security_2lib_2filter_2request_8php_source.html

<?php

namespace Bitrix\Security\Filter;


use Bitrix\Main\Config\Option;

use Bitrix\Main\Config\Ini;

use Bitrix\Main\Type\IRequestFilter;


class Request implements IRequestFilter

{

    const ACTION_NONE = 'none';

    const ACTION_CLEAR = 'clear';

    const ACTION_FILTER = 'filter';


    protected $auditors = [];

    protected $changedContext = [];


    private $action = 'filter';

    private $doLog = false;

    private $changedVars = [];

    private $isAuditorsTriggered = false;

    private $filteringMap = [

        'get' => [

            'Name' => '$_GET',

        ],

        'post' => [

            'Name' => '$_POST',

            'SkipRegExp' => '#^File\d+_\d+$#',

        ],

        'cookie' => [

            'Name' => '$_COOKIE',

        ],

        'json' => [

            'Name' => 'JSON',

        ],

        'data' => [

            'Name' => 'data',

        ]

    ];

    private static $validActions = [

        self::ACTION_NONE,

        self::ACTION_CLEAR,

        self::ACTION_FILTER,

    ];


    public function __construct($customOptions = array())

    {

        if (isset($customOptions['action']))

        {

            $this->setAction($customOptions['action']);

        }

        else

        {

            $this->setAction(Option::get('security', 'filter_action'));

        }


        if (isset($customOptions['log']))

        {

            $this->setLog($customOptions['log']);

        }

        else

        {

            $this->setLog(Option::get('security', 'filter_log'));

        }

    }


    public function setAuditors(array $auditors)

    {

        $this->auditors = $auditors;

        return $this;

    }


    public function getChangedVars()

    {

        return $this->changedVars;

    }


    public function filter(array $values, $isReturnChangedOnly = true)

    {

        $this->onFilterStarted();


        foreach ($values as $key => &$val)

        {

            if (!isset($this->filteringMap[$key]))

            {

                continue;

            }


            if (!is_array($val))

            {

                continue;

            }


            $val = $this->filterArray(

                $key,

                $val,

                $this->filteringMap[$key]['Name'],

                $this->filteringMap[$key]['SkipRegExp'] ?? ''

            );

        }

        unset($val);


        $this->onFilterFinished();


        if ($isReturnChangedOnly)

        {

            return array_intersect_key($values, $this->changedContext);

        }

        return $values;

    }


    public function isAuditorsTriggered()

    {

        return $this->isAuditorsTriggered;

    }


    protected function onFilterStarted()

    {

        $this->changedContext = array();

        $this->changedVars = array();

        $this->isAuditorsTriggered = false;

    }


    protected function onFilterFinished()

    {

    }


    protected function filterVar($context, $value, $name)

    {

        if (preg_match('#^[A-Za-z0-9_.,-]*$#D', $value))

            return $value;


        $filteredValue = \CSecurityHtmlEntity::decodeString($value);

        self::adjustPcreBacktrackLimit($filteredValue);


        $isValueChanged = false;

        foreach($this->auditors as $auditName => $auditor)

        {

            if ($auditor->process($filteredValue))

            {

                $this->isAuditorsTriggered = true;


                if ($this->isLogNeeded())

                {

                    $this->logVariable($value, $name, $auditName);

                }


                if ($this->isFilterAction())

                {

                    $isValueChanged = true;

                    $filteredValue = $auditor->getFilteredValue();

                }

                elseif ($this->isClearAction())

                {

                    $isValueChanged = true;

                    $filteredValue = '';

                    break;

                }

            }

        }


        if ($isValueChanged)

        {

            $this->pushChangedVar($context, $value, $name);

            return $filteredValue;

        }

        else

        {

            return $value;

        }

    }


    protected function filterArray($context, ?array $array, $name, $skipKeyPreg = '')

    {

        if (!is_array($array))

        {

            return null;

        }


        foreach($array as $key => $value)

        {

            if ($skipKeyPreg && preg_match($skipKeyPreg, $key))

                continue;


            $filteredKey =  $this->filterVar($context, $key, "{$name}['{$key}']");

            if ($filteredKey != $key)

            {

                unset($array[$key]);

                $key = $filteredKey;

            }


            if (is_array($value))

            {

                $array[$key] = $this->filterArray($context, $value, "{$name}['{$key}']", $skipKeyPreg);

            }

            else

            {

                $array[$key] = $this->filterVar($context, $value, "{$name}['{$key}']");

