elkarte / Elkarte

sources/ext/bad-behavior/bad-behavior/searchengine.inc.php

Braces +32 added lines, -9 removed lines

@@ -1,4 +1,7 @@ 
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
 require_once(BB2_CORE . "/roundtripdns.inc.php");
 
@@ -6,8 +9,13 @@ 
 
 function bb2_google($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
+	if (@is_ipv6($package['ip']))
+	{
+		return false;
+	}
+	# TODO
+	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE)
+	{
 		return false;	# Soft fail, must pass other screening
 		#return "f1182195";	# Hard fail
 	}
@@ -22,8 +30,13 @@ 
 
 function bb2_msnbot($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20", "40.76.0.0/14")) === FALSE) {
+	if (@is_ipv6($package['ip']))
+	{
+		return false;
+	}
+	# TODO
+	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20", "40.76.0.0/14")) === FALSE)
+	{
 		return false;	# Soft fail, must pass other screening
 		#return "e4de0453";	# Hard fail
 	}
@@ -38,8 +51,13 @@ 
 
 function bb2_yahoo($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
+	if (@is_ipv6($package['ip']))
+	{
+		return false;
+	}
+	# TODO
+	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE)
+	{
 		return false;	# Soft fail, must pass other screening
 		#return '71436a15';	# Hard fail
 	}
@@ -54,8 +72,13 @@ 
 
 function bb2_baidu($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE) {
+	if (@is_ipv6($package['ip']))
+	{
+		return false;
+	}
+	# TODO
+	if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE)
+	{
 		return false;	# Soft fail, must pass other screening
 	}
 	return 1;	# Real Baidu bot; bypass all other checks

Upper-Lower-Casing +4 added lines, -4 removed lines

@@ -7,7 +7,7 @@ 
 function bb2_google($package)
 {
 	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
+	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === false) {
 		return false;	# Soft fail, must pass other screening
 		#return "f1182195";	# Hard fail
 	}
@@ -23,7 +23,7 @@ 
 function bb2_msnbot($package)
 {
 	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20", "40.76.0.0/14")) === FALSE) {
+	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20", "40.76.0.0/14")) === false) {
 		return false;	# Soft fail, must pass other screening
 		#return "e4de0453";	# Hard fail
 	}
@@ -39,7 +39,7 @@ 
 function bb2_yahoo($package)
 {
 	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
+	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === false) {
 		return false;	# Soft fail, must pass other screening
 		#return '71436a15';	# Hard fail
 	}
@@ -55,7 +55,7 @@ 
 function bb2_baidu($package)
 {
 	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE) {
+	if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === false) {
 		return false;	# Soft fail, must pass other screening
 	}
 	return 1;	# Real Baidu bot; bypass all other checks

Spacing +12 added lines, -12 removed lines

@@ -6,57 +6,57 @@
 
 function bb2_google($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
+	if (@is_ipv6($package['ip'])) return false; # TODO
 	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
+		return false; # Soft fail, must pass other screening
 		#return "f1182195";	# Hard fail
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
 #	if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
 #		return "f1182195";
 #	}
-	return 1;	# Real Googlebot; bypass all other checks
+	return 1; # Real Googlebot; bypass all other checks
 }
 
 // Analyze user agents claiming to be msnbot
 
 function bb2_msnbot($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
+	if (@is_ipv6($package['ip'])) return false; # TODO
 	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20", "40.76.0.0/14")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
+		return false; # Soft fail, must pass other screening
 		#return "e4de0453";	# Hard fail
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
 #	if (!bb2_roundtripdns($package['ip'], "msn.com")) {
 #		return "e4de0453";
 #	}
-	return 1;	# Real msnbot; bypass all other checks
+	return 1; # Real msnbot; bypass all other checks
 }
 
 // Analyze user agents claiming to be Yahoo!
 
 function bb2_yahoo($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
+	if (@is_ipv6($package['ip'])) return false; # TODO
 	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
+		return false; # Soft fail, must pass other screening
 		#return '71436a15';	# Hard fail
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
 #	if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
 #		return "71436a15";
 #	}
-	return 1;	# Real Yahoo bot; bypass all other checks
+	return 1; # Real Yahoo bot; bypass all other checks
 }
 
 // Analyze user agents claiming to be Baidu
 
 function bb2_baidu($package)
 {
-	if (@is_ipv6($package['ip'])) return false;	# TODO
+	if (@is_ipv6($package['ip'])) return false; # TODO
 	if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE) {
-		return false;	# Soft fail, must pass other screening
+		return false; # Soft fail, must pass other screening
 	}
-	return 1;	# Real Baidu bot; bypass all other checks
+	return 1; # Real Baidu bot; bypass all other checks
 }

sources/ext/bad-behavior/bad-behavior/responses.inc.php

Braces +10 added lines, -3 removed lines

@@ -1,8 +1,12 @@ 
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
 // Defines the responses which Bad Behavior might return.
 
-function bb2_get_response($key) {
+function bb2_get_response($key)
+{
 	$bb2_responses = array(
 		'00000000' => array('response' => 200, 'explanation' => '', 'log' => 'Permitted'),
 		'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
@@ -47,6 +51,9 @@ 
 		'f9f2b8b9' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'A User-Agent is required but none was provided.'),
 	);
 
-	if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
+	if (array_key_exists($key, $bb2_responses))
+	{
+		return $bb2_responses[$key];
+	}
 	return array('00000000');
 }

sources/ext/bad-behavior/bad-behavior/post.inc.php

Braces +26 added lines, -12 removed lines

@@ -1,15 +1,20 @@ 
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
 // Specialized screening for trackbacks
 function bb2_trackback($package)
 {
 	// Web browsers don't send trackbacks
-	if ($package['is_browser']) {
+	if ($package['is_browser'])
+	{
 		return 'f0dcb3fd';
 	}
 
 	// Proxy servers don't send trackbacks either
-	if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
+	if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed']))
+	{
 		return 'd60b87c7';
 	}
 
