Chargement en cours config/ecran_securite.php +402 −312 Numéro de ligne d'origine Numéro de ligne de diff Ligne de diff Chargement en cours @@ -14,8 +14,9 @@ define('_ECRAN_SECURITE', '1.3.13'); // 2019-12-04 /* * Test utilisateur */ if (isset($_GET['test_ecran_securite'])) if (isset($_GET['test_ecran_securite'])) { $ecran_securite_raison = 'test ' . _ECRAN_SECURITE; } /* * Monitoring Chargement en cours @@ -31,9 +32,11 @@ if (!defined('_IS_BOT') and isset($_GET['var_isbot'])){ * Détecteur de robot d'indexation */ if (!defined('_IS_BOT')) { define('_IS_BOT', define( '_IS_BOT', isset($_SERVER['HTTP_USER_AGENT']) and preg_match(',' and preg_match( ',' . implode('|', array( // mots generiques 'bot', Chargement en cours Chargement en cours @@ -220,18 +223,22 @@ if (!defined('_IS_BOT')){ 'yeti', 'zeerch' )) . ',i', (string)$_SERVER['HTTP_USER_AGENT']) (string)$_SERVER['HTTP_USER_AGENT'] ) ); } if (!defined('_IS_BOT_FRIEND')) { define('_IS_BOT_FRIEND', define( '_IS_BOT_FRIEND', isset($_SERVER['HTTP_USER_AGENT']) and preg_match(',' . implode ('|', array( and preg_match( ',' . implode('|', array( 'facebookexternalhit', 'flipboardproxy', 'wordpress' )) . ',i', (string)$_SERVER['HTTP_USER_AGENT']) (string)$_SERVER['HTTP_USER_AGENT'] ) ); } Chargement en cours @@ -243,18 +250,30 @@ if (!defined('_IS_BOT_FRIEND')){ * (id_base est une variable de la config des widgets de WordPress) */ $_exceptions = array('id_table', 'id_base', 'id_parent', 'id_article_pdf'); foreach ($_GET as $var => $val) if ($_GET[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions)) foreach ($_GET as $var => $val) { if ( $_GET[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions) ) { $_GET[$var] = is_array($_GET[$var]) ? @array_map('intval', $_GET[$var]) : intval($_GET[$var]); foreach ($_POST as $var => $val) if ($_POST[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions)) } } foreach ($_POST as $var => $val) { if ( $_POST[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions) ) { $_POST[$var] = is_array($_POST[$var]) ? @array_map('intval', $_POST[$var]) : intval($_POST[$var]); foreach ($GLOBALS as $var => $val) if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions)) } } foreach ($GLOBALS as $var => $val) { if ( $GLOBALS[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions) ) { $GLOBALS[$var] = is_array($GLOBALS[$var]) ? @array_map('intval', $GLOBALS[$var]) : intval($GLOBALS[$var]); } } /* * Interdit la variable $cjpeg_command, qui était utilisée sans Chargement en cours @@ -266,11 +285,13 @@ $cjpeg_command = ''; * Contrôle de quelques variables (XSS) */ foreach (array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { if (isset($_GET[$var])) if (isset($_GET[$var])) { $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); if (isset($_POST[$var])) } if (isset($_POST[$var])) { $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); } } /* * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) Chargement en cours @@ -284,47 +305,75 @@ if (isset($_SERVER['REQUEST_URI'])) { /* * Pas d'inscription abusive */ if (isset($_REQUEST['mode']) and isset($_REQUEST['page']) if ( isset($_REQUEST['mode']) and isset($_REQUEST['page']) and !in_array($_REQUEST['mode'], array("6forum", "1comite")) and $_REQUEST['page'] == "identifiants") and $_REQUEST['page'] == "identifiants" ) { $ecran_securite_raison = "identifiants"; } /* * Agenda joue à l'injection php */ if (isset($_REQUEST['partie_cal']) and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) if ( isset($_REQUEST['partie_cal']) and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal']) ) { $ecran_securite_raison = "partie_cal"; if (isset($_REQUEST['echelle']) and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) } if ( isset($_REQUEST['echelle']) and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle']) ) { $ecran_securite_raison = "echelle"; } /* * Espace privé */ if (isset($_REQUEST['exec']) and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) if ( isset($_REQUEST['exec']) and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec']) ) { $ecran_securite_raison = "exec"; if (isset($_REQUEST['cherche_auteur']) and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) } if ( isset($_REQUEST['cherche_auteur']) and preg_match(',[<],', (string)$_REQUEST['cherche_auteur']) ) { $ecran_securite_raison = "cherche_auteur"; if (isset($_REQUEST['exec']) } if ( isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'auteurs' and preg_match(',[<],', (string)$_REQUEST['recherche'])) and preg_match(',[<],', (string)$_REQUEST['recherche']) ) { $ecran_securite_raison = "recherche"; if (isset($_REQUEST['exec']) } if ( isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'info_plugin' and preg_match(',[<],', (string)$_REQUEST['plugin'])) and preg_match(',[<],', (string)$_REQUEST['plugin']) ) { $ecran_securite_raison = "plugin"; if (isset($_REQUEST['exec']) } if ( isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'puce_statut' and isset($_REQUEST['id']) and !intval($_REQUEST['id'])) and !intval($_REQUEST['id']) ) { $ecran_securite_raison = "puce_statut"; if (isset($_REQUEST['action']) and $_REQUEST['action'] == 'configurer') { if (@file_exists('inc_version.php') or @file_exists('ecrire/inc_version.php')) { } if ( isset($_REQUEST['action']) and $_REQUEST['action'] == 'configurer' ) { if ( @file_exists('inc_version.php') or @file_exists('ecrire/inc_version.php') ) { function action_configurer() { include_spip('inc/autoriser'); if (!autoriser('configurer', _request('configuration'))) { Chargement en cours @@ -337,10 +386,12 @@ and $_REQUEST['action'] == 'configurer') { } } } if (isset($_REQUEST['action']) if ( isset($_REQUEST['action']) and $_REQUEST['action'] == 'ordonner_liens_documents' and isset($_REQUEST['ordre']) and is_string($_REQUEST['ordre'])){ and is_string($_REQUEST['ordre']) ) { $ecran_securite_raison = "ordre a la chaine"; } Chargement en cours @@ -349,59 +400,74 @@ and is_string($_REQUEST['ordre'])){ * Bloque les requêtes contenant %00 (manipulation d'include) */ if (strpos( (function_exists('get_magic_quotes_gpc') and @get_magic_quotes_gpc()) ? stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), (function_exists('get_magic_quotes_gpc') and @get_magic_quotes_gpc()) ? stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), chr(0) ) !== false) ) !== false) { $ecran_securite_raison = "%00"; } /* * Bloque les requêtes fond=formulaire_ */ if (isset($_REQUEST['fond']) and preg_match(',^formulaire_,i', $_REQUEST['fond'])) if ( isset($_REQUEST['fond']) and preg_match(',^formulaire_,i', $_REQUEST['fond']) ) { $ecran_securite_raison = "fond=formulaire_"; } /* * Bloque les requêtes du type ?GLOBALS[type_urls]=toto (bug vieux php) */ if (isset($_REQUEST['GLOBALS'])) if (isset($_REQUEST['GLOBALS'])) { $ecran_securite_raison = "GLOBALS[GLOBALS]"; } /* * Bloque les requêtes des bots sur: * les agenda * les paginations entremélées */ if (_IS_BOT and ( if (_IS_BOT) { if ( (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) or (isset($_REQUEST['calendrier_annee']) and strpos((string)$_SERVER['REQUEST_URI'], 'debut_')) or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string)$_SERVER['REQUEST_URI'])) ) ) ) { $ecran_securite_raison = "robot agenda/double pagination"; } } /* * Bloque une vieille page de tests de CFG (<1.11) * Bloque un XSS sur une page inexistante */ if (isset($_REQUEST['page'])) { if ($_REQUEST['page'] == 'test_cfg') if ($_REQUEST['page'] == 'test_cfg') { $ecran_securite_raison = "test_cfg"; if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) } if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) { $ecran_securite_raison = "xsspage"; if ($_REQUEST['page'] == '404' and isset($_REQUEST['erreur'])) } if ( $_REQUEST['page'] == '404' and isset($_REQUEST['erreur']) ) { $ecran_securite_raison = "xss404"; } } /* * XSS par array */ foreach (array('var_login') as $var) if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) foreach (array('var_login') as $var) { if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) { $ecran_securite_raison = "xss " . $var; } } /* * Parade antivirale contre un cheval de troie Chargement en cours @@ -411,28 +477,33 @@ if (!function_exists('tmp_lkojfghx')) { function tmp_lkojfghx2($a = 0, $b = 0, $c = 0, $d = 0) { // si jamais on est arrivé ici sur une erreur php // et qu'un autre gestionnaire d'erreur est défini, l'appeller if ($b && $GLOBALS['tmp_xhgfjokl']) if ($b && $GLOBALS['tmp_xhgfjokl']) { call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); } } if (isset($_POST['tmp_lkojfghx3'])) } if (isset($_POST['tmp_lkojfghx3'])) { $ecran_securite_raison = "gumblar"; } /* * Outils XML mal sécurisés < 2.0.9 */ if (isset($_REQUEST['transformer_xml'])) if (isset($_REQUEST['transformer_xml'])) { $ecran_securite_raison = "transformer_xml"; } /* * Outils XML mal sécurisés again */ if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'valider_xml') { $url = trim($_REQUEST['var_url']); if (strncmp($url,'/',1)==0 or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false) or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false) or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) { if ( strncmp($url, '/', 1) == 0 or (($p = strpos($url, '..')) !== false and strpos($url, '..', $p + 3) !== false) or (($p = strpos($url, '..')) !== false and strpos($url, 'IMG', $p + 3) !== false) or (strpos($url, '://') !== false or strpos($url, ':\\') !== false) ) { $ecran_securite_raison = 'URL interdite pour var_url'; } } Chargement en cours @@ -440,32 +511,44 @@ if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['ex /* * Sauvegarde mal securisée < 2.0.9 */ if (isset($_REQUEST['nom_sauvegarde']) and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) if ( isset($_REQUEST['nom_sauvegarde']) and strstr((string)$_REQUEST['nom_sauvegarde'], '/') ) { $ecran_securite_raison = 'nom_sauvegarde manipulee'; if (isset($_REQUEST['znom_sauvegarde']) and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) } if ( isset($_REQUEST['znom_sauvegarde']) and strstr((string)$_REQUEST['znom_sauvegarde'], '/') ) { $ecran_securite_raison = 'znom_sauvegarde manipulee'; } /* * op permet des inclusions arbitraires ; * on vérifie 'page' pour ne pas bloquer ... drupal */ if (isset($_REQUEST['op']) and isset($_REQUEST['page']) and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op'])) if ( isset($_REQUEST['op']) and isset($_REQUEST['page']) and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op']) ) { $ecran_securite_raison = 'op'; } /* * Forms & Table ne se méfiait pas assez des uploads de fichiers */ if (count($_FILES)) { foreach ($_FILES as $k => $v) { if (preg_match(',^fichier_\d+$,', $k) and preg_match(',\.php,i', $v['name'])) if ( preg_match(',^fichier_\d+$,', $k) and preg_match(',\.php,i', $v['name']) ) { unset($_FILES[$k]); } } } /* * et Contact trop laxiste avec une variable externe * on bloque pas le post pour eviter de perdre des donnees mais on unset la variable et c'est tout Chargement en cours @@ -479,9 +562,12 @@ if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom'] /* * reinstall=oui un peu trop permissif */ if (isset($_REQUEST['reinstall']) and $_REQUEST['reinstall'] == 'oui') if ( isset($_REQUEST['reinstall']) and $_REQUEST['reinstall'] == 'oui' ) { $ecran_securite_raison = 'reinstall=oui'; } /* * Pas d'action pendant l'install Chargement en cours @@ -493,24 +579,27 @@ if (isset($_REQUEST['exec']) and $_REQUEST['exec'] === 'install' and isset($_REQ /* * Échappement xss referer */ if (isset($_SERVER['HTTP_REFERER'])) if (isset($_SERVER['HTTP_REFERER'])) { $_SERVER['HTTP_REFERER'] = strtr($_SERVER['HTTP_REFERER'], '<>"\'', '[]##'); } /* * Echappement HTTP_X_FORWARDED_HOST */ if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { $_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________'); } /* * Pas d'erreur dans l'erreur */ if (isset($_REQUEST['var_erreur']) and isset($_REQUEST['page']) and $_REQUEST['page'] === 'login') { if (strlen($_REQUEST['var_erreur']) !== strcspn($_REQUEST['var_erreur'], '<>')) if (strlen($_REQUEST['var_erreur']) !