From adb74f7670e281b460e0ec6ae8a70e8d28ecb433 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Sat, 29 Sep 2012 22:06:08 +0000 Subject: [PATCH] Taken care of possible missing elements --- ctracker.php | 4 ++-- libs/lib_general.php | 23 ++++++++++++++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/ctracker.php b/ctracker.php index db3407b..93e7de2 100644 --- a/ctracker.php +++ b/ctracker.php @@ -47,13 +47,13 @@ crackerTrackerUpdateDatabaseScheme(); // If it differs to original and the *whole* request string is not in whitelist // then block the attempt if (isCrackerTrackerWormDetected()) { - // Send the email, this must be the last line because it contains a die() + // Send the email, this must be the last line in this if() block because it contains a exit() sendCrackerTrackerMail(); } // END - if // Suspicious POST data detected? if (isCrackerTrackerPostAttackDetected()) { - // Send the email, this must be the last line because it contains a die() + // Send the email, this must be the last line in this if() block because it contains a exit() sendCrackerTrackerPostMail(); } // END - if diff --git a/libs/lib_general.php b/libs/lib_general.php index abc1778..46ef838 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -81,6 +81,9 @@ function isCrackerTrackerDebug () { // Determines the real remote address function determineCrackerTrackerRealRemoteAddress () { + // Initial value + $address = '0.0.0.0'; + // Is a proxy in use? if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // Proxy was used @@ -88,7 +91,7 @@ function determineCrackerTrackerRealRemoteAddress () { } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { // Yet, another proxy $address = $_SERVER['HTTP_CLIENT_IP']; - } else { + } elseif (isset($_SERVER['REMOTE_ADDR'])) { // The regular address when no proxy was used $address = $_SERVER['REMOTE_ADDR']; } @@ -129,18 +132,36 @@ function crackerTrackerUserAgent () { // Detects the script name function crackerTrackerScriptName () { + // Is it there? + if (!isset($_SERVER['SCRIPT_NAME'])) { + // Return NULL + return NULL; + } // END - if + // Should always be there! return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']); } // Detects the query string function crackerTrackerQueryString () { + // Is it there? + if (!isset($_SERVER['QUERY_STRING'])) { + // Return NULL + return NULL; + } // END - if + // Should always be there! return crackerTrackerEscapeString($_SERVER['QUERY_STRING']); } // Detects the server's name function crackerTrackerServerName () { + // Is it there? + if (!isset($_SERVER['SERVER_NAME'])) { + // Return NULL + return NULL; + } // END - if + // Should always be there! return crackerTrackerSecureString($_SERVER['SERVER_NAME']); } -- 2.39.5