Miko/dokuwiki-plugin-botmon
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fixes

Browse Source
This commit is contained in:
Sascha Leib
2025-09-05 09:15:08 +02:00
parent f4417fde3b
commit b2e3bd8b82
5 changed files with 135 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
action.php
View File

@@ -56,12 +56,8 @@ class action_plugin_botmon extends DokuWiki_Action_Plugin {
/* Write out server-side info to a server log: */
// what is the session identifier?
$sessionId = $username;
$sessionType = 'usr';
if ($sessionId == '') {
$sessionId = $_COOKIE['DokuWiki'] ?? '';
$sessionType = 'dw';
}
$sessionId = $_COOKIE['DokuWiki'] ?? '';
$sessionType = 'dw';
if ($sessionId == '') {
$sessionId = $_SERVER['REMOTE_ADDR'] ?? '';
if ($sessionId == '127.0.0.1' || $sessionId == '::1') {
@@ -70,11 +66,14 @@ class action_plugin_botmon extends DokuWiki_Action_Plugin {
$sessionType = 'ip';
}
// clean the page ID
$pageId = preg_replace('/[\x00-\x1F]/', "\u{FFFD}", $INFO['id'] ?? '');
$logArr = Array(
$_SERVER['REMOTE_ADDR'] ?? '', /* remote IP */
$INFO['id'] ?? '', /* page ID */
$pageId, /* page ID */
$sessionId, /* Session ID */
$sessionType,
$sessionType, /* session ID type */
$username,
$_SERVER['HTTP_USER_AGENT'] ?? '', /* User agent */
$_SERVER['HTTP_REFERER'] ?? '' /* HTTP Referrer */

53
php_errors.log
View File

@@ -1,8 +1,45 @@
[03-Sep-2025 15:22:41 UTC] PHP Warning: Undefined variable $file in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 14
[03-Sep-2025 15:22:54 UTC] PHP Warning: Undefined variable $file in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 14
[03-Sep-2025 15:25:36 UTC] PHP Parse error: syntax error, unexpected end of file, expecting "," or ";" in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 15
[03-Sep-2025 15:35:57 UTC] PHP Deprecated: Using ${var} in strings is deprecated, use {$var} instead in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 14
[03-Sep-2025 15:37:51 UTC] PHP Warning: unlink(logs/.): Is a directory in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 15
[03-Sep-2025 15:37:51 UTC] PHP Warning: unlink(logs/..): Resource temporarily unavailable in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 15
[03-Sep-2025 15:38:10 UTC] PHP Warning: unlink(logs/.): Is a directory in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 17
[03-Sep-2025 15:38:10 UTC] PHP Warning: unlink(logs/..): Resource temporarily unavailable in D:\Webroot\development\lib\plugins\botmon\cleanup.php on line 17
[05-Sep-2025 05:57:33 UTC] PHP Warning: preg_match(): No ending delimiter '/' found in D:\Webroot\development\lib\plugins\botmon\tick.php on line 17
[05-Sep-2025 05:57:33 UTC] PHP Warning: Undefined property: ErrorException::$getMessage in D:\Webroot\development\lib\plugins\botmon\tick.php on line 55
[05-Sep-2025 05:57:43 UTC] PHP Warning: preg_match(): No ending delimiter '/' found in D:\Webroot\development\lib\plugins\botmon\tick.php on line 17
[05-Sep-2025 05:57:43 UTC] PHP Warning: Undefined property: ErrorException::$getMessage in D:\Webroot\development\lib\plugins\botmon\tick.php on line 55
[05-Sep-2025 05:58:04 UTC] PHP Warning: preg_match(): No ending delimiter '/' found in D:\Webroot\development\lib\plugins\botmon\tick.php on line 17
[05-Sep-2025 05:58:04 UTC] PHP Warning: Undefined property: ErrorException::$getMessage in D:\Webroot\development\lib\plugins\botmon\tick.php on line 55
[05-Sep-2025 05:58:13 UTC] PHP Warning: preg_match(): No ending delimiter '/' found in D:\Webroot\development\lib\plugins\botmon\tick.php on line 17
[05-Sep-2025 05:58:13 UTC] PHP Warning: Undefined property: ErrorException::$getMessage in D:\Webroot\development\lib\plugins\botmon\tick.php on line 55
[05-Sep-2025 05:58:35 UTC] PHP Warning: preg_match(): No ending delimiter '/' found in D:\Webroot\development\lib\plugins\botmon\tick.php on line 17
[05-Sep-2025 05:58:35 UTC] PHP Warning: Undefined property: ErrorException::$getMessage in D:\Webroot\development\lib\plugins\botmon\tick.php on line 55
[05-Sep-2025 05:58:43 UTC] PHP Warning: preg_match(): No ending delimiter '/' found in D:\Webroot\development\lib\plugins\botmon\tick.php on line 17
[05-Sep-2025 05:58:43 UTC] PHP Warning: Undefined property: ErrorException::$getMessage in D:\Webroot\development\lib\plugins\botmon\tick.php on line 55
[05-Sep-2025 06:55:56 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:56:00 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:56:27 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:56:30 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:56:58 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:57:00 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:57:29 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:57:30 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:58:00 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:58:00 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:58:31 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:58:31 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:59:01 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:59:02 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:59:31 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 06:59:33 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:00:01 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:00:04 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:00:31 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:00:35 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:01:01 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:01:06 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:01:31 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:01:37 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:02:01 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:02:08 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:02:31 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:02:39 UTC] PHP Parse error: syntax error, unexpected token "=" in D:\Webroot\development\lib\plugins\botmon\tick.php on line 18
[05-Sep-2025 07:06:01 UTC] PHP Parse error: syntax error, unexpected token "}" in D:\Webroot\development\lib\plugins\botmon\pview.php on line 36
[05-Sep-2025 07:09:36 UTC] PHP Fatal error: Uncaught Error: Undefined constant "loadTime" in D:\Webroot\development\lib\plugins\botmon\pview.php:34
Stack trace:
#0 {main}
thrown in D:\Webroot\development\lib\plugins\botmon\pview.php on line 34

