tnhfw /
tnh-fw
@@ -24,7 +24,7 @@ discard block |
||
| 24 | 24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 25 | 25 | */ |
| 26 | 26 | |
| 27 | - class Request{ |
|
| 27 | + class Request { |
|
| 28 | 28 | |
| 29 | 29 | /** |
| 30 | 30 | * The value for the super global $_GET |
@@ -90,21 +90,21 @@ discard block |
||
| 90 | 90 | /** |
| 91 | 91 | * Construct new request instance |
| 92 | 92 | */ |
| 93 | - public function __construct(){ |
|
| 93 | + public function __construct() { |
|
| 94 | 94 | $this->get = $_GET; |
| 95 | 95 | $this->post = $_POST; |
| 96 | 96 | $this->server = $_SERVER; |
| 97 | 97 | $this->query = $_REQUEST; |
| 98 | 98 | $this->cookie = $_COOKIE; |
| 99 | 99 | $this->file = $_FILES; |
| 100 | - $this->session =& class_loader('Session', 'classes'); |
|
| 100 | + $this->session = & class_loader('Session', 'classes'); |
|
| 101 | 101 | $this->method = $this->server('REQUEST_METHOD'); |
| 102 | 102 | $this->requestUri = $this->server('REQUEST_URI'); |
| 103 | 103 | $this->header = array(); |
| 104 | - if(function_exists('apache_request_headers')){ |
|
| 104 | + if (function_exists('apache_request_headers')) { |
|
| 105 | 105 | $this->header = apache_request_headers(); |
| 106 | 106 | } |
| 107 | - else if(function_exists('getallheaders')){ |
|
| 107 | + else if (function_exists('getallheaders')) { |
|
| 108 | 108 | $this->header = getallheaders(); |
| 109 | 109 | } |
| 110 | 110 | } |
@@ -113,7 +113,7 @@ discard block |
||
| 113 | 113 | * Get the request method |
| 114 | 114 | * @return string |
| 115 | 115 | */ |
| 116 | - public function method(){ |
|
| 116 | + public function method() { |
|
| 117 | 117 | return $this->method; |
| 118 | 118 | } |
| 119 | 119 | |
@@ -121,7 +121,7 @@ discard block |
||
| 121 | 121 | * Get the request URI |
| 122 | 122 | * @return string |
| 123 | 123 | */ |
| 124 | - public function requestUri(){ |
|
| 124 | + public function requestUri() { |
|
| 125 | 125 | return $this->requestUri; |
| 126 | 126 | } |
| 127 | 127 | |
@@ -131,13 +131,13 @@ discard block |
||
| 131 | 131 | * @param boolean $xss if need apply some XSS attack rule on the value |
| 132 | 132 | * @return array|mixed the item value if the key exists or all array if the key does not exists or is empty |
| 133 | 133 | */ |
| 134 | - public function query($key = null, $xss = true){ |
|
| 135 | - if(empty($key)){ |
|
| 134 | + public function query($key = null, $xss = true) { |
|
| 135 | + if (empty($key)) { |
|
| 136 | 136 | //return all |
| 137 | 137 | return $xss ? clean_input($this->query) : $this->query; |
| 138 | 138 | } |
| 139 | 139 | $query = array_key_exists($key, $this->query) ? $this->query[$key] : null; |
| 140 | - if($xss){ |
|
| 140 | + if ($xss) { |
|
| 141 | 141 | $query = clean_input($query); |
| 142 | 142 | } |
| 143 | 143 | return $query; |
@@ -149,13 +149,13 @@ discard block |
||
| 149 | 149 | * @param boolean $xss if need apply some XSS attack rule on the value |
| 150 | 150 | * @return array|mixed the item value if the key exists or all array if the key does not exists or is empty |
| 151 | 151 | */ |
| 152 | - public function get($key = null, $xss = true){ |
|
| 153 | - if(empty($key)){ |
|
| 152 | + public function get($key = null, $xss = true) { |
|
| 153 | + if (empty($key)) { |
|
| 154 | 154 | //return all |
| 155 | 155 | return $xss ? clean_input($this->get) : $this->get; |
| 156 | 156 | } |
| 157 | 157 | $get = array_key_exists($key, $this->get) ? $this->get[$key] : null; |
| 158 | - if($xss){ |
|
| 158 | + if ($xss) { |
|
| 159 | 159 | $get = clean_input($get); |
| 160 | 160 | } |
