Geo-IP Modifications to 'watchdog' and 'statistics' modules
Last night I wrapped up a few changes to my copy of 'watchdog.module' and 'statistics.module' to add a graphic country flag and country, city, latitude and longitude. In case anyone would like to spruce up their 'details' pages, as you see from either the watchdog entries 'details' link or the statistics module's 'details' links, then you might find this useful. (I often would copy an IP from a log entry and then paste it somewhere else to get more data. Now I don't need to do that.) A short post with some images will help explain the small addition, which you can read here <http://accidentaltechie.org/dru/?q=node/38> The changes are: - add 3 utility functions to watchdog module, to curl the hostname IP data; - add a new table row to the watchdog output; - add a new table row to the statistics output The functions are surely not as compact as they could be, and there could be some more specific error checking about the results. (No error is destructive, and 'curlerrno' is reported back when encountered, so it's pretty graceful even with junk.) Although not web-configurable, there is a boolean 'switch' in the functions to include or exclude Latitude and Longitude data. (Commented.) As is, they _do_ include this data. You can download a text file which includes a description and copy-paste code at the above URL. Feel free to experiment (I use the hostip.info HTTP service, but others could be substituted, with modifications to the "split()" functions to break apart the curled result. Anyway, my first "Thanks for your help as I've come along." Have at it. -- Gary
Hey Gary, On 4/18/06, Gary (Lists) <listout@accidentaltechie.org> wrote:
Last night I wrapped up a few changes to my copy of 'watchdog.module' and 'statistics.module' to add a graphic country flag and country, city, latitude and longitude.
In case anyone would like to spruce up their 'details' pages, as you see from either the watchdog entries 'details' link or the statistics module's 'details' links, then you might find this useful.
Interesting. The screenshots look nice but the code looks a little dangerous as you're not validating the input. Hackers can inject XSS attacks. Apart from that, you may want to make the interface changes translatable. For the former, read up Drupal's input validation functions. For the latter, read up on the t()-function. Hope that helps, -- Dries Buytaert :: http://buytaert.net/
"Dries Buytaert" wrote:
Hey Gary,
On 4/18/06, Gary (Lists) <listout@accidentaltechie.org> wrote:
Last night I wrapped up a few changes to my copy of 'watchdog.module' and 'statistics.module' to add a graphic country flag and country, city, latitude and longitude.
In case anyone would like to spruce up their 'details' pages, as you see from either the watchdog entries 'details' link or the statistics module's 'details' links, then you might find this useful.
Interesting.
The screenshots look nice but the code looks a little dangerous as you're not validating the input. Hackers can inject XSS attacks.
I'm not sure who the hackers would be, since this is on the admin side of things, and my script only operates on the hostname that is already in the SQL db. Maybe that wasn't clear already? (Sorry, if so.) Yeah. This script, in the admin pages, only acts on whatever data is in the watchdog 'hostname' field, which is an IP address placed there by other parts of Drupal (as you know. ;) -- Gary
The screenshots look nice but the code looks a little dangerous as you're not validating the input. Hackers can inject XSS attacks.
I'm not sure who the hackers would be, since this is on the admin side of things, and my script only operates on the hostname that is already in the SQL db.
If the server you 'curl' sends back malicious Javascript, they could hijack your session and take over your website.
Yeah. This script, in the admin pages, only acts on whatever data is in the watchdog 'hostname' field, which is an IP address placed there by other parts of Drupal (as you know. ;)
MySQL tables in Drupal contain insecure data, including the watchdog and statistics tables. Drupal cleans up the data "on output" (just before sending the data to the client). Your code does not clean up the data, whereas the original code did. -- Dries Buytaert :: http://www.buytaert.net/
"Dries Buytaert" wrote:
The screenshots look nice but the code looks a little dangerous as you're not validating the input. Hackers can inject XSS attacks.
I'm not sure who the hackers would be, since this is on the admin side of things, and my script only operates on the hostname that is already in the SQL db.
If the server you 'curl' sends back malicious Javascript, they could hijack your session and take over your website.
Okay, this I get. The returned result point, that is. (Perhaps if 'hostip.info' wants my web site, they can have it. ;) Where should I look for a similar "wiper" for the return?
Yeah. This script, in the admin pages, only acts on whatever data is in the watchdog 'hostname' field, which is an IP address placed there by other parts of Drupal (as you know. ;)
MySQL tables in Drupal contain insecure data, including the watchdog and statistics tables. Drupal cleans up the data "on output" (just before sending the data to the client). Your code does not clean up the data, whereas the original code did.
Perhaps I'm not following you (and I'd like to), so this is not argumentative, rather it is educational. I just reviewed 'watchdog' again, and I don't see any clean-up. The original watchdog code says: # $output .= ' <tr><th>'. t('Hostname') ."</th><td>$watchdog->hostname</td></tr>"; # I use the same value, in a different place. This _is_ the "on output" value, so whatever Drupal gives me (in /admin/) already, that's exactly what I re-display. Now, I do notice that 'watchdog' and 'statistics' do redundant work, but whereas the 'watchdog' module just outputs $watchdog->hostname the 'statistics' module outputs check_plain($access->hostname) (Which is the same value, different variable names.) This is true for the repeated identical table in both modules...statistics module wraps the output in another function, watchdog does not. Any tips on the 'curl' cleaning, I can use. Otherwise, with the display of the IP address stored by Drupal, I just repeat whatever 'watchdog' already uses, and that meets my needs. -- Gary
Gary: On 4/18/06, Gary (Lists) <listout@accidentaltechie.org> wrote:
Last night I wrapped up a few changes to my copy of 'watchdog.module' and 'statistics.module' to add a graphic country flag and country, city, latitude and longitude.
You've made changes to the core statistics and watchdog modules. You could wait until 4.8 becomes available and supply patches for that, or you might consider working on the xstatistics module (see http://drupal.org/project/xstatistics). Cheers, -- Boris Mann Vancouver 778-896-2747 San Francisco 415-367-3595 Skype borismann http://www.bryght.com
"Boris Mann" wrote:
Gary:
On 4/18/06, Gary (Lists) <listout@accidentaltechie.org> wrote:
Last night I wrapped up a few changes to my copy of 'watchdog.module' and 'statistics.module' to add a graphic country flag and country, city, latitude and longitude.
You've made changes to the core statistics and watchdog modules. You could wait until 4.8 becomes available and supply patches for that,
Not my bailiwick these patches and such. But feel free to include those very minor newbie additions in whatever way is interesting.
or you might consider working on the xstatistics module (see http://drupal.org/project/xstatistics).
I'll take a look. But I'm no stats guy, I just like visual information. So probably not. ;)
Cheers,
Cheers right back, Boris. And thanks. -- Gary
participants (3)
-
Boris Mann -
Dries Buytaert -
Gary (Lists)