@@ -17,8 +22,10 @@ 
 	// Real ones do not contain Accept:, and have a charset defined
 	// Real WP trackbacks may contain Accept: depending on the HTTP
 	// transport being used by the sending host
-	if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
-		if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
+	if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE)
+	{
+		if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE)
+		{
 			return 'e3990b47';
 		}
 	}
@@ -33,34 +40,41 @@ 
 	// if ($r = bb2_blackhole($package)) return $r;
 
 	// MovableType needs specialized screening
-	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
-		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
+	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE)
+	{
+		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999"))
+		{
 			return "7d12528e";
 		}
 	}
 
 	// Trackbacks need special screening
 	$request_entity = $package['request_entity'];
-	if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
+	if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name']))
+	{
 		return bb2_trackback($package);
 	}
 
 	// Catch a few completely broken spambots
-	foreach ($request_entity as $key => $value) {
+	foreach ($request_entity as $key => $value)
+	{
 		$pos = strpos($key, "	document.write");
-		if ($pos !== FALSE) {
+		if ($pos !== FALSE)
+		{
 			return "dfd9b1ad";
 		}
 	}
 
 	// If Referer exists, it should refer to a page on our site
-	if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) {
+	if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']))
+	{
 		$url = parse_url($package['headers_mixed']['Referer']);
 		$url['host'] = preg_replace('|^www\.|', '', $url['host']);
 		$host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
 		# Strip port
 		$host = preg_replace('|:\d+$|', '', $host);
-		if (strcasecmp($host, $url['host'])) {
+		if (strcasecmp($host, $url['host']))
+		{
 			return "cd361abb";
 		}
 	}

Upper-Lower-Casing +4 added lines, -4 removed lines

@@ -17,8 +17,8 @@ 
 	// Real ones do not contain Accept:, and have a charset defined
 	// Real WP trackbacks may contain Accept: depending on the HTTP
 	// transport being used by the sending host
-	if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
-		if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
+	if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== false) {
+		if (strpos($package['headers_mixed']['Content-Type'], "charset=") === false) {
 			return 'e3990b47';
 		}
 	}
@@ -33,7 +33,7 @@ 
 	// if ($r = bb2_blackhole($package)) return $r;
 
 	// MovableType needs specialized screening
-	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
+	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== false) {
 		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
 			return "7d12528e";
 		}
@@ -48,7 +48,7 @@ 
 	// Catch a few completely broken spambots
 	foreach ($request_entity as $key => $value) {
 		$pos = strpos($key, "	document.write");
-		if ($pos !== FALSE) {
+		if ($pos !== false) {
 			return "dfd9b1ad";
 		}
 	}

sources/ext/bad-behavior/bad-behavior/common_tests.inc.php

Braces +54 added lines, -26 removed lines

@@ -1,18 +1,24 @@ 
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
 // Enforce adherence to protocol version claimed by user-agent.
 
 function bb2_protocol($settings, $package)
 {
 	// We should never see Expect: for HTTP/1.0 requests
-	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
+	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0"))
+	{
 		return "a0105122";
 	}
 
 	// Is it claiming to be HTTP/1.1?  Then it shouldn't do HTTP/1.0 things
 	// Blocks some common corporate proxy servers in strict mode
-	if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
-		if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
+	if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1"))
+	{
+		if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed']))
+		{
 			return "41feed15";
 		}
 	}
@@ -27,7 +33,8 @@ 
 	// First-gen Amazon Kindle is broken; Amazon has been notified 9/24/08
 	// NOTE: RFC 2965 is obsoleted by RFC 6265. Current software MUST NOT
 	// use Cookie2 or $Version in Cookie.
-	if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
+	if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE)
+	{
 		return '6c502ff1';
 	}
 	return false;
@@ -37,7 +44,8 @@ 
 {
 	@$ua = $package['headers_mixed']['User-Agent'];
 
-	if (!strcmp($package['request_method'], "POST") && empty($ua)) {
+	if (!strcmp($package['request_method'], "POST") && empty($ua))
+	{
 		return "f9f2b8b9";
 	}
 
@@ -46,11 +54,13 @@ 
 	// Worse yet, some Javascript client-side apps do the same in
 	// blatant violation of the protocol and good sense.
 	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
-	if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
+	if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE)
+	{
 		return "dfd9b1ad";
 	}
 	// A pretty nasty SQL injection attack on IIS servers
-	if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) {
+	if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE)
+	{
 		return "dfd9b1ad";
 	}
 
@@ -59,14 +69,17 @@ 
 	// NOTE: this blocks the whois.sc bot. No big loss.
 	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
 	// blocked again in the future); Facebook
-	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
-		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
+	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE)
+	{
+		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19))
+		{
 			return "7ad04a8a";
 		}
 	}
 
 	// Content-Range is a response header, not a request header
-	if (array_key_exists('Content-Range', $package['headers_mixed'])) {
+	if (array_key_exists('Content-Range', $package['headers_mixed']))
+	{
 		return '7d12528e';
 	}
 
@@ -76,13 +89,16 @@ 
 	if ($settings['strict'] &&
 		array_key_exists('via', $package['headers']) &&
 		strpos($package['headers']['via'],'Clearswift') === FALSE &&
-		strpos($ua,'CoralWebPrx') === FALSE) {
+		strpos($ua,'CoralWebPrx') === FALSE)
+	{
 		return "9c9e4979";
 	}
 
 	// pinappleproxy is used by referrer spammers
-	if (array_key_exists('Via', $package['headers_mixed'])) {
-		if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
+	if (array_key_exists('Via', $package['headers_mixed']))
+	{
+		if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE)
+		{
 			return "939a6fbb";
 		}
 	}
@@ -91,53 +107,65 @@ 
 	// RFC 2616 14.39
 	// Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
 	// to obtain a hotfix.
-	if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
-		if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
+	if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed']))
+	{
+		if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection']))
+		{
 			return "582ec5e4";
 		}
 	}
 
