38 lines
1.9 KiB
PHP
38 lines
1.9 KiB
PHP
<?php
|
|
// WEVIA Sanitizer Guard — Wave 206 · 2026-04-21
|
|
// Centralized defense-in-depth output sanitizer for public endpoints.
|
|
// include via: @require_once __DIR__.'/wevia-sanitizer-guard.php';
|
|
// Impact: auto ob_start at include time; all echo/die output passes through wevia_sanitize_public_v2.
|
|
// Zero modification required in downstream echo/die sites.
|
|
|
|
if (!function_exists('wevia_sanitize_public_v2')) {
|
|
function wevia_sanitize_public_v2($t) {
|
|
if (!is_string($t) || $t === '') return $t;
|
|
static $bl = null;
|
|
if ($bl === null) {
|
|
$bl = [
|
|
'Groq','Cerebras','SambaNova','Ollama','DeepSeek','Mistral','Together','Replicate',
|
|
'vLLM','Qwen','NVIDIA NIM','Cohere','OpenRouter','Anthropic','Gemini','Alibaba',
|
|
'HuggingFace','Hugging Face','Nvidia NIM','ZhiPu','Claude',
|
|
'/opt/','/var/www/','/etc/',
|
|
'admin123','YacineWeval','ymahboub','ghp_','gho_','ghu_',
|
|
'49222','11434','4001','3900','5890','11435',
|
|
'204.168','95.216','151.80','10.1.0','127.0.0.1',
|
|
'root@','ssh -p','docker ps','nginx','postgresql','crontab','systemctl',
|
|
'llama-3.3-70b','Qwen3','gemma2','mistral-small','granite4','qwen2.5','command-r',
|
|
];
|
|
}
|
|
foreach ($bl as $w) $t = str_ireplace($w, 'WEVIA Engine', $t);
|
|
$t = preg_replace('/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/', '[infrastructure securisee]', $t);
|
|
$t = preg_replace('/\b(sk-[a-zA-Z0-9]{20,}|xoxb-[a-zA-Z0-9-]{20,}|eyJ[a-zA-Z0-9_.-]{50,})\b/', '[token securise]', $t);
|
|
$t = preg_replace('/\b(ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9]{20,}\b/', '[token securise]', $t);
|
|
return $t;
|
|
}
|
|
}
|
|
|
|
// Install output buffer guard (idempotent)
|
|
if (!headers_sent() && !defined('WEVIA_SANITIZER_V2_ACTIVE')) {
|
|
define('WEVIA_SANITIZER_V2_ACTIVE', 1);
|
|
@ob_start(function($buffer) { return wevia_sanitize_public_v2($buffer); });
|
|
}
|