elkarte /
Elkarte
@@ -1,18 +1,24 @@ discard block |
||
| 1 | -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); |
|
| 1 | +<?php if (!defined('BB2_CORE')) |
|
| 2 | +{ |
|
| 3 | + die('I said no cheating!'); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | 6 | // Enforce adherence to protocol version claimed by user-agent. |
| 4 | 7 | |
| 5 | 8 | function bb2_protocol($settings, $package) |
| 6 | 9 | { |
| 7 | 10 | // We should never see Expect: for HTTP/1.0 requests |
| 8 | - if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) { |
|
| 11 | + if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) |
|
| 12 | + { |
|
| 9 | 13 | return "a0105122"; |
| 10 | 14 | } |
| 11 | 15 | |
| 12 | 16 | // Is it claiming to be HTTP/1.1? Then it shouldn't do HTTP/1.0 things |
| 13 | 17 | // Blocks some common corporate proxy servers in strict mode |
| 14 | - if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) { |
|
| 15 | - if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) { |
|
| 18 | + if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) |
|
| 19 | + { |
|
| 20 | + if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) |
|
| 21 | + { |
|
| 16 | 22 | return "41feed15"; |
| 17 | 23 | } |
| 18 | 24 | } |
@@ -27,7 +33,8 @@ discard block |
||
| 27 | 33 | // First-gen Amazon Kindle is broken; Amazon has been notified 9/24/08 |
| 28 | 34 | // NOTE: RFC 2965 is obsoleted by RFC 6265. Current software MUST NOT |
| 29 | 35 | // use Cookie2 or $Version in Cookie. |
| 30 | - if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) { |
|
| 36 | + if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) |
|
| 37 | + { |
|
| 31 | 38 | return '6c502ff1'; |
| 32 | 39 | } |
| 33 | 40 | return false; |
@@ -37,7 +44,8 @@ discard block |
||
| 37 | 44 | { |
| 38 | 45 | @$ua = $package['headers_mixed']['User-Agent']; |
| 39 | 46 | |
| 40 | - if (!strcmp($package['request_method'], "POST") && empty($ua)) { |
|
| 47 | + if (!strcmp($package['request_method'], "POST") && empty($ua)) |
|
| 48 | + { |
|
| 41 | 49 | return "f9f2b8b9"; |
| 42 | 50 | } |
| 43 | 51 | |
@@ -46,11 +54,13 @@ discard block |
||
| 46 | 54 | // Worse yet, some Javascript client-side apps do the same in |
| 47 | 55 | // blatant violation of the protocol and good sense. |
| 48 | 56 | // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) { |
| 49 | - if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) { |
|
| 57 | + if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) |
|
| 58 | + { |
|
| 50 | 59 | return "dfd9b1ad"; |
| 51 | 60 | } |
| 52 | 61 | // A pretty nasty SQL injection attack on IIS servers |
| 53 | - if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) { |
|
| 62 | + if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) |
|
| 63 | + { |
|
| 54 | 64 | return "dfd9b1ad"; |
| 55 | 65 | } |
| 56 | 66 | |
@@ -59,14 +69,17 @@ discard block |
||
| 59 | 69 | // NOTE: this blocks the whois.sc bot. No big loss. |
| 60 | 70 | // Exceptions: MT (not fixable); LJ (refuses to fix; may be |
| 61 | 71 | // blocked again in the future); Facebook |
| 62 | - if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) { |
|
| 63 | - if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) { |
|
| 72 | + if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) |
|
| 73 | + { |
|
| 74 | + if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) |
|
| 75 | + { |
|
| 64 | 76 | return "7ad04a8a"; |
| 65 | 77 | } |
| 66 | 78 | } |
| 67 | 79 | |
| 68 | 80 | // Content-Range is a response header, not a request header |
| 69 | - if (array_key_exists('Content-Range', $package['headers_mixed'])) { |
|
| 81 | + if (array_key_exists('Content-Range', $package['headers_mixed'])) |
|
| 82 | + { |
|
| 70 | 83 | return '7d12528e'; |
| 71 | 84 | } |
| 72 | 85 | |
@@ -76,13 +89,16 @@ discard block |
||
| 76 | 89 | if ($settings['strict'] && |
| 77 | 90 | array_key_exists('via', $package['headers']) && |
| 78 | 91 | strpos($package['headers']['via'],'Clearswift') === FALSE && |
| 79 | - strpos($ua,'CoralWebPrx') === FALSE) { |
|
| 92 | + strpos($ua,'CoralWebPrx') === FALSE) |
|
| 93 | + { |
|
| 80 | 94 | return "9c9e4979"; |
| 81 | 95 | } |
| 82 | 96 | |
| 83 | 97 | // pinappleproxy is used by referrer spammers |
| 84 | - if (array_key_exists('Via', $package['headers_mixed'])) { |
|
| 85 | - if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) { |
|
| 98 | + if (array_key_exists('Via', $package['headers_mixed'])) |
|
| 99 | + { |
|
| 100 | + if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) |
|
| 101 | + { |
|
| 86 | 102 | return "939a6fbb"; |
| 87 | 103 | } |
| 88 | 104 | } |
@@ -91,53 +107,65 @@ discard block |
||
| 91 | 107 | // RFC 2616 14.39 |
| 92 | 108 | // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft |
| 93 | 109 | // to obtain a hotfix. |
| 94 | - if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) { |
|
| 95 | - if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) { |
|
| 110 | + if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) |
|
| 111 | + { |
|
| 112 | + if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) |
|
| 113 | + { |
|
| 96 | 114 | return "582ec5e4"; |
| 97 | 115 | } |
| 98 | 116 | } |
| 99 | 117 | |
| 100 | - if (array_key_exists('Connection', $package['headers_mixed'])) { |
|
| 118 | + if (array_key_exists('Connection', $package['headers_mixed'])) |
|
| 119 | + { |
|
| 101 | 120 | // Connection: keep-alive and close are mutually exclusive |
| 102 | - if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) { |
|
| 121 | + if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) |
|
| 122 | + { |
|
| 103 | 123 | return "a52f0448"; |
| 104 | 124 | } |
| 105 | 125 | // Close shouldn't appear twice |
| 106 | - if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) { |
|
| 126 | + if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) |
|
| 127 | + { |
|
| 107 | 128 | return "a52f0448"; |
| 108 | 129 | } |
| 109 | 130 | // Keey-Alive shouldn't appear twice either |
| 110 | - if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) { |
|
| 131 | + if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) |
|
| 132 | + { |
|
| 111 | 133 | return "a52f0448"; |
| 112 | 134 | } |
| 113 | 135 | // Keep-Alive format in RFC 2068; some bots mangle these headers |
| 114 | - if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) { |