-	if (array_key_exists('Connection', $package['headers_mixed'])) {
+	if (array_key_exists('Connection', $package['headers_mixed']))
+	{
 		// Connection: keep-alive and close are mutually exclusive
-		if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
+		if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection']))
+		{
 			return "a52f0448";
 		}
 		// Close shouldn't appear twice
-		if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
+		if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection']))
+		{
 			return "a52f0448";
 		}
 		// Keey-Alive shouldn't appear twice either
-		if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
+		if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection']))
+		{
 			return "a52f0448";
 		}
 		// Keep-Alive format in RFC 2068; some bots mangle these headers
-		if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
+		if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE)
+		{
 			return "b0924802";
 		}
 	}
 	
 
 	// Headers which are not seen from normal user agents; only malicious bots
-	if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
+	if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed']))
+	{
 		return "b9cc1d86";
 	}
 	// Proxy-Connection does not exist and should never be seen in the wild
 	// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
 	// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
-	if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
+	if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed']))
+	{
 		return "b7830251";
 	}
 
-	if (array_key_exists('Referer', $package['headers_mixed'])) {
+	if (array_key_exists('Referer', $package['headers_mixed']))
+	{
 		// Referer, if it exists, must not be blank
-		if (empty($package['headers_mixed']['Referer'])) {
+		if (empty($package['headers_mixed']['Referer']))
+		{
 			return "69920ee5";
 		}
 
 		// Referer, if it exists, must contain a :
 		// While a relative URL is technically valid in Referer, all known
 		// legitimate user-agents send an absolute URL
-		if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
+		if (strpos($package['headers_mixed']['Referer'], ":") === FALSE)
+		{
 			return "45b35e30";
 		}
 	}

Upper-Lower-Casing +11 added lines, -11 removed lines

@@ -5,14 +5,14 @@ 
 function bb2_protocol($settings, $package)
 {
 	// We should never see Expect: for HTTP/1.0 requests
-	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
+	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== false && !strcmp($package['server_protocol'], "HTTP/1.0")) {
 		return "a0105122";
 	}
 
 	// Is it claiming to be HTTP/1.1?  Then it shouldn't do HTTP/1.0 things
 	// Blocks some common corporate proxy servers in strict mode
 	if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
-		if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
+		if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== false && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
 			return "41feed15";
 		}
 	}
@@ -27,7 +27,7 @@ 
 	// First-gen Amazon Kindle is broken; Amazon has been notified 9/24/08
 	// NOTE: RFC 2965 is obsoleted by RFC 6265. Current software MUST NOT
 	// use Cookie2 or $Version in Cookie.
-	if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
+	if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== false && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === false) {
 		return '6c502ff1';
 	}
 	return false;
@@ -46,11 +46,11 @@ 
 	// Worse yet, some Javascript client-side apps do the same in
 	// blatant violation of the protocol and good sense.
 	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
-	if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
+	if ($settings['strict'] && strpos($package['request_uri'], "#") !== false) {
 		return "dfd9b1ad";
 	}
 	// A pretty nasty SQL injection attack on IIS servers
-	if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) {
+	if (strpos($package['request_uri'], ";DECLARE%20@") !== false) {
 		return "dfd9b1ad";
 	}
 
@@ -59,7 +59,7 @@ 
 	// NOTE: this blocks the whois.sc bot. No big loss.
 	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
 	// blocked again in the future); Facebook
-	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
+	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== false) {
 		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
 			return "7ad04a8a";
 		}
@@ -75,14 +75,14 @@ 
 	// may be blocked again in the future)
 	if ($settings['strict'] &&
 		array_key_exists('via', $package['headers']) &&
-		strpos($package['headers']['via'],'Clearswift') === FALSE &&
-		strpos($ua,'CoralWebPrx') === FALSE) {
+		strpos($package['headers']['via'],'Clearswift') === false &&
+		strpos($ua,'CoralWebPrx') === false) {
 		return "9c9e4979";
 	}
 
 	// pinappleproxy is used by referrer spammers
 	if (array_key_exists('Via', $package['headers_mixed'])) {
-		if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
+		if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== false || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== false || stripos($package['headers_mixed']['Via'], "Invisiware") !== false) {
 			return "939a6fbb";
 		}
 	}
@@ -111,7 +111,7 @@ 
 			return "a52f0448";
 		}
 		// Keep-Alive format in RFC 2068; some bots mangle these headers
-		if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
+		if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== false) {
 			return "b0924802";
 		}
 	}
@@ -137,7 +137,7 @@ 
 		// Referer, if it exists, must contain a :
 		// While a relative URL is technically valid in Referer, all known
 		// legitimate user-agents send an absolute URL
-		if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
+		if (strpos($package['headers_mixed']['Referer'], ":") === false) {
 			return "45b35e30";
 		}
 	}

Spacing +2 added lines, -2 removed lines

@@ -75,8 +75,8 @@
 	// may be blocked again in the future)
 	if ($settings['strict'] &&
 		array_key_exists('via', $package['headers']) &&
-		strpos($package['headers']['via'],'Clearswift') === FALSE &&
-		strpos($ua,'CoralWebPrx') === FALSE) {
+		strpos($package['headers']['via'], 'Clearswift') === FALSE &&
+		strpos($ua, 'CoralWebPrx') === FALSE) {
 		return "9c9e4979";
 	}
 

sources/ext/bad-behavior/bad-behavior/functions.inc.php

Braces +47 added lines, -20 removed lines

@@ -1,28 +1,37 @@ 
-<?php if (!defined('BB2_CORE')) die("I said no cheating!");
+<?php if (!defined('BB2_CORE'))
+{
+	die("I said no cheating!");
+}
 
 // Miscellaneous helper functions.
 
