Bad Behavior - Version 2.0.46

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.0.46
Comparing to
See all releases

Code changes from version 2.2.3 to 2.0.46

Files changed (39) hide show
  1. README.txt +8 -4
  2. bad-behavior-generic.php +25 -30
  3. bad-behavior-lifetype.php +175 -0
  4. bad-behavior-mediawiki.php +30 -61
  5. bad-behavior-mysql.php +0 -47
  6. bad-behavior-wordpress-admin.php +41 -150
  7. bad-behavior-wordpress.php +29 -59
  8. bad-behavior/banned.inc.php +5 -16
  9. bad-behavior/blackhole.inc.php +7 -0
  10. bad-behavior/blacklist.inc.php +4 -6
  11. bad-behavior/browser.inc.php +0 -84
  12. bad-behavior/cloudflare.inc.php +0 -14
  13. bad-behavior/common_tests.inc.php +6 -10
  14. bad-behavior/core.inc.php +113 -101
  15. bad-behavior/functions.inc.php +2 -9
  16. bad-behavior/google.inc.php +13 -0
  17. bad-behavior/housekeeping.inc.php +16 -0
  18. bad-behavior/konqueror.inc.php +17 -0
  19. bad-behavior/lynx.inc.php +13 -0
  20. bad-behavior/movabletype.inc.php +2 -0
  21. bad-behavior/mozilla.inc.php +19 -0
  22. bad-behavior/msie.inc.php +26 -0
  23. bad-behavior/msnbot.inc.php +13 -0
  24. bad-behavior/opera.inc.php +13 -0
  25. bad-behavior/post.inc.php +6 -33
  26. bad-behavior/responses.inc.php +1 -2
  27. bad-behavior/roundtripdns.inc.php +0 -20
  28. bad-behavior/safari.inc.php +13 -0
  29. bad-behavior/screener.inc.php +4 -1
  30. bad-behavior/searchengine.inc.php +0 -45
  31. bad-behavior/trackback.inc.php +28 -0
  32. bad-behavior/version.inc.php +3 -0
  33. bad-behavior/whitelist.inc.php +64 -15
  34. bad-behavior/yahoo.inc.php +11 -0
  35. gpl-2.0.txt +339 -0
  36. gpl-3.0.txt +0 -674
  37. lgpl-3.0.txt +0 -165
  38. settings-sample.ini +0 -15
  39. whitelist-sample.ini +0 -31
README.txt CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3
  Contributors: error, markjaquith, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 2.7
6
- Tested up to: 3.3.1
7
- Stable tag: 2.2.3
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
@@ -44,8 +44,12 @@ Installing and configuring Bad Behavior on most platforms is simple and takes
44
  only a few minutes. In most cases, no configuration at all is needed. Simply
45
  turn it on and stop worrying about spam!
46
 
47
- The core of Bad Behavior is free software released under the GNU Lesser General
48
- Public License, version 3, or at your option, any later version.
 
 
 
 
49
 
50
  == Installation ==
51
 
3
  Contributors: error, markjaquith, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 2.7
6
+ Tested up to: 3.3.2
7
+ Stable tag: 2.2.4
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
44
  only a few minutes. In most cases, no configuration at all is needed. Simply
45
  turn it on and stop worrying about spam!
46
 
47
+ The core of Bad Behavior is free software released under the GNU General
48
+ Public License, version 2, or at your option, any later version. (On some
49
+ non-free platforms, special license terms exist for Bad Behavior's platform
50
+ connector.) The development version of Bad Behavior is free software released
51
+ under the GNU Lesser General Public License, version 3, or at your option,
52
+ any later version.
53
 
54
  == Installation ==
55
 
bad-behavior-generic.php CHANGED
@@ -1,22 +1,28 @@
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005,2006,2007,2008,2009,2010,2011,2012 Michael Hampton
5
 
6
- Bad Behavior is free software; you can redistribute it and/or modify it under
7
- the terms of the GNU Lesser General Public License as published by the Free
8
- Software Foundation; either version 3 of the License, or (at your option) any
9
- later version.
10
 
11
- This program is distributed in the hope that it will be useful, but WITHOUT ANY
12
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13
- PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
 
14
 
15
- You should have received a copy of the GNU Lesser General Public License along
16
- with this program. If not, see <http://www.gnu.org/licenses/>.
 
 
17
 
18
- Please report any problems to bad . bots AT ioerror DOT us
19
- http://www.bad-behavior.ioerror.us/
 
 
 
20
  */
21
 
22
  ###############################################################################
@@ -26,8 +32,6 @@ define('BB2_CWD', dirname(__FILE__));
26
 
27
  // Settings you can adjust for Bad Behavior.
28
  // Most of these are unused in non-database mode.
29
- // DO NOT EDIT HERE; instead make changes in settings.ini.
30
- // These settings are used when settings.ini is not present.
31
  $bb2_settings_defaults = array(
32
  'log_table' => 'bad_behavior',
33
  'display_stats' => false,
@@ -38,6 +42,7 @@ $bb2_settings_defaults = array(
38
  'httpbl_threat' => '25',
39
  'httpbl_maxage' => '30',
40
  'offsite_forms' => false,
 
41
  );
42
 
43
  // Bad Behavior callback functions.
@@ -79,30 +84,17 @@ function bb2_db_rows($result) {
79
  return $result;
80
  }
81
 
82
- // Create the SQL query for inserting a record in the database.
83
- // See example for MySQL elsewhere.
84
- function bb2_insert($settings, $package, $key)
85
- {
86
- return "--";
87
- }
88
-
89
  // Return emergency contact email address.
90
  function bb2_email() {
91
- return "example@example.com"; // You need to change this.
92
- }
93
-
94
- // retrieve whitelist
95
- function bb2_read_whitelist() {
96
- return @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
97
  }
98
 
99
  // retrieve settings from database
100
  // Settings are hard-coded for non-database use
101
  function bb2_read_settings() {
102
  global $bb2_settings_defaults;
103
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
104
- if (!$settings) $settings = array();
105
- return @array_merge($bb2_settings_defaults, $settings);
106
  }
107
 
108
  // write settings to database
@@ -145,7 +137,10 @@ function bb2_relative_path() {
145
  }
146
 
147
  // Calls inward to Bad Behavor itself.
 
148
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
149
  bb2_install(); // FIXME: see above
150
 
151
  bb2_start(bb2_read_settings());
 
 
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
+ Copyright (C) 2005-2006 Michael Hampton
5
 
6
+ This program is free software; you can redistribute it and/or modify
7
+ it under the terms of the GNU General Public License as published by
8
+ the Free Software Foundation; either version 2 of the License, or
9
+ (at your option) any later version.
10
 
11
+ As a special exemption, you may link this program with any of the
12
+ programs listed below, regardless of the license terms of those
13
+ programs, and distribute the resulting program, without including the
14
+ source code for such programs: ExpressionEngine; Simple Machines Forum
15
 
16
+ This program is distributed in the hope that it will be useful,
17
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
18
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19
+ GNU General Public License for more details.
20
 
21
+ You should have received a copy of the GNU General Public License
22
+ along with this program; if not, write to the Free Software
23
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24
+
25
+ Please report any problems to badbots AT ioerror DOT us
26
  */
27
 
28
  ###############################################################################
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
 
 
35
  $bb2_settings_defaults = array(
36
  'log_table' => 'bad_behavior',
37
  'display_stats' => false,
42
  'httpbl_threat' => '25',
43
  'httpbl_maxage' => '30',
44
  'offsite_forms' => false,
45
+ 'eu_cookie' => false,
46
  );
47
 
48
  // Bad Behavior callback functions.
84
  return $result;
85
  }
86
 
 
 
 
 
 
 
 
87
  // Return emergency contact email address.
88
  function bb2_email() {
89
+ // return "example@example.com"; // You need to change this.
90
+ return "badbots@ioerror.us"; // You need to change this.
 
