1<?php 2/******************************************************************************* 3** Basic Analysis and Security Engine (BASE) 4** Copyright (C) 2004 BASE Project Team 5** Copyright (C) 2000 Carnegie Mellon University 6** 7** (see the file 'base_main.php' for license details) 8** 9** Project Lead: Kevin Johnson <kjohnson@secureideas.net> 10** Sean Muller <samwise_diver@users.sourceforge.net> 11** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com> 12** 13** Purpose: routines to manipulate shared state (session information) 14******************************************************************************** 15** Authors: 16******************************************************************************** 17** Kevin Johnson <kjohnson@secureideas.net 18** 19******************************************************************************** 20*/ 21/** The below check is to make sure that the conf file has been loaded before this one.... 22 ** This should prevent someone from accessing the page directly. -- Kevin 23 **/ 24defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' ); 25 26/* *********************************************************************** 27 * Function: InitArray() 28 * 29 * @doc Defines an initializes a 1 or 2 dimensional PHP array. 30 * 31 * @param $a (in/out) array to initialize 32 * @param $dim1 number of elements of first dimension 33 * @param $dim2 number of elements of second dimension 34 * @param $value default value 35 * 36 ************************************************************************/ 37function InitArray(&$a, $dim1, $dim2, $value) 38{ 39 $a = ""; 40 /* determine the number of dimensions in the array */ 41 if ( $dim2 == 0 ) /* 1-dim */ 42 for ( $i = 0; $i < $dim1; $i++ ) 43 $a[$i] = $value; 44 else /* 2-dim */ 45 for ( $i = 0; $i < $dim1; $i++ ) 46 for ( $j = 0; $j < $dim2; $j++ ) 47 $a[$i][$j] = $value; 48} 49 50/* *********************************************************************** 51 * Function: RegisterGlobalState() 52 * 53 * @doc Application-specific wrapper for PHP session_start(). It performs 54 * a couple of additional configuration checks (notably for custom 55 * PHP session handlers). 56 * 57 ************************************************************************/ 58function RegisterGlobalState() 59{ 60 /* Deal with user specified session handlers */ 61 if (session_module_name() == "user" ) 62 { 63 if ( $GLOBALS['use_user_session'] != 1 ) 64 { 65 ErrorMessage(_PHPERRORCSESSION); 66 die(); 67 } 68 else if ( $GLOBALS['user_session_path'] != "" ) 69 { 70 if ( is_file($GLOBALS['user_session_path']) ) 71 { 72 include_once($GLOBALS['user_session_path']); 73 if ( $GLOBALS['user_session_function'] != "" ) 74 $GLOBALS['user_session_function'](); 75 } 76 else 77 { 78 ErrorMessage(_PHPERRORCSESSIONCODE); 79 die(); 80 } 81 } 82 else 83 { 84 ErrorMessage(_PHPERRORCSESSIONVAR); 85 die(); 86 } 87 } 88 89 //session_start(); 90 91 if ( $GLOBALS['debug_mode'] > 0 ) 92 echo '<FONT COLOR="#FF0000">'._PHPSESSREG.'</FONT><BR>'; 93} 94 95/* *********************************************************************** 96 * Function: CleanVariable() 97 * 98 * @doc Removes invalid characters/data from a variable based on a 99 * specified mask of acceptable data or a list of explicit values. 100 * 101 * Note: both mask and explicit list can be used a a time 102 * 103 * @param item variable to scrub 104 * @param valid_data mask of valid characters 105 * @param exception array with explicit values to match 106 * 107 * @return a sanitized version of the passed variable 108 * 109 ************************************************************************/ 110function CleanVariable($item, $valid_data, $exception = "") 111{ 112 113 /* Determine whether a variable is set */ 114 if (!isset($item)) 115 return $item; 116 117 118 /* Recursively clean array elements -- nikns */ 119 if (is_array($item)) { 120 foreach ($item as $key => $value) 121 $item[$key] = CleanVariable($value, $valid_data, $exception); 