This is an automated email from the git hooks/post-receive script.
s k u n n y k p u s h e d a c o m m i t t o b r a n c h o l d f o r u m
in repository www/forum.xfce.org.
commit 3ac209e486f1d3488b158a32a427fd3b2ca2c0cb
Author: Nick Schermer <nick at xfce.org>
Date: Mon May 14 15:58:23 2012 +0200
Update bad-behaviour.
---
include/bad-behavior/core.inc.php | 4 ++--
include/bad-behavior/post.inc.php | 9 +++++++--
include/bad-behavior/screener.inc.php | 4 +++-
include/bad-behavior/whitelist.inc.php | 9 +++++++--
4 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 6437537..6286a16 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.2");
+define('BB2_VERSION', "2.2.5");
// Bad Behavior entry point is bb2_start()
// If you're reading this, you are probably lost.
@@ -123,7 +123,7 @@ function bb2_screen($settings, $package)
// First check the whitelist
require_once(BB2_CORE . "/whitelist.inc.php");
- if (!bb2_whitelist($package)) {
+ if (!bb2_run_whitelist($package)) {
// Now check the blacklist
require_once(BB2_CORE . "/blacklist.inc.php");
if ($r = bb2_blacklist($package)) return $r;
diff --git a/include/bad-behavior/post.inc.php b/include/bad-behavior/post.inc.php
index 39f7d34..88c99ba 100644
--- a/include/bad-behavior/post.inc.php
+++ b/include/bad-behavior/post.inc.php
@@ -54,8 +54,13 @@ function bb2_post($settings, $package)
}
// If Referer exists, it should refer to a page on our site
- if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
- return "cd361abb";
+ if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) {
+ $url = parse_url($package['headers_mixed']['Referer']);
+ $url['host'] = preg_replace('|^www\.|', '', $url['host']);
+ $host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
+ if (strcasecmp($host, $url['host'])) {
+ return "cd361abb";
+ }
}
// Screen by cookie/JavaScript form add
diff --git a/include/bad-behavior/screener.inc.php b/include/bad-behavior/screener.inc.php
index 8f5a624..b50f02f 100644
--- a/include/bad-behavior/screener.inc.php
+++ b/include/bad-behavior/screener.inc.php
@@ -5,7 +5,9 @@
function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
{
// FIXME: Set the real cookie
- setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
+ if (!$settings['eu_cookie']) {
+ setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
+ }
}
function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
diff --git a/include/bad-behavior/whitelist.inc.php b/include/bad-behavior/whitelist.inc.php
index 6f09e78..0e1e710 100644
--- a/include/bad-behavior/whitelist.inc.php
+++ b/include/bad-behavior/whitelist.inc.php
@@ -1,8 +1,13 @@
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-function bb2_whitelist($package)
+function bb2_run_whitelist($package)
{
- $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
+ # FIXME: Transitional, until port maintainters implement bb2_read_whitelist
+ if (function_exists('bb2_read_whitelist')) {
+ $whitelists = bb2_read_whitelist();
+ } else {
+ $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
+ }
if (@!empty($whitelists['ip'])) {
foreach ($whitelists['ip'] as $range) {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.