 
 
 
91
  }
92
 
93
  // retrieve settings from database
94
  // Settings are hard-coded for non-database use
95
  function bb2_read_settings() {
96
  global $bb2_settings_defaults;
97
+ return $bb2_settings_defaults;
 
 
98
  }
99
 
100
  // write settings to database
137
  }
138
 
139
  // Calls inward to Bad Behavor itself.
140
+ require_once(BB2_CWD . "/bad-behavior/version.inc.php");
141
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
142
  bb2_install(); // FIXME: see above
143
 
144
  bb2_start(bb2_read_settings());
145
+
146
+ ?>
bad-behavior-lifetype.php ADDED
@@ -0,0 +1,175 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ http://blog.markplace.net
4
+
5
+ Bad Behavior - LifeType Plugin
6
+ Copyright (C) 2006 Mark Wu http://blog.markplace.net
7
+
8
+ This program is free software; you can redistribute it and/or modify
9
+ it under the terms of the GNU General Public License as published by
10
+ the Free Software Foundation; either version 2 of the License, or
11
+ (at your option) any later version.
12
+
13
+ This program is distributed in the hope that it will be useful,
14
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ GNU General Public License for more details.
17
+
18
+ You should have received a copy of the GNU General Public License
19
+ along with this program; if not, write to the Free Software
20
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21
+ */
22
+
23
+ // This file is the entry point for Bad Behavior in LifeType.
24
+
25
+ if (!defined('PLOG_CLASS_PATH')) die('No cheating!');
26
+
27
+ // Timer start
28
+ $bb2_mtime = explode(" ", microtime());
29
+ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
30
+
31
+ define('BB2_CWD', PLOG_CLASS_PATH . "plugins/badbehavior/" );
32
+ define('BB2_EMERGENCY_EMAIL', "admin@yourblog.com" );
33
+ define('BB2_DEFAULT_LOG_TABLE', "bad_behavior" );
34
+
35
+ // Bad Behavior callback functions.
36
+
37
+ // Return current time in the format preferred by your database.
38
+ function bb2_db_date() {
39
+ return gmdate('Y-m-d H:i:s');
40
+ }
41
+
42
+ // Return affected rows from most recent query.
43
+ function bb2_db_affected_rows() {
44
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
45
+ $db =& Db::getDb();
46
+
47
+ return $db->Affected_Rows();
48
+ }
49
+
50
+ // Escape a string for database usage
51
+ function bb2_db_escape($string) {
52
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
53
+
54
+ return Db::qstr($string);
55
+ }
56
+
57
+ // Return the number of rows in a particular query.
58
+ function bb2_db_num_rows($result) {
59
+ return $result->RecordCount();
60
+ }
61
+
62
+ // Run a query and return the results, if any.
63
+ // Should return FALSE if an error occurred.
64
+ function bb2_db_query($query) {
65
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
66
+ $db =& Db::getDb();
67
+
68
+ $result = $db->Execute( $query );
69
+
70
+ if (!$result)
71
+ return FALSE;
72
+
73
+ return $result;
74
+ }
75
+
76
+ // Return all rows in a particular query.
77
+ // Should contain an array of all rows generated by calling mysql_fetch_assoc()
78
+ // or equivalent and appending the result of each call to an array.
79
+ function bb2_db_rows($result) {
80
+ $rows = array();
81
+ while( $row = $result->FetchRow()) {
82
+ $rows[] = $row;
83
+ }
84
+
85
+ return $rows;
86
+ }
87
+
88
+ // Return emergency contact email address.
89
+ function bb2_email() {
90
+ return BB2_EMERGENCY_EMAIL;
91
+ }
92
+
93
+ // retrieve settings from lifetype config
94
+ function bb2_read_settings() {
95
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
96
+ lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
97
+ $config =& Config::getConfig();
98
+ $prefix = Db::getPrefix();
99
+ $logTable = $config->getValue( 'bb2_log_table', BB2_DEFAULT_LOG_TABLE );
100
+ $displayStats = $config->getValue( 'bb2_display_stats', false );
101
+ $strict = $config->getValue( 'bb2_strict', false );
102
+ $verbose = $config->getValue( 'bb2_verbose', false );
103
+ $isInstalled = $config->getValue( 'bb2_installed', false );
104
+ $logging = $config->getValue( 'bb2_logging', true );
105
+ $httpbl_key = $config->getValue( 'bb2_httpbl_key', '' );
106
+ $httpbl_threat = $config->getValue( 'bb2_httpbl_threat', '25' );
107
+ $httpbl_maxage = $config->getValue( 'bb2_httpbl_maxage', '30' );
108
+ $offsite_forms = $config->getValue( 'offsite_forms', false );
109
+
110
+ return array('log_table' => $prefix . $logTable,
111
+ 'display_stats' => $displayStats,
112
+ 'strict' => $strict,
113
+ 'verbose' => $verbose,
114
+ 'logging' => $logging,
115
+ 'httpbl_key' => $httpbl_key,
116
+ 'httpbl_threat' => $httpbl_threat,
117
+ 'httpbl_maxage' => $httpbl_maxage,
118
+ 'offsite_forms' => $offsite_forms,
119
+ 'is_installed' => $isInstalled );
120
+ }
121
+
122
+ // write settings to lifetype config
123
+ function bb2_write_settings($settings) {
124
+ lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
125
+ $config =& Config::getConfig();
126
+ $config->setValue( 'bb2_log_table', BB2_DEFAULT_LOG_TABLE );
127
+ $config->setValue( 'bb2_display_stats', $settings['display_stats'] );
128
+ $config->setValue( 'bb2_strict', $settings['strict'] );
129
+ $config->setValue( 'bb2_verbose', $settings['verbose'] );
130
+ $config->setValue( 'bb2_httpbl_key', $settings['httpbl_key'] );
131
+ $config->setValue( 'bb2_httpbl_threat', $settings['httpbl_threat'] );
132
+ $config->setValue( 'bb2_httpbl_maxage', $settings['httpbl_maxage'] );
133
+ $config->setValue( 'bb2_offsite_forms', $settings['offsite_forms'] );
134
+ $config->setValue( 'bb2_installed', $settings['is_installed'] );
135
+ $config->save();
136
+ }
137
+
138
+ // installation
139
+ function bb2_install() {
140
+ $settings = bb2_read_settings();
141
+ if( $settings['is_installed'] == false && $settings['logging'] )
142
+ {
143
+ bb2_db_query(bb2_table_structure($settings['log_table']));
144
+ $settings['is_installed'] = true;
145
+ bb2_write_settings( $settings );
146
+ }
147
+ }
148
+
149
+ // Return the top-level relative path of wherever we are (for cookies)
150
+ function bb2_relative_path() {
151
+ lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
152
+ $config =& Config::getConfig();
153
+
154
+ $url = parse_url( $config->getValue( 'base_url' ) );
155
+ if( empty($url['path']) )
156
+ return '/';
157
+ else {
158
+ if( substr( $url['path'], -1, 1 ) == '/' )
159
+ return $url['path'];
160
+ else
161
+ return $url['path'] . '/';
162
+ }
163
+ }
164
+
165
+ // Load Bad Behavior Core
166
+ lt_include(BB2_CWD . "bad-behavior/core.inc.php");
167
+ bb2_install();
168
+ $settings = bb2_read_settings();
169
+ bb2_start($settings);
170
+
171
+ // Time Stop
172
+ $bb2_mtime = explode(" ", microtime());
173
+ $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
174
+ $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
175
+ ?>
bad-behavior-mediawiki.php CHANGED
@@ -1,36 +1,30 @@
1
  <?php
2
  /*
3
- Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005,2006,2007,2008,2009,2010,2011,2012 Michael Hampton
5
 