            }

        }

        return $array;

    }


    protected static function isActionValid($action)

    {

        return in_array($action, self::getValidActions());

    }


    protected static function logVariable($value, $name, $auditorName)

    {

        return \CSecurityEvent::getInstance()->doLog('SECURITY', 'SECURITY_FILTER_'.$auditorName, $name, $value);

    }


    protected static function adjustPcreBacktrackLimit($string)

    {

        if (!is_string($string))

            return false;


        $strlen = strlen($string) * 2;

        Ini::adjustPcreBacktrackLimit($strlen);

        return true;

    }


    protected static function getValidActions()

    {

        return self::$validActions;

    }


    protected function setAction($action)

    {

        if (self::isActionValid($action))

        {

            $this->action = $action;

        }

        return $this;

    }


    protected function setLog($log)

    {

        $this->doLog = (is_string($log) && $log == 'Y');

        return $this;

    }


    protected function isFilterAction()

    {

        return ($this->action === self::ACTION_FILTER);

    }


    protected function isClearAction()

    {

        return ($this->action === self::ACTION_CLEAR);

    }


    protected function isLogNeeded()

    {

        return $this->doLog;

    }


    protected function pushChangedVar($context, $value, $name)

    {

        $this->changedVars[$name] = $value;

        if (!isset($this->changedContext[$context]))

            $this->changedContext[$context] = 1;

        return $this;

    }


}


Bitrix\Main\Config\Ini
Definition ini.php:6

Bitrix\Main\Config\Ini\adjustPcreBacktrackLimit
static adjustPcreBacktrackLimit(int $val)
Definition ini.php:45

Bitrix\Main\Config\Option
Definition option.php:15

Bitrix\Security\Filter\Request
Definition request.php:22

Bitrix\Security\Filter\Request\setAuditors
setAuditors(array $auditors)
Definition request.php:86

Bitrix\Security\Filter\Request\setAction
setAction($action)
Definition request.php:325

Bitrix\Security\Filter\Request\ACTION_FILTER
const ACTION_FILTER
Definition request.php:25

Bitrix\Security\Filter\Request\ACTION_NONE
const ACTION_NONE
Definition request.php:23

Bitrix\Security\Filter\Request\filterArray
filterArray($context, ?array $array, $name, $skipKeyPreg='')
Definition request.php:248

Bitrix\Security\Filter\Request\logVariable
static logVariable($value, $name, $auditorName)
Definition request.php:294

Bitrix\Security\Filter\Request\ACTION_CLEAR
const ACTION_CLEAR
Definition request.php:24

Bitrix\Security\Filter\Request\isActionValid
static isActionValid($action)
Definition request.php:283

Bitrix\Security\Filter\Request\onFilterStarted
onFilterStarted()
Definition request.php:179

Bitrix\Security\Filter\Request\onFilterFinished
onFilterFinished()
Definition request.php:186

Bitrix\Security\Filter\Request\isLogNeeded
isLogNeeded()
Definition request.php:363

Bitrix\Security\Filter\Request\$changedContext
$changedContext
Definition request.php:29

Bitrix\Security\Filter\Request\filterVar
filterVar($context, $value, $name)
Definition request.php:196

Bitrix\Security\Filter\Request\getValidActions
static getValidActions()
Definition request.php:316

Bitrix\Security\Filter\Request\setLog
setLog($log)
Definition request.php:338

Bitrix\Security\Filter\Request\filter
filter(array $values, $isReturnChangedOnly=true)
Definition request.php:135

Bitrix\Security\Filter\Request\__construct
__construct($customOptions=array())
Definition request.php:59

Bitrix\Security\Filter\Request\getChangedVars
getChangedVars()
Definition request.php:97

Bitrix\Security\Filter\Request\pushChangedVar
pushChangedVar($context, $value, $name)
Definition request.php:374

Bitrix\Security\Filter\Request\adjustPcreBacktrackLimit
static adjustPcreBacktrackLimit($string)
Definition request.php:303

Bitrix\Security\Filter\Request\isClearAction
isClearAction()
Definition request.php:355

Bitrix\Security\Filter\Request\$auditors
$auditors
Definition request.php:28

Bitrix\Security\Filter\Request\isFilterAction
isFilterAction()
Definition request.php:347

Bitrix\Security\Filter\Request\isAuditorsTriggered
isAuditorsTriggered()
Definition request.php:174

Bitrix\Main\Type\IRequestFilter
Definition irequestfilter.php:7

Bitrix\Security\Filter