mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-10 16:46:50 +02:00
Code Issues Releases Wiki Activity

Encode log data to hopefully reduce mod_security problems

Browse Source
This commit is contained in:
e107steved
2009-11-08 16:15:31 +00:00
parent 6a967e9b17
commit 5403d5b7ab
2 changed files with 96 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
e107_plugins/log/e_meta.php
View File

@@ -1,15 +1,18 @@
<?php
/*
+ ----------------------------------------------------------------------------------------------+
| e107 website system : http://e107.org
| Steve Dunstan 2001-2002 : jalist@e107.org
| Released under the terms and conditions of the GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/log/e_meta.php,v $
| $Revision: 1.3 $
| $Date: 2007-08-14 19:27:22 $
| $Author: e107steved $
+-----------------------------------------------------------------------------------------------+
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Administration Area - User classes
*
* $Source: /cvs_backup/e107_0.8/e107_plugins/log/e_meta.php,v $
* $Revision: 1.4 $
* $Date: 2009-11-08 16:15:31 $
* $Author: e107steved $
*
*/
if (!defined('e107_INIT')) { exit; }
@@ -18,25 +21,49 @@ if (isset($pref['statActivate']) && $pref['statActivate'])
if(!$pref['statCountAdmin'] && ADMIN)
{
/* don't count admin visits */
return;
}
else
// Page to log here
require_once(e_PLUGIN.'log/consolidate.php');
$err_flag = '';
if (defined("ERR_PAGE_ACTIVE"))
{ // We've got an error - set a flag to log it
$err_flag = "&err_direct=".ERR_PAGE_ACTIVE;
if (is_numeric(e_QUERY)) $err_flag .= '/'.substr(e_QUERY,0,10); // This should pick up the error code - and limit numeric length to upset the malicious
$err_flag .= "&err_referer=".$_SERVER['HTTP_REFERER'];
}
echo "<script type='text/javascript'>
//<![CDATA[
function rstr2b64(input)
{
// var b64pad = \"=\"; /* base-64 pad character. \"=\" for strict RFC compliance */
var b64pad = \"\"; /* base-64 pad character. \"=\" for strict RFC compliance */
var tab = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\";
var output = \"\";
var len = input.length;
for(var i = 0; i < len; i += 3)
{
require_once(e_PLUGIN."log/consolidate.php");
$err_flag = '';
if (defined("ERR_PAGE_ACTIVE"))
{ // We've got an error - set a flag to log it
$err_flag = "&err_direct=".ERR_PAGE_ACTIVE;
if (is_numeric(e_QUERY)) $err_flag .= '/'.substr(e_QUERY,0,10); // This should pick up the error code - and limit numeric length to upset the malicious
$err_flag .= "&err_referer=".$_SERVER['HTTP_REFERER'];
var triplet = (input.charCodeAt(i) << 16)
| (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0)
| (i + 2 < len ? input.charCodeAt(i+2) : 0);
for(var j = 0; j < 4; j++)
{
if(i * 8 + j * 6 > input.length * 8) output += b64pad;
else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F);
}
echo "<script type='text/javascript'>\n";
echo "<!--\n";
echo "document.write( '<link rel=\"stylesheet\" type=\"text/css\" href=\"".e_PLUGIN_ABS."log/log.php?referer=' + ref + '&color=' + colord + '&eself=' + eself + '&res=' + res + '{$err_flag}\">' );\n";
echo "// -->\n";
echo "</script>\n\n";
}
return output;
}
var ref=\"\"+escape(top.document.referrer);
var colord = window.screen.colorDepth;
var res = window.screen.width + \"x\" + window.screen.height;
var eself = document.location;
var logString = 'referer=' + ref + '&colour=' + colord + '&eself=' + eself + '&res=' + res + '".$err_flag."';
logString = rstr2b64(logString);
document.write( '<link rel=\"stylesheet\" type=\"text/html\" href=\"".e_PLUGIN_ABS."log/log.php?'+logString + '\">' );\n
//]]>
</script>\n";
}
?>