 // Quick and dirty check for an IPv6 address
-function is_ipv6($address) {
+function is_ipv6($address)
+{
 	return (strpos($address, ":")) ? TRUE : FALSE;
 }
 
 // stripos() needed because stripos is only present on PHP 5
-if (!function_exists('stripos')) {
-	function stripos($haystack,$needle,$offset = 0) {
+if (!function_exists('stripos'))
+{
+	function stripos($haystack,$needle,$offset = 0)
+	{
 		return(strpos(strtolower($haystack),strtolower($needle),$offset));
 	}
 }
 
 // str_split() needed because str_split is only present on PHP 5
-if (!function_exists('str_split')) {
+if (!function_exists('str_split'))
+{
 	function str_split($string, $split_length=1)
 	{
-		if ($split_length < 1) {
+		if ($split_length < 1)
+		{
 			return false;
 		}
 
-		for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
+		for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length)
+		{
 			$chunks[] = substr($string, $pos, $split_length);
 		}
 		return $chunks;
@@ -30,28 +39,39 @@ 
 }
 
 // Convert a string to mixed-case on word boundaries.
-function uc_all($string) {
+function uc_all($string)
+{
 	$temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE);
-	foreach ($temp as $key=>$word) {
+	foreach ($temp as $key=>$word)
+	{
 		$temp[$key] = ucfirst(strtolower($word));
 	}
 	return join ('', $temp);
 }
 
 // Determine if an IP address resides in a CIDR netblock or netblocks.
-function match_cidr($addr, $cidr) {
+function match_cidr($addr, $cidr)
+{
 	$output = false;
 
-	if (is_array($cidr)) {
-		foreach ($cidr as $cidrlet) {
-			if (match_cidr($addr, $cidrlet)) {
+	if (is_array($cidr))
+	{
+		foreach ($cidr as $cidrlet)
+		{
+			if (match_cidr($addr, $cidrlet))
+			{
 				$output = true;
 				break;
 			}
 		}
-	} else {
+	}
+	else
+	{
 		@list($ip, $mask) = explode('/', $cidr);
-		if (!$mask) $mask = 32;
+		if (!$mask)
+		{
+			$mask = 32;
+		}
 		$mask = pow(2,32) - pow(2, (32 - $mask));
 		$output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
 	}
@@ -59,19 +79,26 @@ 
 }
 
 // Determine if an IP address is reserved by RFC 1918.
-function is_rfc1918($addr) {
+function is_rfc1918($addr)
+{
 	return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"));
 }
 // Obtain all the HTTP headers.
 // NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
 // headers. Run PHP as Apache 2.0 module if possible for best results.
-function bb2_load_headers() {
-	if (!is_callable('getallheaders')) {
+function bb2_load_headers()
+{
+	if (!is_callable('getallheaders'))
+	{
 		$headers = array();
 		foreach ($_SERVER as $h => $v)
-			if (preg_match('/HTTP_(.+)/', $h, $hp))
+		{
+					if (preg_match('/HTTP_(.+)/', $h, $hp))
 				$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
-	} else {
+		}
+	}
+	else
+	{
 		$headers = getallheaders();
 	}
 	return $headers;

Upper-Lower-Casing +1 added lines, -1 removed lines

@@ -4,7 +4,7 @@
 
 // Quick and dirty check for an IPv6 address
 function is_ipv6($address) {
-	return (strpos($address, ":")) ? TRUE : FALSE;
+	return (strpos($address, ":")) ? true : false;
 }
 
 // stripos() needed because stripos is only present on PHP 5

Spacing +6 added lines, -6 removed lines

@@ -9,20 +9,20 @@ 
 
 // stripos() needed because stripos is only present on PHP 5
 if (!function_exists('stripos')) {
-	function stripos($haystack,$needle,$offset = 0) {
-		return(strpos(strtolower($haystack),strtolower($needle),$offset));
+	function stripos($haystack, $needle, $offset = 0) {
+		return(strpos(strtolower($haystack), strtolower($needle), $offset));
 	}
 }
 
 // str_split() needed because str_split is only present on PHP 5
 if (!function_exists('str_split')) {
-	function str_split($string, $split_length=1)
+	function str_split($string, $split_length = 1)
 	{
 		if ($split_length < 1) {
 			return false;
 		}
 
-		for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
+		for ($pos = 0, $chunks = array(); $pos < strlen($string); $pos += $split_length) {
 			$chunks[] = substr($string, $pos, $split_length);
 		}
 		return $chunks;
@@ -35,7 +35,7 @@ 
 	foreach ($temp as $key=>$word) {
 		$temp[$key] = ucfirst(strtolower($word));
 	}
-	return join ('', $temp);
+	return join('', $temp);
 }
 
 // Determine if an IP address resides in a CIDR netblock or netblocks.
@@ -52,7 +52,7 @@ 
 	} else {
 		@list($ip, $mask) = explode('/', $cidr);
 		if (!$mask) $mask = 32;
-		$mask = pow(2,32) - pow(2, (32 - $mask));
+		$mask = pow(2, 32) - pow(2, (32 - $mask));
 		$output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
 	}
 	return $output;

sources/ext/bad-behavior/bad-behavior/blacklist.inc.php

Braces +22 added lines, -10 removed lines

@@ -1,6 +1,10 @@ 
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
-function bb2_blacklist($package) {
+function bb2_blacklist($package)
+{
 
 	// Blacklisted user agents
 	// These user agent strings occur at the beginning of the line.
@@ -166,27 +170,35 @@ 
 	@$ua = $package['headers_mixed']['User-Agent'];
 	@$uri = $package['request_uri'];
 
-	foreach ($bb2_spambots_0 as $spambot) {
+	foreach ($bb2_spambots_0 as $spambot)
+	{
 		$pos = strpos($ua, $spambot);
-		if ($pos !== FALSE && $pos == 0) {
+		if ($pos !== FALSE && $pos == 0)
+		{
 			return "17f4e8c8";
 		}
 	}
 
-	foreach ($bb2_spambots as $spambot) {
-		if (strpos($ua, $spambot) !== FALSE) {
+	foreach ($bb2_spambots as $spambot)
+	{
+		if (strpos($ua, $spambot) !== FALSE)
+		{
 			return "17f4e8c8";
 		}
 	}
 
