本文整理汇总了PHP中ESAPI::getAuditor方法的典型用法代码示例。如果您正苦于以下问题:PHP ESAPI::getAuditor方法的具体用法?PHP ESAPI::getAuditor怎么用?PHP ESAPI::getAuditor使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ESAPI
的用法示例。
在下文中一共展示了ESAPI::getAuditor方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __construct
/**
* Encoder constructor.
*
* @param array $_codecs An array of Codec instances which will be used for
* canonicalization.
*
* @return does not return a value.
*/
function __construct($_codecs = null)
{
$this->logger = ESAPI::getAuditor("Encoder");
// initialise codecs
$this->_base64Codec = new Base64Codec();
$this->_cssCodec = new CSSCodec();
$this->_htmlCodec = new HTMLEntityCodec();
$this->_javascriptCodec = new JavaScriptCodec();
$this->_percentCodec = new PercentCodec();
$this->_vbscriptCodec = new VBScriptCodec();
$this->_xmlCodec = new XMLEntityCodec();
// initialise array of codecs for use by canonicalize
if ($_codecs === null) {
array_push($this->_codecs, $this->_htmlCodec);
array_push($this->_codecs, $this->_javascriptCodec);
array_push($this->_codecs, $this->_percentCodec);
// leaving css and vbs codecs out - they eat / and " chars respectively
// array_push($this->_codecs,$this->_cssCodec);
// array_push($this->_codecs,$this->_vbscriptCodec);
} else {
if (!is_array($_codecs)) {
throw new Exception('Invalid Argument. Codec list must be of type ' . 'Array.');
} else {
// check array contains only codec instances
foreach ($_codecs as $codec) {
if ($codec instanceof Codec == false) {
throw new Exception('Invalid Argument. Codec list must ' . 'contain only Codec instances.');
}
}
$this->_codecs = array_merge($this->_codecs, $_codecs);
}
}
}
示例2: __construct
/**
* Instantiates a new intrusion exception.
*
* @param string $userMessage The message displayed to the user
* @param string $logMessage the message logged
*
* @return does not return a value.
*/
public function __construct($userMessage = '', $logMessage = '')
{
parent::__construct($userMessage);
$this->logMessage = $logMessage;
$logger = ESAPI::getAuditor("IntrusionException");
$logger->error(DefaultAuditor::SECURITY, false, "INTRUSION - " . $logMessage);
}
示例3: __construct
/**
* Constructor sets-up the validation rule with a descriptive name for this
* validator, an optional Encoder instance (for canonicalization) and an
* optional whitelist regex pattern to validate the input against prior to
* HTML purification.
* An instance of the HTMLPurifier class is created and stored too.
*
* @param string $typeName descriptive name for this validator.
* @param object $encoder providing canonicalize method.
* @param string $whitelistPattern Whitelist regex.
*
* @return does not return a value.
*/
public function __construct($typeName, $encoder = null, $whitelistPattern = null)
{
parent::__construct($typeName, $encoder);
$this->_auditor = ESAPI::getAuditor('HTMLValidationRule');
try {
$this->_purifier = new HTMLPurifier($this->_basicConfig());
} catch (Exception $e) {
throw new ValidationException('Could not initialize HTMLPurifier.', 'Caught ' . gettype($e) . ' attempting to instantiate HTMLPurifier: ' . $e->getMessage, 'HTMLValidationRule->construct');
}
}
示例4: __construct
/**
* Creates a new instance of EnterpriseSecurityException that includes a
* root cause.
*
* @param string $userMessage The message displayed to the user
* @param string $logMessage the message logged
*/
public function __construct($userMessage = '', $logMessage = '')
{
$cause = 0;
if (empty($userMessage)) {
$userMessage = null;
}
parent::__construct($userMessage);
$this->logMessage = $logMessage;
$this->logger = ESAPI::getAuditor("EnterpriseSecurityException");
if (!ESAPI::getSecurityConfiguration()->getDisableIntrusionDetection()) {
ESAPI::getIntrusionDetector()->addException($this);
}
}
示例5: __construct
/**
* Constructor sets-up the validation rule with a descriptive name for this
* validator, an optional Encoder instance (for canonicalization) and an
* optional whitelist regex pattern to validate the input against prior to
* email address purification.
