mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 06:07:32 +02:00
Code Issues Releases Wiki Activity

Adjust logging string to try and please suhosin - thanks rgk for thought/testing

Browse Source
This commit is contained in:
e107steved
2010-07-26 22:04:36 +00:00
parent 7c42e8f136
commit 3e2a2f40b8
2 changed files with 27 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
e107_plugins/log/e_meta.php
View File

@@ -1,18 +1,16 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Administration Area - User classes
*
* $Source: /cvs_backup/e107_0.8/e107_plugins/log/e_meta.php,v $
* $Revision$
* $Date$
* $Author$
*
* e107 website system
*
* Copyright 2001-2010 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Site access logging
*
* $URL$
* $Id$
*
*/
if (!defined('e107_INIT')) { exit; }
@@ -26,7 +24,7 @@ if (isset($pref['statActivate']) && $pref['statActivate'])
// Page to log here
require_once(e_PLUGIN.'log/consolidate.php');
$err_flag = '';
if (defined("ERR_PAGE_ACTIVE"))
if (defined('ERR_PAGE_ACTIVE'))
{ // We've got an error - set a flag to log it
$err_flag = "&err_direct=".ERR_PAGE_ACTIVE;
if (is_numeric(e_QUERY)) $err_flag .= '/'.substr(e_QUERY,0,10); // This should pick up the error code - and limit numeric length to upset the malicious
@@ -55,9 +53,9 @@ function rstr2b64(input)
var ref=\"\"+escape(top.document.referrer);
var colord = window.screen.colorDepth;
var res = window.screen.width + \"x\" + window.screen.height;
var logString = 'referer=' + ref + '&colour=' + colord + '&eself=' + document.location + '&res=' + res + '".$err_flag."';
var logString = 'referer=' + ref + '&colour=' + colord + '&eself=' + eself + '&res=' + res + '".$err_flag."';
logString = rstr2b64(logString);
document.write( '<link rel=\"stylesheet\" type=\"text/html\" href=\"".e_PLUGIN_ABS."log/log.php?'+logString + '\">' );
document.write('<link rel=\"stylesheet\" type=\"text/css\" href=\"".e_PLUGIN_ABS."log/log.php?lv='+logString + '\">' );
";
$e107 = e107::getInstance();
$e107->getJs()->headerInline($logJS, 5);

27
e107_plugins/log/log.php
View File

@@ -1,18 +1,16 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Administration Area - User classes
*
* $Source: /cvsroot/e107/e107_0.8/e107_plugins/log/log.php,v $
* $Revision$
* $Date$
* $Author$
*
* e107 website system
*
* Copyright 2001-2010 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Site access logging - 'receiver'
*
* $URL$
* $Id$
*
*/
/* File to log page accesses - called with
@@ -35,7 +33,8 @@ define('log_INIT', TRUE);
$pageUnique = array('page' => 1, 'content' => array('content'));
$logVals = urldecode(base64_decode($_SERVER['QUERY_STRING']));
//$logVals = urldecode(base64_decode($_SERVER['QUERY_STRING']));
$logVals = urldecode(base64_decode($_GET['lv']));
parse_str($logVals, $vals);