122 return $item; 123 } 124 125 126 /* Check the exception value list first */ 127 if ( $exception != "" && in_array($item, $exception) ) 128 return $item; 129 130 if ( $valid_data == "" ) 131 return $item; 132 133 $regex_mask = ""; 134 135 if ( ($valid_data & VAR_DIGIT) > 0 ) 136 $regex_mask = $regex_mask . "0-9"; 137 138 if ( ($valid_data & VAR_LETTER) > 0 ) 139 $regex_mask = $regex_mask . "A-Za-z"; 140 141 if ( ($valid_data & VAR_ULETTER) > 0 ) 142 $regex_mask = $regex_mask . "A-Z"; 143 144 if ( ($valid_data & VAR_LLETTER) > 0 ) 145 $regex_mask = $regex_mask . "a-z"; 146 147 if ( ($valid_data & VAR_ALPHA) > 0 ) 148 $regex_mask = $regex_mask . "0-9A-Za-z"; 149 150 if ( ($valid_data & VAR_SPACE) > 0 ) 151 $regex_mask = $regex_mask . "\ "; 152 153 if ( ($valid_data & VAR_PERIOD) > 0 ) 154 $regex_mask = $regex_mask . "\."; 155 156 if ( ($valid_data & VAR_FSLASH) > 0 ) 157 $regex_mask = $regex_mask . "\/"; 158 159 if ( ($valid_data & VAR_OPAREN) > 0 ) 160 $regex_mask = $regex_mask . "\("; 161 162 if ( ($valid_data & VAR_CPAREN) > 0 ) 163 $regex_mask = $regex_mask . "\)"; 164 165 if ( ($valid_data & VAR_BOOLEAN) > 0 ) 166 $regex_mask = $regex_mask . "\)"; 167 168 if ( ($valid_data & VAR_OPERATOR) > 0 ) 169 $regex_mask = $regex_mask . "\)"; 170 171 if ( ($valid_data & VAR_USCORE) > 0 ) 172 $regex_mask = $regex_mask . "\_"; 173 174 if ( ($valid_data & VAR_AT) > 0 ) 175 $regex_mask = $regex_mask . "\@"; 176 177 /* Score (\-) always must be at the end of the character class */ 178 if ( ($valid_data & VAR_PUNC) > 0 ) 179 $regex_mask = $regex_mask . "\~\!\#\$\%\^\&\*\_\=\+\:\;\,\.\?\ \(\))\-"; 180 181 if ( ($valid_data & VAR_SCORE) > 0 ) 182 $regex_mask = $regex_mask . "\-"; 183 184 return preg_replace("/[^".$regex_mask."]/", "", $item); 185} 186 187/* *********************************************************************** 188 * Function: SetSessionVar() 189 * 190 * @doc Handles retrieving and updating persistant session (criteria) 191 * data. This routine handles the details of checking for criteria 192 * updates passed through POST/GET and resolving this with values 193 * that may already have been set and stored in the session. 194 * 195 * All criteria variables need invoke this function before they are 196 * used for the first time to extract their previously stored values, 197 * and process potential updates to their value. 198 * 199 * Note: Validation of user input is not performed by this routine. 200 * 201 * @param $var_name name of the persistant session variable to retrieve 202 * 203 * @return the updated value of the persistant session variable named 204 * by $var_name 205 * 206 ************************************************************************/ 207function SetSessionVar($var_name) 208{ 209 if ( isset($_POST[$var_name]) ) 210 { 211 if ( $GLOBALS['debug_mode'] > 0 ) echo "importing POST var '$var_name'<BR>"; 212 return $_POST[$var_name]; 213 } 214 else if ( isset($_GET[$var_name]) ) 215 { 216 if ( $GLOBALS['debug_mode'] > 0 ) echo "importing GET var '$var_name'<BR>"; 217 return $_GET[$var_name]; 218 } 219 else if ( isset($_SESSION[$var_name]) ) 220 { 221 if ( $GLOBALS['debug_mode'] > 0 ) echo "importing SESSION var '$var_name'<BR>"; 222 return $_SESSION[$var_name]; 223 } 224 else 225 return ""; 226} 227 228/* *********************************************************************** 229 * Function: ImportHTTPVar() 230 * 231 * @doc Handles retrieving temporary state variables needed to present a 232 * given set of results (e.g., sort order, current record). The 233 * values of these variables are never persistantly stored. Rather, 234 * they are passed as HTTP POST and GET parameters. 235 * 236 * All temporary variables need invoke this function before they are 237 * used for the first time to extract their value. 238 * 239 * Optionally, sanitization parameters can be set, ala CleanVariable() 240 * syntax to validate the user input. 