-	foreach ($bb2_spambots_regex as $spambot) {
-		if (preg_match($spambot, $ua)) {
+	foreach ($bb2_spambots_regex as $spambot)
+	{
+		if (preg_match($spambot, $ua))
+		{
 			return "17f4e8c8";
 		}
 	}
 
-	foreach ($bb2_spambots_url as $spambot) {
-		if (stripos($uri, $spambot) !== FALSE) {
+	foreach ($bb2_spambots_url as $spambot)
+	{
+		if (stripos($uri, $spambot) !== FALSE)
+		{
 			return "96c0bd29";
 		}
 	}

Upper-Lower-Casing +4 added lines, -4 removed lines

@@ -168,13 +168,13 @@ 
 
 	foreach ($bb2_spambots_0 as $spambot) {
 		$pos = strpos($ua, $spambot);
-		if ($pos !== FALSE && $pos == 0) {
+		if ($pos !== false && $pos == 0) {
 			return "17f4e8c8";
 		}
 	}
 
 	foreach ($bb2_spambots as $spambot) {
-		if (strpos($ua, $spambot) !== FALSE) {
+		if (strpos($ua, $spambot) !== false) {
 			return "17f4e8c8";
 		}
 	}
@@ -186,10 +186,10 @@ 
 	}
 
 	foreach ($bb2_spambots_url as $spambot) {
-		if (stripos($uri, $spambot) !== FALSE) {
+		if (stripos($uri, $spambot) !== false) {
 			return "96c0bd29";
 		}
 	}
 
-	return FALSE;
+	return false;
 }

Spacing +134 added lines, -134 removed lines

@@ -5,160 +5,160 @@
 	// Blacklisted user agents
 	// These user agent strings occur at the beginning of the line.
 	$bb2_spambots_0 = array(
-		"-",	// brute force password attempts, malicious botnet
-		"8484 Boston Project",	// video poker/porn spam
-		"ArchiveTeam",	// ignores robots.txt and hammers server
-		"adwords",		// referrer spam
-		"autoemailspider",	// spam harvester
-		"blogsearchbot-martin",	// from honeypot
-		"BrowserEmulator/",	// open proxy software
-		"CherryPicker",		// spam harvester
-		"core-project/",	// FrontPage extension exploits
-		"Diamond",		// delivers spyware/adware
-		"Digger",		// spam harvester
-		"ecollector",		// spam harvester
-		"EmailCollector",	// spam harvester
-		"Email Siphon",		// spam harvester
-		"EmailSiphon",		// spam harvester
-		"Forum Poster",		// forum spambot
-		"grub crawler",		// misc comment/email spam
-		"HttpProxy",		// misc comment/email spam
-		"Internet Explorer",	// XMLRPC exploits seen
-		"ISC Systems iRc",	// spam harvester
-		"Jakarta Commons",	// customised spambots
-		"Java 1.",		// unidentified robots
-		"Java/1.",		// unidentified robots
-		"libwww-perl",		// unidentified robots
-		"LWP",			// unidentified robots
-		"lwp",			// unidentified robots
-		"Microsoft Internet Explorer/",	// too old; assumed robot
-		"Microsoft URL",	// unidentified robots
-		"Missigua",		// spam harvester
-		"MJ12bot/v1.0.8",	// malicious botnet
-		"Morfeus",		// vulnerability scanner
-		"Movable Type",		// customised spambots
+		"-", // brute force password attempts, malicious botnet
+		"8484 Boston Project", // video poker/porn spam
+		"ArchiveTeam", // ignores robots.txt and hammers server
+		"adwords", // referrer spam
+		"autoemailspider", // spam harvester
+		"blogsearchbot-martin", // from honeypot
+		"BrowserEmulator/", // open proxy software
+		"CherryPicker", // spam harvester
+		"core-project/", // FrontPage extension exploits
+		"Diamond", // delivers spyware/adware
+		"Digger", // spam harvester
+		"ecollector", // spam harvester
+		"EmailCollector", // spam harvester
+		"Email Siphon", // spam harvester
+		"EmailSiphon", // spam harvester
+		"Forum Poster", // forum spambot
+		"grub crawler", // misc comment/email spam
+		"HttpProxy", // misc comment/email spam
+		"Internet Explorer", // XMLRPC exploits seen
+		"ISC Systems iRc", // spam harvester
+		"Jakarta Commons", // customised spambots
+		"Java 1.", // unidentified robots
+		"Java/1.", // unidentified robots
+		"libwww-perl", // unidentified robots
+		"LWP", // unidentified robots
+		"lwp", // unidentified robots
+		"Microsoft Internet Explorer/", // too old; assumed robot
+		"Microsoft URL", // unidentified robots
+		"Missigua", // spam harvester
+		"MJ12bot/v1.0.8", // malicious botnet
+		"Morfeus", // vulnerability scanner
+		"Movable Type", // customised spambots
 // msnbot is using this fake user agent string now
 		//"Mozilla ",		// malicious software
-		"Mozilla/0",		// malicious software
-		"Mozilla/1",		// malicious software
-		"Mozilla/2",		// malicious software
-		"Mozilla/3",		// malicious software
-		"Mozilla/4.0(",		// from honeypot
-		"Mozilla/4.0+(compatible;+",	// suspicious harvester
-		"Mozilla/4.0 (Hydra)",	// brute force tool
-		"MSIE",			// malicious software
-		"MVAClient",		// automated hacking attempts
-		"Nessus",		// vulnerability scanner
-		"NutchCVS",		// unidentified robots
-		"Nutscrape/",		// misc comment spam
-		"OmniExplorer",		// spam harvester
-		"Opera/9.64(",		// comment spam bot
-		"PMAFind",		// vulnerability scanner
-		"psycheclone",		// spam harvester
-		"PussyCat ",		// misc comment spam
-		"PycURL",		// misc comment spam
-		"Python-urllib",	// commonly abused
-		"revolt",		// vulnerability scanner
+		"Mozilla/0", // malicious software
+		"Mozilla/1", // malicious software
+		"Mozilla/2", // malicious software
+		"Mozilla/3", // malicious software
+		"Mozilla/4.0(", // from honeypot
+		"Mozilla/4.0+(compatible;+", // suspicious harvester
+		"Mozilla/4.0 (Hydra)", // brute force tool
+		"MSIE", // malicious software
+		"MVAClient", // automated hacking attempts
+		"Nessus", // vulnerability scanner
+		"NutchCVS", // unidentified robots
+		"Nutscrape/", // misc comment spam
+		"OmniExplorer", // spam harvester
+		"Opera/9.64(", // comment spam bot
+		"PMAFind", // vulnerability scanner
+		"psycheclone", // spam harvester
+		"PussyCat ", // misc comment spam
+		"PycURL", // misc comment spam
+		"Python-urllib", // commonly abused
+		"revolt", // vulnerability scanner
 //		WP 2.5 now has Flash; FIXME
 //		"Shockwave Flash",	// spam harvester
-		"sqlmap/",		// SQL injection
-		"Super Happy Fun ",	// spam harvester
-		"TrackBack/",		// trackback spam
-		"user",			// suspicious harvester
-		"User Agent: ",		// spam harvester
-		"User-Agent: ",		// spam harvester
-		"w3af",			// vulnerability scanner
-		"WebSite-X Suite",	// misc comment spam
-		"Winnie Poh",		// Automated Coppermine hacks
-		"Wordpress",		// malicious software
-		"\"",			// malicious software
+		"sqlmap/", // SQL injection
+		"Super Happy Fun ", // spam harvester
+		"TrackBack/", // trackback spam
+		"user", // suspicious harvester
+		"User Agent: ", // spam harvester
+		"User-Agent: ", // spam harvester
+		"w3af", // vulnerability scanner
+		"WebSite-X Suite", // misc comment spam
+		"Winnie Poh", // Automated Coppermine hacks
+		"Wordpress", // malicious software
+		"\"", // malicious software
 	);
 