|
| 136 | + if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) |
|
| 137 | + { |
|
| 115 | 138 | return "b0924802"; |
| 116 | 139 | } |
| 117 | 140 | } |
| 118 | 141 | |
| 119 | 142 | |
| 120 | 143 | // Headers which are not seen from normal user agents; only malicious bots |
| 121 | - if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) { |
|
| 144 | + if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) |
|
| 145 | + { |
|
| 122 | 146 | return "b9cc1d86"; |
| 123 | 147 | } |
| 124 | 148 | // Proxy-Connection does not exist and should never be seen in the wild |
| 125 | 149 | // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html |
| 126 | 150 | // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html |
| 127 | - if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) { |
|
| 151 | + if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) |
|
| 152 | + { |
|
| 128 | 153 | return "b7830251"; |
| 129 | 154 | } |
| 130 | 155 | |
| 131 | - if (array_key_exists('Referer', $package['headers_mixed'])) { |
|
| 156 | + if (array_key_exists('Referer', $package['headers_mixed'])) |
|
| 157 | + { |
|
| 132 | 158 | // Referer, if it exists, must not be blank |
| 133 | - if (empty($package['headers_mixed']['Referer'])) { |
|
| 159 | + if (empty($package['headers_mixed']['Referer'])) |
|
| 160 | + { |
|
| 134 | 161 | return "69920ee5"; |
| 135 | 162 | } |
| 136 | 163 | |
| 137 | 164 | // Referer, if it exists, must contain a : |
| 138 | 165 | // While a relative URL is technically valid in Referer, all known |
| 139 | 166 | // legitimate user-agents send an absolute URL |
| 140 | - if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) { |
|
| 167 | + if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) |
|
| 168 | + { |
|
| 141 | 169 | return "45b35e30"; |
| 142 | 170 | } |
| 143 | 171 | } |
@@ -5,14 +5,14 @@ discard block |
||
| 5 | 5 | function bb2_protocol($settings, $package) |
| 6 | 6 | { |
| 7 | 7 | // We should never see Expect: for HTTP/1.0 requests |
| 8 | - if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) { |
|
| 8 | + if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== false && !strcmp($package['server_protocol'], "HTTP/1.0")) { |
|
| 9 | 9 | return "a0105122"; |
| 10 | 10 | } |
| 11 | 11 | |
| 12 | 12 | // Is it claiming to be HTTP/1.1? Then it shouldn't do HTTP/1.0 things |
| 13 | 13 | // Blocks some common corporate proxy servers in strict mode |
| 14 | 14 | if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) { |
| 15 | - if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) { |
|
| 15 | + if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== false && !array_key_exists('Cache-Control', $package['headers_mixed'])) { |
|
| 16 | 16 | return "41feed15"; |
| 17 | 17 | } |
| 18 | 18 | } |
@@ -27,7 +27,7 @@ discard block |
||
| 27 | 27 | // First-gen Amazon Kindle is broken; Amazon has been notified 9/24/08 |
| 28 | 28 | // NOTE: RFC 2965 is obsoleted by RFC 6265. Current software MUST NOT |
| 29 | 29 | // use Cookie2 or $Version in Cookie. |
| 30 | - if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) { |
|
| 30 | + if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== false && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === false) { |
|
| 31 | 31 | return '6c502ff1'; |
| 32 | 32 | } |
| 33 | 33 | return false; |
@@ -46,11 +46,11 @@ discard block |
||
| 46 | 46 | // Worse yet, some Javascript client-side apps do the same in |
| 47 | 47 | // blatant violation of the protocol and good sense. |
| 48 | 48 | // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) { |
| 49 | - if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) { |
|
| 49 | + if ($settings['strict'] && strpos($package['request_uri'], "#") !== false) { |
|
| 50 | 50 | return "dfd9b1ad"; |
| 51 | 51 | } |
| 52 | 52 | // A pretty nasty SQL injection attack on IIS servers |
| 53 | - if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) { |
|
| 53 | + if (strpos($package['request_uri'], ";DECLARE%20@") !== false) { |
|
| 54 | 54 | return "dfd9b1ad"; |
| 55 | 55 | } |
| 56 | 56 | |
@@ -59,7 +59,7 @@ discard block |
||
| 59 | 59 | // NOTE: this blocks the whois.sc bot. No big loss. |
| 60 | 60 | // Exceptions: MT (not fixable); LJ (refuses to fix; may be |
| 61 | 61 | // blocked again in the future); Facebook |
| 62 | - if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) { |
|
| 62 | + if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== false) { |
|
| 63 | 63 | if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) { |
| 64 | 64 | return "7ad04a8a"; |
| 65 | 65 | } |
@@ -75,14 +75,14 @@ discard block |
||
| 75 | 75 | // may be blocked again in the future) |
| 76 | 76 | if ($settings['strict'] && |
| 77 | 77 | array_key_exists('via', $package['headers']) && |
| 78 | - strpos($package['headers']['via'],'Clearswift') === FALSE && |
|
| 79 | - strpos($ua,'CoralWebPrx') === FALSE) { |
|
| 78 | + strpos($package['headers']['via'],'Clearswift') === false && |
|
| 79 | + strpos($ua,'CoralWebPrx') === false) { |
|
| 80 | 80 | return "9c9e4979"; |
| 81 | 81 | } |
| 82 | 82 | |
| 83 | 83 | // pinappleproxy is used by referrer spammers |
| 84 | 84 | if (array_key_exists('Via', $package['headers_mixed'])) { |
| 85 | - if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) { |
|
| 85 | + if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== false || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== false || stripos($package['headers_mixed']['Via'], "Invisiware") !== false) { |
|
| 86 | 86 | return "939a6fbb"; |
| 87 | 87 | } |
| 88 | 88 | } |
@@ -111,7 +111,7 @@ discard block |
||
| 111 | 111 | return "a52f0448"; |
| 112 | 112 | } |
| 113 | 113 | // Keep-Alive format in RFC 2068; some bots mangle these headers |
| 114 | - if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) { |
|
| 114 | + if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== false) { |
|
| 115 | 115 | return "b0924802"; |
| 116 | 116 | } |
| 117 | 117 | } |
@@ -137,7 +137,7 @@ discard block |
||
| 137 | 137 | // Referer, if it exists, must contain a : |
| 138 | 138 | // While a relative URL is technically valid in Referer, all known |
| 139 | 139 | // legitimate user-agents send an absolute URL |
| 140 | - if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) { |
|
| 140 | + if (strpos($package['headers_mixed']['Referer'], ":") === false) { |
