Namespaces

Classes

Interfaces

Exceptions

Functions

1: <?php
2:
3: /**
4: * @return bool
5: */
6: function protector_prepare()
7: {
8: // check the access is from install/index.php
9: if (defined('_INSTALL_CHARSET') && !is_writable(XOOPS_ROOT_PATH . '/mainfile.php')) {
10: die('To use installer, remove protector\'s lines from mainfile.php first.');
11: }
12:
13: // Protector class
14: require_once dirname(__DIR__) . '/class/protector.php';
15:
16: // Protector object
17: $protector = Protector::getInstance();
18: $conf = $protector->getConf();
19:
20: // phar wrapper deserialization
21: array_walk_recursive($_GET, 'protector_phar_check');
22: array_walk_recursive($_POST, 'protector_phar_check');
23:
24: // bandwidth limitation
25: if (isset($conf['bwlimit_count']) && $conf['bwlimit_count'] >= 10) {
26: $bwexpire = $protector->get_bwlimit();
27: if ($bwexpire > time()) {
28: header('HTTP/1.0 503 Service unavailable');
29: $protector->call_filter('precommon_bwlimit', 'This website is very busy now. Please try later.');
30: }
31: }
32:
33: // bad_ips
34: $bad_ips = $protector->get_bad_ips(true);
35: $bad_ip_match = $protector->ip_match($bad_ips);
36: if ($bad_ip_match) {
37: $protector->call_filter('precommon_badip', 'You are registered as BAD_IP by Protector.');
38: }
39:
40: // global enabled or disabled
41: if (!empty($conf['global_disabled'])) {
42: return true;
43: }
44:
45: // reliable ips
46: if (isset($conf['reliable_ips'])) {
47: $reliable_ips = unserialize($conf['reliable_ips'], array('allowed_classes' => false));
48: } else {
49: $reliable_ips = array();
50: }
51:
52: // for the environment of (buggy core version && magic_quotes_gpc)
53: if (!is_array($reliable_ips) && isset($conf['reliable_ips'])) {
54: $reliable_ips = unserialize(stripslashes($conf['reliable_ips']), array('allowed_classes' => false));
55: if (!is_array($reliable_ips)) {
56: $reliable_ips = array();
57: }
58: }
59: $is_reliable = false;
60: foreach ($reliable_ips as $reliable_ip) {
61: if (!empty($reliable_ip) && preg_match('/' . $reliable_ip . '/', $_SERVER['REMOTE_ADDR'])) {
62: $is_reliable = true;
63: }
64: }
65:
66: // "DB Layer Trapper"
67: $force_override = (strstr($_SERVER['REQUEST_URI'], 'protector/admin/index.php?page=advisory') !== false) ? true : false;
68:
69: // $force_override = true ;
70: if ($force_override || !empty($conf['enable_dblayertrap'])) {
71: @define('PROTECTOR_ENABLED_ANTI_SQL_INJECTION', 1);
72: $protector->dblayertrap_init($force_override);
73: }
74:
75: // "Big Umbrella" subset version
76: if (!empty($conf['enable_bigumbrella'])) {
77: @define('PROTECTOR_ENABLED_ANTI_XSS', 1);
78: $protector->bigumbrella_init();
79: }
80:
81: // force intval variables whose name is *id
82: if (!empty($conf['id_forceintval'])) {
83: $protector->intval_allrequestsendid();
84: }
85:
86: // eliminate '..' from requests looks like file specifications
87: if (!$is_reliable && !empty($conf['file_dotdot'])) {
88: $protector->eliminate_dotdot();
89: }
90:
91: // Check uploaded files
92: if (!$is_reliable && !empty($_FILES) && !empty($conf['die_badext']) && !defined('PROTECTOR_SKIP_FILESCHECKER') && !$protector->check_uploaded_files()) {
93: $protector->output_log($protector->last_error_type);
94: $protector->purge();
95: }
96:
97: // Variables contamination
98: if (!$protector->check_contami_systemglobals()) {
99: if (isset($conf['contami_action']) && ($conf['contami_action'] & 4)) {
100: if ($conf['contami_action'] & 8) {
101: $protector->_should_be_banned = true;
102: } else {
103: $protector->_should_be_banned_time0 = true;
104: }
105: $_GET = $_POST = array();
106: }
107:
108: $protector->output_log($protector->last_error_type);
109: if (isset($conf['contami_action']) && ($conf['contami_action'] & 2)) {
110: $protector->purge();
111: }
112: }
113:
114: // prepare for DoS
115: //if ( ! $protector->check_dos_attack_prepare() ) {
116: // $protector->output_log( $protector->last_error_type , 0 , true ) ;
117: //}
118:
119: if (!empty($conf['disable_features'])) {
120: $protector->disable_features();
121: }
122: return null;
123: }
124:
125: /**
126: * Callback for array_walk_recursive to check for phar wrapper
127: *
128: * @param mixed $item
129: * @param mixed $key
130: *
131: * @return void
132: */
133: function protector_phar_check($item, $key)
134: {
135: $check = preg_match('#^\s*phar://#', $item);
136: if(1===$check) {
137: $protector = Protector::getInstance();
138: $protector->message = 'Protector detects attacking actions';
139: $protector->output_log('PHAR');
140: $protector->purge(false);
141: }
142: }
143:
API documentation generated by ApiGen v7.0.0-alpha.6