44
pview.php
View File

@@ -4,16 +4,12 @@
$json = json_decode($_POST['pageview'], true);
if (!$json) {
http_response_code(400);
die("Error: Invalid JSON data sent to server.");
die("Invalid JSON Data.");
}
// what is the session identifier?
$sessionId = $json['u'] ?? '';
$sessionType = 'usr';
if ($sessionId == '') {
$sessionId = $_COOKIE['DokuWiki'] ?? '';
$sessionType = 'dw';
}
// select the session identifier?
$sessionId = $_COOKIE['DokuWiki'] ?? '';
$sessionType = 'dw';
if ($sessionId == '') {
$sessionId = $_SERVER['REMOTE_ADDR'] ?? '';
if ($sessionId == '127.0.0.1' || $sessionId == '::1') {
@@ -22,15 +18,37 @@ if ($sessionId == '') {
$sessionType = 'ip';
}
// check if valid session id string:
if (strlen($sessionId) < 46 && !preg_match('/^[\w\d\.:]+$/', $sessionId)) {
$sessionId = 'invalid-session-id';
}
// clean the page ID
$pageId = preg_replace('/[\x00-\x1F{};]/', "\u{FFFD}", $json['pg'] ?? '');
// clean the user-name
$userName = preg_replace('/[\x00-\x1F]/', "\u{FFFD}", $json['u'] ?? '');
// check load time
$loadTime = $json['lt'] ?? '';
if ($loadTime !== '' ) $loadTime = intval($loadTime);
// clean the user agent string
$agent = preg_replace('/[\x00-\x1F]/', "\u{FFFD}", $_SERVER['HTTP_USER_AGENT'] ?? '');
// clean the referer
$referer = preg_replace('/[\x00-\x1F]/', "\u{FFFD}", $json['r'] ?? '');
/* build the resulting log line (ensure fixed column positions!) */
$logArr = Array(
$_SERVER['REMOTE_ADDR'] ?? '', /* remote IP */
$json['pg'] ?? '', /* DW page ID */
$pageId, /* DW Page ID */
$sessionId, /* Session ID */
$json['u'] ?? '', /* DW User id (if logged in) */
$json['lt'] ?? '', /* load time */
$json['r'] ?? '', /* Referrer URL */
$_SERVER['HTTP_USER_AGENT'] ?? '' /* User agent */
$userName, /* DW User name (if logged in) */
$loadTime, /* load time */
$referer, /* Referrer URL */
$agent /* User agent */
// $json['lg'] ?? '', /* browser language */
// $json['scr'] ?? '', /* Screen dimensions */
// $json['tz'] ?? '', /* timzone offset */