|
| 141 | 141 | return "45b35e30"; |
| 142 | 142 | } |
| 143 | 143 | } |
@@ -75,8 +75,8 @@ |
||
| 75 | 75 | // may be blocked again in the future) |
| 76 | 76 | if ($settings['strict'] && |
| 77 | 77 | array_key_exists('via', $package['headers']) && |
| 78 | - strpos($package['headers']['via'],'Clearswift') === FALSE && |
|
| 79 | - strpos($ua,'CoralWebPrx') === FALSE) { |
|
| 78 | + strpos($package['headers']['via'], 'Clearswift') === FALSE && |
|
| 79 | + strpos($ua, 'CoralWebPrx') === FALSE) { |
|
| 80 | 80 | return "9c9e4979"; |
| 81 | 81 | } |
| 82 | 82 | |
@@ -1,28 +1,37 @@ discard block |
||
| 1 | -<?php if (!defined('BB2_CORE')) die("I said no cheating!"); |
|
| 1 | +<?php if (!defined('BB2_CORE')) |
|
| 2 | +{ |
|
| 3 | + die("I said no cheating!"); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | 6 | // Miscellaneous helper functions. |
| 4 | 7 | |
| 5 | 8 | // Quick and dirty check for an IPv6 address |
| 6 | -function is_ipv6($address) { |
|
| 9 | +function is_ipv6($address) |
|
| 10 | +{ |
|
| 7 | 11 | return (strpos($address, ":")) ? TRUE : FALSE; |
| 8 | 12 | } |
| 9 | 13 | |
| 10 | 14 | // stripos() needed because stripos is only present on PHP 5 |
| 11 | -if (!function_exists('stripos')) { |
|
| 12 | - function stripos($haystack,$needle,$offset = 0) { |
|
| 15 | +if (!function_exists('stripos')) |
|
| 16 | +{ |
|
| 17 | + function stripos($haystack,$needle,$offset = 0) |
|
| 18 | + { |
|
| 13 | 19 | return(strpos(strtolower($haystack),strtolower($needle),$offset)); |
| 14 | 20 | } |
| 15 | 21 | } |
| 16 | 22 | |
| 17 | 23 | // str_split() needed because str_split is only present on PHP 5 |
| 18 | -if (!function_exists('str_split')) { |
|
| 24 | +if (!function_exists('str_split')) |
|
| 25 | +{ |
|
| 19 | 26 | function str_split($string, $split_length=1) |
| 20 | 27 | { |
| 21 | - if ($split_length < 1) { |
|
| 28 | + if ($split_length < 1) |
|
| 29 | + { |
|
| 22 | 30 | return false; |
| 23 | 31 | } |
| 24 | 32 | |
| 25 | - for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) { |
|
| 33 | + for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) |
|
| 34 | + { |
|
| 26 | 35 | $chunks[] = substr($string, $pos, $split_length); |
| 27 | 36 | } |
| 28 | 37 | return $chunks; |
@@ -30,28 +39,39 @@ discard block |
||
| 30 | 39 | } |
| 31 | 40 | |
| 32 | 41 | // Convert a string to mixed-case on word boundaries. |
| 33 | -function uc_all($string) { |
|
| 42 | +function uc_all($string) |
|
| 43 | +{ |
|
| 34 | 44 | $temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE); |
| 35 | - foreach ($temp as $key=>$word) { |
|
| 45 | + foreach ($temp as $key=>$word) |
|
| 46 | + { |
|
| 36 | 47 | $temp[$key] = ucfirst(strtolower($word)); |
| 37 | 48 | } |
| 38 | 49 | return join ('', $temp); |
| 39 | 50 | } |
| 40 | 51 | |
| 41 | 52 | // Determine if an IP address resides in a CIDR netblock or netblocks. |
| 42 | -function match_cidr($addr, $cidr) { |
|
| 53 | +function match_cidr($addr, $cidr) |
|
| 54 | +{ |
|
| 43 | 55 | $output = false; |
| 44 | 56 | |
| 45 | - if (is_array($cidr)) { |
|
| 46 | - foreach ($cidr as $cidrlet) { |
|
| 47 | - if (match_cidr($addr, $cidrlet)) { |
|
| 57 | + if (is_array($cidr)) |
|
| 58 | + { |
|
| 59 | + foreach ($cidr as $cidrlet) |
|
| 60 | + { |
|
| 61 | + if (match_cidr($addr, $cidrlet)) |
|
| 62 | + { |
|
| 48 | 63 | $output = true; |
| 49 | 64 | break; |
| 50 | 65 | } |
| 51 | 66 | } |
| 52 | - } else { |
|
| 67 | + } |
|
| 68 | + else |
|
| 69 | + { |
|
| 53 | 70 | @list($ip, $mask) = explode('/', $cidr); |
| 54 | - if (!$mask) $mask = 32; |
|
| 71 | + if (!$mask) |
|
| 72 | + { |
|
| 73 | + $mask = 32; |
|
| 74 | + } |
|
| 55 | 75 | $mask = pow(2,32) - pow(2, (32 - $mask)); |
| 56 | 76 | $output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); |
| 57 | 77 | } |
@@ -59,19 +79,26 @@ discard block |
||
| 59 | 79 | } |
| 60 | 80 | |
| 61 | 81 | // Determine if an IP address is reserved by RFC 1918. |
| 62 | -function is_rfc1918($addr) { |
|
| 82 | +function is_rfc1918($addr) |
|
| 83 | +{ |
|
| 63 | 84 | return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16")); |
| 64 | 85 | } |
| 65 | 86 | // Obtain all the HTTP headers. |
| 66 | 87 | // NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL |
| 67 | 88 | // headers. Run PHP as Apache 2.0 module if possible for best results. |
| 68 | -function bb2_load_headers() { |
|
| 69 | - if (!is_callable('getallheaders')) { |
|
| 89 | +function bb2_load_headers() |
|
| 90 | +{ |
|
| 91 | + if (!is_callable('getallheaders')) |
|
| 92 | + { |
|
| 70 | 93 | $headers = array(); |
| 71 | 94 | foreach ($_SERVER as $h => $v) |
| 72 | - if (preg_match('/HTTP_(.+)/', $h, $hp)) |
|
| 95 | + { |
|
| 96 | + if (preg_match('/HTTP_(.+)/', $h, $hp)) |
|
| 73 | 97 | $headers[str_replace("_", "-", uc_all($hp[1]))] = $v; |
| 74 | - } else { |
|
| 98 | + } |
|
| 99 | + } |
|
| 100 | + else |
|
| 101 | + { |
|
| 75 | 102 | $headers = getallheaders(); |
| 76 | 103 | } |
| 77 | 104 | return $headers; |
@@ -4,7 +4,7 @@ |
||
| 4 | 4 | |
| 5 | 5 | // Quick and dirty check for an IPv6 address |
| 6 | 6 | function is_ipv6($address) { |
| 7 | - return (strpos($address, ":")) ? TRUE : FALSE; |
|
| 7 | + return (strpos($address, ":")) ? true : false; |
|
| 8 | 8 | } |
| 9 | 9 | |
| 10 | 10 | // stripos() needed because stripos is only present on PHP 5 |
@@ -9,20 +9,20 @@ discard block |
||
| 9 | 9 | |
| 10 | 10 | // stripos() needed because stripos is only present on PHP 5 |
| 11 | 11 | if (!function_exists('stripos')) { |
| 12 | - function stripos($haystack,$needle,$offset = 0) { |
|
| 13 | - return(strpos(strtolower($haystack),strtolower($needle),$offset)); |
|
| 12 | + function stripos($haystack, $needle, $offset = 0) { |
|
| 13 | + return(strpos(strtolower($haystack), strtolower($needle), $offset)); |
|
| 14 | 14 | } |
| 15 | 15 | } |
| 16 | 16 | |
| 17 | 17 | // str_split() needed because str_split is only present on PHP 5 |
| 18 | 18 | if (!function_exists('str_split')) { |
| 19 | - function str_split($string, $split_length=1) |
|
| 19 | + function str_split($string, $split_length = 1) |
|
| 20 | 20 | { |
| 21 | 21 | if ($split_length < 1) { |
| 22 | 22 | return false; |
| 23 | 23 | } |
| 24 | 24 | |
| 25 | - for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) { |
|
| 25 | + for ($pos = 0, $chunks = array(); $pos < strlen($string); $pos += $split_length) { |
