function bb2_start($settings) { // Gather up all the information we need, first of all. $headers = bb2_load_headers(); // Postprocess the headers to mixed-case // FIXME: get the world to stop using PHP as CGI $headers_mixed = array(); foreach ($headers as $h => $v) { $headers_mixed[uc_all($h)] = $v; } // IPv6 - IPv4 compatibility mode hack $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']); // We use these frequently. Keep a copy close at hand. $ip = $_SERVER['REMOTE_ADDR']; $request_method = $_SERVER['REQUEST_METHOD']; $request_uri = $_SERVER['REQUEST_URI']; if (!$request_uri) { $request_uri = $_SERVER['SCRIPT_NAME']; } # IIS $server_protocol = $_SERVER['SERVER_PROTOCOL']; @($user_agent = $_SERVER['HTTP_USER_AGENT']); // Reconstruct the HTTP entity, if present. $request_entity = array(); if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) { foreach ($_POST as $h => $v) { $request_entity[$h] = $v; } } $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false); // Please proceed to the security checkpoint and have your // identification and boarding pass ready. // First check the whitelist require_once BB2_CORE . "/whitelist.inc.php"; if (!bb2_whitelist($package)) { // Now check the blacklist require_once BB2_CORE . "/blacklist.inc.php"; bb2_test($settings, $package, bb2_blacklist($package)); // Check the http:BL // config check added for DokuWiki plugin if (!$settings['skipblackhole']) { require_once BB2_CORE . "/blackhole.inc.php"; if (bb2_test($settings, $package, bb2_httpbl($settings, $package))) { // Bypass all checks if http:BL says search engine bb2_approved($settings, $package); return true; } } // Check for common stuff require_once BB2_CORE . "/common_tests.inc.php"; bb2_test($settings, $package, bb2_protocol($settings, $package)); bb2_test($settings, $package, bb2_cookies($settings, $package)); bb2_test($settings, $package, bb2_misc_headers($settings, $package)); // Specific checks @($ua = $headers_mixed['User-Agent']); // Search engines first if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) { require_once BB2_CORE . "/msnbot.inc.php"; bb2_test($settings, $package, bb2_msnbot($package)); bb2_approved($settings, $package); return true; } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) { require_once BB2_CORE . "/google.inc.php"; bb2_test($settings, $package, bb2_google($package)); bb2_approved($settings, $package); return true; } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) { require_once BB2_CORE . "/yahoo.inc.php"; bb2_test($settings, $package, bb2_yahoo($package)); bb2_approved($settings, $package); return true; } // MSIE checks if (stripos($ua, "MSIE") !== FALSE) { $package['is_browser'] = true; if (stripos($ua, "Opera") !== FALSE) { require_once BB2_CORE . "/opera.inc.php"; bb2_test($settings, $package, bb2_opera($package)); } else { require_once BB2_CORE . "/msie.inc.php"; bb2_test($settings, $package, bb2_msie($package)); } } elseif (stripos($ua, "Konqueror") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/konqueror.inc.php"; bb2_test($settings, $package, bb2_konqueror($package)); } elseif (stripos($ua, "Opera") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/opera.inc.php"; bb2_test($settings, $package, bb2_opera($package)); } elseif (stripos($ua, "Safari") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/safari.inc.php"; bb2_test($settings, $package, bb2_safari($package)); } elseif (stripos($ua, "Lynx") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/lynx.inc.php"; bb2_test($settings, $package, bb2_lynx($package)); } elseif (stripos($ua, "MovableType") !== FALSE) { require_once BB2_CORE . "/movabletype.inc.php"; bb2_test($settings, $package, bb2_movabletype($package)); } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) { $package['is_browser'] = true; require_once BB2_CORE . "/mozilla.inc.php"; bb2_test($settings, $package, bb2_mozilla($package)); } // More intensive screening applies to POST requests if (!strcasecmp('POST', $package['request_method'])) { require_once BB2_CORE . "/post.inc.php"; bb2_test($settings, $package, bb2_post($settings, $package)); } } // Last chance screening. require_once BB2_CORE . "/screener.inc.php"; bb2_screener($settings, $package); // And that's about it. bb2_approved($settings, $package); return true; }
