Added 'safe_mode' (php.ini setting).

Signed-off-by: Roland Häder <roland@mxchange.org>

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 5c5a70b50c4b4324317209ad0ec68ac7c2a0013e..7da613b15874f4da3e24de79affe9367f3e11516 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -89,6 +89,9 @@ function initCrackerTrackerArrays () {
                'bin/./tclsh', 'bin/nasm', 'bin/./nasm', '/perl', 'perl ', 'cmd.exe',
                'nc.exe', 'ftp.exe',
 
+               // php.ini settings
+               'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
+
                // PHP commands/scripts
                'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>',
 
@@ -126,9 +129,6 @@ function initCrackerTrackerArrays () {
                // Attempts to insert links into a badly secured URL
                '%3E%3C',
 
-               // php.ini settings
-               'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions',
-
                // @TODO Misc/unsorted
                'cgi-', '.eml', '$_request', '$_get', '$request', '$get', '.system',
                '&aim', 'new_password', '&icq', '.conf', 'motd ', 'HTTP/1.',
@@ -136,7 +136,7 @@ function initCrackerTrackerArrays () {
                'wwwacl', '.js', '.jsp', 'server-info', 'server-status',
                'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
                '<script', 'mod_gzip_status', '.system', 'http_',
-               'uol.com', ',0x', '(0x',
+               'uol.com', ',0x', '(0x'
        );
 
        // Block these words found in POST requests