=')) { set_include_path ( get_include_path() . PATH_SEPARATOR . BX_DIRECTORY_PATH_PLUGINS . 'phpids/' ); require_once 'IDS/Init.php'; $request = array( 'REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE, 'PHP_SELF' => $_SERVER['PHP_SELF'], ); $init = IDS_Init::init(BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/Config/Config.ini'); $init->config['General']['base_path'] = BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/'; $init->config['General']['use_base_path'] = true; $init->config['General']['tmp_path'] = '../../../tmp/'; $init->config['Caching']['path'] = '../../../tmp/default_filter.cache'; if (defined('BX_SECURITY_JSON') && is_array($aBxSecurityJSON)) { $init->config['General']['json'] = array_merge ($init->config['General']['json'], $aBxSecurityJSON); } $init->config['General']['json'] = array_merge($init->config['General']['json'], bx_sys_security_get_fields ('json')); if (defined('BX_SECURITY_HTML') && is_array($aBxSecurityHTML)) { $init->config['General']['html'] = array_merge ($init->config['General']['html'], $aBxSecurityHTML); } $init->config['General']['html'] = array_merge($init->config['General']['html'], bx_sys_security_get_fields ('html')); if (defined('BX_SECURITY_EXCEPTIONS') && is_array($aBxSecurityExceptions)) { $init->config['General']['exceptions'] = array_merge ($init->config['General']['exceptions'], $aBxSecurityExceptions); } $init->config['General']['exceptions'] = array_merge($init->config['General']['exceptions'], bx_sys_security_get_fields ('exceptions')); $init->config['General']['HTML_Purifier_Path'] = BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php'; $init->config['General']['HTML_Purifier_Cache'] = '../../htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/'; $ids = new IDS_Monitor($request, $init); $result = $ids->run(); if (!$result->isEmpty() && $result->getImpact() >= $iImpactLog) { require_once( BX_DIRECTORY_PATH_CLASSES . "BxDolService.php" ); require_once( BX_DIRECTORY_PATH_INC . 'design.inc.php' ); require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' ); require_once( BX_DIRECTORY_PATH_INC . 'utils.inc.php' ); $s = (string)$result; $s .= "\nREMOTE_ADDR: " . $_SERVER['REMOTE_ADDR']; $s .= "\nHTTP_X_FORWARDED_FOR: " . $_SERVER['HTTP_X_FORWARDED_FOR']; $s .= "\nHTTP_CLIENT_IP: " . $_SERVER['HTTP_CLIENT_IP']; $s .= "\nSCRIPT_FILENAME: " . $_SERVER['SCRIPT_FILENAME']; $s .= "\nQUERY_STRING: " . $_SERVER['QUERY_STRING']; $s .= "\nREQUEST_URI: " . $_SERVER['REQUEST_URI']; $s .= "\nQUERY_STRING: " . $_SERVER['QUERY_STRING']; $s .= "\nSCRIPT_NAME: " . $_SERVER['SCRIPT_NAME']; $s .= "\nPHP_SELF: " . $_SERVER['PHP_SELF']; if ($result->getImpact() >= $iImpactBlock) { sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' - security attack was stopped!', $s, 0, array(), 'text'); echo 'Possible security attack!!! All data has been collected and sent to the site owner for analysis.'; exit; } else { sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' - possible security attack!', $s, 0, array(), 'text'); } } } else { echo 'Site security module is disabled, please upgrade to php 5.1.6 or higher to make your site secure.'; } } function bx_sys_security_get_fields ($sType) { switch ($sType) { case 'html': case 'json': case 'exceptions': break; default: return array(); } $sCacheFile = BX_DIRECTORY_PATH_CACHE . "db_sys_{$sType}_fields.php"; if (!file_exists($sCacheFile)) { require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' ); $mixedVar = $GLOBALS['MySQL']->fromCache ("sys_{$sType}_fields", 'getOne', "SELECT `VALUE` FROM `sys_options` WHERE `Name` = 'sys_{$sType}_fields' LIMIT 1"); } else { include $sCacheFile; } $mixedVar = unserialize ($mixedVar); if (!$mixedVar || !is_array($mixedVar)) return array (); $a = array (); foreach ($mixedVar as $r) $a = array_merge ($a, $r); return $a; } function bx_sys_security_get_impact_threshold () { $sCacheFile = BX_DIRECTORY_PATH_CACHE . "sys_options.php"; if (!file_exists($sCacheFile)) { require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' ); return array (getParam('sys_security_impact_threshold_log'), getParam('sys_security_impact_threshold_block')); } else { include $sCacheFile; } return array ($mixedData['sys_security_impact_threshold_log'], $mixedData['sys_security_impact_threshold_block']); } ?>