Not signed in (Sign In)

  • Subscribe

    • Feed

PHPIDS usage: exceptions with regex

Bottom of Page

1 to 5 of 5

  1.  
    • CommentAuthornarcanti
    • CommentTimeNov 23rd 2009
     
    Hi, great work so far.
    I'm using Wordpress which generates some cookies with urlencoded content in the value triggering the phpids (like "m0%3Dc%26m1%3Dc%26m2%3Dc%26m3%3Dc%26m4%3Dc%26m5%3Do%26m6%3Dc%26m7%3Dc%26m8%3Do%26m9%3Do"). Since the generated cookies have usually a name in the form "wp-settings-xxx" I would like to include the exception "wp-settings-*" or even "wp-settings-\d+" to my config.
    There is no documentation about such a possibility and a look into the code shows up, that the exceptions are string compared:
    // check if this field is part of the exceptions
    if (is_array($this->exceptions)
    && in_array($key, $this->exceptions, true)) {
    return false;
    }

    So is it possible to extend this code to support regexes in the exceptions?
    I know, this will slow down the check process, but I see no other possibility for now.
    If you like, I can provide the code for that part.
    • CommentAuthornarcanti
    • CommentTimeNov 23rd 2009
     
    I did the neccessary modifications on my installation:

    In Monitor.php:
    // check if this field is part of the exceptions
    if (is_array($this->exceptions)){
    foreach ($this->exceptions as $anException){
    if (preg_match($anException, $key)){
    return false;
    }
    }
    }

    Also the definition of exceptions changes slightly in Config.ini, as they are now regexes:
    exceptions[] = "/^GET\.__utmz$/"
    exceptions[] = "/^GET\.__utmc$/"
    exceptions[] = "/^GET\.wp-settings-\d+$/"
    exceptions[] = "/^POST\.wp-settings-\d+$/"
    exceptions[] = "/^REQUEST\.wp-settings-\d+$/"
    exceptions[] = "/^GET\.wordpress_logged_in_\d+$/"
    exceptions[] = "/^POST\.wordpress_logged_in_\d+$/"
    exceptions[] = "/^REQUEST\.wordpress_logged_in_\d+$/"
    exceptions[] = "/^GET\.wordpress_sec_\d+$/"
    exceptions[] = "/^POST\.wordpress_sec_\d+$/"
    exceptions[] = "/^REQUEST\.wordpress_sec_\d+$/"

    This works fine for me.
    • CommentAuthornarcanti
    • CommentTimeNov 23rd 2009
     
    Sorry, should have been the following in Config.ini:
    exceptions[] = "/^COOKIE\.wp-settings-\d+$/"
    exceptions[] = "/^COOKIE\.wordpress_logged_in_\d+$/"
    exceptions[] = "/^COOKIE\.wordpress_sec_\d+$/"
    •  
      CommentAuthorchrist1an
    • CommentTimeNov 24th 2009
     
    Right, good point. We'll discuss this internally. Thanks!
    •  
      CommentAuthor.mario
    • CommentTimeDec 30th 2009
     
    I like that a lot - and other users requested similar features as well. Guys - what do you think? +1 from my side this will find its way in 0.6.4 -although we must not forget a fallback for old ini settings (detecting introducing slash for example).

1 to 5 of 5

  1.