|
| 26 | 26 | $chunks[] = substr($string, $pos, $split_length); |
| 27 | 27 | } |
| 28 | 28 | return $chunks; |
@@ -35,7 +35,7 @@ discard block |
||
| 35 | 35 | foreach ($temp as $key=>$word) { |
| 36 | 36 | $temp[$key] = ucfirst(strtolower($word)); |
| 37 | 37 | } |
| 38 | - return join ('', $temp); |
|
| 38 | + return join('', $temp); |
|
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | // Determine if an IP address resides in a CIDR netblock or netblocks. |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | } else { |
| 53 | 53 | @list($ip, $mask) = explode('/', $cidr); |
| 54 | 54 | if (!$mask) $mask = 32; |
| 55 | - $mask = pow(2,32) - pow(2, (32 - $mask)); |
|
| 55 | + $mask = pow(2, 32) - pow(2, (32 - $mask)); |
|
| 56 | 56 | $output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); |
| 57 | 57 | } |
| 58 | 58 | return $output; |
@@ -1,6 +1,10 @@ discard block |
||
| 1 | -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); |
|
| 1 | +<?php if (!defined('BB2_CORE')) |
|
| 2 | +{ |
|
| 3 | + die('I said no cheating!'); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | -function bb2_blacklist($package) { |
|
| 6 | +function bb2_blacklist($package) |
|
| 7 | +{ |
|
| 4 | 8 | |
| 5 | 9 | // Blacklisted user agents |
| 6 | 10 | // These user agent strings occur at the beginning of the line. |
@@ -166,27 +170,35 @@ discard block |
||
| 166 | 170 | @$ua = $package['headers_mixed']['User-Agent']; |
| 167 | 171 | @$uri = $package['request_uri']; |
| 168 | 172 | |
| 169 | - foreach ($bb2_spambots_0 as $spambot) { |
|
| 173 | + foreach ($bb2_spambots_0 as $spambot) |
|
| 174 | + { |
|
| 170 | 175 | $pos = strpos($ua, $spambot); |
| 171 | - if ($pos !== FALSE && $pos == 0) { |
|
| 176 | + if ($pos !== FALSE && $pos == 0) |
|
| 177 | + { |
|
| 172 | 178 | return "17f4e8c8"; |
| 173 | 179 | } |
| 174 | 180 | } |
| 175 | 181 | |
| 176 | - foreach ($bb2_spambots as $spambot) { |
|
| 177 | - if (strpos($ua, $spambot) !== FALSE) { |
|
| 182 | + foreach ($bb2_spambots as $spambot) |
|
| 183 | + { |
|
| 184 | + if (strpos($ua, $spambot) !== FALSE) |
|
| 185 | + { |
|
| 178 | 186 | return "17f4e8c8"; |
| 179 | 187 | } |
| 180 | 188 | } |
| 181 | 189 | |
| 182 | - foreach ($bb2_spambots_regex as $spambot) { |
|
| 183 | - if (preg_match($spambot, $ua)) { |
|
| 190 | + foreach ($bb2_spambots_regex as $spambot) |
|
| 191 | + { |
|
| 192 | + if (preg_match($spambot, $ua)) |
|
| 193 | + { |
|
| 184 | 194 | return "17f4e8c8"; |
| 185 | 195 | } |
| 186 | 196 | } |
| 187 | 197 | |
| 188 | - foreach ($bb2_spambots_url as $spambot) { |
|
| 189 | - if (stripos($uri, $spambot) !== FALSE) { |
|
| 198 | + foreach ($bb2_spambots_url as $spambot) |
|
| 199 | + { |
|
| 200 | + if (stripos($uri, $spambot) !== FALSE) |
|
| 201 | + { |
|
| 190 | 202 | return "96c0bd29"; |
| 191 | 203 | } |
| 192 | 204 | } |
@@ -168,13 +168,13 @@ discard block |
||
| 168 | 168 | |
| 169 | 169 | foreach ($bb2_spambots_0 as $spambot) { |
| 170 | 170 | $pos = strpos($ua, $spambot); |
| 171 | - if ($pos !== FALSE && $pos == 0) { |
|
| 171 | + if ($pos !== false && $pos == 0) { |
|
| 172 | 172 | return "17f4e8c8"; |
| 173 | 173 | } |
| 174 | 174 | } |
| 175 | 175 | |
| 176 | 176 | foreach ($bb2_spambots as $spambot) { |
| 177 | - if (strpos($ua, $spambot) !== FALSE) { |
|
| 177 | + if (strpos($ua, $spambot) !== false) { |
|
| 178 | 178 | return "17f4e8c8"; |
| 179 | 179 | } |
| 180 | 180 | } |
@@ -186,10 +186,10 @@ discard block |
||
| 186 | 186 | } |
| 187 | 187 | |
| 188 | 188 | foreach ($bb2_spambots_url as $spambot) { |
| 189 | - if (stripos($uri, $spambot) !== FALSE) { |
|
| 189 | + if (stripos($uri, $spambot) !== false) { |
|
| 190 | 190 | return "96c0bd29"; |
| 191 | 191 | } |
| 192 | 192 | } |
| 193 | 193 | |
| 194 | - return FALSE; |
|
| 194 | + return false; |
|
| 195 | 195 | } |
@@ -5,160 +5,160 @@ |
||
| 5 | 5 | // Blacklisted user agents |
| 6 | 6 | // These user agent strings occur at the beginning of the line. |
| 7 | 7 | $bb2_spambots_0 = array( |
| 8 | - "-", // brute force password attempts, malicious botnet |
|
| 9 | - "8484 Boston Project", // video poker/porn spam |
|
| 10 | - "ArchiveTeam", // ignores robots.txt and hammers server |
|
| 11 | - "adwords", // referrer spam |
|
| 12 | - "autoemailspider", // spam harvester |
|
| 13 | - "blogsearchbot-martin", // from honeypot |
|
| 14 | - "BrowserEmulator/", // open proxy software |
|
| 15 | - "CherryPicker", // spam harvester |
|
| 16 | - "core-project/", // FrontPage extension exploits |
|
| 17 | - "Diamond", // delivers spyware/adware |
|
| 18 | - "Digger", // spam harvester |
|
| 19 | - "ecollector", // spam harvester |
|
| 20 | - "EmailCollector", // spam harvester |
|
| 21 | - "Email Siphon", // spam harvester |
|
| 22 | - "EmailSiphon", // spam harvester |
|
| 23 | - "Forum Poster", // forum spambot |
|
| 24 | - "grub crawler", // misc comment/email spam |
|
| 25 | - "HttpProxy", // misc comment/email spam |
|
| 26 | - "Internet Explorer", // XMLRPC exploits seen |
|
| 27 | - "ISC Systems iRc", // spam harvester |
|
| 28 | - "Jakarta Commons", // customised spambots |
|
| 29 | - "Java 1.", // unidentified robots |
|
| 30 | - "Java/1.", // unidentified robots |
|
| 31 | - "libwww-perl", // unidentified robots |
|
| 32 | - "LWP", // unidentified robots |
|
| 33 | - "lwp", // unidentified robots |
|
| 34 | - "Microsoft Internet Explorer/", // too old; assumed robot |
|
| 35 | - "Microsoft URL", // unidentified robots |
|
| 36 | - "Missigua", // spam harvester |
|
| 37 | - "MJ12bot/v1.0.8", // malicious botnet |
|
| 38 | - "Morfeus", // vulnerability scanner |
|
| 39 | - "Movable Type", // customised spambots |
|
| 8 | + "-", // brute force password attempts, malicious botnet |
|
| 9 | + "8484 Boston Project", // video poker/porn spam |
|
| 10 | + "ArchiveTeam", // ignores robots.txt and hammers server |
|
| 11 | + "adwords", // referrer spam |
|
| 12 | + "autoemailspider", // spam harvester |
|
| 13 | + "blogsearchbot-martin", // from honeypot |
|
| 14 | + "BrowserEmulator/", // open proxy software |
|
| 15 | + "CherryPicker", // spam harvester |
|
| 16 | + "core-project/", // FrontPage extension exploits |
|
| 17 | + "Diamond", // delivers spyware/adware |
|
| 18 | + "Digger", // spam harvester |
|
| 19 | + "ecollector", // spam harvester |
|