 	// These user agent strings occur anywhere within the line.
 	$bb2_spambots = array(
-		"\r",			// A really dumb bot
-		"<sc",			// XSS exploit attempts
-		"; Widows ",		// misc comment/email spam
-		": ;",			// shellshock
-		":;",			// shellshock
-		"a href=",		// referrer spam
-		"ArchiveBot",	// ignores robots.txt and hammers server
-		"Bad Behavior Test",	// Add this to your user-agent to test BB
-		"compatible ; MSIE",	// misc comment/email spam
-		"compatible-",		// misc comment/email spam
-		"DTS Agent",		// misc comment/email spam
-		"Email Extractor",	// spam harvester
-		"Firebird/",		// too old; assumed robot
-		"Gecko/2525",		// revisit this in 500 years
-		"grub-client",		// search engine ignores robots.txt
-		"hanzoweb",		// very badly behaved crawler
-		"Havij",		// SQL injection tool
-		"Indy Library",		// misc comment/email spam
-		"Ming Mong",		// brute force tool
-		"MSIE 7.0;  Windows NT 5.2",	// Cyveillance
-		"Murzillo compatible",	// comment spam bot
-		".NET CLR 1)",		// free poker, etc.
-		".NET CLR1",		// spam harvester
-		"Netsparker",		// vulnerability scanner
-		"Nikto/",		// vulnerability scanner
-		"Perman Surfer",	// old and very broken harvester
-		"POE-Component-Client",	// free poker, etc.
-		"Teh Forest Lobster",	// brute force tool
-		"Turing Machine",	// www.anonymizer.com abuse
-		"Ubuntu/9.25",		// comment spam bot
-		"unspecified.mail",	// stealth harvesters
-		"User-agent: ",		// spam harvester/splogger
-		"WebaltBot",		// spam harvester
-		"WISEbot",		// spam harvester
-		"WISEnutbot",		// spam harvester
-		"Win95",		// too old; assumed robot
-		"Win98",		// too old; assumed robot
-		"WinME",		// too old; assumed robot
-		"Win 9x 4.90",		// too old; assumed robot
-		"Windows 3",		// too old; assumed robot
-		"Windows 95",		// too old; assumed robot
-		"Windows 98",		// too old; assumed robot
-		"Windows NT 4",		// too old; assumed robot
-		"Windows NT;",		// too old; assumed robot
+		"\r", // A really dumb bot
+		"<sc", // XSS exploit attempts
+		"; Widows ", // misc comment/email spam
+		": ;", // shellshock
+		":;", // shellshock
+		"a href=", // referrer spam
+		"ArchiveBot", // ignores robots.txt and hammers server
+		"Bad Behavior Test", // Add this to your user-agent to test BB
+		"compatible ; MSIE", // misc comment/email spam
+		"compatible-", // misc comment/email spam
+		"DTS Agent", // misc comment/email spam
+		"Email Extractor", // spam harvester
+		"Firebird/", // too old; assumed robot
+		"Gecko/2525", // revisit this in 500 years
+		"grub-client", // search engine ignores robots.txt
+		"hanzoweb", // very badly behaved crawler
+		"Havij", // SQL injection tool
+		"Indy Library", // misc comment/email spam
+		"Ming Mong", // brute force tool
+		"MSIE 7.0;  Windows NT 5.2", // Cyveillance
+		"Murzillo compatible", // comment spam bot
+		".NET CLR 1)", // free poker, etc.
+		".NET CLR1", // spam harvester
+		"Netsparker", // vulnerability scanner
+		"Nikto/", // vulnerability scanner
+		"Perman Surfer", // old and very broken harvester
+		"POE-Component-Client", // free poker, etc.
+		"Teh Forest Lobster", // brute force tool
+		"Turing Machine", // www.anonymizer.com abuse
+		"Ubuntu/9.25", // comment spam bot
+		"unspecified.mail", // stealth harvesters
+		"User-agent: ", // spam harvester/splogger
+		"WebaltBot", // spam harvester
+		"WISEbot", // spam harvester
+		"WISEnutbot", // spam harvester
+		"Win95", // too old; assumed robot
+		"Win98", // too old; assumed robot
+		"WinME", // too old; assumed robot
+		"Win 9x 4.90", // too old; assumed robot
+		"Windows 3", // too old; assumed robot
+		"Windows 95", // too old; assumed robot
+		"Windows 98", // too old; assumed robot
+		"Windows NT 4", // too old; assumed robot
+		"Windows NT;", // too old; assumed robot
 		#"Windows NT 4.0;)",	// wikispam bot
-		"Windows NT 5.0;)",	// wikispam bot
-		"Windows NT 5.1;)",	// wikispam bot
-		"Windows XP 5",		// spam harvester
-		"WordPress/4.01",	// pingback spam
-		"Xedant Human Emulator",// spammer script engine
-		"ZmEu",			// exploit scanner
-		"\\\\)",		// spam harvester
+		"Windows NT 5.0;)", // wikispam bot
+		"Windows NT 5.1;)", // wikispam bot
+		"Windows XP 5", // spam harvester
+		"WordPress/4.01", // pingback spam
+		"Xedant Human Emulator", // spammer script engine
+		"ZmEu", // exploit scanner
+		"\\\\)", // spam harvester
 	);
 