== strcspn($_REQUEST['var_erreur'], '<>')) { $ecran_securite_raison = 'var_erreur incorrecte'; } } /* Chargement en cours @@ -521,21 +610,24 @@ if ( or isset($_REQUEST['var_memotri']) ) { $zzzz = implode("", array_keys($_REQUEST)); if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) { $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; } } /* * Injection par connect */ if (isset($_REQUEST['connect']) and if ( isset($_REQUEST['connect']) // cas qui permettent de sortir d'un commentaire PHP (strpos($_REQUEST['connect'], "?") !== false and ( strpos($_REQUEST['connect'], "?") !== false or strpos($_REQUEST['connect'], "<") !== false or strpos($_REQUEST['connect'], ">") !== false or strpos($_REQUEST['connect'], "\n") !== false or strpos($_REQUEST['connect'], "\r") !== false) or strpos($_REQUEST['connect'], "\r") !== false ) ) { $ecran_securite_raison = "malformed connect argument"; } Chargement en cours Chargement en cours @@ -572,8 +664,9 @@ if (!function_exists('filtre_filtrer_entites_dist')) { /* * Bloque les bots quand le load déborde */ if (!defined('_ECRAN_SECURITE_LOAD')) if (!defined('_ECRAN_SECURITE_LOAD')) { define('_ECRAN_SECURITE_LOAD', 4); } if ( defined('_ECRAN_SECURITE_LOAD') Chargement en cours @@ -585,13 +678,11 @@ if ( (function_exists('sys_getloadavg') and $load = sys_getloadavg() and is_array($load) and $load = array_shift($load) ) and $load = array_shift($load)) or (@is_readable('/proc/loadavg') and $load = file_get_contents('/proc/loadavg') and $load = floatval($load) ) and $load = floatval($load)) ) and $load > _ECRAN_SECURITE_LOAD // eviter l'evaluation suivante si de toute facon le load est inferieur a la limite and rand(0, $load * $load) > _ECRAN_SECURITE_LOAD * _ECRAN_SECURITE_LOAD Chargement en cours @@ -605,4 +696,3 @@ if ( header("Content-Type: text/html"); die("<html><title>Status 429: Too Many Requests</title><body><h1>Status 429</h1><p>Too Many Requests (try again soon)</p></body></html>"); } Chargement en cours
config/ecran_securite.php +402 −312 Numéro de ligne d'origine Numéro de ligne de diff Ligne de diff Chargement en cours @@ -14,8 +14,9 @@ define('_ECRAN_SECURITE', '1.3.13'); // 2019-12-04 /* * Test utilisateur */ if (isset($_GET['test_ecran_securite'])) if (isset($_GET['test_ecran_securite'])) { $ecran_securite_raison = 'test ' . _ECRAN_SECURITE; } /* * Monitoring Chargement en cours @@ -31,9 +32,11 @@ if (!defined('_IS_BOT') and isset($_GET['var_isbot'])){ * Détecteur de robot d'indexation */ if (!defined('_IS_BOT')) { define('_IS_BOT', define( '_IS_BOT', isset($_SERVER['HTTP_USER_AGENT']) and preg_match(',' and preg_match( ',' . implode('|', array( // mots generiques 'bot', Chargement en cours Chargement en cours @@ -220,18 +223,22 @@ if (!defined('_IS_BOT')){ 'yeti', 'zeerch' )) . ',i', (string)$_SERVER['HTTP_USER_AGENT']) (string)$_SERVER['HTTP_USER_AGENT'] ) ); } if (!defined('_IS_BOT_FRIEND')) { define('_IS_BOT_FRIEND', define( '_IS_BOT_FRIEND', isset($_SERVER['HTTP_USER_AGENT']) and preg_match(',' . implode ('|', array( and preg_match( ',' . implode('|', array( 'facebookexternalhit', 'flipboardproxy', 'wordpress' )) . ',i', (string)$_SERVER['HTTP_USER_AGENT']) (string)$_SERVER['HTTP_USER_AGENT'] ) ); } Chargement en cours @@ -243,18 +250,30 @@ if (!defined('_IS_BOT_FRIEND')){ * (id_base est une variable de la config des widgets de WordPress) */ $_exceptions = array('id_table', 'id_base', 'id_parent', 'id_article_pdf'); foreach ($_GET as $var => $val) if ($_GET[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions)) foreach ($_GET as $var => $val) { if ( $_GET[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions) ) { $_GET[$var] = is_array($_GET[$var]) ? @array_map('intval', $_GET[$var]) : intval($_GET[$var]); foreach ($_POST as $var => $val) if ($_POST[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions)) } } foreach ($_POST as $var => $val) { if ( $_POST[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions) ) { $_POST[$var] = is_array($_POST[$var]) ? @array_map('intval', $_POST[$var]) : intval($_POST[$var]); foreach ($GLOBALS as $var => $val) if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions)) } } foreach ($GLOBALS as $var => $val) { if ( $GLOBALS[$var] and strncmp($var, "id_", 3) == 0 and !in_array($var, $_exceptions) ) { $GLOBALS[$var] = is_array($GLOBALS[$var]) ? @array_map('intval', $GLOBALS[$var]) : intval($GLOBALS[$var]); } } /* * Interdit la variable $cjpeg_command, qui était utilisée sans Chargement en cours @@ -266,11 +285,13 @@ $cjpeg_command = ''; * Contrôle de quelques variables (XSS) */ foreach (array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { if (isset($_GET[$var])) if (isset($_GET[$var])) { $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); if (isset($_POST[$var])) } if (isset($_POST[$var])) { $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); } } /* * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) Chargement en cours @@ -284,47 +305,75 @@ if (isset($_SERVER['REQUEST_URI'])) { /* * Pas d'inscription abusive */ if (isset($_REQUEST['mode']) and isset($_REQUEST['page']) if ( isset($_REQUEST['mode']) and isset($_REQUEST['page']) and !in_array($_REQUEST['mode'], array("6forum", "1comite")) and $_REQUEST['page'] == "identifiants") and $_REQUEST['page'] == "identifiants" ) { $ecran_securite_raison = "identifiants"; } /* * Agenda joue à l'injection php */ if (isset($_REQUEST['partie_cal']) and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) if ( isset($_REQUEST['partie_cal']) and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal']) ) { $ecran_securite_raison = "partie_cal"; if (isset($_REQUEST['echelle']) and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) } if ( isset($_REQUEST['echelle']) and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle']) ) { $ecran_securite_raison = "echelle"; } /* * Espace privé */ if (isset($_REQUEST['exec']) and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) if ( isset($_REQUEST['exec']) and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec']) ) { $ecran_securite_raison = "exec"; if (isset($_REQUEST['cherche_auteur']) and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) } if ( isset($_REQUEST['cherche_auteur']) and preg_match(',[<],', (string)$_REQUEST['cherche_auteur']) ) { $ecran_securite_raison = "cherche_auteur"; if (isset($_REQUEST['exec']) } if ( isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'auteurs' and preg_match(',[<],', (string)$_REQUEST['recherche'])) and preg_match(',[<],', (string)$_REQUEST['recherche']) ) { $ecran_securite_raison = "recherche"; if (isset($_REQUEST['exec']) } if ( isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'info_plugin' and preg_match(',[<],', (string)$_REQUEST['plugin'])) and preg_match(',[<],', (string)$_REQUEST['plugin']) ) { $ecran_securite_raison = "plugin"; if (isset($_REQUEST['exec']) } if ( isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'puce_statut' and isset($_REQUEST['id']) and !intval($_REQUEST['id'])) and !intval($_REQUEST['id']) ) { $ecran_securite_raison = "puce_statut"; if (isset($_REQUEST['action']) and $_REQUEST['action'] == 'configurer') { if (@file_exists('inc_version.php') or @file_exists('ecrire/inc_version.php')) { } if ( isset($_REQUEST['action']) and $_REQUEST['action'] == 'configurer' ) { if ( @file_exists('inc_version.php') or @file_exists('ecrire/inc_version.php') ) { function action_configurer() { include_spip('inc/autoriser'); if (!autoriser('configurer', _request('configuration'))) { Chargement en cours @@ -337,10 +386,12 @@ and $_REQUEST['action'] == 'configurer') { } } } if (isset($_REQUEST['action']) if ( isset($_REQUEST['action']) and $_REQUEST['action'] == 'ordonner_liens_documents' and isset($_REQUEST['ordre']) and is_string($_REQUEST['ordre'])){ and is_string($_REQUEST['ordre']) ) { $ecran_securite_raison = "ordre a la chaine"; } Chargement en cours @@ -349,59 +400,74 @@ and is_string($_REQUEST['ordre'])){ * Bloque les requêtes contenant %00 (manipulation d'include) */ if (strpos( (function_exists('get_magic_quotes_gpc') and @get_magic_quotes_gpc()) ? stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), (function_exists('get_magic_quotes_gpc') and @get_magic_quotes_gpc()) ? stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), chr(0) ) !