function bb2_start($settings)
{
    // Gather up all the information we need, first of all.
    $headers = bb2_load_headers();
    // Postprocess the headers to mixed-case
    // FIXME: get the world to stop using PHP as CGI
    $headers_mixed = array();
    foreach ($headers as $h => $v) {
        $headers_mixed[uc_all($h)] = $v;
    }
    // IPv6 - IPv4 compatibility mode hack
    $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
    // We use these frequently. Keep a copy close at hand.
    $ip = $_SERVER['REMOTE_ADDR'];
    $request_method = $_SERVER['REQUEST_METHOD'];
    $request_uri = $_SERVER['REQUEST_URI'];
    if (!$request_uri) {
        $request_uri = $_SERVER['SCRIPT_NAME'];
    }
    # IIS
    $server_protocol = $_SERVER['SERVER_PROTOCOL'];
    @($user_agent = $_SERVER['HTTP_USER_AGENT']);
    // Reconstruct the HTTP entity, if present.
    $request_entity = array();
    if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
        foreach ($_POST as $h => $v) {
            $request_entity[$h] = $v;
        }
    }
    $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
    // Please proceed to the security checkpoint and have your
    // identification and boarding pass ready.
    // First check the whitelist
    require_once BB2_CORE . "/whitelist.inc.php";
    if (!bb2_whitelist($package)) {
        // Now check the blacklist
        require_once BB2_CORE . "/blacklist.inc.php";
        bb2_test($settings, $package, bb2_blacklist($package));
        // Check the http:BL
        // config check added for DokuWiki plugin
        if (!$settings['skipblackhole']) {
            require_once BB2_CORE . "/blackhole.inc.php";
            if (bb2_test($settings, $package, bb2_httpbl($settings, $package))) {
                // Bypass all checks if http:BL says search engine
                bb2_approved($settings, $package);
                return true;
            }
        }
        // Check for common stuff
        require_once BB2_CORE . "/common_tests.inc.php";
        bb2_test($settings, $package, bb2_protocol($settings, $package));
        bb2_test($settings, $package, bb2_cookies($settings, $package));
        bb2_test($settings, $package, bb2_misc_headers($settings, $package));
        // Specific checks
        @($ua = $headers_mixed['User-Agent']);
        // Search engines first
        if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
            require_once BB2_CORE . "/msnbot.inc.php";
            bb2_test($settings, $package, bb2_msnbot($package));
            bb2_approved($settings, $package);
            return true;
        } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
            require_once BB2_CORE . "/google.inc.php";
            bb2_test($settings, $package, bb2_google($package));
            bb2_approved($settings, $package);
            return true;
        } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
            require_once BB2_CORE . "/yahoo.inc.php";
            bb2_test($settings, $package, bb2_yahoo($package));
            bb2_approved($settings, $package);
            return true;
        }
        // MSIE checks
        if (stripos($ua, "MSIE") !== FALSE) {
            $package['is_browser'] = true;
            if (stripos($ua, "Opera") !== FALSE) {
                require_once BB2_CORE . "/opera.inc.php";
                bb2_test($settings, $package, bb2_opera($package));
            } else {
                require_once BB2_CORE . "/msie.inc.php";
                bb2_test($settings, $package, bb2_msie($package));
            }
        } elseif (stripos($ua, "Konqueror") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/konqueror.inc.php";
            bb2_test($settings, $package, bb2_konqueror($package));
        } elseif (stripos($ua, "Opera") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/opera.inc.php";
            bb2_test($settings, $package, bb2_opera($package));
        } elseif (stripos($ua, "Safari") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/safari.inc.php";
            bb2_test($settings, $package, bb2_safari($package));
        } elseif (stripos($ua, "Lynx") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/lynx.inc.php";
            bb2_test($settings, $package, bb2_lynx($package));
        } elseif (stripos($ua, "MovableType") !== FALSE) {
            require_once BB2_CORE . "/movabletype.inc.php";
            bb2_test($settings, $package, bb2_movabletype($package));
        } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/mozilla.inc.php";
            bb2_test($settings, $package, bb2_mozilla($package));
        }
        // More intensive screening applies to POST requests
        if (!strcasecmp('POST', $package['request_method'])) {
            require_once BB2_CORE . "/post.inc.php";
            bb2_test($settings, $package, bb2_post($settings, $package));
        }
    }
    // Last chance screening.
    require_once BB2_CORE . "/screener.inc.php";
    bb2_screener($settings, $package);
    // And that's about it.
    bb2_approved($settings, $package);
    return true;
}
Beispiel #2
0
function bb2_screen($settings, $package)
{
    // Please proceed to the security checkpoint and have your
    // identification and boarding pass ready.