| 20 | + "EmailCollector", // spam harvester |
|
| 21 | + "Email Siphon", // spam harvester |
|
| 22 | + "EmailSiphon", // spam harvester |
|
| 23 | + "Forum Poster", // forum spambot |
|
| 24 | + "grub crawler", // misc comment/email spam |
|
| 25 | + "HttpProxy", // misc comment/email spam |
|
| 26 | + "Internet Explorer", // XMLRPC exploits seen |
|
| 27 | + "ISC Systems iRc", // spam harvester |
|
| 28 | + "Jakarta Commons", // customised spambots |
|
| 29 | + "Java 1.", // unidentified robots |
|
| 30 | + "Java/1.", // unidentified robots |
|
| 31 | + "libwww-perl", // unidentified robots |
|
| 32 | + "LWP", // unidentified robots |
|
| 33 | + "lwp", // unidentified robots |
|
| 34 | + "Microsoft Internet Explorer/", // too old; assumed robot |
|
| 35 | + "Microsoft URL", // unidentified robots |
|
| 36 | + "Missigua", // spam harvester |
|
| 37 | + "MJ12bot/v1.0.8", // malicious botnet |
|
| 38 | + "Morfeus", // vulnerability scanner |
|
| 39 | + "Movable Type", // customised spambots |
|
| 40 | 40 | // msnbot is using this fake user agent string now |
| 41 | 41 | //"Mozilla ", // malicious software |
| 42 | - "Mozilla/0", // malicious software |
|
| 43 | - "Mozilla/1", // malicious software |
|
| 44 | - "Mozilla/2", // malicious software |
|
| 45 | - "Mozilla/3", // malicious software |
|
| 46 | - "Mozilla/4.0(", // from honeypot |
|
| 47 | - "Mozilla/4.0+(compatible;+", // suspicious harvester |
|
| 48 | - "Mozilla/4.0 (Hydra)", // brute force tool |
|
| 49 | - "MSIE", // malicious software |
|
| 50 | - "MVAClient", // automated hacking attempts |
|
| 51 | - "Nessus", // vulnerability scanner |
|
| 52 | - "NutchCVS", // unidentified robots |
|
| 53 | - "Nutscrape/", // misc comment spam |
|
| 54 | - "OmniExplorer", // spam harvester |
|
| 55 | - "Opera/9.64(", // comment spam bot |
|
| 56 | - "PMAFind", // vulnerability scanner |
|
| 57 | - "psycheclone", // spam harvester |
|
| 58 | - "PussyCat ", // misc comment spam |
|
| 59 | - "PycURL", // misc comment spam |
|
| 60 | - "Python-urllib", // commonly abused |
|
| 61 | - "revolt", // vulnerability scanner |
|
| 42 | + "Mozilla/0", // malicious software |
|
| 43 | + "Mozilla/1", // malicious software |
|
| 44 | + "Mozilla/2", // malicious software |
|
| 45 | + "Mozilla/3", // malicious software |
|
| 46 | + "Mozilla/4.0(", // from honeypot |
|
| 47 | + "Mozilla/4.0+(compatible;+", // suspicious harvester |
|
| 48 | + "Mozilla/4.0 (Hydra)", // brute force tool |
|
| 49 | + "MSIE", // malicious software |
|
| 50 | + "MVAClient", // automated hacking attempts |
|
| 51 | + "Nessus", // vulnerability scanner |
|
| 52 | + "NutchCVS", // unidentified robots |
|
| 53 | + "Nutscrape/", // misc comment spam |
|
| 54 | + "OmniExplorer", // spam harvester |
|
| 55 | + "Opera/9.64(", // comment spam bot |
|
| 56 | + "PMAFind", // vulnerability scanner |
|
| 57 | + "psycheclone", // spam harvester |
|
| 58 | + "PussyCat ", // misc comment spam |
|
| 59 | + "PycURL", // misc comment spam |
|
| 60 | + "Python-urllib", // commonly abused |
|
| 61 | + "revolt", // vulnerability scanner |
|
| 62 | 62 | // WP 2.5 now has Flash; FIXME |
| 63 | 63 | // "Shockwave Flash", // spam harvester |
| 64 | - "sqlmap/", // SQL injection |
|
| 65 | - "Super Happy Fun ", // spam harvester |
|
| 66 | - "TrackBack/", // trackback spam |
|
| 67 | - "user", // suspicious harvester |
|
| 68 | - "User Agent: ", // spam harvester |
|
| 69 | - "User-Agent: ", // spam harvester |
|
| 70 | - "w3af", // vulnerability scanner |
|
| 71 | - "WebSite-X Suite", // misc comment spam |
|
| 72 | - "Winnie Poh", // Automated Coppermine hacks |
|
| 73 | - "Wordpress", // malicious software |
|
| 74 | - "\"", // malicious software |
|
| 64 | + "sqlmap/", // SQL injection |
|
| 65 | + "Super Happy Fun ", // spam harvester |
|
| 66 | + "TrackBack/", // trackback spam |
|
| 67 | + "user", // suspicious harvester |
|
| 68 | + "User Agent: ", // spam harvester |
|
| 69 | + "User-Agent: ", // spam harvester |
|
| 70 | + "w3af", // vulnerability scanner |
|
| 71 | + "WebSite-X Suite", // misc comment spam |
|
| 72 | + "Winnie Poh", // Automated Coppermine hacks |
|
| 73 | + "Wordpress", // malicious software |
|
| 74 | + "\"", // malicious software |
|
| 75 | 75 | ); |
| 76 | 76 | |
| 77 | 77 | // These user agent strings occur anywhere within the line. |
| 78 | 78 | $bb2_spambots = array( |
| 79 | - "\r", // A really dumb bot |
|
| 80 | - "<sc", // XSS exploit attempts |
|
| 81 | - "; Widows ", // misc comment/email spam |
|
| 82 | - ": ;", // shellshock |
|
| 83 | - ":;", // shellshock |
|
| 84 | - "a href=", // referrer spam |
|
| 85 | - "ArchiveBot", // ignores robots.txt and hammers server |
|
| 86 | - "Bad Behavior Test", // Add this to your user-agent to test BB |
|
| 87 | - "compatible ; MSIE", // misc comment/email spam |
|
| 88 | - "compatible-", // misc comment/email spam |
|
| 89 | - "DTS Agent", // misc comment/email spam |
|
| 90 | - "Email Extractor", // spam harvester |
|
| 91 | - "Firebird/", // too old; assumed robot |
|
| 92 | - "Gecko/2525", // revisit this in 500 years |
|
| 93 | - "grub-client", // search engine ignores robots.txt |
|
| 94 | - "hanzoweb", // very badly behaved crawler |
|
| 95 | - "Havij", // SQL injection tool |
|
| 96 | - "Indy Library", // misc comment/email spam |
|
| 97 | - "Ming Mong", // brute force tool |
|
| 98 | - "MSIE 7.0; Windows NT 5.2", // Cyveillance |
|
| 99 | - "Murzillo compatible", // comment spam bot |
|
| 100 | - ".NET CLR 1)", // free poker, etc. |
|
| 101 | - ".NET CLR1", // spam harvester |
|
| 102 | - "Netsparker", // vulnerability scanner |
|
| 103 | - "Nikto/", // vulnerability scanner |
|
| 104 | - "Perman Surfer", // old and very broken harvester |
|
| 105 | - "POE-Component-Client", // free poker, etc. |
|
| 106 | - "Teh Forest Lobster", // brute force tool |
|
| 107 | - "Turing Machine", // www.anonymizer.com abuse |
|
| 108 | - "Ubuntu/9.25", // comment spam bot |
|
| 109 | - "unspecified.mail", // stealth harvesters |
|
| 110 | - "User-agent: ", // spam harvester/splogger |
|
| 111 | - "WebaltBot", // spam harvester |
|
| 112 | - "WISEbot", // spam harvester |
|
| 113 | - "WISEnutbot", // spam harvester |
|
| 114 | - "Win95", // too old; assumed robot |
|
| 115 | - "Win98", // too old; assumed robot |
|
| 116 | - "WinME", // too old; assumed robot |
|
