
120 global $civicrm_root;
124 filter_path = {$civicrm_root}/packages/IDS/default_filter.xml
126 HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
127 HTML_Purifier_Cache = $tmpDir
129 exceptions[] = __utmz
130 exceptions[] = __utmc
131 exceptions[] = widget_code
132 exceptions[] = html_message
133 exceptions[] = text_message
134 exceptions[] = body_html
135 exceptions[] = msg_html
136 exceptions[] = msg_text
137 exceptions[] = msg_subject
138 exceptions[] = description
140 exceptions[] = thankyou_text
141 exceptions[] = intro_text
142 exceptions[] = body_text
143 exceptions[] = footer_text
144 exceptions[] = thankyou_text
145 exceptions[] = tf_thankyou_text
146 exceptions[] = thankyou_footer
147 exceptions[] = thankyou_footer_text
148 exceptions[] = new_text
149 exceptions[] = renewal_text
150 exceptions[] = help_pre
151 exceptions[] = help_post
152 exceptions[] = confirm_title
153 exceptions[] = confirm_text
154 exceptions[] = confirm_footer_text
155 exceptions[] = confirm_email_text
156 exceptions[] = report_header
157 exceptions[] = report_footer
160 exceptions[] = instructions
161 exceptions[] = suggested_message
162 exceptions[] = page_text
164 if (file_put_contents($configFile, $contents) === FALSE) {
165 CRM_Core_Error
::movedSiteError($configFile);
168 // also create the .htaccess file so we prevent the reading of the log and ini files
169 // via a browser, CRM-3875
170 CRM_Utils_File
::restrictAccess($config->configAndLogDir
);
176 * This function reacts on the values in the incoming results array.
178 * Depending on the impact value certain actions are
181 * @param IDS_Report $result
185 private function react(IDS_Report
$result) {
187 $impact = $result->getImpact();
188 if ($impact >= $this->threshold
['kick']) {
189 $this->log($result, 3, $impact);
193 elseif ($impact >= $this->threshold
['warn']) {
194 $this->log($result, 2, $impact);
195 $this->warn($result);
198 elseif ($impact >= $this->threshold
['log']) {
199 $this->log($result, 0, $impact);
208 * This function writes an entry about the intrusion to the database.
210 * @param array $result
211 * @param int $reaction
215 private function log($result, $reaction = 0) {
216 $ip = (isset($_SERVER['SERVER_ADDR']) &&
217 $_SERVER['SERVER_ADDR'] != '127.0.0.1') ?
$_SERVER['SERVER_ADDR'] : (
218 isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : '127.0.0.1'
222 $session = CRM_Core_Session
::singleton();
223 foreach ($result as $event) {
225 'name' => $event->getName(),
226 'value' => stripslashes($event->getValue()),
227 'page' => $_SERVER['REQUEST_URI'],
228 'userid' => $session->get('userID'),
229 'session' => session_id() ?
session_id() : '0',
231 'reaction' => $reaction,
232 'impact' => $result->getImpact(),
236 CRM_Core_Error
::debug_var('IDS Detector Details', $data);
243 * @param array $result
247 private function warn($result) {
252 * Create an error that prevents the user from continuing.
256 private function kick() {
257 $session = CRM_Core_Session
::singleton();
260 $msg = ts('There is a validation error with your HTML input. Your activity is a bit suspicious, hence aborting');
264 array("civicrm/ajax/rest", "civicrm/api/json")
266 require_once "api/v3/utils.php";
267 $error = civicrm_api3_create_error(
270 'IP' => $_SERVER['REMOTE_ADDR'],
271 'error_code' => 'IDS_KICK',
272 'level' => 'security',
273 'referer' => $_SERVER['HTTP_REFERER'],
274 'reason' => 'XSS suspected',
277 CRM_Utils_JSON
::output($error);
279 CRM_Core_Error
::fatal($msg);