function bb2_screen($settings, $package) { // Please proceed to the security checkpoint and have your // identification and boarding pass ready. // First check the whitelist require_once BB2_CORE . "/whitelist.inc.php"; if (!bb2_whitelist($package)) { // Now check the blacklist require_once BB2_CORE . "/blacklist.inc.php"; if ($r = bb2_blacklist($package)) { return $r; } // Check the http:BL require_once BB2_CORE . "/blackhole.inc.php"; if ($r = bb2_httpbl($settings, $package)) { return $r; } // Check for common stuff require_once BB2_CORE . "/common_tests.inc.php"; if ($r = bb2_protocol($settings, $package)) { return $r; } if ($r = bb2_cookies($settings, $package)) { return $r; } if ($r = bb2_misc_headers($settings, $package)) { return $r; } // Specific checks @($ua = $package['user_agent']); // MSIE checks if (stripos($ua, "; MSIE") !== FALSE) { $package['is_browser'] = true; if (stripos($ua, "Opera") !== FALSE) { require_once BB2_CORE . "/opera.inc.php"; if ($r = bb2_opera($package)) { return $r; } } else { require_once BB2_CORE . "/msie.inc.php"; if ($r = bb2_msie($package)) { return $r; } } } elseif (stripos($ua, "Konqueror") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/konqueror.inc.php"; if ($r = bb2_konqueror($package)) { return $r; } } elseif (stripos($ua, "Opera") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/opera.inc.php"; if ($r = bb2_opera($package)) { return $r; } } elseif (stripos($ua, "Safari") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/safari.inc.php"; if ($r = bb2_safari($package)) { return $r; } } elseif (stripos($ua, "Lynx") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/lynx.inc.php"; if ($r = bb2_lynx($package)) { return $r; } } elseif (stripos($ua, "MovableType") !== FALSE) { require_once BB2_CORE . "/movabletype.inc.php"; if ($r = bb2_movabletype($package)) { return $r; } } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) { require_once BB2_CORE . "/msnbot.inc.php"; if ($r = bb2_msnbot($package)) { return $r; } } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) { require_once BB2_CORE . "/google.inc.php"; if ($r = bb2_google($package)) { return $r; } } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) { $package['is_browser'] = true; require_once BB2_CORE . "/mozilla.inc.php"; if ($r = bb2_mozilla($package)) { return $r; } } // More intensive screening applies to POST requests if (!strcasecmp('POST', $package['request_method'])) { require_once BB2_CORE . "/post.inc.php"; if ($r = bb2_post($settings, $package)) { return $r; } } } // Last chance screening. require_once BB2_CORE . "/screener.inc.php"; bb2_screener($settings, $package); // And that's about it. bb2_approved($settings, $package); return false; }
function bb2_screen($settings, $package) { // Please proceed to the security checkpoint, have your identification // and boarding pass ready, and prepare to be nakedized or fondled. // CloudFlare-specific checks not handled by reverse proxy code // Thanks to butchs at Simple Machines if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) { require_once BB2_CORE . "/cloudflare.inc.php"; $r = bb2_cloudflare($package); if ($r !== false && $r != $package['ip']) { return $r; } } // First check the whitelist require_once BB2_CORE . "/whitelist.inc.php"; if (!bb2_run_whitelist($package)) { // Now check the blacklist require_once BB2_CORE . "/blacklist.inc.php"; if ($r = bb2_blacklist($package)) { return $r; } // Check the http:BL require_once BB2_CORE . "/blackhole.inc.php"; if ($r = bb2_httpbl($settings, $package)) { if ($r == 1) { return false; } # whitelisted return $r; } // Check for common stuff require_once BB2_CORE . "/common_tests.inc.php"; if ($r = bb2_protocol($settings, $package)) { return $r; } if ($r = bb2_cookies($settings, $package)) { return $r; } if ($r = bb2_misc_headers($settings, $package)) { return $r; } // Specific checks @($ua = $package['user_agent']); // Search engine checks come first if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) { require_once BB2_CORE . "/searchengine.inc.php"; if ($r = bb2_msnbot($package)) { if ($r == 1) { return false; } # whitelisted return $r; } return false; } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) { require_once BB2_CORE . "/searchengine.inc.php"; if ($r = bb2_google($package)) { if ($r == 1) { return false; } # whitelisted return $r; } return false; } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) { require_once BB2_CORE . "/searchengine.inc.php"; if ($r = bb2_yahoo($package)) { if ($r == 1) { return false; } # whitelisted return $r; } return false; } elseif (stripos($ua, "Baidu") !== FALSE) { require_once BB2_CORE . "/searchengine.inc.php"; if ($r = bb2_baidu($package)) { if ($r == 1) { return false; } # whitelisted return $r; } return false; } // MSIE checks if (stripos($ua, "; MSIE") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/browser.inc.php"; if (stripos($ua, "Opera") !