aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites/tools/tools/landing/report_csp_violation.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/websites/tools/tools/landing/report_csp_violation.php')
-rw-r--r--modules/private/websites/tools/tools/landing/report_csp_violation.php25
1 files changed, 14 insertions, 11 deletions
diff --git a/modules/private/websites/tools/tools/landing/report_csp_violation.php b/modules/private/websites/tools/tools/landing/report_csp_violation.php
index 13a3234..30140b2 100644
--- a/modules/private/websites/tools/tools/landing/report_csp_violation.php
+++ b/modules/private/websites/tools/tools/landing/report_csp_violation.php
@@ -1,19 +1,22 @@
1<?php 1<?php
2$email_address = 'ismael@bouya.org'; 2http_response_code(204);
3$email_subject = 'Content-Security-Policy violation';
4 3
5$current_domain = $_SERVER['SERVER_NAME']; 4$dbconn = pg_connect(getenv("CSP_REPORT_URI")) or die();
6$email_subject = $email_subject . ' on ' . $current_domain;
7 5
8http_response_code(204); 6function _get(&$var, $default=null) {
7 return isset($var) ? $var : $default;
8}
9 9
10$json_data = file_get_contents('php://input'); 10$json_data = file_get_contents('php://input');
11if ($json_data = json_decode($json_data, true)) {
12 $report = _get($json_data["csp-report"], Array());
13 $blocked_uri = _get($report["blocked-uri"], "");
14 $document_uri = _get($report["document-uri"], "");
15 $original_policy = _get($report["original-policy"], "");
16 $referrer = _get($report["referrer"], "");
17 $violated_directive = _get($report["violated-directive"], "");
11 18
12if ($json_data = json_decode($json_data)) { 19 $query = pg_prepare($dbconn, "insert_query", 'INSERT INTO csp_reports (blocked_uri, document_uri, original_policy, referrer, violated_directive, total_count, last) VALUES ($1, $2, $3, $4, $5, 1, NOW()) ON CONFLICT ON CONSTRAINT csp_report_unique DO UPDATE SET total_count = csp_reports.total_count + 1, last = NOW(), referrer = EXCLUDED.referrer, original_policy = EXCLUDED.original_policy');
13 $json_data = json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
14 20
15 $message = "The following Content-Security-Policy violation occurred on " . 21 pg_execute($dbconn, "insert_query", Array($blocked_uri, $document_uri, $original_policy, $referrer, $violated_directive));
16 $current_domain . ":\n\n" .
17 $json_data;
18 mail($email_address, $email_subject, $message, 'Content-Type: text/plain;charset=utf-8');
19} 22}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-25 16:24:38 +0000