* An instance of the HTMLPurifier class is created and stored too.
*
* @param string $typeName descriptive name for this validator.
* @param object $encoder object providing canonicalize method.
* @param string $whitelistPattern Whitelist regex.
*
* @return does not return a value.
*/
public function __construct($typeName, $encoder = null, $whitelistPattern = null)
{
parent::__construct($typeName, $encoder);
$this->_auditor = ESAPI::getAuditor("EmailAddressValidationRule");
}
示例6: _logSpecial
/**
* Helper function.
*
* @param string $msg Message to output to the console.
*
* @return does not return a value.
*/
private function _logSpecial($msg)
{
ESAPI::getAuditor('DefaultSecurityConfiguration')->warning(Auditor::SECURITY, false, $msg);
}
示例7: _addString
/**
* _addString is called by addEncodedString or addUnencodedString and adds
* Codec input to the buffer character by character. It also adds some
* backtrace information to the buffer before adding any characters.
*
* @param string $string is a UTF-32 encoded string.
*
* @return null
*/
private function _addString($string)
{
if ($this->_enabled == false || !ESAPI::getAuditor(CD_LOG)->isDebugEnabled() || !$this->_allowRecurse) {
return;
}
// start with some details about the caller
if ($this->_buf === null) {
$caller = null;
try {
$caller = $this->_shortTrace();
} catch (Exception $e) {
$caller = $this->_verb . 'ing';
}
$this->_buf = $caller . ":\n";
}
// add the string, char by char
$len = mb_strlen($string, 'UTF-32');
if ($len == 0) {
$this->_addNormalized('');
return;
}
for ($i = 0; $i < $len; $i++) {
$char = mb_substr($string, $i, 1, 'UTF-32');
$this->_addNormalized($char);
}
}
示例8: __construct
/**
* The constructor stores an instance of Auditor for the purpose of logging.
*/
public function __construct()
{
$this->_auditor = ESAPI::getAuditor('DefaultHTTPUtilities');
$this->_validator = ESAPI::getValidator();
}
示例9: __construct
/**
* Constructor stores an instance of Auditor for logging and initialises the
* storage for events generated for a user.
*
* @return null
*/
function __construct()
{
$this->_auditor = ESAPI::getAuditor('IntrusionDetector');
$this->_userEvents = array();
}
示例10: __construct
/**
* Validator constructor.
*
* @return does not return a value.
*/
public function __construct()
{
$this->_auditor = ESAPI::getAuditor('DefaultValidator');
$this->_encoder = ESAPI::getEncoder();
$this->_fileValidator = new DefaultEncoder(array(new HTMLEntityCodec(), new PercentCodec()));
}
示例11: setCaptcha
/**
* Add a reCaptcha element to the form assuming that:
* o we have an ini file
* o the 'use' options is not set to 'off'
* o the 'use' option is set to 'on', and conditionallyUseCaptcha is not
* false.
*
* @return null
*/
public function setCaptcha()
{
$bs = Zend_Controller_Front::getInstance()->getParam('bootstrap');
$captchaConfigLoc = $bs->getOption('captchaconfigloc');
// return if captcha should not be used.
$captchaConfig = null;
if (!empty($captchaConfigLoc)) {
$captchaConfig = new Zend_Config_Ini($captchaConfigLoc, APPLICATION_ENV, false);
if ($captchaConfig instanceof Zend_Config) {
if (strtolower($captchaConfig->recaptcha->use) == 'on' && $this->_conditionallyUseCaptcha === false || strtolower($captchaConfig->recaptcha->use) == 'off') {
return;
}
} else {
return;
}
} else {
return;
}
// Recaptcha key pairs can be used at a single domain (and subdomains).