    // First check the whitelist
    require_once BB2_CORE . "/whitelist.inc.php";
    if (!bb2_whitelist($package)) {
        // Now check the blacklist
        require_once BB2_CORE . "/blacklist.inc.php";
        if ($r = bb2_blacklist($package)) {
            return $r;
        }
        // Check the http:BL
        require_once BB2_CORE . "/blackhole.inc.php";
        if ($r = bb2_httpbl($settings, $package)) {
            return $r;
        }
        // Check for common stuff
        require_once BB2_CORE . "/common_tests.inc.php";
        if ($r = bb2_protocol($settings, $package)) {
            return $r;
        }
        if ($r = bb2_cookies($settings, $package)) {
            return $r;
        }
        if ($r = bb2_misc_headers($settings, $package)) {
            return $r;
        }
        // Specific checks
        @($ua = $package['user_agent']);
        // MSIE checks
        if (stripos($ua, "; MSIE") !== FALSE) {
            $package['is_browser'] = true;
            if (stripos($ua, "Opera") !== FALSE) {
                require_once BB2_CORE . "/opera.inc.php";
                if ($r = bb2_opera($package)) {
                    return $r;
                }
            } else {
                require_once BB2_CORE . "/msie.inc.php";
                if ($r = bb2_msie($package)) {
                    return $r;
                }
            }
        } elseif (stripos($ua, "Konqueror") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/konqueror.inc.php";
            if ($r = bb2_konqueror($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Opera") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/opera.inc.php";
            if ($r = bb2_opera($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Safari") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/safari.inc.php";
            if ($r = bb2_safari($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Lynx") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/lynx.inc.php";
            if ($r = bb2_lynx($package)) {
                return $r;
            }
        } elseif (stripos($ua, "MovableType") !== FALSE) {
            require_once BB2_CORE . "/movabletype.inc.php";
            if ($r = bb2_movabletype($package)) {
                return $r;
            }
        } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
            require_once BB2_CORE . "/msnbot.inc.php";
            if ($r = bb2_msnbot($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
            require_once BB2_CORE . "/google.inc.php";
            if ($r = bb2_google($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/mozilla.inc.php";
            if ($r = bb2_mozilla($package)) {
                return $r;
            }
        }
        // More intensive screening applies to POST requests
        if (!strcasecmp('POST', $package['request_method'])) {
            require_once BB2_CORE . "/post.inc.php";
            if ($r = bb2_post($settings, $package)) {
                return $r;
            }
        }
    }
    // Last chance screening.
    require_once BB2_CORE . "/screener.inc.php";
    bb2_screener($settings, $package);
    // And that's about it.
    bb2_approved($settings, $package);
    return false;
}
function bb2_screen($settings, $package)
{
    // Please proceed to the security checkpoint, have your identification
    // and boarding pass ready, and prepare to be nakedized or fondled.
    // CloudFlare-specific checks not handled by reverse proxy code
    // Thanks to butchs at Simple Machines
    if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
        require_once BB2_CORE . "/cloudflare.inc.php";
        $r = bb2_cloudflare($package);
        if ($r !== false && $r != $package['ip']) {
            return $r;
        }
    }
    // First check the whitelist
    require_once BB2_CORE . "/whitelist.inc.php";
    if (!bb2_run_whitelist($package)) {
        // Now check the blacklist
        require_once BB2_CORE . "/blacklist.inc.php";
        if ($r = bb2_blacklist($package)) {
            return $r;
        }
        // Check the http:BL
        require_once BB2_CORE . "/blackhole.inc.php";
        if ($r = bb2_httpbl($settings, $package)) {
            if ($r == 1) {
                return false;
            }
            # whitelisted
            return $r;
        }
        // Check for common stuff
        require_once BB2_CORE . "/common_tests.inc.php";
        if ($r = bb2_protocol($settings, $package)) {
            return $r;
        }
        if ($r = bb2_cookies($settings, $package)) {
            return $r;
        }
        if ($r = bb2_misc_headers($settings, $package)) {
            return $r;
        }
        // Specific checks
        @($ua = $package['user_agent']);
        // Search engine checks come first
        if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
            require_once BB2_CORE . "/searchengine.inc.php";
            if ($r = bb2_msnbot($package)) {
                if ($r == 1) {
                    return false;
                }
                # whitelisted
                return $r;
            }
            return false;
        } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
            require_once BB2_CORE . "/searchengine.inc.php";
            if ($r = bb2_google($package)) {
                if ($r == 1) {
                    return false;
                }
                # whitelisted
                return $r;
            }
            return false;
        } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
            require_once BB2_CORE . "/searchengine.inc.php";
            if ($r = bb2_yahoo($package)) {
                if ($r == 1) {
                    return false;
                }
                # whitelisted
                return $r;
            }
            return false;
        } elseif (stripos($ua, "Baidu") !== FALSE) {
            require_once BB2_CORE . "/searchengine.inc.php";
            if ($r = bb2_baidu($package)) {
                if ($r == 1) {
                    return false;
                }
                # whitelisted
                return $r;
            }
            return false;
        }
        // MSIE checks
        if (stripos($ua, "; MSIE") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/browser.inc.php";
            if (stripos($ua, "Opera") !== FALSE) {
                if ($r = bb2_opera($package)) {
                    return $r;
                }
            } else {
                if ($r = bb2_msie($package)) {
                    return $r;
                }
            }
        } elseif (stripos($ua, "Konqueror") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/browser.inc.php";
            if ($r = bb2_konqueror($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Opera") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/browser.inc.php";
            if ($r = bb2_opera($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Safari") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/browser.inc.php";
            if ($r = bb2_safari($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Lynx") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/browser.inc.php";
            if ($r = bb2_lynx($package)) {
                return $r;
            }
        } elseif (stripos($ua, "MovableType") !== FALSE) {
            require_once BB2_CORE . "/movabletype.inc.php";
            if ($r = bb2_movabletype($package)) {
                return $r;
            }
        } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/browser.inc.php";
            if ($r = bb2_mozilla($package)) {
                return $r;
            }
        }
        // More intensive screening applies to POST requests
        if (!strcasecmp('POST', $package['request_method'])) {
            require_once BB2_CORE . "/post.inc.php";
            if ($r = bb2_post($settings, $package)) {
                return $r;
            }
        }
    }
    // Last chance screening.
