// Checks for worms
function isCrackerTrackerWormDetected () {
// Check against the whole list
- $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), crackerTrackerQueryString())));
- $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), crackerTrackerUserAgent())));
+ $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString(TRUE)));
+ $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerUserAgent(TRUE)));
/*
* If it differs to original and the *whole* request string is not in
*/
$isWorm = (
(
- $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString() && (!in_array(crackerTrackerQueryString(), $GLOBALS['ctracker_whitelist']))
+ $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString(TRUE) && (!in_array(crackerTrackerQueryString(TRUE), $GLOBALS['ctracker_whitelist']))
) || (
- $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent()
+ $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(TRUE)
)
);
- //* DEBUG-DIE: */ die('isWorm='.intval($isWorm).PHP_EOL.'get="'.$GLOBALS['ctracker_checked_get'].'"'.PHP_EOL.'"'.crackerTrackerQueryString().'"'.PHP_EOL.'ua="'.$GLOBALS['ctracker_checked_ua'].'"'.PHP_EOL.'"'.crackerTrackerUserAgent().'"'.PHP_EOL);
+ //* DEBUG-DIE: */ die('isWorm='.intval($isWorm).PHP_EOL.'get='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_get'].'"'.PHP_EOL.'"'.crackerTrackerQueryString().'"'.PHP_EOL.'ua='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_ua'].'"'.PHP_EOL.'"'.crackerTrackerUserAgent().'"'.PHP_EOL);
// Return it
return $isWorm;
$GLOBALS['ctracker_post_track'] = urldecode(implode_r('&', $_POST));
// Check for suspicious POST data
- $GLOBALS['ctracker_checked_post'] = urldecode(str_ireplace($GLOBALS['ctracker_post_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), $GLOBALS['ctracker_post_track'])));
+ $GLOBALS['ctracker_checked_post'] = urldecode(str_ireplace($GLOBALS['ctracker_post_blacklist'], '*', crackerTrackerSanitize($GLOBALS['ctracker_post_track'])));
// Is it detected?
- return ((isCrackerTrackerWormDetected()) || ($GLOBALS['ctracker_checked_post'] != $GLOBALS['ctracker_post_track']));
+ return ((isCrackerTrackerWormDetected()) || ($GLOBALS['ctracker_checked_post'] != crackerTrackerSanitize($GLOBALS['ctracker_post_track'])));
}
// Prepares a mail and send it out
// And stop here
die();
}
-
-// [EOF]
-?>
}
// Detects the user-agent string
-function crackerTrackerUserAgent () {
+function crackerTrackerUserAgent ($sanitize = FALSE) {
// Default is 'unknown'
$ua = 'unknown';
$ua = crackerTrackerSecureString(urldecode($_SERVER['HTTP_USER_AGENT']));
} // END - if
+ // Sanitize it?
+ if ($sanitize === TRUE) {
+ // Sanitize ...
+ $ua = crackerTrackerSanitize($ua);
+ } // END - if
+
// Return it
return $ua;
}
// Detects the script name
-function crackerTrackerScriptName () {
+function crackerTrackerScriptName ($sanitize = FALSE) {
+ // Default is NULL
+ $scriptName = NULL;
+
// Is it there?
- if (!isset($_SERVER['SCRIPT_NAME'])) {
+ if (!empty($_SERVER['SCRIPT_NAME'])) {
// Return NULL
- return NULL;
+ $scriptName = crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
} // END - if
- // Should always be there!
- return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
+ // Sanitize it?
+ if ($sanitize === TRUE) {
+ // Sanitize ...
+ $scriptName = crackerTrackerSanitize($scriptName);
+ } // END - if
+
+ // Return
+ return $scriptName;
}
// Detects the query string
-function crackerTrackerQueryString () {
+function crackerTrackerQueryString ($sanitize = FALSE) {
+ // Default is NULL
+ $query = NULL;
+
// Is it there?
- if (!isset($_SERVER['QUERY_STRING'])) {
+ if (!empty($_SERVER['QUERY_STRING'])) {
// Return NULL
- return NULL;
+ $query = crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
} // END - if
- // Should always be there!
- return crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
+ // Sanitize it?
+ if ($sanitize === TRUE) {
+ // Sanitize ...
+ $query = crackerTrackerSanitize($query);
+ } // END - if
+
+ // Return it
+ return $query;
}
// Detects the server's name
-function crackerTrackerServerName () {
+function crackerTrackerServerName ($sanitize = FALSE) {
+ // Default is NULL
+ $serverName = NULL;
+
// Is it there?
- if (!isset($_SERVER['SERVER_NAME'])) {
+ if (!empty($_SERVER['SERVER_NAME'])) {
// Return NULL
- return NULL;
+ $serverName = crackerTrackerSecureString($_SERVER['SERVER_NAME']);
} // END - if
- // Should always be there!
- return crackerTrackerSecureString($_SERVER['SERVER_NAME']);
+ // Sanitize it?
+ if ($sanitize === TRUE) {
+ // Sanitize ...
+ $serverName = crackerTrackerSanitize($serverName);
+ } // END - if
+
+ // Return it
+ return $serverName;
}
// Detects the referer
-function crackerTrackerReferer () {
+function crackerTrackerReferer ($sanitize = FALSE) {
// Default is a dash
$referer = '-';
$referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER']));
} // END - if
+ // Sanitize it?
+ if ($sanitize === TRUE) {
+ // Sanitize ...
+ $referer = crackerTrackerSanitize($referer);
+ } // END - if
+
// Return it
return $referer;
}
} // END - foreach
}
-// [EOF]
-?>
+// Sanitizes string
+function crackerTrackerSanitize ($str) {
+ return str_replace(array('//', '/./'), array('/', '/'), $str);
+}
projects / ctracker.git / commitdiff