// See if there are multiple key pairs (one per domain) and select the
// correct pair. {@see matchDomianName}
$keyConfig = null;
foreach ($captchaConfig->recaptcha as $_ => $keypair) {
if ($_ == 'use') {
continue;
}
if (!isset($keypair->domain)) {
ESAPI::getAuditor('Form_Contact')->error(Auditor::SECURITY, false, 'Misconfiguration in captcha.ini - missing domain name from key pair set - Captcha Not Initialised!');
return;
}
if ($this->_matchDomainName($keypair->domain) === true) {
$keyConfig = $keypair;
break;
}
}
if ($keyConfig instanceof Zend_Config === false) {
ESAPI::getAuditor('Form_Contact')->error(Auditor::SECURITY, false, 'Misconfiguration in captcha.ini - could not find key pairs for this host - Captcha Not Initialised!');
return;
}
$this->addElement(new Zend_Form_Element_Captcha('challenge', array('order' => 750, 'captcha' => 'ReCaptcha', 'captchaOptions' => array('captcha' => 'ReCaptcha', 'service' => new Zend_Service_ReCaptcha($keyConfig->publicKey, $keyConfig->privateKey)))));
}
示例12: elseif
$util->killAllCookies($req);
$view .= '<p>The response should have requested your User Agent to delete your cookies. Let us see if it will honour that request.';
$view .= " <a href=\"{$uri}?req=test2\">click me!</a></p>";
} elseif ($req->getParameter('req') == 'test2') {
$view .= '<p>Cookies received in that request: ';
$view .= ESAPI::getEncoder()->encodeForHTML(print_r($req->getCookies(), true));
$view .= '</p>';
$view .= '<p>';
if ($req->getCookie('testcookie') === null) {
$view .= 'It worked! testcookie was not received in that request.';
} else {
$view .= 'It did not work. testcookie was received in that request.';
}
$view .= '</p>';
$tests['cookie'] .= ' - DONE';
$a = ESAPI::getAuditor('HTTPUtilsExtraTests');
$log = $util->logHTTPRequest($req, $a);
$logO = $util->logHTTPRequestObfuscate($req, $a, array('req'));
$view .= '<p>Please check the ESAPI Auditor logfile for two INFO entries which log that request. The second entry will contain the obfuscated "req" parameter.';
$view .= '</p>';
$tests['log'] .= ' - DONE';
$tests['logo'] .= ' - DONE';
session_destroy();
} else {
$href = $util->addCSRFToken("{$uri}?req=test1");
$view .= '<p>testcookie has been set with a value \'testcookieValue\'. now <a href="';
$view .= $href;
$view .= '">click me</a> to have it deleted. (Please ensure logging is on before you continue!)</p>';
setcookie('testcookie', 'testcookieValue');
}
$view .= '<p>Under Test:</p>';
示例13: isValid
/**
* Validates the POST half of a double submit cookie against the COOKIE half
* and both against string length and character set constraints.
*
* @param string $value The POST half of a double submit cookie from, for
* example a hidden HTML form field.