241 * 242 * @param $var_name name of the temporary state variable to retrieve 243 * @param $valid_data (optional) list of valid character types 244 * (see CleanVariable) 245 * @param $exception (optional) array of explicit values the imported 246 * variable must be set to 247 * 248 * @see CleanVariable 249 * 250 * @return the sanitized value of the temporary state variable named 251 * by $var_name 252 * 253 ************************************************************************/ 254function ImportHTTPVar($var_name, $valid_data = "", $exception = "") 255{ 256 $tmp = ""; 257 258 if ( isset($_POST[$var_name]) ) 259 { 260 //if ( $debug_mode > 0 ) echo "importing POST var '$var_name'<BR>"; 261 $tmp = $_POST[$var_name]; 262 } 263 else if ( isset($_GET[$var_name]) ) 264 { 265 //if ( $debug_mode > 0 ) echo "importing GET var '$var_name'<BR>"; 266 $tmp = $_GET[$var_name]; 267 } 268 else 269 $tmp = ""; 270 271 return CleanVariable($tmp, $valid_data, $exception); 272} 273 274/* *********************************************************************** 275 * Function: ExportHTTPVar() 276 * 277 * @doc Handles export of a temporary state variables needed to present a 278 * given set of results (e.g., sort order, current record). This 279 * routine creates a hidden HTML form variable. 280 * 281 * Note: The user is responsible for generating the appropriate HTML 282 * form code. 283 * 284 * Security Note: Only, temporary variables should make use of this 285 * function. These values are exposed in HTML to the 286 * user; he is free to modify them. 287 * 288 * @param $var_name name of the temporary state variable to export 289 * @param $var_value value of the temporary state variable 290 * 291 * @see ImportHTTPVar 292 * 293 ************************************************************************/ 294function ExportHTTPVar ($var_name, $var_value) 295{ 296 echo "<INPUT TYPE=\"hidden\" NAME=\"$var_name\" VALUE=\"$var_value\">\n"; 297} 298 299/* *********************************************************************** 300 * Function: filterSql() 301 * 302 * @doc Filters the input string so that it can be safely used in SQL queries. 303 * 304 * @param $item value of the variable to filter 305 * @param $force_alert_db (default 0 - use current db) 306 * 307 * 308 ************************************************************************/ 309function filterSql ($item, $force_alert_db=0) 310{ 311 GLOBAL $DBlib_path, $DBtype, $db_connect_method, $alert_dbname, 312 $alert_host, $alert_port, $alert_user, $alert_password; 313 314 /* Determine whether a variable is set */ 315 if (!isset($item)) 316 return $item; 317 318 /* Recursively filter array elements -- nikns */ 319 if (is_array($item)) { 320 for ($i = 0; $i < count($item); $i++) 321 $item[$i] = XSSPrintSafe($item[$i]); 322 return $item; 323 } 324 325 $db = NewBASEDBConnection($DBlib_path, $DBtype); 326 $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, 327 $alert_port, $alert_user, $alert_password, $force_alert_db); 328 329 /* magic_quotes_gpc safe adodb qmagic() returns escaped $item in quotes */ 330 $item = $db->DB->qmagic($item); 331 $db->baseClose(); 332 333 /* cut off first and last character (quotes added by qmagic()) */ 334 $item = substr($item, 1, strlen($item)-2); 335 336 return $item; 337 338} 339 340/* *********************************************************************** 341 * Function: XSSPrintSafe() 342 * 343 * @doc Converts unsafe html special characters to printing safe 344 * equivalents so we can safetly print them. 345 * 346 ************************************************************************/ 347function XSSPrintSafe($item) 348{ 349 350 /* Determine whether a variable is set */ 351 if (!isset($item)) 352 return $item; 353 354 /* Recursively convert array elements -- nikns */ 355 if (is_array($item)) { 356 for ($i = 0; $i < count($item); $i++) 357 $item[$i] = XSSPrintSafe($item[$i]); 358 return $item; 359 } 360 361 return htmlspecialchars($item); 362} 363 364?> 365