== FALSE) { if ($r = bb2_opera($package)) { return $r; } } else { if ($r = bb2_msie($package)) { return $r; } } } elseif (stripos($ua, "Konqueror") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/browser.inc.php"; if ($r = bb2_konqueror($package)) { return $r; } } elseif (stripos($ua, "Opera") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/browser.inc.php"; if ($r = bb2_opera($package)) { return $r; } } elseif (stripos($ua, "Safari") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/browser.inc.php"; if ($r = bb2_safari($package)) { return $r; } } elseif (stripos($ua, "Lynx") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/browser.inc.php"; if ($r = bb2_lynx($package)) { return $r; } } elseif (stripos($ua, "MovableType") !== FALSE) { require_once BB2_CORE . "/movabletype.inc.php"; if ($r = bb2_movabletype($package)) { return $r; } } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) { $package['is_browser'] = true; require_once BB2_CORE . "/browser.inc.php"; if ($r = bb2_mozilla($package)) { return $r; } } // More intensive screening applies to POST requests if (!strcasecmp('POST', $package['request_method'])) { require_once BB2_CORE . "/post.inc.php"; if ($r = bb2_post($settings, $package)) { return $r; } } } // Last chance screening. require_once BB2_CORE . "/screener.inc.php"; bb2_screener($settings, $package); // And that's about it. bb2_approved($settings, $package); return false; }
function bb2_start($settings) { global $gShellScript; if ($gShellScript) { return; } // Gather up all the information we need, first of all. $headers = bb2_load_headers(); // Postprocess the headers to mixed-case // FIXME: get the world to stop using PHP as CGI $headers_mixed = array(); foreach ($headers as $h => $v) { $headers_mixed[uc_all($h)] = $v; } // We use these frequently. Keep a copy close at hand. $ip = $_SERVER['REMOTE_ADDR']; $request_method = $_SERVER['REQUEST_METHOD']; $request_uri = $_SERVER['REQUEST_URI']; $server_protocol = $_SERVER['SERVER_PROTOCOL']; $user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : NULL; // Reconstruct the HTTP entity, if present. $request_entity = array(); if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) { foreach ($_POST as $h => $v) { $request_entity[$h] = $v; } } $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false); // Please proceed to the security checkpoint and have your // identification and boarding pass ready. // First check the whitelist require_once BB2_CORE . "/whitelist.inc.php"; if (!($whitelisted = bb2_whitelist($package))) { // Now check the blacklist require_once BB2_CORE . "/blacklist.inc.php"; bb2_test($settings, $package, bb2_blacklist($package)); // Check for common stuff require_once BB2_CORE . "/common_tests.inc.php"; bb2_test($settings, $package, bb2_protocol($settings, $package)); bb2_test($settings, $package, bb2_misc_headers($settings, $package)); // Specific checks $ua = $headers_mixed['User-Agent']; // MSIE checks if (stripos($ua, "MSIE") !== FALSE) { $package['is_browser'] = true; if (stripos($ua, "Opera") !== FALSE) { require_once BB2_CORE . "/opera.inc.php"; bb2_test($settings, $package, bb2_opera($package)); } else { require_once BB2_CORE . "/msie.inc.php"; bb2_test($settings, $package, bb2_msie($package)); } } elseif (stripos($ua, "Konqueror") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/konqueror.inc.php"; bb2_test($settings, $package, bb2_konqueror($package)); } elseif (stripos($ua, "Opera") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/opera.inc.php"; bb2_test($settings, $package, bb2_opera($package)); } elseif (stripos($ua, "Safari") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/safari.inc.php"; bb2_test($settings, $package, bb2_safari($package)); } elseif (stripos($ua, "Lynx") !== FALSE) { $package['is_browser'] = true; require_once BB2_CORE . "/lynx.inc.php"; bb2_test($settings, $package, bb2_lynx($package)); } elseif (stripos($ua, "MovableType") !== FALSE) { require_once BB2_CORE . "/movabletype.inc.php"; bb2_test($settings, $package, bb2_movabletype($package)); } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) { require_once BB2_CORE . "/msnbot.inc.php"; bb2_test($settings, $package, bb2_msnbot($package)); } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) { require_once BB2_CORE . "/google.inc.php"; bb2_test($settings, $package, bb2_google($package)); } elseif (stripos($ua, "Google Keyword Tool") !== FALSE) { bb2_approved($settings, $package); return true; } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) { $package['is_browser'] = true; require_once BB2_CORE . "/mozilla.inc.php"; bb2_test($settings, $package, bb2_mozilla($package)); } // More intensive screening applies to POST requests if (!strcasecmp('POST', $package['request_method'])) { require_once BB2_CORE . "/post.inc.php"; bb2_test($settings, $package, bb2_post($settings, $package)); } } // Last chance screening. require_once BB2_CORE . "/screener.inc.php"; bb2_screener($settings, $package); // And that's about it. bb2_approved($settings, $package, $whitelisted); return true; }