| 117 | - "Win 9x 4.90", // too old; assumed robot |
|
| 118 | - "Windows 3", // too old; assumed robot |
|
| 119 | - "Windows 95", // too old; assumed robot |
|
| 120 | - "Windows 98", // too old; assumed robot |
|
| 121 | - "Windows NT 4", // too old; assumed robot |
|
| 122 | - "Windows NT;", // too old; assumed robot |
|
| 79 | + "\r", // A really dumb bot |
|
| 80 | + "<sc", // XSS exploit attempts |
|
| 81 | + "; Widows ", // misc comment/email spam |
|
| 82 | + ": ;", // shellshock |
|
| 83 | + ":;", // shellshock |
|
| 84 | + "a href=", // referrer spam |
|
| 85 | + "ArchiveBot", // ignores robots.txt and hammers server |
|
| 86 | + "Bad Behavior Test", // Add this to your user-agent to test BB |
|
| 87 | + "compatible ; MSIE", // misc comment/email spam |
|
| 88 | + "compatible-", // misc comment/email spam |
|
| 89 | + "DTS Agent", // misc comment/email spam |
|
| 90 | + "Email Extractor", // spam harvester |
|
| 91 | + "Firebird/", // too old; assumed robot |
|
| 92 | + "Gecko/2525", // revisit this in 500 years |
|
| 93 | + "grub-client", // search engine ignores robots.txt |
|
| 94 | + "hanzoweb", // very badly behaved crawler |
|
| 95 | + "Havij", // SQL injection tool |
|
| 96 | + "Indy Library", // misc comment/email spam |
|
| 97 | + "Ming Mong", // brute force tool |
|
| 98 | + "MSIE 7.0; Windows NT 5.2", // Cyveillance |
|
| 99 | + "Murzillo compatible", // comment spam bot |
|
| 100 | + ".NET CLR 1)", // free poker, etc. |
|
| 101 | + ".NET CLR1", // spam harvester |
|
| 102 | + "Netsparker", // vulnerability scanner |
|
| 103 | + "Nikto/", // vulnerability scanner |
|
| 104 | + "Perman Surfer", // old and very broken harvester |
|
| 105 | + "POE-Component-Client", // free poker, etc. |
|
| 106 | + "Teh Forest Lobster", // brute force tool |
|
| 107 | + "Turing Machine", // www.anonymizer.com abuse |
|
| 108 | + "Ubuntu/9.25", // comment spam bot |
|
| 109 | + "unspecified.mail", // stealth harvesters |
|
| 110 | + "User-agent: ", // spam harvester/splogger |
|
| 111 | + "WebaltBot", // spam harvester |
|
| 112 | + "WISEbot", // spam harvester |
|
| 113 | + "WISEnutbot", // spam harvester |
|
| 114 | + "Win95", // too old; assumed robot |
|
| 115 | + "Win98", // too old; assumed robot |
|
| 116 | + "WinME", // too old; assumed robot |
|
| 117 | + "Win 9x 4.90", // too old; assumed robot |
|
| 118 | + "Windows 3", // too old; assumed robot |
|
| 119 | + "Windows 95", // too old; assumed robot |
|
| 120 | + "Windows 98", // too old; assumed robot |
|
| 121 | + "Windows NT 4", // too old; assumed robot |
|
| 122 | + "Windows NT;", // too old; assumed robot |
|
| 123 | 123 | #"Windows NT 4.0;)", // wikispam bot |
| 124 | - "Windows NT 5.0;)", // wikispam bot |
|
| 125 | - "Windows NT 5.1;)", // wikispam bot |
|
| 126 | - "Windows XP 5", // spam harvester |
|
| 127 | - "WordPress/4.01", // pingback spam |
|
| 128 | - "Xedant Human Emulator",// spammer script engine |
|
| 129 | - "ZmEu", // exploit scanner |
|
| 130 | - "\\\\)", // spam harvester |
|
| 124 | + "Windows NT 5.0;)", // wikispam bot |
|
| 125 | + "Windows NT 5.1;)", // wikispam bot |
|
| 126 | + "Windows XP 5", // spam harvester |
|
| 127 | + "WordPress/4.01", // pingback spam |
|
| 128 | + "Xedant Human Emulator", // spammer script engine |
|
| 129 | + "ZmEu", // exploit scanner |
|
| 130 | + "\\\\)", // spam harvester |
|
| 131 | 131 | ); |
| 132 | 132 | |
| 133 | 133 | // These are regular expression matches. |
| 134 | 134 | $bb2_spambots_regex = array( |
| 135 | - "/^[A-Z]{10}$/", // misc email spam |
|
| 135 | + "/^[A-Z]{10}$/", // misc email spam |
|
| 136 | 136 | "/[bcdfghjklmnpqrstvwxz ]{8,}/", |
| 137 | 137 | // "/(;\){1,2}$/", // misc spammers/harvesters |
| 138 | - "/MSIE.*Windows XP/", // misc comment spam |
|
| 139 | - "/MSIE [2345]/", // too old; assumed robot |
|
| 138 | + "/MSIE.*Windows XP/", // misc comment spam |
|
| 139 | + "/MSIE [2345]/", // too old; assumed robot |
|
| 140 | 140 | ); |
| 141 | 141 | |
| 142 | 142 | // Blacklisted URL strings |
| 143 | 143 | // These strings are considered case-insensitive. |
| 144 | 144 | $bb2_spambots_url = array( |
| 145 | - "0x31303235343830303536", // Havij |
|
| 146 | - "../", // path traversal |
|
| 147 | - "..\\", // path traversal |
|
| 148 | - "%60information_schema%60", // SQL injection probe |
|
| 149 | - "+%2F*%21", // SQL injection probe |
|
| 150 | - "%27--", // SQL injection |
|
| 151 | - "%27 --", // SQL injection |
|
| 152 | - "%27%23", // SQL injection |
|
| 153 | - "%27 %23", // SQL injection |
|
| 154 | - "benchmark%28", // SQL injection probe |
|
| 155 | - "insert+into+", // SQL injection |
|
| 156 | - "r3dm0v3", // SQL injection probe |
|
| 157 | - "select+1+from", // SQL injection probe |
|
| 158 | - "union+all+select", // SQL injection probe |
|
| 159 | - "union+select", // SQL injection probe |
|
| 160 | - "waitfor+delay+", // SQL injection probe |
|
| 161 | - "w00tw00t", // vulnerability scanner |
|
| 145 | + "0x31303235343830303536", // Havij |
|
| 146 | + "../", // path traversal |
|
| 147 | + "..\\", // path traversal |
|
| 148 | + "%60information_schema%60", // SQL injection probe |
|
| 149 | + "+%2F*%21", // SQL injection probe |
|
| 150 | + "%27--", // SQL injection |
|
| 151 | + "%27 --", // SQL injection |
|
| 152 | + "%27%23", // SQL injection |
|
| 153 | + "%27 %23", // SQL injection |
|
| 154 | + "benchmark%28", // SQL injection probe |
|
| 155 | + "insert+into+", // SQL injection |
|
| 156 | + "r3dm0v3", // SQL injection probe |
|
| 157 | + "select+1+from", // SQL injection probe |
|
| 158 | + "union+all+select", // SQL injection probe |
|
| 159 | + "union+select", // SQL injection probe |
|
| 160 | + "waitfor+delay+", // SQL injection probe |
|
| 161 | + "w00tw00t", // vulnerability scanner |
|
| 162 | 162 | ); |
| 163 | 163 | |
| 164 | 164 | // Do not edit below this line. |
@@ -1,10 +1,15 @@ |
||
| 1 | -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); |
|
| 1 | +<?php if (!defined('BB2_CORE')) |
|
| 2 | +{ |
|
| 3 | + die('I said no cheating!'); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | 6 | function bb2_movabletype($package) |
| 4 | 7 | { |
| 5 | 8 | // Is it a trackback? |
| 6 | - if (strcasecmp($package['request_method'], "POST")) { |
|
| 7 | - if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) { |
|
| 9 | + if (strcasecmp($package['request_method'], "POST")) |
