mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 14:17:49 +02:00
Code Issues Releases Wiki Activity

Adjust logging string to try and please suhosin - thanks rgk for thought/testing

Browse Source
This commit is contained in:
e107steved
2010-07-26 22:04:36 +00:00
parent 7c42e8f136
commit 3e2a2f40b8
2 changed files with 27 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
e107_plugins/log/e_meta.php
View File

@@ -1,18 +1,16 @@
<?php <?php
/* /*
* e107 website system * e107 website system
* *
* Copyright (C) 2008-2009 e107 Inc (e107.org) * Copyright 2001-2010 e107 Inc (e107.org)
* Released under the terms and conditions of the * Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
* *
* Administration Area - User classes * Site access logging
* *
* $Source: /cvs_backup/e107_0.8/e107_plugins/log/e_meta.php,v $ * $URL$
* $Revision$ * $Id$
* $Date$ *
* $Author$
*
*/ */
if (!defined('e107_INIT')) { exit; } if (!defined('e107_INIT')) { exit; }
@@ -26,7 +24,7 @@ if (isset($pref['statActivate']) && $pref['statActivate'])
// Page to log here // Page to log here
require_once(e_PLUGIN.'log/consolidate.php'); require_once(e_PLUGIN.'log/consolidate.php');
$err_flag = ''; $err_flag = '';
if (defined("ERR_PAGE_ACTIVE")) if (defined('ERR_PAGE_ACTIVE'))
{ // We've got an error - set a flag to log it { // We've got an error - set a flag to log it
$err_flag = "&err_direct=".ERR_PAGE_ACTIVE; $err_flag = "&err_direct=".ERR_PAGE_ACTIVE;
if (is_numeric(e_QUERY)) $err_flag .= '/'.substr(e_QUERY,0,10); // This should pick up the error code - and limit numeric length to upset the malicious if (is_numeric(e_QUERY)) $err_flag .= '/'.substr(e_QUERY,0,10); // This should pick up the error code - and limit numeric length to upset the malicious
@@ -55,9 +53,9 @@ function rstr2b64(input)
var ref=\"\"+escape(top.document.referrer); var ref=\"\"+escape(top.document.referrer);
var colord = window.screen.colorDepth; var colord = window.screen.colorDepth;
var res = window.screen.width + \"x\" + window.screen.height; var res = window.screen.width + \"x\" + window.screen.height;
var logString = 'referer=' + ref + '&colour=' + colord + '&eself=' + document.location + '&res=' + res + '".$err_flag."'; var logString = 'referer=' + ref + '&colour=' + colord + '&eself=' + eself + '&res=' + res + '".$err_flag."';
logString = rstr2b64(logString); logString = rstr2b64(logString);
document.write( '<link rel=\"stylesheet\" type=\"text/html\" href=\"".e_PLUGIN_ABS."log/log.php?'+logString + '\">' ); document.write('<link rel=\"stylesheet\" type=\"text/css\" href=\"".e_PLUGIN_ABS."log/log.php?lv='+logString + '\">' );
"; ";
$e107 = e107::getInstance(); $e107 = e107::getInstance();
$e107->getJs()->headerInline($logJS, 5); $e107->getJs()->headerInline($logJS, 5);

27
e107_plugins/log/log.php
View File

@@ -1,18 +1,16 @@
<?php <?php
/* /*
* e107 website system * e107 website system
* *
* Copyright (C) 2008-2009 e107 Inc (e107.org) * Copyright 2001-2010 e107 Inc (e107.org)
* Released under the terms and conditions of the * Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
* *
* Administration Area - User classes * Site access logging - 'receiver'
* *
* $Source: /cvsroot/e107/e107_0.8/e107_plugins/log/log.php,v $ * $URL$
* $Revision$ * $Id$
* $Date$ *
* $Author$
*
*/ */
/* File to log page accesses - called with /* File to log page accesses - called with
@@ -35,7 +33,8 @@ define('log_INIT', TRUE);
$pageUnique = array('page' => 1, 'content' => array('content')); $pageUnique = array('page' => 1, 'content' => array('content'));
$logVals = urldecode(base64_decode($_SERVER['QUERY_STRING'])); //$logVals = urldecode(base64_decode($_SERVER['QUERY_STRING']));
$logVals = urldecode(base64_decode($_GET['lv']));
parse_str($logVals, $vals); parse_str($logVals, $vals);