diff options
Diffstat (limited to 'modules/private/websites/tools/tools/landing/report_csp_violation.php')
-rw-r--r-- | modules/private/websites/tools/tools/landing/report_csp_violation.php | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/modules/private/websites/tools/tools/landing/report_csp_violation.php b/modules/private/websites/tools/tools/landing/report_csp_violation.php index 13a3234..30140b2 100644 --- a/modules/private/websites/tools/tools/landing/report_csp_violation.php +++ b/modules/private/websites/tools/tools/landing/report_csp_violation.php | |||
@@ -1,19 +1,22 @@ | |||
1 | <?php | 1 | <?php |
2 | $email_address = 'ismael@bouya.org'; | 2 | http_response_code(204); |
3 | $email_subject = 'Content-Security-Policy violation'; | ||
4 | 3 | ||
5 | $current_domain = $_SERVER['SERVER_NAME']; | 4 | $dbconn = pg_connect(getenv("CSP_REPORT_URI")) or die(); |
6 | $email_subject = $email_subject . ' on ' . $current_domain; | ||
7 | 5 | ||
8 | http_response_code(204); | 6 | function _get(&$var, $default=null) { |
7 | return isset($var) ? $var : $default; | ||
8 | } | ||
9 | 9 | ||
10 | $json_data = file_get_contents('php://input'); | 10 | $json_data = file_get_contents('php://input'); |
11 | if ($json_data = json_decode($json_data, true)) { | ||
12 | $report = _get($json_data["csp-report"], Array()); | ||
13 | $blocked_uri = _get($report["blocked-uri"], ""); | ||
14 | $document_uri = _get($report["document-uri"], ""); | ||
15 | $original_policy = _get($report["original-policy"], ""); | ||
16 | $referrer = _get($report["referrer"], ""); | ||
17 | $violated_directive = _get($report["violated-directive"], ""); | ||
11 | 18 | ||
12 | if ($json_data = json_decode($json_data)) { | 19 | $query = pg_prepare($dbconn, "insert_query", 'INSERT INTO csp_reports (blocked_uri, document_uri, original_policy, referrer, violated_directive, total_count, last) VALUES ($1, $2, $3, $4, $5, 1, NOW()) ON CONFLICT ON CONSTRAINT csp_report_unique DO UPDATE SET total_count = csp_reports.total_count + 1, last = NOW(), referrer = EXCLUDED.referrer, original_policy = EXCLUDED.original_policy'); |
13 | $json_data = json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); | ||
14 | 20 | ||
15 | $message = "The following Content-Security-Policy violation occurred on " . | 21 | pg_execute($dbconn, "insert_query", Array($blocked_uri, $document_uri, $original_policy, $referrer, $violated_directive)); |
16 | $current_domain . ":\n\n" . | ||
17 | $json_data; | ||
18 | mail($email_address, $email_subject, $message, 'Content-Type: text/plain;charset=utf-8'); | ||
19 | } | 22 | } |