 	// These are regular expression matches.
 	$bb2_spambots_regex = array(
-		"/^[A-Z]{10}$/",	// misc email spam
+		"/^[A-Z]{10}$/", // misc email spam
 		"/[bcdfghjklmnpqrstvwxz ]{8,}/",
 //		"/(;\){1,2}$/",		// misc spammers/harvesters
-		"/MSIE.*Windows XP/",	// misc comment spam
-		"/MSIE [2345]/",	// too old; assumed robot
+		"/MSIE.*Windows XP/", // misc comment spam
+		"/MSIE [2345]/", // too old; assumed robot
 	);
 
 	// Blacklisted URL strings
 	// These strings are considered case-insensitive.
 	$bb2_spambots_url = array(
-		"0x31303235343830303536",	// Havij
-		"../",				// path traversal
-		"..\\",				// path traversal
-		"%60information_schema%60",	// SQL injection probe
-		"+%2F*%21",			// SQL injection probe
-		"%27--",			// SQL injection
-		"%27 --",			// SQL injection
-		"%27%23",			// SQL injection
-		"%27 %23",			// SQL injection
-		"benchmark%28",			// SQL injection probe
-		"insert+into+",			// SQL injection
-		"r3dm0v3",			// SQL injection probe
-		"select+1+from",		// SQL injection probe
-		"union+all+select",		// SQL injection probe
-		"union+select",			// SQL injection probe
-		"waitfor+delay+",		// SQL injection probe
-		"w00tw00t",			// vulnerability scanner
+		"0x31303235343830303536", // Havij
+		"../", // path traversal
+		"..\\", // path traversal
+		"%60information_schema%60", // SQL injection probe
+		"+%2F*%21", // SQL injection probe
+		"%27--", // SQL injection
+		"%27 --", // SQL injection
+		"%27%23", // SQL injection
+		"%27 %23", // SQL injection
+		"benchmark%28", // SQL injection probe
+		"insert+into+", // SQL injection
+		"r3dm0v3", // SQL injection probe
+		"select+1+from", // SQL injection probe
+		"union+all+select", // SQL injection probe
+		"union+select", // SQL injection probe
+		"waitfor+delay+", // SQL injection probe
+		"w00tw00t", // vulnerability scanner
 	);
 
 	// Do not edit below this line.

sources/ext/bad-behavior/bad-behavior/banned.inc.php

Braces +27 added lines, -8 removed lines

@@ -1,4 +1,7 @@ 
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
 // Functions called when a request has been denied
 // This part can be gawd-awful slow, doesn't matter :)
@@ -7,14 +10,18 @@ 
 
 function bb2_housekeeping($settings, $package)
 {
-	if (!$settings['logging']) return;
+	if (!$settings['logging'])
+	{
+		return;
+	}
 
 	// FIXME Yes, the interval's hard coded (again) for now.
 	$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
 	bb2_db_query($query);
 
 	// Waste a bunch more of the spammer's time, sometimes.
-	if (rand(1,1000) == 1) {
+	if (rand(1,1000) == 1)
+	{
 		$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
 		bb2_db_query($query);
 	}
@@ -23,14 +30,19 @@ 
 function bb2_display_denial($settings, $package, $key, $previous_key = false)
 {
 	define('DONOTCACHEPAGE', true);	// WP Super Cache
-	if (!$previous_key) $previous_key = $key;
-	if ($key == "e87553e1") {
+	if (!$previous_key)
+	{
+		$previous_key = $key;
+	}
+	if ($key == "e87553e1")
+	{
 		// FIXME: lookup the real key
 	}
 	// Create support key
 	$ip = explode(".", $package['ip']);
 	$ip_hex = "";
-	foreach ($ip as $octet) {
+	foreach ($ip as $octet)
+	{
 		$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
 	}
 	$support_key = implode("-", str_split("$ip_hex$key", 4));
@@ -40,7 +52,11 @@ 
 	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
 	header("Status: " . $response['response'] . " Bad Behavior");
 	$request_uri = $_SERVER["REQUEST_URI"];
-	if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME'];	# IIS
+	if (!$request_uri)
+	{
+		$request_uri = $_SERVER['SCRIPT_NAME'];
+	}
+	# IIS
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <!--< html xmlns="http://www.w3.org/1999/xhtml">-->
@@ -60,6 +76,9 @@ 
 
 function bb2_log_denial($settings, $package, $key, $previous_key=false)
 {
-	if (!$settings['logging']) return;
+	if (!$settings['logging'])
+	{
+		return;
+	}
 	bb2_db_query(bb2_insert($settings, $package, $key));
 }