6
- Bad Behavior is free software; you can redistribute it and/or modify it under
7
- the terms of the GNU Lesser General Public License as published by the Free
8
- Software Foundation; either version 3 of the License, or (at your option) any
9
- later version.
10
 
11
- This program is distributed in the hope that it will be useful, but WITHOUT ANY
12
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13
- PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
 
14
 
15
- You should have received a copy of the GNU Lesser General Public License along
16
- with this program. If not, see <http://www.gnu.org/licenses/>.
 
 
17
 
18
- Please report any problems to bad . bots AT ioerror DOT us
19
- http://www.bad-behavior.ioerror.us/
 
20
  */
21
 
22
- ###############################################################################
23
- ###############################################################################
24
-
25
  // This file is the entry point for Bad Behavior.
26
 
27
  if (!defined('MEDIAWIKI')) die();
28
 
29
- $wgBadBehaviorTimer = false;
30
-
31
  // Settings you can adjust for Bad Behavior.
32
- // DO NOT EDIT HERE; instead make changes in settings.ini.
33
- // These settings are used when settings.ini is not present.
34
  $bb2_settings_defaults = array(
35
  'log_table' => $wgDBprefix . 'bad_behavior',
36
  'display_stats' => false,
@@ -41,15 +35,12 @@ $bb2_settings_defaults = array(
41
  'httpbl_threat' => '25',
42
  'httpbl_maxage' => '30',
43
  'offsite_forms' => false,
44
- 'reverse_proxy' => false,
45
- 'reverse_proxy_header' => 'X-Forwarded-For',
46
- 'reverse_proxy_addresses' => array(),
47
  );
48
 
49
  define('BB2_CWD', dirname(__FILE__));
50
 
51
  // Bad Behavior callback functions.
52
- require_once("bad-behavior-mysql.php");
53
 
54
  // Return current time in the format preferred by your database.
55
  function bb2_db_date() {
@@ -58,31 +49,24 @@ function bb2_db_date() {
58
 
59
  // Return affected rows from most recent query.
60
  function bb2_db_affected_rows($result) {
61
- $db = wfGetDB(DB_MASTER);
62
- return $db->affectedRows();
63
  }
64
 
65
  // Escape a string for database usage
66
  function bb2_db_escape($string) {
67
- // TODO SECURITY: Convert to using safeQuery()
68
  return addslashes($string);
69
  }
70
 
71
  // Return the number of rows in a particular query.
72
  function bb2_db_num_rows($result) {
73
- return $result->numRows();
74
  }
75
 
76
  // Run a query and return the results, if any.
77
  // Should return FALSE if an error occurred.
78
  function bb2_db_query($query) {
79
- $db = wfGetDB(DB_MASTER);
80
- try {
81
- $bb2_last_query = $db->query($query);
82
- } catch (DBQueryError $e) {
83
- trigger_error("Bad Behavior DBQueryError " . $e->getMessage(), E_USER_WARNING);
84
- return false;
85
- }
86
  return $bb2_last_query;
87
  }
88
 
@@ -91,12 +75,8 @@ function bb2_db_query($query) {
91
  // or equivalent and appending the result of each call to an array.
92
  function bb2_db_rows($result) {
93
  $rows = array();
94
- try {
95
- while ($row = $result->fetchRow()) {
96
- $rows[] = $row;
97
- }
98
- } catch (DBUnexpectedError $e) {
99
- trigger_error("Bad Behavior DBUnexpectedError " . $e->getMessage(), E_USER_WARNING);
100
  }
101
  return $rows;
102
  }
@@ -107,18 +87,11 @@ function bb2_email() {
107
  return $wgEmergencyContact;
108
  }
109
 
110
- // retrieve whitelist
111
- function bb2_read_whitelist() {
112
- return @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
113
- }
114
-
115
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
116
  // retrieve settings from database
117
  function bb2_read_settings() {
118
  global $bb2_settings_defaults;
119
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
120
- if (!$settings) $settings = array();
121
- return @array_merge($bb2_settings_defaults, $settings);
122
  }
123
 
124
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
@@ -151,10 +124,8 @@ function bb2_relative_path() {
151
 
152
  // Cute timer display
153
  function bb2_mediawiki_timer(&$parser, &$text) {
154
- global $bb2_timer_total, $wgBadBehaviorTimer;
155
- if ($wgBadBehaviorTimer) {
156
- $text .= "<!-- Bad Behavior " . BB2_VERSION . " run time: " . number_format(1000 * $bb2_timer_total, 3) . " ms -->";
157
- }
158
  return true;
159
  }
160
 
@@ -165,13 +136,9 @@ function bb2_mediawiki_entry() {
165
  $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
166
 
167
  if (php_sapi_name() != 'cli') {
 
168
  bb2_install(); // FIXME: see above
169
  $settings = bb2_read_settings();
170
- // FIXME: Need to make this multi-DB compatible eventually
171
- $dbr = wfGetDB(DB_SLAVE);
172
- if (get_class($dbr) != "DatabaseMysql") {
173
- $settings['logging'] = false;
174
- }
175
  bb2_start($settings);
176
  }
177
 
@@ -180,14 +147,16 @@ function bb2_mediawiki_entry() {
180
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
181
  }
182
 
183
- require_once(BB2_CWD . "/bad-behavior/core.inc.php");
184
  $wgExtensionCredits['other'][] = array(
185
  'name' => 'Bad Behavior',
186
  'version' => BB2_VERSION,
187
  'author' => 'Michael Hampton',
188
  'description' => 'Detects and blocks unwanted Web accesses',
189
- 'url' => 'http://bad-behavior.ioerror.us/'
190
  );
191
 
192
- $wgHooks['ParserAfterTidy'][] = 'bb2_mediawiki_timer';
193
  $wgExtensionFunctions[] = 'bb2_mediawiki_entry';
 
 
1
  <?php
2
  /*
3
+ http://www.bad-behavior.ioerror.us/
 
4
 
5
+ Bad Behavior - detects and blocks unwanted Web accesses
6
+ Copyright (C) 2005 Michael Hampton
 
 
7
 
8
+ This program is free software; you can redistribute it and/or modify
9
+ it under the terms of the GNU General Public License as published by
10
+ the Free Software Foundation; either version 2 of the License, or
11
+ (at your option) any later version.
12
 
13
+ This program is distributed in the hope that it will be useful,
14
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ GNU General Public License for more details.
17
 
18
+ You should have received a copy of the GNU General Public License
19
+ along with this program; if not, write to the Free Software
20
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21
  */
22
 
 
 
 
23
  // This file is the entry point for Bad Behavior.
24
 
25
  if (!defined('MEDIAWIKI')) die();
26
 
 
 
27
  // Settings you can adjust for Bad Behavior.
 
