From 89f483839143c5352bd3d4a3dd4fa2355a180f84 Mon Sep 17 00:00:00 2001
From: Roland Haeder <roland@mxchange.org>
Date: Thu, 18 Jul 2013 00:07:58 +0000
Subject: [PATCH] Experimental commit: decode URL before checking to avoid
 something like this: q=%2FopenFooBar which would be converted to
 q=%2fopenfoobar and then blocked as 'fopen' is then found.

This happens with StatusNet 1.1.1
---
 libs/lib_detector.php | 2 +-
 libs/lib_general.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 11d5c07..3fa9b4d 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -95,7 +95,7 @@ function initCrackerTrackerArrays () {
 // Checks for worms
 function isCrackerTrackerWormDetected () {
 	// Check against the whole list
-	$GLOBALS['ctracker_checkworm'] = str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString());
+	$GLOBALS['ctracker_checkworm'] = str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', urldecode(crackerTrackerQueryString()));
 
 	// If it differs to original and the *whole* request string is not in whitelist
 	// then blog the attempt
diff --git a/libs/lib_general.php b/libs/lib_general.php
index 64bc6a7..fe382dc 100644
--- a/libs/lib_general.php
+++ b/libs/lib_general.php
@@ -93,7 +93,7 @@ function determineCrackerTrackerRealRemoteAddress () {
 		$address = $_SERVER['HTTP_CLIENT_IP'];
 	} elseif (isset($_SERVER['REMOTE_ADDR'])) {
 		// The regular address when no proxy was used
-		$address = $_SERVER['REMOTE_ADDR'];
+		$address = getenv('REMOTE_ADDR');
 	}
 
 	// This strips out the real address from proxy output
-- 
2.39.5