From 5ba4cfd551ee9582b1d64605d92e3e4ee7b9de3b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Wed, 22 Aug 2018 20:19:44 +0200
Subject: [PATCH] Continued: - added INSERT_RANDOM_NUMBER_HERE, typical for
 incompletely configured OpenX/revive Ad Server - changed to "new" array style
 - renamed ctracker_blocked_requests -> ctracker_blocked_methods as they are
 the   request methods that should always be blocked - updated .gitattributes

---
 .gitattributes        | 33 ++++++++++++++++++++++++++++++++-
 libs/lib_connect.php  | 12 ++++++------
 libs/lib_detector.php | 32 +++++++++++++++++---------------
 libs/lib_general.php  | 18 +++++++++---------
 libs/lib_updates.php  |  4 ++--
 5 files changed, 66 insertions(+), 33 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index dfe0770..72184ce 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1,33 @@
-# Auto detect text files and perform LF normalization
+#
+### Distribute this file on all GIT projects!
+#
+# Autodetect text files
 * text=auto
+
+# Force the following filetypes to have unix eols, so Windows does not break them
+*.* text eol=lf
+
+# Force images/fonts to be handled as binaries
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.png binary
+*.t3x binary
+*.t3d binary
+*.exe binary
+*.data binary
+*.ttf binary
+*.eof binary
+*.eot binary
+*.swf binary
+*.mov binary
+*.mp4 binary
+*.mp3 binary
+*.ogg binary
+*.flv binary
+*.jar binary
+*.pdf binary
+*.woff* binary
+*.otf binary
+*.z binary
+*.docx binary
diff --git a/libs/lib_connect.php b/libs/lib_connect.php
index 4885b2f..e21af93 100644
--- a/libs/lib_connect.php
+++ b/libs/lib_connect.php
@@ -46,9 +46,9 @@ function aquireCrackerTrackerDatabaseLink () {
 // Inits a fake configurtation
 function crackerTrackerInitFakeConfig () {
 	// Set the array
-	$GLOBALS['ctracker_config'] = array(
+	$GLOBALS['ctracker_config'] = [
 		'ctracker_alert_user' => 'Y',
-	);
+	];
 }
 
 // Checks if the link is up
@@ -367,14 +367,14 @@ function ifCrackerTrackerIpHasTicket () {
 // Adds a ticket based on given (mostly $_POST) data
 function addCrackerTrackerTicket (array $data) {
 	// Prepare the array
-	$GLOBALS['ctracker_last_ticket'] = array(
+	$GLOBALS['ctracker_last_ticket'] = [
 		'ctracker_ticket_remote_addr' => determineCrackerTrackerRealRemoteAddress(),
 		'ctracker_ticket_proxy_addr'  => getenv('REMOTE_ADDR'),
 		'ctracker_ticket_user_agent'  => crackerTrackerUserAgent(),
 		'ctracker_ticket_name'        => crackerTrackerSecureString($data['name']),
 		'ctracker_ticket_email'       => crackerTrackerSecureString($data['email']),
 		'ctracker_ticket_comment'     => crackerTrackerSecureString($data['comment'])
-	);
+	];
 
 	// Insert it
 	crackerTrackerInsertArray('ctracker_ticket', $GLOBALS['ctracker_last_ticket']);
@@ -382,10 +382,10 @@ function addCrackerTrackerTicket (array $data) {
 	// Is there an entry?
 	if ((isset($GLOBALS['ctracker_last_insert_id'])) && ($GLOBALS['ctracker_last_insert_id'] > 0)) {
 		// All fine, so prepare the link between ticket<->data
-		$data = array(
+		$data = [
 			'ctracker_ticket_id' => $GLOBALS['ctracker_last_insert_id'],
 			'ctracker_data_id'   => $GLOBALS['ctracker_last_suspicious_entry']['id']
-		);
+		];
 
 		// And insert it as well
 		crackerTrackerInsertArray('ctracker_ticket_data', $data);
diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index c008a2f..21a15d8 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -37,17 +37,17 @@ function initCrackerTrackerArrays () {
 	$GLOBALS['ctracker_base_path'] = dirname(dirname(__FILE__));
 
 	// Whitelist some absolute query strings (see below)
-	$GLOBALS['ctracker_whitelist'] = array(
+	$GLOBALS['ctracker_whitelist'] = [
 		'cmd=new',    // LinPHA
 		'cmd=edit',   // LinPHA
 		'cmd=lostpw', // LinPHA
 		'/css/status_config.php', // MantisBT
 		'/css/common_config.php', // MantisBT
 		'/javascript_config.php', // MantisBT
-	);
+	];
 
 	// Attacks we should detect and block
-	$GLOBALS['ctracker_get_blacklist'] = array(
+	$GLOBALS['ctracker_get_blacklist'] = [
 		// SQL injections
 		'union ', ' union', 'insert ',
 		'select ', ' like', 'like ', 'drop ', 'update ',
@@ -154,11 +154,11 @@ function initCrackerTrackerArrays () {
 		'window.open', 'img src', 'img src', '.jsp', 'servlet', 'org.apache',
 		'wwwacl', 'server-info', 'server-status', '/servlet/con', 'http_',
 		'secure_site, ok', 'chunked', '<script', 'mod_gzip_status', '.system',
-		'uol.com', ',0x', '(0x',
-	);
+		'uol.com', ',0x', '(0x', 'INSERT_RANDOM_NUMBER_HERE',
+	];
 
 	// BLock these words found in User-Agent
-	$GLOBALS['ctracker_ua_blacklist'] = array(
+	$GLOBALS['ctracker_ua_blacklist'] = [
 		// Compiler/interpreter
 		'bin/g++ ', 'bin/c++ ', 'cc ', 'bin/python', 'bin/python', 'bin/tclsh',
 		'bin/tclsh', 'bin/nasm', '/perl', 'cmd.exe',
@@ -183,19 +183,21 @@ function initCrackerTrackerArrays () {
 
 		// /proc/ and other forbidden paths
 		'proc/self/environ',
-	);
+	];
 
 	// Block these words found in POST requests
-	$GLOBALS['ctracker_post_blacklist'] = array(
+	$GLOBALS['ctracker_post_blacklist'] = [
 		// This line is for detecting hidden link spam in wikis, forums, guestbooks, etc.
 		' style=', 'overflow:auto', 'height:1px', 'width:1px', 'display:hidden', 'style.display',
 
 		// "Common" login names from VHCS exploiters ;-)
 		'starhack', 'DeLiMehmet', 'hisset', 'Hisset', 'delimert', 'MecTruy'
-	);
+	];
 
 	// Also block these requests (mostly you don't want CONNECT to some SMTP sites)
-	$GLOBALS['ctracker_blocked_requests'] = array('CONNECT' => TRUE);
+	$GLOBALS['ctracker_blocked_methods'] = [
+		'CONNECT' => TRUE,
+	];
 
 	// Init more elements
 	$GLOBALS['ctracker_post_track']   = '';
@@ -220,7 +222,7 @@ function isCrackerTrackerWormDetected () {
 		) || (
 			$GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(TRUE)
 		) || (
-			isset($GLOBALS['ctracker_blocked_requests'][crackerTrackerRequestMethod()])
+			isset($GLOBALS['ctracker_blocked_methods'][crackerTrackerRequestMethod()])
 		)
 	);
 	//* DEBUG-DIE: */ die('isWorm='.intval($isWorm).PHP_EOL.'get='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_get'].'"'.PHP_EOL.'"'.crackerTrackerQueryString().'"'.PHP_EOL.'ua='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_ua'].'"'.PHP_EOL.'"'.crackerTrackerUserAgent().'"'.PHP_EOL);
@@ -284,12 +286,12 @@ function sendCrackerTrackerTicketMails () {
 // Sends a mail out
 function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) {
 	// Construct dummy array
-	$rowData = array(
+	$rowData = [
 		'remote_addr' => determineCrackerTrackerRealRemoteAddress(),
 		'proxy_addr'  => getenv('REMOTE_ADDR'),
 		'check_get'   => $GLOBALS['ctracker_checked_get'],
 		'server_name' => crackerTrackerServerName()
-	);
+	];
 
 	// Only send email if not yet found
 	if (!isCrackerTrackerEntryFound($rowData)) {
@@ -385,7 +387,7 @@ function crackerTrackerLogAttack () {
 	} // END - if
 
 	// Prepare array for database insert
-	$rowData = array(
+	$rowData = [
 		'remote_addr'    => determineCrackerTrackerRealRemoteAddress(),
 		'proxy_addr'     => getenv('REMOTE_ADDR'),
 		'user_agent'     => crackerTrackerUserAgent(),
@@ -400,7 +402,7 @@ function crackerTrackerLogAttack () {
 		'request_method' => crackerTrackerRequestMethod(),
 		'proxy_used'     => $proxyUsed,
 		'first_attempt'  => 'NOW()'
-	);
+	];
 
 	// Insert the array in database
 	crackerTrackerInsertArray('ctracker_data', $rowData);
diff --git a/libs/lib_general.php b/libs/lib_general.php
index 1b2b886..515f0dc 100644
--- a/libs/lib_general.php
+++ b/libs/lib_general.php
@@ -25,13 +25,13 @@
 if (!function_exists('implode_r')) {
 	// Implode recursive a multi-dimension array, taken from www.php.net
 	function implode_r ($glue, $array, $array_name = NULL) {
-		$return = array();
-		while(list($key,$value) = @each($array)) {
-			if(is_array($value)) {
+		$return = [];
+		while (list($key,$value) = @each($array)) {
+			if (is_array($value)) {
 				// Is an array again, so call recursive
 				$return[] = implode_r($glue, $value, (string) $key);
 			} else {
-				if($array_name != NULL) {
+				if ($array_name != NULL) {
 					$return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n";
 				} else {
 					$return[] = $key . '=' . $value."\n";
@@ -40,13 +40,13 @@ if (!function_exists('implode_r')) {
 		} // END - while
 
 		// Return resulting array
-		return(implode($glue, $return));
+		return implode($glue, $return);
 	} // END - function
 } // END - if
 
 if (!function_exists('implode_secure')) {
 	// Implode a simple array with a 'call-back' to our escaper function
-	function implode_secure ($array) {
+	function implode_secure (array $array) {
 		// Return string
 		$return = '';
 
@@ -85,7 +85,7 @@ function crackerTrackerLoadConfiguration () {
 	} // END - if
 
 	// Load it
-	require($fqfn);
+	require $fqfn;
 
 	// Load email header
 	$GLOBALS['ctracker_header'] = crackerTrackerLoadEmailTemplate('header');
@@ -383,7 +383,7 @@ function crackerTrackerLanguage () {
 }
 
 // Loads a given email template and passes through $content
-function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $language = NULL) {
+function crackerTrackerLoadEmailTemplate ($template, array $content = [], $language = NULL) {
 	// Init language
 	crackerTrackerLanguage();
 
@@ -581,7 +581,7 @@ function unsetCtrackerData () {
 			'ctracker_language',
 			'ctracker_localized',
 			'ctracker_link',
-			'ctracker_blocked_requests',
+			'ctracker_blocked_methods',
 		) as $key) {
 			// Unset it
 			unset($GLOBALS[$key]);
diff --git a/libs/lib_updates.php b/libs/lib_updates.php
index fd34fcc..21ef93f 100644
--- a/libs/lib_updates.php
+++ b/libs/lib_updates.php
@@ -25,7 +25,7 @@
 // Init all updates
 function crackerTrackerInitUpdates () {
 	// Add all
-	$GLOBALS['ctracker_updates'] = array(
+	$GLOBALS['ctracker_updates'] = [
 		// Ticket system:
 		0 => array(
 			'CREATE TABLE IF NOT EXISTS `ctracker_ticket` (
@@ -98,7 +98,7 @@ FOREIGN KEY ( `ctracker_data_id` ) REFERENCES `' . $GLOBALS['ctracker_dbname'] .
 			FROM `ctracker_data`
 			GROUP BY `request_method`'
 		),
-	);
+	];
 }
 
 // Runs the given updates at number X
-- 
2.39.2