 
28
  $bb2_settings_defaults = array(
29
  'log_table' => $wgDBprefix . 'bad_behavior',
30
  'display_stats' => false,
35
  'httpbl_threat' => '25',
36
  'httpbl_maxage' => '30',
37
  'offsite_forms' => false,
38
+ 'eu_cookie' => false,
 
 
39
  );
40
 
41
  define('BB2_CWD', dirname(__FILE__));
42
 
43
  // Bad Behavior callback functions.
 
44
 
45
  // Return current time in the format preferred by your database.
46
  function bb2_db_date() {
49
 
50
  // Return affected rows from most recent query.
51
  function bb2_db_affected_rows($result) {
52
+ return wfAffectedRows($result);
 
53
  }
54
 
55
  // Escape a string for database usage
56
  function bb2_db_escape($string) {
57
+ // FIXME SECURITY: Get a straight answer from somebody on how MW escapes stuff
58
  return addslashes($string);
59
  }
60
 
61
  // Return the number of rows in a particular query.
62
  function bb2_db_num_rows($result) {
63
+ return wfNumRows($result);
64
  }
65
 
66
  // Run a query and return the results, if any.
67
  // Should return FALSE if an error occurred.
68
  function bb2_db_query($query) {
69
+ $bb2_last_query = wfQuery($query, DB_WRITE);
 
 
 
 
 
 
70
  return $bb2_last_query;
71
  }
72
 
75
  // or equivalent and appending the result of each call to an array.
76
  function bb2_db_rows($result) {
77
  $rows = array();
78
+ while ($row = wfFetchRow($result)) {
79
+ $rows[] = $row;
 
 
 
 
80
  }
81
  return $rows;
82
  }
87
  return $wgEmergencyContact;
88
  }
89
 
 
 
 
 
 
90
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
91
  // retrieve settings from database
92
  function bb2_read_settings() {
93
  global $bb2_settings_defaults;
94
+ return $bb2_settings_defaults;
 
 
95
  }
96
 
97
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
124
 
125
  // Cute timer display
126
  function bb2_mediawiki_timer(&$parser, &$text) {
127
+ global $bb2_timer_total;
128
+ $text = "<!-- Bad Behavior " . BB2_VERSION . " run time: " . number_format(1000 * $bb2_timer_total, 3) . " ms -->" . $text;
 
 
129
  return true;
130
  }
131
 
136
  $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
137
 
138
  if (php_sapi_name() != 'cli') {
139
+ require_once(BB2_CWD . "/bad-behavior/core.inc.php");
140
  bb2_install(); // FIXME: see above
141
  $settings = bb2_read_settings();
 
 
 
 
 
142
  bb2_start($settings);
143
  }
144
 
147
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
148
  }
149
 
150
+ require_once(BB2_CWD . "/bad-behavior/version.inc.php");
151
  $wgExtensionCredits['other'][] = array(
152
  'name' => 'Bad Behavior',
153
  'version' => BB2_VERSION,
154
  'author' => 'Michael Hampton',
155
  'description' => 'Detects and blocks unwanted Web accesses',
156
+ 'url' => 'http://www.bad-behavior.ioerror.us/'
157
  );
158
 
159
+ #$wgHooks['ParserAfterTidy'][] = 'bb2_mediawiki_timer';
160
  $wgExtensionFunctions[] = 'bb2_mediawiki_entry';
161
+
162
+ ?>
bad-behavior-mysql.php DELETED
@@ -1,47 +0,0 @@
1
- <?php
2
-
3
- // Our log table structure
4
- function bb2_table_structure($name)
5
- {
6
- // It's not paranoia if they really are out to get you.
7
- $name_escaped = bb2_db_escape($name);
8
- return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
9
- `id` INT(11) NOT NULL auto_increment,
10
- `ip` TEXT NOT NULL,
11
- `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
12
- `request_method` TEXT NOT NULL,
13
- `request_uri` TEXT NOT NULL,
14
- `server_protocol` TEXT NOT NULL,
15
- `http_headers` TEXT NOT NULL,
16
- `user_agent` TEXT NOT NULL,
17
- `request_entity` TEXT NOT NULL,
18
- `key` TEXT NOT NULL,
19
- INDEX (`ip`(15)),
20
- INDEX (`user_agent`(10)),
21
- PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
22
- }
23
-
24
- // Insert a new record
25
- function bb2_insert($settings, $package, $key)
26
- {
27
- if (!$settings['logging']) return "";
28
- $ip = bb2_db_escape($package['ip']);
29
- $date = bb2_db_date();
30
- $request_method = bb2_db_escape($package['request_method']);
31
- $request_uri = bb2_db_escape($package['request_uri']);
32
- $server_protocol = bb2_db_escape($package['server_protocol']);
33
- $user_agent = bb2_db_escape($package['user_agent']);
34
- $headers = "$request_method $request_uri $server_protocol\n";
35
- foreach ($package['headers'] as $h => $v) {
36
- $headers .= bb2_db_escape("$h: $v\n");
37
- }
38
- $request_entity = "";
39
- if (!strcasecmp($request_method, "POST")) {
40
- foreach ($package['request_entity'] as $h => $v) {
41
- $request_entity .= bb2_db_escape("$h: $v\n");
42
- }
43
- }
44
- return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
45
- (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
46
- ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
47
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior-wordpress-admin.php CHANGED
@@ -5,10 +5,24 @@ require_once("bad-behavior/responses.inc.php");
5
  function bb2_admin_pages() {
6
  global $wp_db_version;
7
 
8
- if (current_user_can('manage_options')) {
9
- add_options_page(__("Bad Behavior"), __("Bad Behavior"), 'manage_options', 'bb2_options', 'bb2_options');
10
- add_options_page(__("Bad Behavior Whitelist"), __("Bad Behavior Whitelist"), 'manage_options', 'bb2_whitelist', 'bb2_whitelist');
11
- add_management_page(__("Bad Behavior Log"), __("Bad Behavior Log"), 'manage_options', 'bb2_manage', 'bb2_manage');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  @session_start();
13
  }
14
  }
@@ -80,39 +94,6 @@ function bb2_httpbl_lookup($ip) {
80
  return $d;
81
  }
82
 
