diff options
author | Dylan William Hardison <dylan@hardison.net> | 2015-10-16 00:58:09 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-10-16 00:58:09 +0200 |
commit | a0fcc8ff20fe57bf442402ba227954ffb33a2175 (patch) | |
tree | 9a3ee457971d8c8654d1a085d2c7261b54535621 /Bugzilla.pm | |
parent | b21167f4de2d29d7ce4a7cd07266783032099568 (diff) | |
download | bugzilla-a0fcc8ff20fe57bf442402ba227954ffb33a2175.tar.gz bugzilla-a0fcc8ff20fe57bf442402ba227954ffb33a2175.tar.xz |
Bug 1196626 - log all authenticated requests
Diffstat (limited to 'Bugzilla.pm')
-rw-r--r-- | Bugzilla.pm | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index fa95128d1..b14b92e0d 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -594,6 +594,45 @@ sub switch_to_main_db { return $class->dbh_main; } +sub log_user_request { + my ($class, $bug_id, $attach_id, $action) = @_; + + return unless Bugzilla->params->{log_user_requests}; + + my $cgi = $class->cgi; + my $user_id = $class->user->id; + my $request_url = $cgi->request_uri // ''; + my $method = $cgi->request_method; + my $user_agent = $cgi->user_agent // ''; + my $script_name = $cgi->script_name; + my $server = "web"; + + if ($script_name =~ /rest\.cgi/) { + $server = $script_name =~ /BzAPI/ ? "bzapi" : "rest"; + } + elsif ($script_name =~ /xmlrpc\.cgi/) { + $server = "xmlrpc"; + } + elsif ($script_name =~ /jsonrpc\.cgi/) { + $server = "jsonrpc"; + } + + my @params = ($user_id, remote_ip(), $user_agent, $request_url, $method, $bug_id, $attach_id, $action, $server); + foreach my $param (@params) { + trick_taint($param) if defined $param; + } + + eval { + local $class->request_cache->{dbh}; + $class->switch_to_main_db(); + $class->dbh->do("INSERT INTO user_request_log + (user_id, ip_address, user_agent, request_url, + method, timestamp, bug_id, attach_id, action, server) + VALUES (?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?)", undef, @params); + }; + warn $@ if $@; +} + sub is_shadow_db { my $class = shift; return $class->request_cache->{dbh} != $class->dbh_main; |