| 161 | 161 | return $get; |
@@ -167,13 +167,13 @@ discard block |
||
| 167 | 167 | * @param boolean $xss if need apply some XSS attack rule on the value |
| 168 | 168 | * @return array|mixed the item value if the key exists or all array if the key does not exists or is empty |
| 169 | 169 | */ |
| 170 | - public function post($key = null, $xss = true){ |
|
| 171 | - if(empty($key)){ |
|
| 170 | + public function post($key = null, $xss = true) { |
|
| 171 | + if (empty($key)) { |
|
| 172 | 172 | //return all |
| 173 | 173 | return $xss ? clean_input($this->post) : $this->post; |
| 174 | 174 | } |
| 175 | 175 | $post = array_key_exists($key, $this->post) ? $this->post[$key] : null; |
| 176 | - if($xss){ |
|
| 176 | + if ($xss) { |
|
| 177 | 177 | $post = clean_input($post); |
| 178 | 178 | } |
| 179 | 179 | return $post; |
@@ -185,13 +185,13 @@ discard block |
||
| 185 | 185 | * @param boolean $xss if need apply some XSS attack rule on the value |
| 186 | 186 | * @return array|mixed the item value if the key exists or all array if the key does not exists or is empty |
| 187 | 187 | */ |
| 188 | - public function server($key = null, $xss = true){ |
|
| 189 | - if(empty($key)){ |
|
| 188 | + public function server($key = null, $xss = true) { |
|
| 189 | + if (empty($key)) { |
|
| 190 | 190 | //return all |
| 191 | 191 | return $xss ? clean_input($this->server) : $this->server; |
| 192 | 192 | } |
| 193 | 193 | $server = array_key_exists($key, $this->server) ? $this->server[$key] : null; |
| 194 | - if($xss){ |
|
| 194 | + if ($xss) { |
|
| 195 | 195 | $server = clean_input($server); |
| 196 | 196 | } |
| 197 | 197 | return $server; |
@@ -203,13 +203,13 @@ discard block |
||
| 203 | 203 | * @param boolean $xss if need apply some XSS attack rule on the value |
| 204 | 204 | * @return array|mixed the item value if the key exists or all array if the key does not exists or is empty |
| 205 | 205 | */ |
| 206 | - public function cookie($key = null, $xss = true){ |
|
| 207 | - if(empty($key)){ |
|
| 206 | + public function cookie($key = null, $xss = true) { |
|
| 207 | + if (empty($key)) { |
|
| 208 | 208 | //return all |
| 209 | 209 | return $xss ? clean_input($this->cookie) : $this->cookie; |
| 210 | 210 | } |
| 211 | 211 | $cookie = array_key_exists($key, $this->cookie) ? $this->cookie[$key] : null; |
| 212 | - if($xss){ |
|
| 212 | + if ($xss) { |
|
| 213 | 213 | $cookie = clean_input($cookie); |
| 214 | 214 | } |
| 215 | 215 | return $cookie; |
@@ -220,7 +220,7 @@ discard block |
||
| 220 | 220 | * @param string $key the item key to be fetched |
| 221 | 221 | * @return array|mixed the item value if the key exists or all array if the key does not exists or is empty |
| 222 | 222 | */ |
| 223 | - public function file($key){ |
|
| 223 | + public function file($key) { |
|
| 224 | 224 | $file = array_key_exists($key, $this->file) ? $this->file[$key] : null; |
| 225 | 225 | return $file; |
| 226 | 226 | } |
@@ -231,9 +231,9 @@ discard block |
||
| 231 | 231 | * @param boolean $xss if need apply some XSS attack rule on the value |
| 232 | 232 | * @return array|mixed the item value if the key exists or null if the key does not exists |
| 233 | 233 | */ |
| 234 | - public function session($key, $xss = true){ |
|
| 234 | + public function session($key, $xss = true) { |
|
| 235 | 235 | $session = $this->session->get($key); |
| 236 | - if($xss){ |
|
| 236 | + if ($xss) { |
|
| 237 | 237 | $session = clean_input($session); |
| 238 | 238 | } |
| 239 | 239 | return $session; |
@@ -245,9 +245,9 @@ discard block |
||
