[Xfce4-commits] <forum:master> Update bad-behaviour.
Nick Schermer
noreply at xfce.org
Mon Nov 28 22:14:02 CET 2011
Updating branch refs/heads/master
to 0299fd8f3f9a47891cbde1b7af249c9a85cbff9f (commit)
from 4f5787560ab5726d8a2e13c89d9196aac920ba71 (commit)
commit 0299fd8f3f9a47891cbde1b7af249c9a85cbff9f
Author: Nick Schermer <nick at xfce.org>
Date: Mon Nov 28 22:12:55 2011 +0100
Update bad-behaviour.
include/bad-behavior/common_tests.inc.php | 2 +-
include/bad-behavior/core.inc.php | 4 ++--
include/bad-behavior/searchengine.inc.php | 4 ++--
include/bad-behavior/whitelist.inc.php | 3 ++-
4 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/include/bad-behavior/common_tests.inc.php b/include/bad-behavior/common_tests.inc.php
index abff3a3..dd82d09 100644
--- a/include/bad-behavior/common_tests.inc.php
+++ b/include/bad-behavior/common_tests.inc.php
@@ -43,7 +43,7 @@ function bb2_misc_headers($settings, $package)
// Worse yet, some Javascript client-side apps do the same in
// blatant violation of the protocol and good sense.
// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
- if (strpos($package['request_uri'], "#") !== FALSE) {
+ if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
return "dfd9b1ad";
}
// A pretty nasty SQL injection attack on IIS servers
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 3fdaf06..915b866 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.1.13");
+define('BB2_VERSION', "2.1.15");
// Bad Behavior entry point is bb2_start()
// If you're reading this, you are probably lost.
@@ -142,7 +142,7 @@ function bb2_screen($settings, $package)
return $r;
}
return false;
- } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
+ } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
require_once(BB2_CORE . "/searchengine.inc.php");
if ($r = bb2_google($package)) {
if ($r == 1) return false; # whitelisted
diff --git a/include/bad-behavior/searchengine.inc.php b/include/bad-behavior/searchengine.inc.php
index 8a65b2b..cf8a5e8 100644
--- a/include/bad-behavior/searchengine.inc.php
+++ b/include/bad-behavior/searchengine.inc.php
@@ -6,7 +6,7 @@ require_once(BB2_CORE . "/roundtripdns.inc.php");
function bb2_google($package)
{
- if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19")) === FALSE) {
+ if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
return "f1182195";
}
# Disabled due to http://bugs.php.net/bug.php?id=53092
@@ -34,7 +34,7 @@ function bb2_msnbot($package)
function bb2_yahoo($package)
{
- if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14")) === FALSE) {
+ if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
return '71436a15';
}
# Disabled due to http://bugs.php.net/bug.php?id=53092
diff --git a/include/bad-behavior/whitelist.inc.php b/include/bad-behavior/whitelist.inc.php
index ac35af6..6f09e78 100644
--- a/include/bad-behavior/whitelist.inc.php
+++ b/include/bad-behavior/whitelist.inc.php
@@ -21,7 +21,8 @@ function bb2_whitelist($package)
$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
}
foreach ($whitelists['url'] as $url) {
- if (!strcmp($request_uri, $url)) return true;
+ $pos = strpos($request_uri, $url);
+ if ($pos !== false && $pos == 0) return true;
}
}
return false;
More information about the Xfce4-commits
mailing list