*
* @return null
*/
public function isValid($value)
{
$auditor = ESAPI::getAuditor('App_Validate_Token');
$canonicalPostToken = ESAPI::getEncoder()->canonicalize($value, false);
$this->_setValue($canonicalPostToken);
$isValid = false;
$v_len = new Zend_Validate_StringLength($this->_expectedLen, $this->_expectedLen);
if ($v_len->isValid($canonicalPostToken) !== true) {
$this->_error(self::POST_BAD_LENGTH);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::POST_BAD_LENGTH]);
return false;
}
$v_regex = new Custom_Validate_Charset($this->_expectedCharset);
if ($v_regex->isValid($canonicalPostToken) !== true) {
$this->_error(self::POST_BAD_CHARSET);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::POST_BAD_CHARSET]);
return false;
}
$controller = Zend_Controller_Front::getInstance();
$req = $controller->getRequest();
$cookieVal = $req->getCookie($this->_cookieName);
$canonicalCookie = ESAPI::getEncoder()->canonicalize($cookieVal, false);
if ($canonicalCookie === null) {
$this->_error(self::MISSING_COOKIE);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::MISSING_COOKIE]);
return false;
}
if ($v_len->isValid($canonicalCookie) !== true) {
$this->_error(self::COOKIE_BAD_LENGTH);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::COOKIE_BAD_LENGTH]);
return false;
}
if ($v_regex->isValid($canonicalCookie) !== true) {
$this->_error(self::COOKIE_BAD_CHARSET);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::COOKIE_BAD_CHARSET]);
return false;
}
$v_identical = new Zend_Validate_Identical($this->_value);
if ($v_identical->isValid($canonicalCookie) !== true) {
$this->_error(self::TOKENS_DIFFER);
$auditor->warning(Auditor::SECURITY, false, $this->_messageTemplates[self::TOKENS_DIFFER]);
return false;
}
return true;
}
示例14: __construct
/**
* Encoder constructor.
*
* @param array $codecs An array of Codec instances which will be used for
* canonicalization.
*
* @throws InvalidArgumentException
*
* @return does not return a value.
*/
public function __construct($codecs = null)
{
$this->logger = ESAPI::getAuditor("Encoder");
// initialise codecs
$this->_base64Codec = new Base64Codec();
$this->_cssCodec = new CSSCodec();
$this->_htmlCodec = new HTMLEntityCodec();
$this->_javascriptCodec = new JavaScriptCodec();
$this->_percentCodec = new PercentCodec();
$this->_vbscriptCodec = new VBScriptCodec();
$this->_xmlCodec = new XMLEntityCodec();
// initialise array of codecs for use by canonicalize
if ($codecs === null) {
array_push($this->_codecs, $this->_htmlCodec);
array_push($this->_codecs, $this->_javascriptCodec);
array_push($this->_codecs, $this->_percentCodec);
// leaving css and vbs codecs out - they eat / and " chars respectively
// array_push($this->_codecs,$this->_cssCodec);
// array_push($this->_codecs,$this->_vbscriptCodec);
} elseif (!is_array($codecs)) {
throw new InvalidArgumentException('Expected the $codecs array parameter to be an array of instances of Codec.');
} else {
// check array contains only codec instances
foreach ($codecs as $codec) {
if ($codec instanceof Codec == false) {
throw new InvalidArgumentException('Expected every member of the $codecs array parameter to be an instance of Codec.');
}
}
$this->_codecs = array_merge($this->_codecs, $codecs);
}
}
示例15: __construct
/**
* SafeRequest can be forced to use the supplied cookies, headers and server
* globals by passing an array containing the following keys: 'cookies',
* 'headers', 'env'. The values for each of the keys should be an associative
* array e.g. 'headers' => array('REQUEST_METHOD' => 'GET').
* If any of the three options keys are not supplied then those elements will be
* extracted from the actual request.
* TODO accept a string like: 'GET / HTTP/1.1\r\nHost:example.com\r\n\r\n'
* TODO accept GET and REQUEST parameters.
*
* @param NULL|array $options Array (optional) of HTTP Request elements.
*/
public function __construct($options = null)
{
$codecs = array(new HTMLEntityCodec(), new PercentCodec());
$this->_encoder = new DefaultEncoder($codecs);
$this->_auditor = ESAPI::getAuditor('SafeRequest');
$this->_validator = ESAPI::getValidator();
if ($options !== null && is_array($options)) {
if (array_key_exists('cookies', $options)) {
$this->_cookies = $this->_validateCookies($options['cookies']);
}
if (array_key_exists('headers', $options)) {
$this->_headers = $this->_validateHeaders($options['headers']);
}
if (array_key_exists('env', $options)) {
$this->_serverGlobals = $this->_canonicalizeServerGlobals($options['env']);
}
}
}