83
- function bb2_donate_button($thispage) {
84
- return
85
- ' <div style="float: right; clear: right; width: 200px; border: 1px solid #e6db55; color: #333; background-color: lightYellow; padding: 0 10px">
86
- <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
87
- <p>Bad Behavior is an important tool in the fight against web spam. Show your support by donating<br/>
88
- <select name="amount">
89
- <option value="2.99">$2.99 USD</option>
90
- <option value="4.99">$4.99 USD</option>
91
- <option value="9.99">$9.99 USD</option>
92
- <option value="19.99">$19.99 USD</option>
93
- <option value="">Other...</option>
94
- </select><br/>
95
- <input type="hidden" name="cmd" value="_donations">
96
- <input type="hidden" name="business" value="EAZGZZV7RE4QJ">
97
- <input type="hidden" name="lc" value="US">
98
- <input type="hidden" name="item_name" value="Bad Behavior '.BB2_VERSION.' (WordPress)">
99
- <input type="hidden" name="currency_code" value="USD">
100
- <input type="hidden" name="no_note" value="0">
101
- <input type="hidden" name="cn" value="Comments about Bad Behavior">
102
- <input type="hidden" name="no_shipping" value="1">
103
- <input type="hidden" name="rm" value="1">
104
- <input type="hidden" name="return" value="'.$thispage.'">
105
- <input type="hidden" name="cancel_return" value="'.$thispage.'">
106
- <input type="hidden" name="currency_code" value="USD">
107
- <input type="hidden" name="bn" value="PP-DonationsBF:btn_donate_LG.gif:NonHosted">
108
- <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
109
- <img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
110
- </p>
111
- </form>
112
- </div>
113
- ';
114
- }
115
-
116
  function bb2_manage() {
117
  global $wpdb;
118
 
@@ -126,18 +107,17 @@ function bb2_manage() {
126
  $paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
127
  if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
128
  if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
129
- else if ($_GET['permitted']) $where .= "AND `key` = '00000000' ";
130
  if ($_GET['ip']) $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
131
  if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
132
  if ($_GET['request_method']) $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
133
 
134
  // Query the DB based on variables selected
135
- $r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table']);
136
  $results = bb2_db_rows($r);
137
- $totalcount = $results[0]["COUNT(id)"];
138
- $r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where);
139
  $results = bb2_db_rows($r);
140
- $count = $results[0]["COUNT(id)"];
141
  $pages = ceil($count / 100);
142
  $r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
143
  $results = bb2_db_rows($r);
@@ -145,13 +125,11 @@ function bb2_manage() {
145
  // Display rows to the user
146
  ?>
147
  <div class="wrap">
148
- <?php
149
- echo bb2_donate_button(admin_url("tools.php?page=bb2_manage"));
150
- ?>
151
- <h2><?php _e("Bad Behavior Log"); ?></h2>
152
  <form method="post" action="<?php echo $request_uri; ?>">
153
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
154
- <p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
 
155
  <div class="tablenav">
156
  <?php
157
  $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
@@ -161,16 +139,14 @@ function bb2_manage() {
161
  <?php if ($count < $totalcount): ?>
162
  Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>
163
  <?php if ($_GET['key']) echo "Status [<a href=\"" . remove_query_arg(array("paged", "key"), $request_uri) . "\">X</a>] "; ?>
164
- <?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . remove_query_arg(array("paged", "blocked", "permitted"), $request_uri) . "\">X</a>] "; ?>
165
- <?php if ($_GET['permitted']) echo "Permitted [<a href=\"" . remove_query_arg(array("paged", "blocked", "permitted"), $request_uri) . "\">X</a>] "; ?>
166
  <?php if ($_GET['ip']) echo "IP [<a href=\"" . remove_query_arg(array("paged", "ip"), $request_uri) . "\">X</a>] "; ?>
167
  <?php if ($_GET['user_agent']) echo "User Agent [<a href=\"" . remove_query_arg(array("paged", "user_agent"), $request_uri) . "\">X</a>] "; ?>
168
  <?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . remove_query_arg(array("paged", "request_method"), $request_uri) . "\">X</a>] "; ?>
169
  <?php else: ?>
170
  Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
171
  <?php endif; ?>
172
- <?php if (!$_GET['key'] && !$_GET['blocked']) { ?><a href="<?php echo add_query_arg(array("blocked" => "1", "permitted" => "0", "paged" => false), $request_uri); ?>">Show Blocked</a> <?php } ?>
173
- <?php if (!$_GET['key'] && !$_GET['permitted']) { ?><a href="<?php echo add_query_arg(array("permitted" => "1", "blocked" => "0", "paged" => false), $request_uri); ?>">Show Permitted</a> <?php } ?>
174
  </div>
175
  </div>
176
 
@@ -196,14 +172,14 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
196
  }
197
  echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
198
  $httpbl = bb2_httpbl_lookup($result["ip"]);
199
- $host = @gethostbyaddr($result["ip"]);
200
  if (!strcmp($host, $result["ip"])) {
201
  $host = "";
202
  } else {
203
  $host .= "<br/>\n";
204
  }
205
- echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
206
- if ($httpbl) echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
207
  echo "</td>\n";
208
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
209
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
@@ -228,74 +204,6 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
228
  <?php
229
  }
230
 
231
-
232
- function bb2_whitelist()
233
- {
234
- $whitelists = bb2_read_whitelist();
235
- if (empty($whitelists)) {
236
- $whitelists = array();
237
- $whitelists['ip'] = array();
238
- $whitelists['url'] = array();
239
- $whitelists['useragent'] = array();
240
- }
241
-
242
- $request_uri = $_SERVER["REQUEST_URI"];
243
- if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
244
-
245
- if ($_POST) {
246
- $_POST = array_map('stripslashes_deep', $_POST);
247
- if ($_POST['ip']) {
248
- $whitelists['ip'] = preg_split("/\s+/m", $_POST['ip']);
249
- } else {
250
- $whitelists['ip'] = array();
251
- }
252
- if ($_POST['url']) {
253
- $whitelists['url'] = preg_split("/\s+/m", $_POST['url']);
254
- } else {
255
- $whitelists['url'] = array();
256
- }
257
- if ($_POST['useragent']) {
258
- $whitelists['useragent'] = preg_split("/[\r\n]+/m", $_POST['useragent']);
259
- } else {
260
- $whitelists['useragent'] = array();
261
- }
262
- update_option('bad_behavior_whitelist', $whitelists);
263
- ?>
264
- <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
265
- <?php
266
- }
267
- ?>
268
- <div class="wrap">
269
- <?php
270
- echo bb2_donate_button(admin_url("options-general.php?page=bb2_whitelist"));
271
- ?>
272
- <h2><?php _e("Bad Behavior Whitelist"); ?></h2>
273
- <form method="post" action="<?php echo $request_uri; ?>">
274
- <p>Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN that you should.</p>
275
- <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
276
- <p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> | <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a></p>
277
-
278
- <h3><?php _e('IP Address'); ?></h3>
279
- <table class="form-table">
280
- <tr><td><label>IP address or CIDR format address ranges to be whitelisted (one per line)<br/><textarea cols="24" rows="6" name="ip"><?php echo implode("\n", $whitelists['ip']); ?></textarea></td></tr>
281
- </table>
282
-
283
- <h3><?php _e('URL'); ?></h3>
284
- <table class="form-table">
285
- <tr><td><label>URL fragments beginning with the / after your web site hostname (one per line)<br/><textarea cols="48" rows="6" name="url"><?php echo implode("\n", $whitelists['url']); ?></textarea></td></tr>
286
- </table>
287
-
288
- <h3><?php _e('User Agent'); ?></h3>
289
- <table class="form-table">
290
- <tr><td><label>User agent strings to be whitelisted (one per line)<br/><textarea cols="48" rows="6" name="useragent"><?php echo implode("\n", $whitelists['useragent']); ?></textarea></td></tr>
291
- </table>
292
-
293
- <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
294
- </form>
295
- <?php
296
- }
297
-
298
-
299
  function bb2_options()
300
  {
301
  $settings = bb2_read_settings();
@@ -304,7 +212,6 @@ function bb2_options()
304
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
305
 
