|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* ****************************************************************************** |
|
5
|
|
|
* Copyright 2011-2017 DANTE Ltd. and GÉANT on behalf of the GN3, GN3+, GN4-1 |
|
6
|
|
|
* and GN4-2 consortia |
|
7
|
|
|
* |
|
8
|
|
|
* License: see the web/copyright.php file in the file structure |
|
9
|
|
|
* ****************************************************************************** |
|
10
|
|
|
*/ |
|
11
|
|
|
/** |
|
12
|
|
|
* This file executes AJAX searches from diagnostics page. |
|
13
|
|
|
* |
|
14
|
|
|
* |
|
15
|
|
|
* @author Maja Gorecka-Wolniewicz <[email protected]> |
|
16
|
|
|
* |
|
17
|
|
|
* @package Developer |
|
18
|
|
|
*/ |
|
19
|
|
|
function check_my_nonce($nonce, $optSalt='') { |
|
20
|
|
|
$remote = filter_input(INPUT_SERVER, 'REMOTE_ADDR'); |
|
21
|
|
|
$lasthour = date("G")-1<0 ? date('Ymd').'23' : date("YmdG")-1; |
|
22
|
|
|
if (hash_hmac('sha256', session_id().$optSalt, date("YmdG").'1qaz2wsx3edc!QAZ@WSX#EDC'.$remote) == $nonce || |
|
23
|
|
|
hash_hmac('sha256', session_id().$optSalt, $lasthour.'1qaz2wsx3edc!QAZ@WSX#EDC'.$remote) == $nonce) { |
|
24
|
|
|
return true; |
|
25
|
|
|
} else { |
|
26
|
|
|
return false; |
|
27
|
|
|
} |
|
28
|
|
|
} |
|
29
|
|
|
require_once(dirname(dirname(dirname(__FILE__))) . "/config/_config.php"); |
|
30
|
|
|
$loggerInstance = new \core\common\Logging(); |
|
31
|
|
|
$returnArray = []; |
|
32
|
|
|
/*$headers = apache_request_headers(); |
|
|
|
|
|
|
33
|
|
|
$is_ajax = (isset($headers['X-Requested-With']) && $headers['X-Requested-With'] == 'XMLHttpRequest'); |
|
34
|
|
|
$nonce = filter_input(INPUT_GET, 'myNonce', FILTER_SANITIZE_STRING); |
|
35
|
|
|
$loggerInstance->debug(4, "AJAX $nonce"); |
|
36
|
|
|
*/ |
|
37
|
|
|
$is_ajax = True; |
|
38
|
|
|
if (!$is_ajax) { /*|| check_my_nonce($nonce, $_SESSION['current_page'])) {*/ |
|
|
|
|
|
|
39
|
|
|
$loggerInstance->debug(4, 'A hostile AJAX call'); |
|
40
|
|
|
} else { |
|
41
|
|
|
$languageInstance = new \core\common\Language(); |
|
42
|
|
|
$languageInstance->setTextDomain("web_user"); |
|
43
|
|
|
$cat = new \core\CAT(); |
|
44
|
|
|
$realm = filter_input(INPUT_GET, 'realm', FILTER_SANITIZE_STRING); |
|
45
|
|
|
$email = filter_input(INPUT_GET, 'email', FILTER_SANITIZE_STRING); |
|
46
|
|
|
$mac = filter_input(INPUT_GET, 'mac', FILTER_SANITIZE_STRING); |
|
47
|
|
|
$freetext = filter_input(INPUT_GET, 'freetext', FILTER_SANITIZE_STRING); |
|
48
|
|
|
$timestamp = filter_input(INPUT_GET, 'timestamp', FILTER_SANITIZE_STRING); |
|
49
|
|
|
$idpcontact = filter_input(INPUT_GET, 'idpcontact', FILTER_SANITIZE_STRING); |
|
50
|
|
|
$returnArray = array(); |
|
51
|
|
|
$returnArray['realm'] = $realm; |
|
52
|
|
|
$returnArray['spcontact'] = $email; |
|
53
|
|
|
$returnArray['mac'] = $mac; |
|
54
|
|
|
$returnArray['description'] = $freetext; |
|
55
|
|
|
$returnArray['timestamp'] = $timestamp; |
|
56
|
|
|
$returnArray['idpcontact'] = base64_decode($idpcontact); |
|
57
|
|
|
$returnArray['status'] = 1; |
|
58
|
|
|
} |
|
59
|
|
|
echo(json_encode($returnArray)); |
|
60
|
|
|
|
|
61
|
|
|
|
GEANT /
CAT
Loading history...
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.