commit d39bf00dee9f5d6838d405220077bdd97378b06d
parent b105540c4f54eab55ee741aea45c95cff13b427b
Author: Jan Dankert <devnull@localhost>
Date: Sat, 4 Oct 2014 00:24:28 +0200
Logger frühzeitig einbinden und falsche Token loggen.
Diffstat:
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/dispatcher.php b/dispatcher.php
@@ -105,6 +105,9 @@ if ( !is_array( $conf ) || $conf['config']['auto_reload'] && Preferences::lastMo
Session::setConfig( $conf );
}
+// Nachdem die Konfiguration gelesen wurde, kann nun der Logger benutzt werden.
+require_once( OR_SERVICECLASSES_DIR."Logger.class.".PHP_EXT );
+
if ( !empty($conf['security']['umask']) )
umask( octdec($conf['security']['umask']) );
@@ -112,7 +115,11 @@ if ( !empty($conf['interface']['timeout']) )
set_time_limit( intval($conf['interface']['timeout']) );
if ( config('security','use_post_token') && $_SERVER['REQUEST_METHOD'] == 'POST' && @$REQ[REQ_PARAM_TOKEN]!=token() )
+{
+ Logger::error('Token mismatch: Needed '.token().' but got '.@$REQ[REQ_PARAM_TOKEN].'. Maybe an attacker?');
Http::notAuthorized("Token mismatch","Token mismatch");
+}
+
define('FILE_SEP',$conf['interface']['file_separator']);
@@ -120,7 +127,6 @@ define('TEMPLATE_DIR',OR_THEMES_DIR.$conf['interface']['theme'].'/templates');
define('CSS_DIR' ,OR_THEMES_DIR.$conf['interface']['theme'].'/css' );
define('IMAGE_DIR' ,OR_THEMES_DIR.$conf['interface']['theme'].'/images' );
-require_once( OR_SERVICECLASSES_DIR."Logger.class.".PHP_EXT );
require_once( "functions/config.inc.php" );
require_once( "functions/language.inc.".PHP_EXT );
require_once( "functions/db.inc.".PHP_EXT );
@@ -226,7 +232,7 @@ else
Session::close();
}
-Logger::debug("Executing $actionClassName::$subactionMethodName");
+Logger::debug("Executing $action/$subaction/".@$REQ[REQ_PARAM_ID]);
if ( ! method_exists($do,$subactionMethodName) )
Http::noContent();