X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=libs%2Flib_general.php;h=fa4643de30088e24b74c1d3721fe76b79a18265b;hb=486c0950007142f4d629481751d5bf40b6af6ded;hp=8d5dd1e93ae268deb63ba850cc1d3d0b5cc8f519;hpb=a44fb4bebb215b795183870b065b87a3788b7b16;p=ctracker.git

diff --git a/libs/lib_general.php b/libs/lib_general.php
index 8d5dd1e..fa4643d 100644
--- a/libs/lib_general.php
+++ b/libs/lib_general.php
@@ -4,7 +4,7 @@
  *
  * @author		Roland Haeder <webmaster@shipsimu.org>
  * @version		3.0.0
- * @copyright	Copyright (c) 2009 - 2011 Cracker Tracker Team
+ * @copyright	Copyright (c) 2009 - 2017 Cracker Tracker Team
  * @license		GNU GPL 3.0 or any newer version
  * @link		http://www.shipsimu.org
  *
@@ -25,13 +25,13 @@
 if (!function_exists('implode_r')) {
 	// Implode recursive a multi-dimension array, taken from www.php.net
 	function implode_r ($glue, $array, $array_name = NULL) {
-		$return = array();
-		while(list($key,$value) = @each($array)) {
-			if(is_array($value)) {
+		$return = [];
+		while (list($key,$value) = @each($array)) {
+			if (is_array($value)) {
 				// Is an array again, so call recursive
 				$return[] = implode_r($glue, $value, (string) $key);
 			} else {
-				if($array_name != NULL) {
+				if ($array_name != NULL) {
 					$return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n";
 				} else {
 					$return[] = $key . '=' . $value."\n";
@@ -40,13 +40,13 @@ if (!function_exists('implode_r')) {
 		} // END - while
 
 		// Return resulting array
-		return(implode($glue, $return));
+		return implode($glue, $return);
 	} // END - function
 } // END - if
 
 if (!function_exists('implode_secure')) {
 	// Implode a simple array with a 'call-back' to our escaper function
-	function implode_secure ($array) {
+	function implode_secure (array $array) {
 		// Return string
 		$return = '';
 
@@ -85,7 +85,7 @@ function crackerTrackerLoadConfiguration () {
 	} // END - if
 
 	// Load it
-	require($fqfn);
+	require $fqfn;
 
 	// Load email header
 	$GLOBALS['ctracker_header'] = crackerTrackerLoadEmailTemplate('header');
@@ -143,14 +143,20 @@ function isCrackerTrackerProxyUsed () {
 }
 
 // Detects the user-agent string
-function crackerTrackerUserAgent () {
+function crackerTrackerUserAgent ($sanitize = FALSE) {
 	// Default is 'unknown'
 	$ua = 'unknown';
 
 	// Is the entry there?
 	if (isset($_SERVER['HTTP_USER_AGENT'])) {
 		// Then use it securely
-		$ua = crackerTrackerSecureString($_SERVER['HTTP_USER_AGENT']);
+		$ua = crackerTrackerSecureString(urldecode($_SERVER['HTTP_USER_AGENT']));
+	} // END - if
+
+	// Sanitize it?
+	if ($sanitize === TRUE) {
+		// Sanitize ...
+		$ua = crackerTrackerSanitize($ua);
 	} // END - if
 
 	// Return it
@@ -158,56 +164,107 @@ function crackerTrackerUserAgent () {
 }
 
 // Detects the script name
-function crackerTrackerScriptName () {
+function crackerTrackerScriptName ($sanitize = FALSE) {
+	// Default is NULL
+	$scriptName = NULL;
+
 	// Is it there?
-	if (!isset($_SERVER['SCRIPT_NAME'])) {
+	if (!empty($_SERVER['SCRIPT_NAME'])) {
 		// Return NULL
-		return NULL;
+		$scriptName = crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
 	} // END - if
 
-	// Should always be there!
-	return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
+	// Sanitize it?
+	if ($sanitize === TRUE) {
+		// Sanitize ...
+		$scriptName = crackerTrackerSanitize($scriptName);
+	} // END - if
+
+	// Return
+	return $scriptName;
 }
 