306
  if ($_POST) {
307
- $_POST = array_map('stripslashes_deep', $_POST);
308
  if ($_POST['display_stats']) {
309
  $settings['display_stats'] = true;
310
  } else {
@@ -355,20 +262,10 @@ function bb2_options()
355
  } else {
356
  $settings['offsite_forms'] = false;
357
  }
358
- if ($_POST['reverse_proxy']) {
359
- $settings['reverse_proxy'] = true;
360
- } else {
361
- $settings['reverse_proxy'] = false;
362
- }
363
- if ($_POST['reverse_proxy_header']) {
364
- $settings['reverse_proxy_header'] = uc_all($_POST['reverse_proxy_header']);
365
  } else {
366
- $settings['reverse_proxy_header'] = 'X-Forwarded-For';
367
- }
368
- if ($_POST['reverse_proxy_addresses']) {
369
- $settings['reverse_proxy_addresses'] = preg_split("/[\s,]+/m", $_POST['reverse_proxy_addresses']);
370
- } else {
371
- $settings['reverse_proxy_addresses'] = array();
372
  }
373
  bb2_write_settings($settings);
374
  ?>
@@ -377,13 +274,10 @@ function bb2_options()
377
  }
378
  ?>
379
  <div class="wrap">
380
- <?php
381
- echo bb2_donate_button(admin_url("options-general.php?page=bb2_options"));
382
- ?>
383
  <h2><?php _e("Bad Behavior"); ?></h2>
384
- <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
385
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
386
- <p>See also: <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
387
 
388
  <h3><?php _e('Statistics'); ?></h3>
389
  <?php bb2_insert_stats(true); ?>
@@ -412,14 +306,10 @@ function bb2_options()
412
  <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo $settings['httpbl_maxage']; ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
413
  </table>
414
 
415
- <h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
416
- <p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
417
- <p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
418
- <p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
419
  <table class="form-table">
420
- <tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php if ($settings['reverse_proxy']) { ?>checked="checked" <?php } ?>/> <?php _e('Enable Reverse Proxy'); ?></label></td></tr>
421
- <tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php echo $settings['reverse_proxy_header']; ?>" /> Header containing Internet clients' IP address</label></td></tr>
422
- <tr><td><label>IP address or CIDR format address ranges for your proxy servers (one per line)<br/><textarea cols="24" rows="6" name="reverse_proxy_addresses"><?php echo implode("\n", $settings['reverse_proxy_addresses']); ?></textarea></td></tr>
423
  </table>
424
 
425
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
@@ -434,9 +324,10 @@ function bb2_plugin_action_links($links, $file) {
434
  if ($file == "bad-behavior/bad-behavior-wordpress.php" && function_exists("admin_url")) {
435
  $log_link = '<a href="' . admin_url("tools.php?page=bb2_manage") . '">Log</a>';
436
  $settings_link = '<a href="' . admin_url("options-general.php?page=bb2_options") . '">Settings</a>';
437
- $whitelist_link = '<a href="' . admin_url("options-general.php?page=bb2_whitelist") . '">Whitelist</a>';
438
- array_unshift($links, $settings_link, $log_link, $whitelist_link);
439
  }
440
  return $links;
441
  }
442
  add_filter("plugin_action_links", "bb2_plugin_action_links", 10, 2);
 
 
5
  function bb2_admin_pages() {
6
  global $wp_db_version;
7
 
8
+ if (function_exists('current_user_can')) {
9
+ // The new 2.x way
10
+ if (current_user_can('manage_options')) {
11
+ $bb2_is_admin = true;
12
+ }
13
+ } else {
14
+ // The old 1.x way
15
+ global $user_ID;
16
+ if (user_can_edit_user($user_ID, 0)) {
17
+ $bb2_is_admin = true;
18
+ }
19
+ }
20
+
21
+ if ($bb2_is_admin) {
22
+ add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
23
+ if ($wp_db_version >= 4772) { // Version 2.1 or later
24
+ add_management_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_manage', 'bb2_manage');
25
+ }
26
  @session_start();
27
  }
28
  }
94
  return $d;
95
  }
96
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
97
  function bb2_manage() {
98
  global $wpdb;
99
 
107
  $paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
108
  if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
109
  if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
 
110
  if ($_GET['ip']) $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
111
  if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
112
  if ($_GET['request_method']) $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
113
 
114
  // Query the DB based on variables selected
115
+ $r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table']);
116
  $results = bb2_db_rows($r);
117
+ $totalcount = $results[0]["COUNT(*)"];
118
+ $r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where);
119
  $results = bb2_db_rows($r);
120
+ $count = $results[0]["COUNT(*)"];
121
  $pages = ceil($count / 100);
122
  $r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
123
  $results = bb2_db_rows($r);
125
  // Display rows to the user
126
  ?>
127
  <div class="wrap">
128
+ <h2><?php _e("Bad Behavior"); ?></h2>
 
 
 
129
  <form method="post" action="<?php echo $request_uri; ?>">
130
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
131
+ <p>If you find Bad Behavior valuable, please consider <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">donating</a> to help further development of Bad Behavior.</p>
132
+
133
  <div class="tablenav">
134
  <?php
135
  $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
139
  <?php if ($count < $totalcount): ?>
140
  Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>
141
  <?php if ($_GET['key']) echo "Status [<a href=\"" . remove_query_arg(array("paged", "key"), $request_uri) . "\">X</a>] "; ?>
142
+ <?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . remove_query_arg(array("paged", "blocked"), $request_uri) . "\">X</a>] "; ?>
 
143
  <?php if ($_GET['ip']) echo "IP [<a href=\"" . remove_query_arg(array("paged", "ip"), $request_uri) . "\">X</a>] "; ?>
144
  <?php if ($_GET['user_agent']) echo "User Agent [<a href=\"" . remove_query_arg(array("paged", "user_agent"), $request_uri) . "\">X</a>] "; ?>
145
  <?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . remove_query_arg(array("paged", "request_method"), $request_uri) . "\">X</a>] "; ?>
146
  <?php else: ?>
147
  Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
148
  <?php endif; ?>
149
+ <?php if (!$_GET['key'] && !$_GET['blocked']) { ?><a href="<?php echo add_query_arg(array("blocked" => "true", "paged" => false), $request_uri); ?>">Show Blocked</a><?php } ?>
 
150
  </div>
151
  </div>
152
 
172
  }
173
  echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
174
  $httpbl = bb2_httpbl_lookup($result["ip"]);
175
+ $host = gethostbyaddr($result["ip"]);
176
  if (!strcmp($host, $result["ip"])) {
177
  $host = "";
178
  } else {
179
  $host .= "<br/>\n";
180
  }
181
+ echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
182
+ if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
183
  echo "</td>\n";
184
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
185
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
204
  <?php
205
  }
206
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
207
  function bb2_options()
208
  {
209
  $settings = bb2_read_settings();
212
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
213
 
