Continued:

- sprintf() used
- old array() turned to "new" [] way
- sorted detection arrays a bit better

diff --git a/libs/lib_connect.php b/libs/lib_connect.php
index 269062421a5aa80ce032ab03d46c9759e116b56c..b6344a9596b48cdf34bd33bbca4027df1d86a850 100644 (file)
--- a/libs/lib_connect.php
+++ b/libs/lib_connect.php
@@ -256,10 +256,13 @@ function crackerTrackerCreateTable (string $table, array $columns, array $keys)
        runCrackerTrackerSql($sqlString);
 }
 
-// Inits a table by inserting 
+// Inits a table by inserting
 function crackerTrackerInitTable (string $table) {
        // Prepare SQL and run it
-       runCrackerTrackerSql('INSERT INTO `' . $table . '` (`' . $table . '`) VALUES (NULL)');
+       runCrackerTrackerSql(sprintf("INSERT INTO `%s` (`%s`) VALUES (NULL)'",
+               $table,
+               $table
+       ));
 }
 
 // Updates the database scheme automatically
@@ -273,13 +276,14 @@ function crackerTrackerUpdateDatabaseScheme () {
        // Is the main config table there?
        if (!isCrackerTrackerTableCreated('ctracker_config')) {
                // Then do it for us
-               crackerTrackerCreateTable('ctracker_config', array(
+               crackerTrackerCreateTable('ctracker_config', [
                        'ctracker_db_version' => 'BIGINT ( 20 ) UNSIGNED NOT NULL DEFAULT 0',
                        'ctracker_min_sleep'  => 'SMALLINT ( 5 ) UNSIGNED NOT NULL DEFAULT 10',
                        'ctracker_max_sleep'  => 'SMALLINT ( 5 ) UNSIGNED NOT NULL DEFAULT 30',
                        'ctracker_alert_user' => "ENUM('Y','N') NOT NULL DEFAULT 'Y'",
                        'ctracker_language'   => "CHAR ( 2) NOT NULL DEFAULT 'en'"
-               ), array());
+               ], [
+               ]);
 
                // Init that table
                crackerTrackerInitTable('ctracker_config');

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 4266f182cf83c1c7bf8963d398f7804ad2341d70..92ffbbd314c2b97419ba4c9219f6d48e19d51614 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -65,11 +65,11 @@ function initCrackerTrackerArrays () {
 
                // Other Linux/FreeBSD/??? programs (sometimes with space)
                'traceroute ', 'ping ', 'bin/xterm', 'bin/./xterm', 'lsof ',
-               'telnet ', 'wget ', 'bin/perl', 'bin/id', 'uname\x20', 'uname ',
-               'killall', 'diff ', 'kill ', 'locate ', 'grep ', 'vi ', 'mv ',
-               'rmdir ', 'mcd ', 'mrd ', 'rm ', ' mcd', ' mrd', ' rm',
+               'telnet ', 'wget ', ' wget', 'bin/perl', 'bin/id', 'uname\x20',
+               'uname ', 'killall', 'diff ', 'kill ', 'locate ', 'grep ', 'vi ',
+               'mv ', 'rmdir ', 'mcd ', 'mrd ', 'rm ', ' mcd', ' mrd', ' rm',
                'passwd ', ' passwd', 'mdir ', ' mdir', 'cp ', ' cp',
-               'esystem ', 'chr ', ' chr', 'wget ', ' wget', ' cmd',
+               'esystem ', 'chr ', ' chr', ' cmd',
                'cmd ', ' rush', 'rush ', ' echr', 'echr ', ' getenv',
                'getenv', 'reboot ', 'halt ', 'powerdown ', 'invokefunction',
 
@@ -81,12 +81,17 @@ function initCrackerTrackerArrays () {
                // Other Linux programs (+ equal)
                'mcd=', 'mrd=', 'chmod=', 'chr=', 'rush=', 'echr=',
 
-               // Paths
-               '/etc/', '/bin/', '/sbin/', '/self/', '/proc/', '../../','..//', '././',
-               '/home/ftp', '/home/./ftp', '/home/./www', '/home/www', '/www/virtual/',
-               '/www/./virtual/',
+               // Generic Linux paths
+               '/etc/', '/bin/', '/sbin/', '/self/', '/proc/', '/sys/',
 
