function nf_check_b64($reqkey, $string)
{
global $MagenfCheckDebug;
global $nfdebug;
$string = preg_replace('`[^A-Za-z0-9+/=]`', '', $string);
if (!$string || strlen($string) % 4 != 0) {
return;
}
if (base64_encode($decoded = base64_decode($string)) === $string) {
if (preg_match('`\\b(?:\\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\\s*[=\\[)]|\\b(?i:array_map|assert|base64_(?:de|en)code|chmod|curl_exec|(?:ex|im)plode|error_reporting|eval|file(?:_get_contents)?|f(?:open|write|close)|fsockopen|function_exists|gzinflate|md5|move_uploaded_file|ob_start|passthru|preg_replace|phpinfo|stripslashes|strrev|(?:shell_)?exec|system|unlink)\\s*\\(|\\becho\\s*[\'"]|<\\s*(?i:applet|div|embed|i?frame(?:set)?|img|meta|marquee|object|script|textarea)\\b|\\b(?i:(?:ht|f)tps?|php)://|\\W\\$\\{\\s*[\'"]\\w+[\'"]|<\\?(?i:php)`', $decoded)) {
if ($MagenfCheckDebug) {
$nfdebug .= STAG . "checking request\t\t" . '[FAIL] POST[' . $reqkey . '] : BASE64-encoded injection' . ETAG;
}
nf_write2log('BASE64-encoded injection', 'POST:' . $reqkey . ' = ' . $string, 3, 0);
nf_block();
}
}
}
function nf_check_upload()
{
global $nfdebug;
global $MagenfCheckDebug;
$tmp = '';
foreach ($_FILES as $file) {
if (is_array($file['name'])) {
foreach ($file['name'] as $key => $value) {
if (!$file['name'][$key]) {
continue;
}
$tmp .= $file['name'][$key] . ', ' . number_format($file['size'][$key]) . ' bytes ';
}
} else {
if (!$file['name']) {
continue;
}
$tmp .= $file['name'] . ', ' . number_format($file['size']) . ' bytes ';
}
}
if ($tmp) {
if ($MagenfCheckDebug) {
$nfdebug .= '[FAIL] file upload attempt : ' . nf_bin2hex_string($tmp) . ETAG;
}
nf_write2log('File upload attempt', rtrim($tmp, ' '), 2, 0);
nf_block();
}
if ($MagenfCheckDebug) {
$nfdebug .= '[----] upload field is empty' . ETAG;
}
}