214
  if ($_POST) {
 
215
  if ($_POST['display_stats']) {
216
  $settings['display_stats'] = true;
217
  } else {
262
  } else {
263
  $settings['offsite_forms'] = false;
264
  }
265
+ if ($_POST['eu_cookie']) {
266
+ $settings['eu_cookie'] = true;
 
 
 
 
 
267
  } else {
268
+ $settings['eu_cookie'] = false;
 
 
 
 
 
269
  }
270
  bb2_write_settings($settings);
271
  ?>
274
  }
275
  ?>
276
  <div class="wrap">
 
 
 
277
  <h2><?php _e("Bad Behavior"); ?></h2>
278
+ <form method="post" action="<?php echo $request_uri; ?>">
279
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
280
+ <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
281
 
282
  <h3><?php _e('Statistics'); ?></h3>
283
  <?php bb2_insert_stats(true); ?>
306
  <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo $settings['httpbl_maxage']; ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
307
  </table>
308
 
309
+ <h3><?php _e('European Union Cookie'); ?></h3>
310
+ <p>Select this option if you believe Bad Behavior's site security cookie is not exempt from the 2012 EU cookie regulation. <a href="http://bad-behavior.ioerror.us/2012/05/03/bad-behavior-2-2-4/">More info</a></p>
 
 
311
  <table class="form-table">
312
+ <tr><td><label><input type="checkbox" name="eu_cookie" value="true" <?php if ($settings['eu_cookie']) { ?>checked="checked" <?php } ?>/> <?php _e('EU cookie handling'); ?></label></td></tr>
 
 
313
  </table>
314
 
315
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
324
  if ($file == "bad-behavior/bad-behavior-wordpress.php" && function_exists("admin_url")) {
325
  $log_link = '<a href="' . admin_url("tools.php?page=bb2_manage") . '">Log</a>';
326
  $settings_link = '<a href="' . admin_url("options-general.php?page=bb2_options") . '">Settings</a>';
327
+ array_unshift($links, $settings_link, $log_link);
 
328
  }
329
  return $links;
330
  }
331
  add_filter("plugin_action_links", "bb2_plugin_action_links", 10, 2);
332
+
333
+ ?>
bad-behavior-wordpress.php CHANGED
@@ -1,30 +1,36 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.2.3
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
- Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
8
- Author URI: http://bad-behavior.ioerror.us/
9
- License: LGPLv3
10
 
11
  Bad Behavior - detects and blocks unwanted Web accesses
12
- Copyright (C) 2005,2006,2007,2008,2009,2010,2011,2012 Michael Hampton
13
 
14
- Bad Behavior is free software; you can redistribute it and/or modify it under
15
- the terms of the GNU Lesser General Public License as published by the Free
16
- Software Foundation; either version 3 of the License, or (at your option) any
17
- later version.
18
 
19
- This program is distributed in the hope that it will be useful, but WITHOUT ANY
20
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
21
- PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
 
22
 
23
- You should have received a copy of the GNU Lesser General Public License along
24
- with this program. If not, see <http://www.gnu.org/licenses/>.
 
 
25
 
26
- Please report any problems to bad . bots AT ioerror DOT us
27
- http://www.bad-behavior.ioerror.us/
 
 
 
28
  */
29
 
30
  ###############################################################################
@@ -32,15 +38,12 @@ http://www.bad-behavior.ioerror.us/
32
 
33
  if (!defined('ABSPATH')) die("No cheating!");
34
 
35
- global $bb2_result;
36
-
37
  $bb2_mtime = explode(" ", microtime());
38
  $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
39
 
40
  define('BB2_CWD', dirname(__FILE__));
41
 
42
  // Bad Behavior callback functions.
43
- require_once("bad-behavior-mysql.php");
44
 
45
  // Return current time in the format preferred by your database.
46
  function bb2_db_date() {
@@ -97,11 +100,6 @@ function bb2_email() {
97
  return get_bloginfo('admin_email');
98
  }
99
 
100
- // retrieve whitelist
101
- function bb2_read_whitelist() {
102
- return get_option('bad_behavior_whitelist');
103
- }
104
-
105
  // retrieve settings from database
106
  function bb2_read_settings() {
107
  global $wpdb;
@@ -109,9 +107,7 @@ function bb2_read_settings() {
109
  // Add in default settings when they aren't yet present in WP
110
  $settings = get_option('bad_behavior_settings');
111
  if (!$settings) $settings = array();
112
- return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => true, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30', 'offsite_forms' => false, 'reverse_proxy' => false, 'reverse_proxy_header' => 'X-Forwarded-For', 'reverse_proxy_addresses' => array(),), $settings);
113
-
114
-
115
  }
116
 
117
  // write settings to database
@@ -134,30 +130,8 @@ function bb2_insert_head() {
134
  echo $bb2_javascript;
135
  }
136
 
137
- function bb2_approved_callback($settings, $package) {
138
- global $bb2_package;
139
-
140
- // Save package for possible later use
141
- $bb2_package = $package;
142
- }
143
-
144
- // Capture missed spam and log it
145
- function bb2_capture_spam($id, $comment) {
146
- global $bb2_package;
147
-
148
- // Capture only spam
149
- if ('spam' != $comment->comment_approved) return;
150
-
151
- // Don't capture if HTTP request no longer active
152
- if (array_key_exists("request_entity", $bb2_package) && array_key_exists("author", $bb2_package['request_entity']) && $bb2_package['request_entity']['author'] == $comment->comment_author) {
153
- bb2_db_query(bb2_insert(bb2_read_settings(), $bb2_package, "00000000"));
154
- }
155
- }
156
-
157
  // Display stats?
158
  function bb2_insert_stats($force = false) {
159
- global $bb2_result;
160
-
161
  $settings = bb2_read_settings();
162
 
163
  if ($force || $settings['display_stats']) {
@@ -166,29 +140,23 @@ function bb2_insert_stats($force = false) {
166
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
167
  }
168
  }
169
- if (@!empty($bb2_result)) {
170
- echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $bb2_result);
171
- unset($bb2_result);
172
- }
173
  }
174
 
175
  // Return the top-level relative path of wherever we are (for cookies)
176
  function bb2_relative_path() {
177
  $url = parse_url(get_bloginfo('url'));
178
- if (array_key_exists('path', $url)) {
179
- return $url['path'] . '/';
180
- }
181
- return '/';
182
  }
183
 
 
184
  // FIXME: figure out what's wrong on 2.0 that this doesn't work
185
  // register_activation_hook(__FILE__, 'bb2_install');
186
  //add_action('activate_bb2/bad-behavior-wordpress.php', 'bb2_install');
187
  add_action('wp_head', 'bb2_insert_head');
188
  add_action('wp_footer', 'bb2_insert_stats');
189
- add_action('wp_insert_comment', 'bb2_capture_spam', 99, 2);
190
 
191
  // Calls inward to Bad Behavor itself.
 