|
| 10 | + { |
|
| 11 | + if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) |
|
| 12 | + { |
|
| 8 | 13 | return "7d12528e"; |
| 9 | 14 | } |
| 10 | 15 | } |
@@ -1,11 +1,18 @@ discard block |
||
| 1 | -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); |
|
| 1 | +<?php if (!defined('BB2_CORE')) |
|
| 2 | +{ |
|
| 3 | + die('I said no cheating!'); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | 6 | // Look up address on various blackhole lists. |
| 4 | 7 | // These should not be used for GET requests under any circumstances! |
| 5 | 8 | // FIXME: Note that this code is no longer in use |
| 6 | -function bb2_blackhole($package) { |
|
| 9 | +function bb2_blackhole($package) |
|
| 10 | +{ |
|
| 7 | 11 | // Can't use IPv6 addresses yet |
| 8 | - if (@is_ipv6($package['ip'])) return false; |
|
| 12 | + if (@is_ipv6($package['ip'])) |
|
| 13 | + { |
|
| 14 | + return false; |
|
| 15 | + } |
|
| 9 | 16 | |
| 10 | 17 | // Workaround for "MySQL server has gone away" |
| 11 | 18 | bb2_db_query("SET @@session.wait_timeout = 90"); |
@@ -29,12 +36,15 @@ discard block |
||
| 29 | 36 | // Check the blackhole lists |
| 30 | 37 | $ip = $package['ip']; |
| 31 | 38 | $find = implode('.', array_reverse(explode('.', $ip))); |
| 32 | - foreach ($bb2_blackhole_lists as $dnsbl) { |
|
| 39 | + foreach ($bb2_blackhole_lists as $dnsbl) |
|
| 40 | + { |
|
| 33 | 41 | $result = gethostbynamel($find . "." . $dnsbl . "."); |
| 34 | - if (!empty($result)) { |
|
| 42 | + if (!empty($result)) |
|
| 43 | + { |
|
| 35 | 44 | // Got a match and it isn't on the exception list |
| 36 | 45 | $result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]); |
| 37 | - if (!empty($result)) { |
|
| 46 | + if (!empty($result)) |
|
| 47 | + { |
|
| 38 | 48 | return '136673cd'; |
| 39 | 49 | } |
| 40 | 50 | } |
@@ -42,24 +52,34 @@ discard block |
||
| 42 | 52 | return false; |
| 43 | 53 | } |
| 44 | 54 | |
| 45 | -function bb2_httpbl($settings, $package) { |
|
| 55 | +function bb2_httpbl($settings, $package) |
|
| 56 | +{ |
|
| 46 | 57 | // Can't use IPv6 addresses yet |
| 47 | - if (@is_ipv6($package['ip'])) return false; |
|
| 58 | + if (@is_ipv6($package['ip'])) |
|
| 59 | + { |
|
| 60 | + return false; |
|
| 61 | + } |
|
| 48 | 62 | |
| 49 | - if (@!$settings['httpbl_key']) return false; |
|
| 63 | + if (@!$settings['httpbl_key']) |
|
| 64 | + { |
|
| 65 | + return false; |
|
| 66 | + } |
|
| 50 | 67 | |
| 51 | 68 | // Workaround for "MySQL server has gone away" |
| 52 | 69 | bb2_db_query("SET @@session.wait_timeout = 90"); |
| 53 | 70 | |
| 54 | 71 | $find = implode('.', array_reverse(explode('.', $package['ip']))); |
| 55 | 72 | $result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org."); |
| 56 | - if (!empty($result)) { |
|
| 73 | + if (!empty($result)) |
|
| 74 | + { |
|
| 57 | 75 | $ip = explode('.', $result[0]); |
| 58 | - if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) { |
|
| 76 | + if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) |
|
| 77 | + { |
|
| 59 | 78 | return '2b021b1f'; |
| 60 | 79 | } |
| 61 | 80 | // Check if search engine |
| 62 | - if ($ip[3] == 0) { |
|
| 81 | + if ($ip[3] == 0) |
|
| 82 | + { |
|
| 63 | 83 | return 1; |
| 64 | 84 | } |
| 65 | 85 | } |
@@ -12,7 +12,7 @@ discard block |
||
| 12 | 12 | |
| 13 | 13 | // Only conservative lists |
| 14 | 14 | $bb2_blackhole_lists = array( |
| 15 | - "sbl-xbl.spamhaus.org", // All around nasties |
|
| 15 | + "sbl-xbl.spamhaus.org", // All around nasties |
|
| 16 | 16 | // "dnsbl.sorbs.net", // Old useless data. |
| 17 | 17 | // "list.dsbl.org", // Old useless data. |
| 18 | 18 | // "dnsbl.ioerror.us", // Bad Behavior Blackhole |
@@ -20,8 +20,8 @@ discard block |
||
| 20 | 20 | |
| 21 | 21 | // Things that shouldn't be blocked, from aggregate lists |
| 22 | 22 | $bb2_blackhole_exceptions = array( |
| 23 | - "sbl-xbl.spamhaus.org" => array("127.0.0.4"), // CBL is problematic |
|
| 24 | - "dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only |
|
| 23 | + "sbl-xbl.spamhaus.org" => array("127.0.0.4"), // CBL is problematic |
|
| 24 | + "dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only |
|
| 25 | 25 | "list.dsbl.org" => array(), |
| 26 | 26 | "dnsbl.ioerror.us" => array(), |
| 27 | 27 | ); |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | bb2_db_query("SET @@session.wait_timeout = 90"); |
| 53 | 53 | |
| 54 | 54 | $find = implode('.', array_reverse(explode('.', $package['ip']))); |
| 55 | - $result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org."); |
|
| 55 | + $result = gethostbynamel($settings['httpbl_key'] . ".${find}.dnsbl.httpbl.org."); |
|
| 56 | 56 | if (!empty($result)) { |
| 57 | 57 | $ip = explode('.', $result[0]); |
| 58 | 58 | if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) { |
@@ -1,4 +1,7 @@ |
||
| 1 | -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); |
|
| 1 | +<?php if (!defined('BB2_CORE')) |
|
| 2 | +{ |
|
| 3 | + die('I said no cheating!'); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | 6 | // Analyze requests claiming to be from CloudFlare |
| 4 | 7 | |
@@ -1,4 +1,7 @@ discard block |
||
| 1 | -<?php if (!defined('BB2_CWD')) die("I said no cheating!"); |
|
| 1 | +<?php if (!defined('BB2_CWD')) |
|
| 2 | +{ |
|
| 3 | + die("I said no cheating!"); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | 6 | // Bad Behavior browser screener |
| 4 | 7 | |
@@ -49,10 +52,12 @@ discard block |
||
| 49 | 52 | |
| 50 | 53 | // Set up a simple cookie |
| 51 | 54 | $screener = array(time(), $package['ip']); |
| 52 | - if (isset($package['headers_mixed']['X-Forwarded-For'])) { |
|
| 55 | + if (isset($package['headers_mixed']['X-Forwarded-For'])) |
|
| 56 | + { |
|
| 53 | 57 | array_push($screener, $package['headers_mixed']['X-Forwarded-For']); |
| 54 | 58 | } |
| 55 | - if (isset($package['headers_mixed']['Client-Ip'])) { |
|
| 59 | + if (isset($package['headers_mixed']['Client-Ip'])) |
|
| 60 | + { |
|
| 56 | 61 | array_push($screener, $package['headers_mixed']['Client-Ip']); |
| 57 | 62 | } |
| 58 | 63 | |
@@ -1,4 +1,7 @@ discard block |
||
| 1 | -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); |
|
| 1 | +<?php if (!defined('BB2_CORE')) |
|
| 2 | +{ |
|
| 3 | + die('I said no cheating!'); |
|
| 4 | +} |
|
| 2 | 5 | |
| 3 | 6 | // Analyze user agents claiming to be Konqueror |
| 4 | 7 | |