5
script.js
View File

@@ -443,7 +443,7 @@ BotMon.live = {
this.groups.users.push(v);
this.data.bots.users += 1;
} else {
// TODO: find suspected bots
@@ -1005,6 +1005,9 @@ BotMon.live = {
dl.appendChild(make('dt', {}, "IP-Address:"));
dl.appendChild(make('dd', {'class': 'has_icon ip' + ipType}, data.ip));
dl.appendChild(make('dt', {}, "ID:"));
dl.appendChild(make('dd', {'class': 'has_icon ip' + data.typ}, data.id));
if ((data._lastSeen - data._firstSeen) < 1) {
dl.appendChild(make('dt', {}, "Seen:"));
dl.appendChild(make('dd', {'class': 'seen'}, data._firstSeen.toLocaleString()));

85
tick.php
View File

@@ -1,46 +1,57 @@
<?php /* BOTMON PLUGIN HEARTBEAT TICKER SCRIPT */
// Note: this script is called in HEAD mode, therefore it can not return any payload.
// what is the session identifier?
$sessionId = $_GET['u'] ?? '';
if ($sessionId == '') {
$sessionId = $_COOKIE['DokuWiki'] ?? '';
}
if ($sessionId == '') {
$sessionId = $_SERVER['REMOTE_ADDR'] ?? '';
if ($sessionId == '127.0.0.1' || $sessionId == '::1') {
$sessionId = 'localhost';
// select the session identifier?
$sessionId = $_COOKIE['DokuWiki'] ?? '';
$sessionType = 'dw';
if ($sessionId == '') {
$sessionId = $_SERVER['REMOTE_ADDR'] ?? '';
if ($sessionId == '127.0.0.1' || $sessionId == '::1') {
$sessionId = 'localhost';
}
$sessionType = 'ip';
}
}
/* build the resulting log line (ensure fixed column positions!) */
$logArr = Array(
$_SERVER['REMOTE_ADDR'] ?? '', /* remote IP */
$_GET['p'] ?? '', /* page ID */
$sessionId, /* Session ID */
$_SERVER['HTTP_USER_AGENT'] ?? '' /* User agent */
);
// check if valid session id string:
if (strlen($sessionId) < 46 && !preg_match('/^[\w\d\.:]+$/', $sessionId)) {
$sessionId = 'invalid-session-id';
}
/* create the log line */
$filename = 'logs/' . gmdate('Y-m-d') . '.tck.txt'; /* use GMT date for filename */
$line = gmdate('Y-m-d H:i:s'); /* use GMT time for log entries */
foreach ($logArr as $val) {
$line .= "\t" . $val;
};
// clean the page ID
$pageId = preg_replace('/[\x00-\x1F]/', "\u{FFFD}", $_GET['p'] ?? '');
/* write the log line to the file */
$tickfile = fopen($filename, 'a');
if (!$tickfile) {
http_response_code(500);
die("Error: Unable to open log file. Please check file permissions.");
}
if (fwrite($tickfile, $line . "\n") === false) {
http_response_code(500);
// clean the user agent string
$agent = preg_replace('/[\x00-\x1F]/', "\u{FFFD}", $_SERVER['HTTP_USER_AGENT'] ?? '');
/* build the resulting log line */
$logArr = Array(
$_SERVER['REMOTE_ADDR'] ?? '', /* Remote IP */
$pageId, /* Page ID */
$sessionId, /* Session ID */
$agent /* User agent */
);
/* create the log line */
$filename = 'logs/' . gmdate('Y-m-d') . '.tck.txt'; /* use GMT date for filename */
$line = gmdate('Y-m-d H:i:s'); /* use GMT time for log entries */
foreach ($logArr as $val) {
$line .= "\t" . $val;
};
/* write the log line to the file */
$tickfile = fopen($filename, 'a');
if (!$tickfile) {
http_response_code(500);
die("Error: Unable to open log file. Please check file permissions.");
}
if (fwrite($tickfile, $line . "\n") === false) {
http_response_code(507);
fclose($tickfile);
die("Error: Could not write to log file.");
}
fclose($tickfile);
die("Error: Could not write to log file.");
}
fclose($tickfile);
/* Send "Accepted" header */
http_response_code(202);
echo "OK";
/* Send "Accepted" header */
http_response_code(202);
echo "OK";