83
e107_plugins/log/log.php
View File

@@ -1,44 +1,51 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Steve Dunstan 2001-2002
| http://e107.org
| jalist@e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| File locking, modified getip() 18.01.07
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/log/log.php,v $
| $Revision: 1.6 $
| $Date: 2009-01-04 20:55:43 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Administration Area - User classes
*
* $Source: /cvs_backup/e107_0.8/e107_plugins/log/log.php,v $
* $Revision: 1.7 $
* $Date: 2009-11-08 16:15:31 $
* $Author: e107steved $
*
*/
// File called with:
// e_PLUGIN_ABS."log/log.php?referer=' + ref + '&color=' + colord + '&eself=' + eself + '&res=' + res + '\">' );\n";
// referer= ref
// color= colord
// eself= eself
// res= res
// err_direct - optional error flag
// err_referer - referrer if came via error page
/* File to log page accesses - called with
e_PLUGIN_ABS."log/log.php?base64encode(referer=' + ref + '&color=' + colord + '&eself=' + eself + '&res=' + res + '\">' );)";
referer= ref
color= colord
eself= eself
res= res
err_direct - optional error flag
err_referer - referrer if came via error page
// Normally the file is 'silent' - iff any errors occur, they'll usually appear within the page's CSS due to the way its called
define("log_INIT", TRUE);
// Normally the file is 'silent' - if any errors occur, not sure where they'll appear - (file type now text/html instead of text/css)
*/
define('log_INIT', TRUE);
$logVals = urldecode(base64_decode($_SERVER['QUERY_STRING']));
parse_str($logVals, $vals);
$colour = strip_tags((isset($_REQUEST['color']) ? $_REQUEST['color'] : ''));
$res = strip_tags((isset($_REQUEST['res']) ? $_REQUEST['res'] : ''));
$self = strip_tags((isset($_REQUEST['eself']) ? $_REQUEST['eself'] : ''));
$ref = addslashes(strip_tags((isset($_REQUEST['referer']) ? $_REQUEST['referer'] : '')));
echo "\n"; // This is harmless data which seems to avoid intermittent problems.
//$logfp = fopen('logs/rcvstring.txt', 'a+'); fwrite($logfp, $logVals."\n"); fclose($logfp);
//$logfp = fopen('logs/rcvstring.txt', 'a+'); fwrite($logfp, print_r($vals, TRUE)."\n"); fclose($logfp);
$colour = strip_tags((isset($vals['colour']) ? $vals['colour'] : ''));
$res = strip_tags((isset($vals['res']) ? $vals['res'] : ''));
$self = strip_tags((isset($vals['eself']) ? $vals['eself'] : ''));
$ref = addslashes(strip_tags((isset($vals['referer']) ? $vals['referer'] : '')));
$date = date("z.Y", time());
$logPfile = "logs/logp_".$date.".php";
//$logString = "Colour: {$colour} Res: {$res} Self: {$self} Referrer: {$ref} ErrCode: {$vals['err_direct']}\n";
//$logfp = fopen('logs/rcvstring.txt', 'a+'); fwrite($logfp, $logString); fclose($logfp);
// vet resolution and colour depth some more - avoid dud values
if ($res && preg_match("#.*?((\d+)\w+?(\d+))#", $res, $match))
@@ -60,22 +67,21 @@ else
}
if ($err_code = strip_tags((isset($_REQUEST['err_direct']) ? $_REQUEST['err_direct'] : '')))
if ($err_code = strip_tags((isset($vals['err_direct']) ? $vals['err_direct'] : '')))
{
$ref = addslashes(strip_tags(isset($_REQUEST['err_referer']) ? $_REQUEST['err_referer'] : ''));
$log_string = $err_code.",".$self.",".$ref;
$ref = addslashes(strip_tags(isset($vals['err_referer']) ? $vals['err_referer'] : ''));
// Uncomment the next two lines to create a separate CSV format log of invalid accesses - error code, entered URL, referrer
// $logname = "logs/errpages.csv";
// $logfp = fopen($logname, 'a+'); fwrite($logfp, $log_string."\n\r"); fclose($logfp);
// $log_string = $err_code.",".$self.",".$ref;
// $logfp = fopen("logs/errpages.csv", 'a+'); fwrite($logfp, $log_string."\n\r"); fclose($logfp);
$err_code .= ':';
}
if(strstr($ref, "admin"))
if(strstr($ref, 'admin'))
{
$ref = FALSE;
}
$screenstats = $res."@".$colour;
$screenstats = $res.'@'.$colour;
$agent = $_SERVER['HTTP_USER_AGENT'];
$ip = getip();
@@ -231,4 +237,5 @@ function getip()
}
}
?>