== false) ) !== false) { $ecran_securite_raison = "%00"; } /* * Bloque les requêtes fond=formulaire_ */ if (isset($_REQUEST['fond']) and preg_match(',^formulaire_,i', $_REQUEST['fond'])) if ( isset($_REQUEST['fond']) and preg_match(',^formulaire_,i', $_REQUEST['fond']) ) { $ecran_securite_raison = "fond=formulaire_"; } /* * Bloque les requêtes du type ?GLOBALS[type_urls]=toto (bug vieux php) */ if (isset($_REQUEST['GLOBALS'])) if (isset($_REQUEST['GLOBALS'])) { $ecran_securite_raison = "GLOBALS[GLOBALS]"; } /* * Bloque les requêtes des bots sur: * les agenda * les paginations entremélées */ if (_IS_BOT and ( if (_IS_BOT) { if ( (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) or (isset($_REQUEST['calendrier_annee']) and strpos((string)$_SERVER['REQUEST_URI'], 'debut_')) or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string)$_SERVER['REQUEST_URI'])) ) ) ) { $ecran_securite_raison = "robot agenda/double pagination"; } } /* * Bloque une vieille page de tests de CFG (<1.11) * Bloque un XSS sur une page inexistante */ if (isset($_REQUEST['page'])) { if ($_REQUEST['page'] == 'test_cfg') if ($_REQUEST['page'] == 'test_cfg') { $ecran_securite_raison = "test_cfg"; if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) } if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) { $ecran_securite_raison = "xsspage"; if ($_REQUEST['page'] == '404' and isset($_REQUEST['erreur'])) } if ( $_REQUEST['page'] == '404' and isset($_REQUEST['erreur']) ) { $ecran_securite_raison = "xss404"; } } /* * XSS par array */ foreach (array('var_login') as $var) if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) foreach (array('var_login') as $var) { if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) { $ecran_securite_raison = "xss " . $var; } } /* * Parade antivirale contre un cheval de troie Chargement en cours @@ -411,28 +477,33 @@ if (!function_exists('tmp_lkojfghx')) { function tmp_lkojfghx2($a = 0, $b = 0, $c = 0, $d = 0) { // si jamais on est arrivé ici sur une erreur php // et qu'un autre gestionnaire d'erreur est défini, l'appeller if ($b && $GLOBALS['tmp_xhgfjokl']) if ($b && $GLOBALS['tmp_xhgfjokl']) { call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); } } if (isset($_POST['tmp_lkojfghx3'])) } if (isset($_POST['tmp_lkojfghx3'])) { $ecran_securite_raison = "gumblar"; } /* * Outils XML mal sécurisés < 2.0.9 */ if (isset($_REQUEST['transformer_xml'])) if (isset($_REQUEST['transformer_xml'])) { $ecran_securite_raison = "transformer_xml"; } /* * Outils XML mal sécurisés again */ if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'valider_xml') { $url = trim($_REQUEST['var_url']); if (strncmp($url,'/',1)==0 or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false) or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false) or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) { if ( strncmp($url, '/', 1) == 0 or (($p = strpos($url, '..')) !== false and strpos($url, '..', $p + 3) !== false) or (($p = strpos($url, '..')) !== false and strpos($url, 'IMG', $p + 3) !== false) or (strpos($url, '://') !== false or strpos($url, ':\\') !== false) ) { $ecran_securite_raison = 'URL interdite pour var_url'; } } Chargement en cours @@ -440,32 +511,44 @@ if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['ex /* * Sauvegarde mal securisée < 2.0.9 */ if (isset($_REQUEST['nom_sauvegarde']) and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) if ( isset($_REQUEST['nom_sauvegarde']) and strstr((string)$_REQUEST['nom_sauvegarde'], '/') ) { $ecran_securite_raison = 'nom_sauvegarde manipulee'; if (isset($_REQUEST['znom_sauvegarde']) and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) } if ( isset($_REQUEST['znom_sauvegarde']) and