 // Detects the query string
-function crackerTrackerQueryString () {
+function crackerTrackerQueryString ($sanitize = FALSE) {
+	// Default is NULL
+	$query = NULL;
+
 	// Is it there?
-	if (!isset($_SERVER['QUERY_STRING'])) {
-		// Return NULL
-		return NULL;
+	if (!empty($_SERVER['QUERY_STRING'])) {
+		// Get string escaped
+		$query = crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
+	} elseif (!empty($_SERVER['REQUEST_URI'])) {
+		// Get string escaped
+		$query = crackerTrackerEscapeString(urldecode($_SERVER['REQUEST_URI']));
+	}
+
+	// Sanitize it?
+	if ((!empty($query)) && ($sanitize === TRUE)) {
+		// Sanitize ...
+		$query = crackerTrackerSanitize($query);
 	} // END - if
 
-	// Should always be there!
-	return crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
+	// Return it
+	return $query;
 }
 
 // Detects the server's name
-function crackerTrackerServerName () {
+function crackerTrackerServerName ($sanitize = FALSE) {
+	// Default is NULL
+	$serverName = NULL;
+
 	// Is it there?
-	if (!isset($_SERVER['SERVER_NAME'])) {
+	if (!empty($_SERVER['SERVER_NAME'])) {
 		// Return NULL
-		return NULL;
+		$serverName = crackerTrackerSecureString($_SERVER['SERVER_NAME']);
 	} // END - if
 
-	// Should always be there!
-	return crackerTrackerSecureString($_SERVER['SERVER_NAME']);
+	// Sanitize it?
+	if ($sanitize === TRUE) {
+		// Sanitize ...
+		$serverName = crackerTrackerSanitize($serverName);
+	} // END - if
+
+	// Return it
+	return $serverName;
 }
 
 // Detects the referer
-function crackerTrackerReferer () {
+function crackerTrackerReferer ($sanitize = FALSE) {
 	// Default is a dash
 	$referer = '-';
 
 	// Is it there?
-	if (isset($_SERVER['HTTP_REFERER'])) {
+	if (!empty($_SERVER['HTTP_REFERER'])) {
 		// Then use it securely
 		$referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER']));
 	} // END - if
 
+	// Sanitize it?
+	if ($sanitize === TRUE) {
+		// Sanitize ...
+		$referer = crackerTrackerSanitize($referer);
+	} // END - if
+
 	// Return it
 	return $referer;
 }
 
+// Detects request method
+function crackerTrackerRequestMethod () {
+	// Default is NULL
+	$method = NULL;
+
+	// Is it set?
+	if (!empty($_SERVER['REQUEST_METHOD'])) {
+		// Then use it
+		$method = $_SERVER['REQUEST_METHOD'];
+	} // END - if
+
+	// Return it
+	return $method;
+}
+
 // Detects the scripts path
 function crackerTrackerScriptPath () {
 	// Should always be there!
@@ -326,7 +383,7 @@ function crackerTrackerLanguage () {
 }
 
 // Loads a given email template and passes through $content
-function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $language = NULL) {
+function crackerTrackerLoadEmailTemplate ($template, array $content = [], $language = NULL) {
 	// Init language
 	crackerTrackerLanguage();
 
@@ -514,8 +571,9 @@ function unsetCtrackerData () {
 			'ctracker_post_blacklist',
 			'ctracker_header',
 			'ctracker_post_track',
-			'ctracker_checkworm',
-			'ctracker_check_post',
+			'ctracker_checked_get',
+			'ctracker_checked_post',
+			'ctracker_checked_ua',
 			'ctracker_last_sql',
 			'ctracker_last_result',
 			'ctracker_config',
@@ -523,11 +581,14 @@ function unsetCtrackerData () {
 			'ctracker_language',
 			'ctracker_localized',
 			'ctracker_link',
+			'ctracker_blocked_methods',
 		) as $key) {
 			// Unset it
 			unset($GLOBALS[$key]);
 	} // END - foreach
 }
 
-// [EOF]
-?>
+// Sanitizes string
+function crackerTrackerSanitize ($str) {
+	return str_replace(array('//', '/./'), array('/', '/'), $str);
+}