-               // Uni* commands:
+               // Dotted paths (to break out of DOCUMENT_ROOT)
+               '../../','..//', '././',
+
+               // Home paths and maybe common virtual hosting paths (ISCP)
+               '/home/ftp', '/home/./ftp', '/home/./www', '/home/www',
+               '/www/virtual/', '/www/./virtual/',
+
+               // User right, group and user changing
                '/chgrp', '/chown', '/chmod', 'chown ', 'chmod ', 'chgrp ',
 
                // Compiler/interpreter
@@ -137,7 +142,7 @@ function initCrackerTrackerArrays () {
                'width:0px', 'width: 0px','width:1px', 'width: 1px',
 
                // Uncommon user websites
-               '~root', '~ftp', '~nobody',
+               '~root', '~ftp', '~nobody', '~www-data',
 
                // Windows XP (?) hacks
                'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell',
@@ -163,7 +168,7 @@ function initCrackerTrackerArrays () {
                // @TODO Misc/unsorted
                'cgi-', '.eml', '$_request', '$_get', '$request', '$get', '.system',
                '&aim', 'new_password', '&icq', '.conf', 'motd ', 'HTTP/1.',
-               'window.open', 'img src', 'img src', '.jsp', 'servlet', 'org.apache',
+               'window.open', 'img src', '.jsp', 'servlet', 'org.apache',
                'wwwacl', '/servlet/con', 'http_', 'secure_site, ok', 'chunked',
                '<script', 'mod_gzip_status', '.system', 'uol.com', ',0x', '(0x',
                'INSERT_RANDOM_NUMBER_HERE', '=passthru',

diff --git a/libs/lib_general.php b/libs/lib_general.php
index c7c6e9379937d8e84baee4f372ce3259e4cfb075..1adec47cc6eac4ebe5d5fe332e4011c39ffcffe9 100644 (file)
--- a/libs/lib_general.php
+++ b/libs/lib_general.php
@@ -546,7 +546,7 @@ function unsetCtrackerData () {
        //* DEBUG: */ error_log(__FUNCTION__ . ': CALLED!');
 
        // Unset all ctracker data
-       foreach (array(
+       foreach ([
                        'ctracker_base_path',
                        'ctracker_host',
                        'ctracker_dbname',
@@ -570,7 +570,7 @@ function unsetCtrackerData () {
                        'ctracker_localized',
                        'ctracker_link',
                        'ctracker_blocked_methods',
-               ) as $key) {
+               ] as $key) {
                        // Unset it
                        unset($GLOBALS[$key]);
        }
@@ -585,6 +585,7 @@ function crackerTrackerIsConsole () {
        return (php_sapi_name() == 'cli');
 }
 
+// Add anti-spam field in contact form
 function ctrackerAntiSpamField () {
        // Get all fields
        $fields = ctrackerGetAntiSpamFields();
@@ -598,11 +599,19 @@ function ctrackerAntiSpamField () {
 
 function ctrackerGetAntiSpamFields () {
        return [
+               // URLs
+               'ctracker_blog',
+               'ctracker_homepage',
                'ctracker_url',
+               'ctracker_website',
+               // Chat services
                'ctracker_aol',
-               'ctracker_yahoo',
                'ctracker_icq',
                'ctracker_jabber',
+               'ctracker_matrix',
+               'ctracker_utox',
+               'ctracker_xmpp',
+               'ctracker_yahoo',
        ];
 }
 
@@ -610,15 +619,22 @@ function ifCtrackerTrackerAntiSpamFieldGiven () {
        // Is request method POST?
        if (crackerTrackerRequestMethod() != 'POST') {
                // Cannot be given
-               return false;
+               throw new BadFunctionCallException('Function should not be invoked');
        }
 
+       // Default is not found
+       $isFound = false;
+
        // Walk through all fields
        foreach (ctrackerGetAntiSpamFields() as $fieldName) {
                // Is one found?
                if (in_array($fieldName, $_POST) && !empty($_POST[$fieldName])) {
                        // Filled out!
-                       return true;
+                       $isFound = true;
+                       break;
                }
        }
+
+       // Return status
+       return $isFound;
 }