[Xfce4-commits] <forum:master> Update bad-behaviour.

[Nick Schermer]

Updating branch refs/heads/master
         to 3ac209e486f1d3488b158a32a427fd3b2ca2c0cb (commit)
       from 0344070ff3dc8c198cb2b54fcb2743a2ff793b5b (commit)

commit 3ac209e486f1d3488b158a32a427fd3b2ca2c0cb
Author: Nick Schermer <nick at xfce.org>
Date:   Mon May 14 15:58:23 2012 +0200

    Update bad-behaviour.

 include/bad-behavior/core.inc.php      |    4 ++--
 include/bad-behavior/post.inc.php      |    9 +++++++--
 include/bad-behavior/screener.inc.php  |    4 +++-
 include/bad-behavior/whitelist.inc.php |    9 +++++++--
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 6437537..6286a16 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.2");
+define('BB2_VERSION', "2.2.5");
 
 // Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.
@@ -123,7 +123,7 @@ function bb2_screen($settings, $package)
 
 	// First check the whitelist
 	require_once(BB2_CORE . "/whitelist.inc.php");
-	if (!bb2_whitelist($package)) {
+	if (!bb2_run_whitelist($package)) {
 		// Now check the blacklist
 		require_once(BB2_CORE . "/blacklist.inc.php");
 		if ($r = bb2_blacklist($package)) return $r;
diff --git a/include/bad-behavior/post.inc.php b/include/bad-behavior/post.inc.php
index 39f7d34..88c99ba 100644
--- a/include/bad-behavior/post.inc.php
+++ b/include/bad-behavior/post.inc.php
@@ -54,8 +54,13 @@ function bb2_post($settings, $package)
 	}
 
 	// If Referer exists, it should refer to a page on our site
-	if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
-		return "cd361abb";
+	if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) {
+		$url = parse_url($package['headers_mixed']['Referer']);
+		$url['host'] = preg_replace('|^www\.|', '', $url['host']);
+		$host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
+		if (strcasecmp($host, $url['host'])) {
+			return "cd361abb";
+		}
 	}
 
 	// Screen by cookie/JavaScript form add
diff --git a/include/bad-behavior/screener.inc.php b/include/bad-behavior/screener.inc.php
index 8f5a624..b50f02f 100644
--- a/include/bad-behavior/screener.inc.php
+++ b/include/bad-behavior/screener.inc.php
@@ -5,7 +5,9 @@
 function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
 {
 	// FIXME: Set the real cookie
-	setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
+	if (!$settings['eu_cookie']) {
+		setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
+	}
 }
 
 function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
diff --git a/include/bad-behavior/whitelist.inc.php b/include/bad-behavior/whitelist.inc.php
index 6f09e78..0e1e710 100644
--- a/include/bad-behavior/whitelist.inc.php
+++ b/include/bad-behavior/whitelist.inc.php
@@ -1,8 +1,13 @@
 <?php if (!defined('BB2_CORE')) die('I said no cheating!');
 
-function bb2_whitelist($package)
+function bb2_run_whitelist($package)
 {
-	$whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
+	# FIXME: Transitional, until port maintainters implement bb2_read_whitelist
+	if (function_exists('bb2_read_whitelist')) {
+		$whitelists = bb2_read_whitelist();
+	} else {
+		$whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
+	}
 
 	if (@!empty($whitelists['ip'])) {
 		foreach ($whitelists['ip'] as $range) {