X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FCore%2FIDS.php;h=5b5bb44b694c19545f7e8a6bddefc44bded31bdb;hb=ea3ddccf2929c9778e4443ecd039c02a0a957dd8;hp=dde1c2e39dbc147f0e8119c043f606c897e41a67;hpb=e44431fee3e48e503e8500ace6206f2d25c8956f;p=civicrm-core.git diff --git a/CRM/Core/IDS.php b/CRM/Core/IDS.php index dde1c2e39d..85180ef6be 100644 --- a/CRM/Core/IDS.php +++ b/CRM/Core/IDS.php @@ -1,9 +1,9 @@ 25, @@ -49,22 +47,24 @@ class CRM_Core_IDS { private $init = NULL; /** + * Check function. + * * This function includes the IDS vendor parts and runs the * detection routines on the request array. * - * @param object cake controller object + * @param object $args cake controller object * - * @return boolean + * @return bool */ public function check(&$args) { // lets bypass a few civicrm urls from this check static $skip = array('civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates'); $path = implode('/', $args); if (in_array($path, $skip)) { - return; + return NULL; } - #add request url and user agent + // Add request url and user agent. $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT']; @@ -76,13 +76,14 @@ class CRM_Core_IDS { require_once 'IDS/Init.php'; try { $init = IDS_Init::init($configFile); - $ids = new IDS_Monitor($_REQUEST, $init); - } catch (Exception $e) { + $ids = new IDS_Monitor($_REQUEST, $init); + } + catch (Exception $e) { // might be an old stale copy of Config.IDS.ini // lets try to rebuild it again and see if it works $configFile = self::createConfigFile(TRUE); $init = IDS_Init::init($configFile); - $ids = new IDS_Monitor($_REQUEST, $init); + $ids = new IDS_Monitor($_REQUEST, $init); } $result = $ids->run(); @@ -94,14 +95,15 @@ class CRM_Core_IDS { } /** - * Create the default config file for the IDS system + * Create the default config file for the IDS system. * - * @param boolean $force should we recreate it irrespective if it exists or not + * @param bool $force + * Should we recreate it irrespective if it exists or not. * - * @return string the full path to the config file - * @static + * @return string + * the full path to the config file */ - static function createConfigFile($force = FALSE) { + public static function createConfigFile($force = FALSE) { $config = CRM_Core_Config::singleton(); $configFile = $config->configAndLogDir . 'Config.IDS.ini'; if (!$force && file_exists($configFile)) { @@ -152,6 +154,7 @@ class CRM_Core_IDS { exceptions[] = report_header exceptions[] = report_footer exceptions[] = data + exceptions[] = json exceptions[] = instructions exceptions[] = suggested_message exceptions[] = page_text @@ -160,7 +163,6 @@ class CRM_Core_IDS { CRM_Core_Error::movedSiteError($configFile); } - // also create the .htaccess file so we prevent the reading of the log and ini files // via a browser, CRM-3875 CRM_Utils_File::restrictAccess($config->configAndLogDir); @@ -169,17 +171,16 @@ class CRM_Core_IDS { } /** - * This function rects on the values in - * the incoming results array. + * This function reacts on the values in the incoming results array. * * Depending on the impact value certain actions are * performed. * * @param IDS_Report $result * - * @return boolean + * @return bool */ - private function react(IDS_Report$result) { + private function react(IDS_Report $result) { $impact = $result->getImpact(); if ($impact >= $this->threshold['kick']) { @@ -202,21 +203,18 @@ class CRM_Core_IDS { } /** - * This function writes an entry about the intrusion - * to the intrusion database + * This function writes an entry about the intrusion to the database. * * @param array $result * @param int $reaction * - * @return boolean + * @return bool */ private function log($result, $reaction = 0) { $ip = (isset($_SERVER['SERVER_ADDR']) && - $_SERVER['SERVER_ADDR'] != '127.0.0.1' - ) ? $_SERVER['SERVER_ADDR'] : (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? - $_SERVER['HTTP_X_FORWARDED_FOR'] : - '127.0.0.1' - ); + $_SERVER['SERVER_ADDR'] != '127.0.0.1') ? $_SERVER['SERVER_ADDR'] : ( + isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '127.0.0.1' + ); $data = array(); $session = CRM_Core_Session::singleton(); @@ -238,18 +236,22 @@ class CRM_Core_IDS { } /** - * //todo + * Warn about IDS. * + * @param array $result * + * @return array */ private function warn($result) { return $result; } /** - * //todo + * Kick (whatever that means!). * + * @param array $result * + * @throws \Exception */ private function kick($result) { $session = CRM_Core_Session::singleton(); @@ -259,9 +261,9 @@ class CRM_Core_IDS { $path = implode('/', $args); if (in_array( - $path, - array("civicrm/ajax/rest", "civicrm/api/json") - )) { + $path, + array("civicrm/ajax/rest", "civicrm/api/json") + )) { require_once "api/v3/utils.php"; $error = civicrm_api3_create_error( $msg, @@ -277,5 +279,5 @@ class CRM_Core_IDS { } CRM_Core_Error::fatal($msg); } -} +}