Spacing +4 added lines, -4 removed lines

@@ -14,7 +14,7 @@ 
 	bb2_db_query($query);
 
 	// Waste a bunch more of the spammer's time, sometimes.
-	if (rand(1,1000) == 1) {
+	if (rand(1, 1000) == 1) {
 		$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
 		bb2_db_query($query);
 	}
@@ -22,7 +22,7 @@ 
 
 function bb2_display_denial($settings, $package, $key, $previous_key = false)
 {
-	define('DONOTCACHEPAGE', true);	// WP Super Cache
+	define('DONOTCACHEPAGE', true); // WP Super Cache
 	if (!$previous_key) $previous_key = $key;
 	if ($key == "e87553e1") {
 		// FIXME: lookup the real key
@@ -40,7 +40,7 @@ 
 	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
 	header("Status: " . $response['response'] . " Bad Behavior");
 	$request_uri = $_SERVER["REQUEST_URI"];
-	if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME'];	# IIS
+	if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <!--< html xmlns="http://www.w3.org/1999/xhtml">-->
@@ -58,7 +58,7 @@ 
 <?php
 }
 
-function bb2_log_denial($settings, $package, $key, $previous_key=false)
+function bb2_log_denial($settings, $package, $key, $previous_key = false)
 {
 	if (!$settings['logging']) return;
 	bb2_db_query(bb2_insert($settings, $package, $key));

sources/ext/bad-behavior/bad-behavior/movabletype.inc.php

Braces +8 added lines, -3 removed lines

@@ -1,10 +1,15 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
 function bb2_movabletype($package)
 {
 	// Is it a trackback?
-	if (strcasecmp($package['request_method'], "POST")) {
-		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
+	if (strcasecmp($package['request_method'], "POST"))
+	{
+		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999"))
+		{
 			return "7d12528e";
 		}
 	}

sources/ext/bad-behavior/bad-behavior/blackhole.inc.php

Braces +32 added lines, -12 removed lines

@@ -1,11 +1,18 @@ 
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+<?php if (!defined('BB2_CORE'))
+{
+	die('I said no cheating!');
+}
 
 // Look up address on various blackhole lists.
 // These should not be used for GET requests under any circumstances!
 // FIXME: Note that this code is no longer in use
-function bb2_blackhole($package) {
+function bb2_blackhole($package)
+{
 	// Can't use IPv6 addresses yet
-	if (@is_ipv6($package['ip'])) return false;
+	if (@is_ipv6($package['ip']))
+	{
+		return false;
+	}
 
 	// Workaround for "MySQL server has gone away"
 	bb2_db_query("SET @@session.wait_timeout = 90");
@@ -29,12 +36,15 @@ 
 	// Check the blackhole lists
 	$ip = $package['ip'];
 	$find = implode('.', array_reverse(explode('.', $ip)));
-	foreach ($bb2_blackhole_lists as $dnsbl) {
+	foreach ($bb2_blackhole_lists as $dnsbl)
+	{
 		$result = gethostbynamel($find . "." . $dnsbl . ".");
-		if (!empty($result)) {
+		if (!empty($result))
+		{
 			// Got a match and it isn't on the exception list
 			$result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
-			if (!empty($result)) {
+			if (!empty($result))
+			{
 				return '136673cd';
 			}
 		}
@@ -42,24 +52,34 @@ 
 	return false;
 }
 
-function bb2_httpbl($settings, $package) {
+function bb2_httpbl($settings, $package)
+{
 	// Can't use IPv6 addresses yet
-	if (@is_ipv6($package['ip'])) return false;
+	if (@is_ipv6($package['ip']))
+	{
+		return false;
+	}
 
-	if (@!$settings['httpbl_key']) return false;
+	if (@!$settings['httpbl_key'])
+	{
+		return false;
+	}
 
 	// Workaround for "MySQL server has gone away"
 	bb2_db_query("SET @@session.wait_timeout = 90");
 
 	$find = implode('.', array_reverse(explode('.', $package['ip'])));
 	$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
-	if (!empty($result)) {
+	if (!empty($result))
+	{
 		$ip = explode('.', $result[0]);
-		if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
+		if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage'])
+		{
 			return '2b021b1f';
 		}
 		// Check if search engine
-		if ($ip[3] == 0) {
+		if ($ip[3] == 0)
+		{
 			return 1;
 		}
 	}

Spacing +4 added lines, -4 removed lines

@@ -12,7 +12,7 @@ 
 
 	// Only conservative lists
 	$bb2_blackhole_lists = array(
-		"sbl-xbl.spamhaus.org",	// All around nasties
+		"sbl-xbl.spamhaus.org", // All around nasties
 //		"dnsbl.sorbs.net",	// Old useless data.
 //		"list.dsbl.org",	// Old useless data.
 //		"dnsbl.ioerror.us",	// Bad Behavior Blackhole
@@ -20,8 +20,8 @@ 
 	
 	// Things that shouldn't be blocked, from aggregate lists
 	$bb2_blackhole_exceptions = array(
-		"sbl-xbl.spamhaus.org" => array("127.0.0.4"),	// CBL is problematic
-		"dnsbl.sorbs.net" => array("127.0.0.10",),	// Dynamic IPs only
+		"sbl-xbl.spamhaus.org" => array("127.0.0.4"), // CBL is problematic
+		"dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only
 		"list.dsbl.org" => array(),
 		"dnsbl.ioerror.us" => array(),
 	);
@@ -52,7 +52,7 @@ 
 	bb2_db_query("SET @@session.wait_timeout = 90");
 
 	$find = implode('.', array_reverse(explode('.', $package['ip'])));
-	$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
+	$result = gethostbynamel($settings['httpbl_key'] . ".${find}.dnsbl.httpbl.org.");
 	if (!empty($result)) {
 		$ip = explode('.', $result[0]);
 		if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {