From b277f363477ef225c6bb7e5d2c71b1ed6c0f88e3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Wed, 20 Jul 2016 10:26:41 +0200
Subject: [PATCH] More PHP function calls (I don't like such RPCs) blocked
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Roland Häder <roland@mxchange.org>
---
 libs/lib_detector.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 9f3694f..9e61ff1 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -93,12 +93,16 @@ function initCrackerTrackerArrays () {
 		'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
 
 		// PHP commands/scripts
-		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>',
+		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
+		'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',,
 
 		// Typical PHP script remote-inclusions and typical include file names
 		'.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',
 		'php_', 'class_', '_class.php', 'db_mysql.inc',
 
+		// PHP arrays
+		'_PHPLIB',
+
 		// Generic remote inclusion
 		'=http://', '=https://',
 		'path=', 'sql=',
-- 
2.39.2