I'm reading WAF-FLE's source code (it's a PHP-based web interface for Modsecurity). The code is left unmaintained since 2014 and is written in the now unsupported PHP 5. I stuck at this part: the regular expression on the first line never matches the pattern, so the if block never gets executed. Could you help me to understand what does this regex mean?
if (preg_match('/^\[(\d{1,2})\/(\w{3})\/(\d{4})\:(\d{2}\:\d{2}\:\d{2})\s(\-\-\d{4}|\+\d{4})\]\s([a-zA-Z0-9\-\@]{24})\s([12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2})\s(\d{1,5})\s([12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2})\s(\d{1,5})/i',
trim($BODY[$line]), $matchesA)) {
$PhaseA['Day'] = $matchesA[1];
$months = array(null, 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
foreach ($months as $key => $month) {
if ($month == $matchesA[2]) {
$PhaseA['Month'] = $key;
}
}
$PhaseA['Year'] = $matchesA[3];
$PhaseA['Hour'] = $matchesA[4];
$PhaseA['Timestamp'] = $matchesA[3]."-".$PhaseA['Month']."-".$matchesA[1]." ".$matchesA[4];
$PhaseA['Timezone'] = $matchesA[5];
$PhaseA['Date'] = $matchesA[3]."-".$PhaseA['Month']."-".$matchesA[1];
$PhaseA['UniqID'] = $matchesA[6];
$PhaseA['ClientIP'] = $matchesA[7];
$PhaseA['SourcePort'] = $matchesA[8];
$PhaseA['ServerIP'] = $matchesA[9];
$PhaseA['ServerPort'] = $matchesA[10];
}
Aucun commentaire:
Enregistrer un commentaire