@@ -6,8 +9,10 @@ discard block |
||
| 6 | 9 | { |
| 7 | 10 | // CafeKelsa is a dev project at Yahoo which indexes job listings for |
| 8 | 11 | // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks. |
| 9 | - if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) { |
|
| 10 | - if (!array_key_exists('Accept', $package['headers_mixed'])) { |
|
| 12 | + if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) |
|
| 13 | + { |
|
| 14 | + if (!array_key_exists('Accept', $package['headers_mixed'])) |
|
| 15 | + { |
|
| 11 | 16 | return "17566707"; |
| 12 | 17 | } |
| 13 | 18 | } |
@@ -18,7 +23,8 @@ discard block |
||
| 18 | 23 | |
| 19 | 24 | function bb2_lynx($package) |
| 20 | 25 | { |
| 21 | - if (!array_key_exists('Accept', $package['headers_mixed'])) { |
|
| 26 | + if (!array_key_exists('Accept', $package['headers_mixed'])) |
|
| 27 | + { |
|
| 22 | 28 | return "17566707"; |
| 23 | 29 | } |
| 24 | 30 | return false; |
@@ -32,8 +38,10 @@ discard block |
||
| 32 | 38 | // Google Desktop fixed it, but apparently some old versions are |
| 33 | 39 | // still out there. :( |
| 34 | 40 | // Always check accept header for Mozilla user agents |
| 35 | - if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) { |
|
| 36 | - if (!array_key_exists('Accept', $package['headers_mixed'])) { |
|
| 41 | + if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) |
|
| 42 | + { |
|
| 43 | + if (!array_key_exists('Accept', $package['headers_mixed'])) |
|
| 44 | + { |
|
| 37 | 45 | return "17566707"; |
| 38 | 46 | } |
| 39 | 47 | } |
@@ -44,19 +52,22 @@ discard block |
||
| 44 | 52 | |
| 45 | 53 | function bb2_msie($package) |
| 46 | 54 | { |
| 47 | - if (!array_key_exists('Accept', $package['headers_mixed'])) { |
|
| 55 | + if (!array_key_exists('Accept', $package['headers_mixed'])) |
|
| 56 | + { |
|
| 48 | 57 | return "17566707"; |
| 49 | 58 | } |
| 50 | 59 | |
| 51 | 60 | // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent |
| 52 | - if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) { |
|
| 61 | + if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) |
|
| 62 | + { |
|
| 53 | 63 | return "a1084bad"; |
| 54 | 64 | } |
| 55 | 65 | |
| 56 | 66 | // MSIE does NOT send Connection: TE but Akamai does |
| 57 | 67 | // Bypass this test when Akamai detected |
| 58 | 68 | // The latest version of IE for Windows CE also uses Connection: TE |
| 59 | - if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) { |
|
| 69 | + if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) |
|
| 70 | + { |
|
| 60 | 71 | return "2b90f772"; |
| 61 | 72 | } |
| 62 | 73 | |
@@ -67,7 +78,8 @@ discard block |
||
| 67 | 78 | |
| 68 | 79 | function bb2_opera($package) |
| 69 | 80 | { |
| 70 | - if (!array_key_exists('Accept', $package['headers_mixed'])) { |
|
| 81 | + if (!array_key_exists('Accept', $package['headers_mixed'])) |
|
| 82 | + { |
|
| 71 | 83 | return "17566707"; |
| 72 | 84 | } |
| 73 | 85 | return false; |
@@ -78,7 +90,8 @@ discard block |
||
| 78 | 90 | function bb2_safari($package) |
| 79 | 91 | { |
| 80 | 92 | // Bypass this test when Android is detected |
| 81 | - if (!array_key_exists('Accept', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Android") === FALSE) { |
|
| 93 | + if (!array_key_exists('Accept', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Android") === FALSE) |
|
| 94 | + { |
|
| 82 | 95 | return "17566707"; |
| 83 | 96 | } |
| 84 | 97 | return false; |
@@ -6,7 +6,7 @@ discard block |
||
| 6 | 6 | { |
| 7 | 7 | // CafeKelsa is a dev project at Yahoo which indexes job listings for |
| 8 | 8 | // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks. |
| 9 | - if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) { |
|
| 9 | + if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === false || match_cidr($package['ip'], "209.73.160.0/19") === false) { |
|
| 10 | 10 | if (!array_key_exists('Accept', $package['headers_mixed'])) { |
| 11 | 11 | return "17566707"; |
| 12 | 12 | } |
@@ -32,7 +32,7 @@ discard block |
||
| 32 | 32 | // Google Desktop fixed it, but apparently some old versions are |
| 33 | 33 | // still out there. :( |
| 34 | 34 | // Always check accept header for Mozilla user agents |
| 35 | - if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) { |
|
| 35 | + if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === false && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === false) { |
|
| 36 | 36 | if (!array_key_exists('Accept', $package['headers_mixed'])) { |
| 37 | 37 | return "17566707"; |
| 38 | 38 | } |
@@ -49,14 +49,14 @@ discard block |
||
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent |
| 52 | - if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) { |
|
| 52 | + if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== false || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== false || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== false || strpos($package['headers_mixed']['User-Agent'], "Win32") !== false) { |
|
| 53 | 53 | return "a1084bad"; |
| 54 | 54 | } |
| 55 | 55 | |
| 56 | 56 | // MSIE does NOT send Connection: TE but Akamai does |
| 57 | 57 | // Bypass this test when Akamai detected |
| 58 | 58 | // The latest version of IE for Windows CE also uses Connection: TE |
| 59 | - if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) { |
|
| 59 | + if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === false && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) { |
|
| 60 | 60 | return "2b90f772"; |
| 61 | 61 | } |
| 62 | 62 | |
@@ -78,7 +78,7 @@ discard block |
||
| 78 | 78 | function bb2_safari($package) |
| 79 | 79 | { |
| 80 | 80 | // Bypass this test when Android is detected |
| 81 | - if (!array_key_exists('Accept', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Android") === FALSE) { |
|
| 81 | + if (!array_key_exists('Accept', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Android") === false) { |
|
| 82 | 82 | return "17566707"; |
| 83 | 83 | } |
| 84 | 84 | return false; |
@@ -24,7 +24,8 @@ |
||
| 24 | 24 | * @param string $input_css |
| 25 | 25 | * @return string |
| 26 | 26 | */ |
| 27 | -function CSSmin($input_css) { |
|
| 27 | +function CSSmin($input_css) |
|
| 28 | +{ |
|
| 28 | 29 | $compressor = new \tubalmartin\CssMin\Minifier(); |
| 29 | 30 | |
| 30 | 31 | // Split long lines in the output approximately every 1000 chars. |
