[Xfce4-commits] <forum:master> Update bb to 2.2.14.

Nick Schermer noreply at xfce.org
Fri Sep 20 22:02:01 CEST 2013 

Updating branch refs/heads/master
         to a7e01e6f12d73e57363e6ebf6dc9572659ed11b7 (commit)
       from b297a9518bc426eb7a5617b62ee81e6e926a333c (commit)

commit a7e01e6f12d73e57363e6ebf6dc9572659ed11b7
Author: Nick Schermer <nick at xfce.org>
Date:   Fri Sep 20 22:00:00 2013 +0200

    Update bb to 2.2.14.

 include/bad-behavior/blacklist.inc.php    |    4 +++-
 include/bad-behavior/common_tests.inc.php |    7 +++++--
 include/bad-behavior/core.inc.php         |    2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/include/bad-behavior/blacklist.inc.php b/include/bad-behavior/blacklist.inc.php
index 89009e5..2a139c3 100644
--- a/include/bad-behavior/blacklist.inc.php
+++ b/include/bad-behavior/blacklist.inc.php
@@ -50,10 +50,12 @@ function bb2_blacklist($package) {
 		"Nutscrape/",		// misc comment spam
 		"OmniExplorer",		// spam harvester
 		"Opera/9.64(",		// comment spam bot
+		"PMAFind",		// vulnerability scanner
 		"psycheclone",		// spam harvester
 		"PussyCat ",		// misc comment spam
 		"PycURL",		// misc comment spam
 		"Python-urllib",	// commonly abused
+		"revolt",		// vulnerability scanner
 //		WP 2.5 now has Flash; FIXME
 //		"Shockwave Flash",	// spam harvester
 		"sqlmap/",		// SQL injection
@@ -81,7 +83,7 @@ function bb2_blacklist($package) {
 		"DTS Agent",		// misc comment/email spam
 		"Email Extractor",	// spam harvester
 		"Firebird/",		// too old; assumed robot
-		"Gecko/25",		// revisit this in 500 years
+		"Gecko/2525",		// revisit this in 500 years
 		"grub-client",		// search engine ignores robots.txt
 		"hanzoweb",		// very badly behaved crawler
 		"Havij",		// SQL injection tool
diff --git a/include/bad-behavior/common_tests.inc.php b/include/bad-behavior/common_tests.inc.php
index dd82d09..3fb1d37 100644
--- a/include/bad-behavior/common_tests.inc.php
+++ b/include/bad-behavior/common_tests.inc.php
@@ -22,8 +22,11 @@ function bb2_protocol($settings, $package)
 function bb2_cookies($settings, $package)
 {
 	// Enforce RFC 2965 sec 3.3.5 and 9.1
-	// Bots wanting new-style cookies should send Cookie2
-	// FIXME: Amazon Kindle is broken; Amazon has been notified 9/24/08
+	// The only valid value for $Version is 1 and when present,
+	// the user agent MUST send a Cookie2 header.
+	// First-gen Amazon Kindle is broken; Amazon has been notified 9/24/08
+	// NOTE: RFC 2965 is obsoleted by RFC 6265. Current software MUST NOT
+	// use Cookie2 or $Version in Cookie.
 	if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
 		return '6c502ff1';
 	}
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 20c40e5..805e11b 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.13");
+define('BB2_VERSION', "2.2.14");
 
 // Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.

More information about the Xfce4-commits mailing list