| 245 | 245 | * @param boolean $xss if need apply some XSS attack rule on the value |
| 246 | 246 | * @return mixed the item value if the key exists or null if the key does not exists |
| 247 | 247 | */ |
| 248 | - public function header($key, $xss = true){ |
|
| 248 | + public function header($key, $xss = true) { |
|
| 249 | 249 | $header = array_key_exists($key, $this->header) ? $this->header[$key] : null; |
| 250 | - if($xss){ |
|
| 250 | + if ($xss) { |
|
| 251 | 251 | $header = clean_input($header); |
| 252 | 252 | } |
| 253 | 253 | return $header; |
@@ -24,7 +24,7 @@ discard block |
||
| 24 | 24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 25 | 25 | */ |
| 26 | 26 | |
| 27 | - class Security{ |
|
| 27 | + class Security { |
|
| 28 | 28 | |
| 29 | 29 | /** |
| 30 | 30 | * The logger instance |
@@ -36,9 +36,9 @@ discard block |
||
| 36 | 36 | * Get the logger singleton instance |
| 37 | 37 | * @return Log the logger instance |
| 38 | 38 | */ |
| 39 | - private static function getLogger(){ |
|
| 40 | - if(self::$logger == null){ |
|
| 41 | - self::$logger[0] =& class_loader('Log', 'classes'); |
|
| 39 | + private static function getLogger() { |
|
| 40 | + if (self::$logger == null) { |
|
| 41 | + self::$logger[0] = & class_loader('Log', 'classes'); |
|
| 42 | 42 | self::$logger[0]->setLogger('Library::Security'); |
| 43 | 43 | } |
| 44 | 44 | return self::$logger[0]; |
@@ -49,7 +49,7 @@ discard block |
||
| 49 | 49 | * This method is used to generate the CSRF token |
| 50 | 50 | * @return string the generated CSRF token |
| 51 | 51 | */ |
| 52 | - public static function generateCSRF(){ |
|
| 52 | + public static function generateCSRF() { |
|
| 53 | 53 | $logger = self::getLogger(); |
| 54 | 54 | $logger->debug('Generation of CSRF ...'); |
| 55 | 55 | |
@@ -57,14 +57,14 @@ discard block |
||
| 57 | 57 | $expire = get_config('csrf_expire', 60); |
| 58 | 58 | $keyExpire = 'csrf_expire'; |
| 59 | 59 | $currentTime = time(); |
| 60 | - if(Session::exists($key) && Session::exists($keyExpire) && Session::get($keyExpire) > $currentTime){ |
|
| 60 | + if (Session::exists($key) && Session::exists($keyExpire) && Session::get($keyExpire) > $currentTime) { |
|
| 61 | 61 | $logger->info('The CSRF token not yet expire just return it'); |
| 62 | 62 | return Session::get($key); |
| 63 | 63 | } |
| 64 | - else{ |
|
| 64 | + else { |
|
| 65 | 65 | $newTime = $currentTime + $expire; |
| 66 | 66 | $token = sha1(uniqid()) . sha1(uniqid()); |
| 67 | - $logger->info('The CSRF informations are listed below: key [' .$key. '], key expire [' .$keyExpire. '], expire time [' .$expire. '], token [' .$token. ']'); |
|
| 67 | + $logger->info('The CSRF informations are listed below: key [' . $key . '], key expire [' . $keyExpire . '], expire time [' . $expire . '], token [' . $token . ']'); |
|
| 68 | 68 | Session::set($keyExpire, $newTime); |
| 69 | 69 | Session::set($key, $token); |
| 70 | 70 | return Session::get($key); |
@@ -75,7 +75,7 @@ discard block |
||
| 75 | 75 | * This method is used to check the CSRF if is valid, not yet expire, etc. |
| 76 | 76 | * @return boolean true if valid, false if not valid |
| 77 | 77 | */ |
| 78 | - public static function validateCSRF(){ |
|
| 78 | + public static function validateCSRF() { |
|
| 79 | 79 | $logger = self::getLogger(); |
| 80 | 80 | $logger->debug('Validation of CSRF ...'); |
| 81 | 81 | |
@@ -83,23 +83,23 @@ discard block |
||
| 83 | 83 | $expire = get_config('csrf_expire', 60); |
| 84 | 84 | $keyExpire = 'csrf_expire'; |
| 85 | 85 | $currentTime = time(); |
| 86 | - $logger->info('The CSRF informations are listed below: key [' .$key. '], key expire [' .$keyExpire. '], expire time [' .$expire. ']'); |
|
| 87 | - if(! Session::exists($key) || Session::get($keyExpire) <= $currentTime){ |
|
| 86 | + $logger->info('The CSRF informations are listed below: key [' . $key . '], key expire [' . $keyExpire . '], expire time [' . $expire . ']'); |
|
| 87 | + if (!Session::exists($key) || Session::get($keyExpire) <= $currentTime) { |
|
| 88 | 88 | $logger->warning('The CSRF session data is not valide'); |
| 89 | 89 | return false; |
| 90 | 90 | } |
| 91 | - else{ |
|
| 91 | + else { |
|
| 92 | 92 | //perform form data |
| 93 | 93 | //need use request->query() for best retrieve |
| 94 | 94 | //super instance |
| 95 | 95 | $obj = & get_instance(); |
| 96 | 96 | $token = $obj->request->query($key); |
| 97 | - if(! $token || $token !== Session::get($key) || Session::get($keyExpire) <= $currentTime){ |
|
| 98 | - $logger->warning('The CSRF data [' .$token. '] is not valide may be attacker do his job'); |
|
| 97 | + if (!$token || $token !== Session::get($key) || Session::get($keyExpire) <= $currentTime) { |
|
| 98 | + $logger->warning('The CSRF data [' . $token . '] is not valide may be attacker do his job'); |
|
| 99 | 99 | return false; |
| 100 | 100 | } |
| 101 | - else{ |
|
| 102 | - $logger->info('The CSRF data [' .$token. '] is valide the form data is safe continue'); |
|
| 101 | + else { |
|
| 102 | + $logger->info('The CSRF data [' . $token . '] is valide the form data is safe continue'); |
|
| 103 | 103 | //remove the token from session |
| 104 | 104 | Session::clear($key); |
| 105 | 105 | Session::clear($keyExpire); |
@@ -111,24 +111,24 @@ discard block |
||
| 111 | 111 | /** |
| 112 | 112 | * This method is used to check the whitelist IP address access |
| 113 | 113 | */ |
| 114 | - public static function checkWhiteListIpAccess(){ |
|
| 114 | + public static function checkWhiteListIpAccess() { |
|
| 115 | 115 | $logger = self::getLogger(); |
| 116 | 116 | $logger->debug('Validation of the IP address access ...'); |
| 117 | 117 | $logger->debug('Check if whitelist IP access is enabled in the configuration ...'); |
| 118 | 118 | $isEnable = get_config('white_list_ip_enable', false); |
| 119 | - if($isEnable){ |
|
| 119 | + if ($isEnable) { |
|
| 120 | 120 | $logger->info('Whitelist IP access is enabled in the configuration'); |
| 121 | 121 | $list = get_config('white_list_ip_addresses', array()); |
| 122 | - if(! empty($list)){ |
|
| 122 | + if (!empty($list)) { |
|
| 123 | 123 | //Can't use Loader::functions() at this time because teh "Loader" library is loader after the security prossessing |
| 124 | 124 | require_once CORE_FUNCTIONS_PATH . 'function_user_agent.php'; |
| 125 | 125 | $ip = get_ip(); |
| 126 | - if((count($list) == 1 && $list[0] == '*') || in_array($ip, $list)){ |
|
| 126 | + if ((count($list) == 1 && $list[0] == '*') || in_array($ip, $list)) { |
|
| 127 | 127 | $logger->info('IP address ' . $ip . ' allowed using the wildcard "*" or the full IP'); |
| 128 | 128 | //wildcard to access all ip address |
| 129 | 129 | return; |
| 130 | 130 | } |
| 131 | - else{ |
|
| 131 | + else { |
|
| 132 | 132 | // go through all whitelisted ips |
| 133 | 133 | foreach ($list as $ipaddr) { |
| 134 | 134 | // find the wild card * in whitelisted ip (f.e. find position in "127.0.*" or "127*") |
@@ -154,7 +154,7 @@ discard block |
||
| 154 | 154 | } |
| 155 | 155 | } |
| 156 | 156 | } |
| 157 | - else{ |
|
| 157 | + else { |
|
| 158 | 158 | $logger->info('Whitelist IP access is not enabled in the configuration, ignore checking'); |
| 159 | 159 | } |
| 160 | 160 | } |