strstr((string)$_REQUEST['znom_sauvegarde'], '/') ) { $ecran_securite_raison = 'znom_sauvegarde manipulee'; } /* * op permet des inclusions arbitraires ; * on vérifie 'page' pour ne pas bloquer ... drupal */ if (isset($_REQUEST['op']) and isset($_REQUEST['page']) and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op'])) if ( isset($_REQUEST['op']) and isset($_REQUEST['page']) and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op']) ) { $ecran_securite_raison = 'op'; } /* * Forms & Table ne se méfiait pas assez des uploads de fichiers */ if (count($_FILES)) { foreach ($_FILES as $k => $v) { if (preg_match(',^fichier_\d+$,', $k) and preg_match(',\.php,i', $v['name'])) if ( preg_match(',^fichier_\d+$,', $k) and preg_match(',\.php,i', $v['name']) ) { unset($_FILES[$k]); } } } /* * et Contact trop laxiste avec une variable externe * on bloque pas le post pour eviter de perdre des donnees mais on unset la variable et c'est tout Chargement en cours @@ -479,9 +562,12 @@ if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom'] /* * reinstall=oui un peu trop permissif */ if (isset($_REQUEST['reinstall']) and $_REQUEST['reinstall'] == 'oui') if ( isset($_REQUEST['reinstall']) and $_REQUEST['reinstall'] == 'oui' ) { $ecran_securite_raison = 'reinstall=oui'; } /* * Pas d'action pendant l'install Chargement en cours @@ -493,24 +579,27 @@ if (isset($_REQUEST['exec']) and $_REQUEST['exec'] === 'install' and isset($_REQ /* * Échappement xss referer */ if (isset($_SERVER['HTTP_REFERER'])) if (isset($_SERVER['HTTP_REFERER'])) { $_SERVER['HTTP_REFERER'] = strtr($_SERVER['HTTP_REFERER'], '<>"\'', '[]##'); } /* * Echappement HTTP_X_FORWARDED_HOST */ if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { $_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________'); } /* * Pas d'erreur dans l'erreur */ if (isset($_REQUEST['var_erreur']) and isset($_REQUEST['page']) and $_REQUEST['page'] === 'login') { if (strlen($_REQUEST['var_erreur']) !== strcspn($_REQUEST['var_erreur'], '<>')) if (strlen($_REQUEST['var_erreur']) !== strcspn($_REQUEST['var_erreur'], '<>')) { $ecran_securite_raison = 'var_erreur incorrecte'; } } /* Chargement en cours @@ -521,21 +610,24 @@ if ( or isset($_REQUEST['var_memotri']) ) { $zzzz = implode("", array_keys($_REQUEST)); if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) { $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; } } /* * Injection par connect */ if (isset($_REQUEST['connect']) and if ( isset($_REQUEST['connect']) // cas qui permettent de sortir d'un commentaire PHP (strpos($_REQUEST['connect'], "?") !== false and ( strpos($_REQUEST['connect'], "?") !== false or strpos($_REQUEST['connect'], "<") !== false or strpos($_REQUEST['connect'], ">") !== false or strpos($_REQUEST['connect'], "\n") !== false or strpos($_REQUEST['connect'], "\r") !== false) or strpos($_REQUEST['connect'], "\r") !== false ) ) { $ecran_securite_raison = "malformed connect argument"; } Chargement en cours Chargement en cours @@ -572,8 +664,9 @@ if (!function_exists('filtre_filtrer_entites_dist')) { /* * Bloque les bots quand le load déborde */ if (!defined('_ECRAN_SECURITE_LOAD')) if (!defined('_ECRAN_SECURITE_LOAD')) { define('_ECRAN_SECURITE_LOAD', 4); } if ( defined('_ECRAN_SECURITE_LOAD') Chargement en cours @@ -585,13 +678,11 @@ if ( (function_exists('sys_getloadavg') and $load = sys_getloadavg() and is_array($load) and $load = array_shift($load) ) and $load = array_shift($load)) or (@is_readable('/proc/loadavg') and $load = file_get_contents('/proc/loadavg') and $load = floatval($load) ) and $load = floatval($load)) ) and $load > _ECRAN_SECURITE_LOAD // eviter l'evaluation suivante si de toute facon le load est inferieur a la limite and rand(0, $load * $load) > _ECRAN_SECURITE_LOAD * _ECRAN_SECURITE_LOAD Chargement en cours @@ -605,4 +696,3 @@ if ( header("Content-Type: text/html"); die("<html><title>Status 429: Too Many Requests</title><body><h1>Status 429</h1><p>Too Many Requests (try again soon)</p></body></html>"); }
