From 76adcecc306b0e6e8fd7598930383fc0b7a73eab Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Fri, 14 Jul 2017 17:58:05 -0700 Subject: [PATCH] CRM-20926 - Kill Config.IDS.ini Background ========== Previously, the IDS configuration was written to a temp file and then read from the tempfile. Since we no longer read the tempfile, we don't need to write to it either. Before ====== System autocreates the `Config.IDS.ini` file. After ===== System does not create `Config.IDS.ini`. --- CRM/Core/IDS.php | 101 ++++++++++++++++--------------------------- CRM/Core/Invoke.php | 10 ++--- CRM/Upgrade/Form.php | 3 -- 3 files changed, 40 insertions(+), 74 deletions(-) diff --git a/CRM/Core/IDS.php b/CRM/Core/IDS.php index 8160823cad..786fd5cb9b 100644 --- a/CRM/Core/IDS.php +++ b/CRM/Core/IDS.php @@ -52,41 +52,43 @@ class CRM_Core_IDS { * This function includes the IDS vendor parts and runs the * detection routines on the request array. * - * @param array $args - * List of path parts. + * @param array $route * * @return bool */ - public function check($args) { + public function check($route) { + if (CRM_Core_Permission::check('skip IDS check')) { + return NULL; + } + // lets bypass a few civicrm urls from this check $skip = array('civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates'); CRM_Utils_Hook::idsException($skip); - $this->path = implode('/', $args); + $this->path = $route['path']; if (in_array($this->path, $skip)) { return NULL; } + $config = \CRM_Core_IDS::createStandardConfig(); + foreach (array('json', 'html', 'exception') as $section) { + if (isset($route['ids_arguments'][$section])) { + foreach ($route['ids_arguments'][$section] as $v) { + $config['General'][$section][] = $v; + } + $config['General'][$section] = array_unique($config['General'][$section]); + } + } + + $init = self::create($config); + // Add request url and user agent. $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT']; } - $configFile = self::createConfigFile(FALSE); - - // init the PHPIDS and pass the REQUEST array - require_once 'IDS/Init.php'; - try { - $init = IDS_Init::init($configFile); - $ids = new IDS_Monitor($_REQUEST, $init); - } - catch (Exception $e) { - // might be an old stale copy of Config.IDS.ini - // lets try to rebuild it again and see if it works - $configFile = self::createConfigFile(TRUE); - $init = IDS_Init::init($configFile); - $ids = new IDS_Monitor($_REQUEST, $init); - } + require_once 'IDS/Monitor.php'; + $ids = new \IDS_Monitor($_REQUEST, $init); $result = $ids->run(); if (!$result->isEmpty()) { @@ -97,54 +99,25 @@ class CRM_Core_IDS { } /** - * Create the default config file for the IDS system. - * - * @param bool $force - * Should we recreate it irrespective if it exists or not. + * Create a new PHPIDS configuration object. * - * @return string - * the full path to the config file + * @param array $config + * PHPIDS configuration array (per INI format). + * @return \IDS_Init */ - public static function createConfigFile($force = FALSE) { - $config = CRM_Core_Config::singleton(); - $configFile = $config->configAndLogDir . 'Config.IDS.ini'; - if (!$force && file_exists($configFile)) { - return $configFile; - } - - // also clear the stat cache in case we are upgrading - clearstatcache(); - - $config = self::createStandardConfig(); - $contents = "\n"; - $lineTpl = " %-19s = %s\n"; - foreach ($config as $section => $fields) { - $contents .= "[$section]\n"; - foreach ($fields as $key => $value) { - if ($key === 'scan_keys' && $value == '') { - $value = 'false'; - } - - if (is_array($value)) { - foreach ($value as $v) { - $contents .= sprintf($lineTpl, $key . '[]', $v); - } - } - else { - $contents .= sprintf($lineTpl, $key, $value); - } - } - } - - if (file_put_contents($configFile, $contents) === FALSE) { - CRM_Core_Error::movedSiteError($configFile); - } + protected static function create($config) { + require_once 'IDS/Init.php'; + $init = \IDS_Init::init(NULL); + $init->setConfig($config, TRUE); - // also create the .htaccess file so we prevent the reading of the log and ini files - // via a browser, CRM-3875 - CRM_Utils_File::restrictAccess($config->configAndLogDir); + // Cleanup + $reflection = new \ReflectionProperty('IDS_Init', 'instances'); + $reflection->setAccessible(TRUE); + $value = $reflection->getValue(NULL); + unset($value[NULL]); + $reflection->setValue(NULL, $value); - return $configFile; + return $init; } /** @@ -232,7 +205,7 @@ class CRM_Core_IDS { * * @return bool */ - private function react(IDS_Report $result) { + public function react(IDS_Report $result) { $impact = $result->getImpact(); if ($impact >= $this->threshold['kick']) { diff --git a/CRM/Core/Invoke.php b/CRM/Core/Invoke.php index 388bba334d..69724fbdcf 100644 --- a/CRM/Core/Invoke.php +++ b/CRM/Core/Invoke.php @@ -132,10 +132,6 @@ class CRM_Core_Invoke { static public function init($args) { // first fire up IDS and check for bad stuff $config = CRM_Core_Config::singleton(); - if (!CRM_Core_Permission::check('skip IDS check')) { - $ids = new CRM_Core_IDS(); - $ids->check($args); - } // also initialize the i18n framework require_once 'CRM/Core/I18n.php'; @@ -197,6 +193,9 @@ class CRM_Core_Invoke { * @return string, HTML */ static public function runItem($item) { + $ids = new CRM_Core_IDS(); + $ids->check($item); + $config = CRM_Core_Config::singleton(); if ($config->userFramework == 'Joomla' && $item) { $config->userFrameworkURLVar = 'task'; @@ -394,9 +393,6 @@ class CRM_Core_Invoke { } CRM_Core_DAO_AllCoreTables::reinitializeCache(TRUE); CRM_Core_ManagedEntities::singleton(TRUE)->reconcile(); - - //CRM-16257 update Config.IDS.ini might be an old copy - CRM_Core_IDS::createConfigFile(TRUE); } } diff --git a/CRM/Upgrade/Form.php b/CRM/Upgrade/Form.php index 40c04a1491..76aa53a26f 100644 --- a/CRM/Upgrade/Form.php +++ b/CRM/Upgrade/Form.php @@ -768,9 +768,6 @@ SET version = '$version' // Rebuild all triggers and re-enable logging if needed $logging = new CRM_Logging_Schema(); $logging->fixSchemaDifferences(); - - //CRM-16257 update Config.IDS.ini might be an old copy - CRM_Core_IDS::createConfigFile(TRUE); } /** -- 2.25.1