    require_once BB2_CORE . "/screener.inc.php";
    bb2_screener($settings, $package);
    // And that's about it.
    bb2_approved($settings, $package);
    return false;
}
Beispiel #4
0
function bb2_start($settings)
{
    global $gShellScript;
    if ($gShellScript) {
        return;
    }
    // Gather up all the information we need, first of all.
    $headers = bb2_load_headers();
    // Postprocess the headers to mixed-case
    // FIXME: get the world to stop using PHP as CGI
    $headers_mixed = array();
    foreach ($headers as $h => $v) {
        $headers_mixed[uc_all($h)] = $v;
    }
    // We use these frequently. Keep a copy close at hand.
    $ip = $_SERVER['REMOTE_ADDR'];
    $request_method = $_SERVER['REQUEST_METHOD'];
    $request_uri = $_SERVER['REQUEST_URI'];
    $server_protocol = $_SERVER['SERVER_PROTOCOL'];
    $user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : NULL;
    // Reconstruct the HTTP entity, if present.
    $request_entity = array();
    if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
        foreach ($_POST as $h => $v) {
            $request_entity[$h] = $v;
        }
    }
    $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
    // Please proceed to the security checkpoint and have your
    // identification and boarding pass ready.
    // First check the whitelist
    require_once BB2_CORE . "/whitelist.inc.php";
    if (!($whitelisted = bb2_whitelist($package))) {
        // Now check the blacklist
        require_once BB2_CORE . "/blacklist.inc.php";
        bb2_test($settings, $package, bb2_blacklist($package));
        // Check for common stuff
        require_once BB2_CORE . "/common_tests.inc.php";
        bb2_test($settings, $package, bb2_protocol($settings, $package));
        bb2_test($settings, $package, bb2_misc_headers($settings, $package));
        // Specific checks
        $ua = $headers_mixed['User-Agent'];
        // MSIE checks
        if (stripos($ua, "MSIE") !== FALSE) {
            $package['is_browser'] = true;
            if (stripos($ua, "Opera") !== FALSE) {
                require_once BB2_CORE . "/opera.inc.php";
                bb2_test($settings, $package, bb2_opera($package));
            } else {
                require_once BB2_CORE . "/msie.inc.php";
                bb2_test($settings, $package, bb2_msie($package));
            }
        } elseif (stripos($ua, "Konqueror") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/konqueror.inc.php";
            bb2_test($settings, $package, bb2_konqueror($package));
        } elseif (stripos($ua, "Opera") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/opera.inc.php";
            bb2_test($settings, $package, bb2_opera($package));
        } elseif (stripos($ua, "Safari") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/safari.inc.php";
            bb2_test($settings, $package, bb2_safari($package));
        } elseif (stripos($ua, "Lynx") !== FALSE) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/lynx.inc.php";
            bb2_test($settings, $package, bb2_lynx($package));
        } elseif (stripos($ua, "MovableType") !== FALSE) {
            require_once BB2_CORE . "/movabletype.inc.php";
            bb2_test($settings, $package, bb2_movabletype($package));
        } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
            require_once BB2_CORE . "/msnbot.inc.php";
            bb2_test($settings, $package, bb2_msnbot($package));
        } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
            require_once BB2_CORE . "/google.inc.php";
            bb2_test($settings, $package, bb2_google($package));
        } elseif (stripos($ua, "Google Keyword Tool") !== FALSE) {
            bb2_approved($settings, $package);
            return true;
        } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
            $package['is_browser'] = true;
            require_once BB2_CORE . "/mozilla.inc.php";
            bb2_test($settings, $package, bb2_mozilla($package));
        }
        // More intensive screening applies to POST requests
        if (!strcasecmp('POST', $package['request_method'])) {
            require_once BB2_CORE . "/post.inc.php";
            bb2_test($settings, $package, bb2_post($settings, $package));
        }
    }
    // Last chance screening.
    require_once BB2_CORE . "/screener.inc.php";
    bb2_screener($settings, $package);
    // And that's about it.
    bb2_approved($settings, $package, $whitelisted);
    return true;
}