PHPIDS with JSON scanning support

[Mario Heiderich]

Hi,

Just wanted to let you know that the current trunk revision of the
PHPIDS supports json scanning. This means you can define fields
containing json in the config. The strings inside those fields will be
json-decoded and only the contained items will be scanned - which
drastically reduces false alerts in combination with json parameters.

I also modded the demo so you can try the new feature. You will find a
new checkbox to enable json support for your input - or just active it
via GET parameter

Old school:
http://demo.php-ids.org/?test={%22a%22:%22b%22,%22c%22:[%22\%22%3E%3Cscript%3Ealert(1);%3C/script%3E%22,%20111,%20%22eval(name)%22]}
http://demo.php-ids.org/?test={%22a%22:%22b%22,%22c%22:[%22foo%20bar%22,%20111,%20%22bar%20foo%22]}

With JSON scanning:
http://demo.php-ids.org/?test={%22a%22:%22b%22,%22c%22:[%22\%22%3E%3Cscript%3Ealert(1);%3C/script%3E%22,%20111,%20%22eval(name)%22]}&json=1
http://demo.php-ids.org/?test={%22a%22:%22b%22,%22c%22:[%22foo%20bar%22,%20111,%20%22bar%20foo%22]}&json=1


Greetings,
.mario