2012-08-04 20:48:04 +02:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* @author Daniel Dimitrov
|
|
|
|
* @date 04/08/2012
|
|
|
|
* @copyright Copyright (C) 2008 - 2012 compojoom.com . All rights reserved.
|
|
|
|
* @license GNU General Public License version 2 or later; see LICENSE
|
|
|
|
*/
|
|
|
|
|
|
|
|
defined('_JEXEC') or die('Restricted access');
|
|
|
|
|
|
|
|
|
|
|
|
// Include the rule base class
|
|
|
|
require_once(JPATH_COMPONENT_ADMINISTRATOR.'/models/rule.php');
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This class searches all files for the _JEXEC check
|
|
|
|
* which prevents direct file access.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class jedcheckerRulesEncoding extends JEDcheckerRule
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* The formal ID of this rule. For example: SE1.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $id = 'encoding';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The title or caption of this rule.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $title = 'COM_JEDCHECKER_RULE_ENCODING';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The description of this rule.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $description = 'COM_JEDCHECKER_RULE_ENCODING_DESC';
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Initiates the file search and check
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function check()
|
|
|
|
{
|
|
|
|
// Find all php files of the extension
|
|
|
|
$files = JFolder::files($this->basedir, '.php$', true, true);
|
|
|
|
|
|
|
|
// Iterate through all files
|
|
|
|
foreach($files as $file)
|
|
|
|
{
|
|
|
|
// Try to find the base64 use in the file
|
|
|
|
if($this->find($file)) {
|
|
|
|
// Add as error to the report if it was not found
|
2013-04-11 15:23:19 +02:00
|
|
|
$this->report->addError($file, JText::_('COM_JEDCHECKER_ERROR_ENCODING'));
|
2012-08-04 20:48:04 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Reads a file and searches for any encoding function defined in the params
|
|
|
|
* Not a very clever way of doing this, but it should be fine for now
|
|
|
|
*
|
|
|
|
* @param string $file The path to the file
|
|
|
|
* @return boolean True if the statement was found, otherwise False.
|
|
|
|
*/
|
|
|
|
protected function find($file)
|
|
|
|
{
|
|
|
|
$content = (array) file($file);
|
|
|
|
|
|
|
|
// Get the functions to look for
|
|
|
|
$encodings = explode(',', $this->params->get('encodings'));
|
|
|
|
|
|
|
|
foreach($encodings as $encoding) {
|
|
|
|
$encoding = trim($encoding);
|
|
|
|
foreach ($content AS $line)
|
|
|
|
{
|
|
|
|
// Search for "base64"
|
|
|
|
$pos_1 = stripos($line, $encoding);
|
|
|
|
|
|
|
|
if ($pos_1 !== false) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|