192
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
193
  bb2_install(); // FIXME: see above
194
 
@@ -197,8 +165,10 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
197
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
198
  }
199
 
200
- $bb2_result = bb2_start(bb2_read_settings());
201
 
202
  $bb2_mtime = explode(" ", microtime());
203
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
204
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
 
 
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.0.46
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
+ Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
8
+ Author URI: http://www.homelandstupidity.us/
9
+ License: GPL
10
 
11
  Bad Behavior - detects and blocks unwanted Web accesses
12
+ Copyright (C) 2005 Michael Hampton
13
 
14
+ This program is free software; you can redistribute it and/or modify
15
+ it under the terms of the GNU General Public License as published by
16
+ the Free Software Foundation; either version 2 of the License, or
17
+ (at your option) any later version.
18
 
19
+ As a special exemption, you may link this program with any of the
20
+ programs listed below, regardless of the license terms of those
21
+ programs, and distribute the resulting program, without including the
22
+ source code for such programs: ExpressionEngine; Simple Machines Forum
23
 
24
+ This program is distributed in the hope that it will be useful,
25
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
26
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27
+ GNU General Public License for more details.
28
 
29
+ You should have received a copy of the GNU General Public License
30
+ along with this program; if not, write to the Free Software
31
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32
+
33
+ Please report any problems to badbots AT ioerror DOT us
34
  */
35
 
36
  ###############################################################################
38
 
39
  if (!defined('ABSPATH')) die("No cheating!");
40
 
 
 
41
  $bb2_mtime = explode(" ", microtime());
42
  $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
43
 
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
 
47
 
48
  // Return current time in the format preferred by your database.
49
  function bb2_db_date() {
100
  return get_bloginfo('admin_email');
101
  }
102
 
 
 
 
 
 
103
  // retrieve settings from database
104
  function bb2_read_settings() {
105
  global $wpdb;
107
  // Add in default settings when they aren't yet present in WP
108
  $settings = get_option('bad_behavior_settings');
109
  if (!$settings) $settings = array();
110
+ return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => false, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30', 'offsite_forms' => false, 'eu_cookie' => false), $settings);
 
 
111
  }
112
 
113
  // write settings to database
130
  echo $bb2_javascript;
131
  }
132
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
133
  // Display stats?
134
  function bb2_insert_stats($force = false) {
 
 
135
  $settings = bb2_read_settings();
136
 
137
  if ($force || $settings['display_stats']) {
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
 
 
 
 
143
  }
144
 
145
  // Return the top-level relative path of wherever we are (for cookies)
146
  function bb2_relative_path() {
147
  $url = parse_url(get_bloginfo('url'));
148
+ return $url['path'] . '/';
 
 
 
149
  }
150
 
151
+ // FIXME: some sort of hack to run install on 1.5 (and older?) blogs
152
  // FIXME: figure out what's wrong on 2.0 that this doesn't work
153
  // register_activation_hook(__FILE__, 'bb2_install');
154
  //add_action('activate_bb2/bad-behavior-wordpress.php', 'bb2_install');
155
  add_action('wp_head', 'bb2_insert_head');
156
  add_action('wp_footer', 'bb2_insert_stats');
 
157
 
158
  // Calls inward to Bad Behavor itself.
159
+ require_once(BB2_CWD . "/bad-behavior/version.inc.php");
160
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
161
  bb2_install(); // FIXME: see above
162
 
165
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
166
  }
167
 
168
+ bb2_start(bb2_read_settings());
169
 
170
  $bb2_mtime = explode(" ", microtime());
171
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
172
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
173
+
174
+ ?>
bad-behavior/banned.inc.php CHANGED
@@ -5,20 +5,7 @@
5
 
6
  require_once(BB2_CORE . "/responses.inc.php");
7
 
8
- function bb2_housekeeping($settings, $package)
9
- {
10
- // FIXME Yes, the interval's hard coded (again) for now.
11
- $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
12
- bb2_db_query($query);
13
-
14
- // Waste a bunch more of the spammer's time, sometimes.
15
- if (rand(1,1000) == 1) {
16
- $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
17
- bb2_db_query($query);
18
- }
19
- }
20
-
21
- function bb2_display_denial($settings, $package, $key, $previous_key = false)
22
  {
23
  define('DONOTCACHEPAGE', true); // WP Super Cache
24
  if (!$previous_key) $previous_key = $key;
@@ -26,7 +13,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
26
  // FIXME: lookup the real key
27
  }
28
  // Create support key
29
- $ip = explode(".", $package['ip']);
30
  $ip_hex = "";
31
  foreach ($ip as $octet) {
32
  $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
@@ -37,7 +24,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
37
  $response = bb2_get_response($previous_key);
38
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
39
  header("Status: " . $response['response'] . " Bad Behavior");
40
- $request_uri = $_SERVER["REQUEST_URI"];
41
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
42
  ?>
43
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -61,3 +48,5 @@ function bb2_log_denial($settings, $package, $key, $previous_key=false)
61
  if (!$settings['logging']) return;
62
  bb2_db_query(bb2_insert($settings, $package, $key));
63
  }
 
 
5
 
6
  require_once(BB2_CORE . "/responses.inc.php");
7
 
8
+ function bb2_display_denial($settings, $key, $previous_key = false)
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  {
10
  define('DONOTCACHEPAGE', true); // WP Super Cache
11
  if (!$previous_key) $previous_key = $key;
13
  // FIXME: lookup the real key
14
  }
15
  // Create support key
16
+ $ip = explode(".", $_SERVER['REMOTE_ADDR']);
17
  $ip_hex = "";
18
  foreach ($ip as $octet) {
19
  $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
24
  $response = bb2_get_response($previous_key);
25
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26
  header("Status: " . $response['response'] . " Bad Behavior");
27
+ $request_uri = $_SERVER['REQUEST_URI'];
28
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
29
  ?>
30
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
48
  if (!$settings['logging']) return;
49
  bb2_db_query(bb2_insert($settings, $package, $key));
50
  }
51
+
52
+ ?>
bad-behavior/blackhole.inc.php CHANGED
@@ -1,5 +1,10 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
 
 
 
 
 
3
  // Look up address on various blackhole lists.
4
  // These should not be used for GET requests under any circumstances!
5
  // FIXME: Note that this code is no longer in use
@@ -55,6 +60,7 @@ function bb2_httpbl($settings, $package) {
55
  $result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
56
  if (!empty($result)) {
57
  $ip = explode('.', $result[0]);
 
58
  if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
59
  return '2b021b1f';
60
  }
@@ -65,3 +71,4 @@ function bb2_httpbl($settings, $package) {
65
  }
66
  return false;
67
  }
 
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
+ // Quick and dirty check for an IPv6 address
4
+ function is_ipv6($address) {
5
+ return (strpos($address, ":")) ? TRUE : FALSE;
6
+ }
7
+
8
  // Look up address on various blackhole lists.
9
  // These should not be used for GET requests under any circumstances!
10
  // FIXME: Note that this code is no longer in use
60
  $result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
61
  if (!empty($result)) {
62
  $ip = explode('.', $result[0]);
63
+ // Check if threat
64
  if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
65
  return '2b021b1f';
66
  }
71
  }
72
  return false;
73
  }
74
+ ?>
bad-behavior/blacklist.inc.php CHANGED
@@ -18,7 +18,6 @@ function bb2_blacklist($package) {
18
  "EmailCollector", // spam harvester
19
  "Email Siphon", // spam harvester
20
  "EmailSiphon", // spam harvester
21
- "Forum Poster", // forum spambot
22
  "grub crawler", // misc comment/email spam
23
  "HttpProxy", // misc comment/email spam
24
  "Internet Explorer", // XMLRPC exploits seen
@@ -43,9 +42,8 @@ function bb2_blacklist($package) {
43
  "psycheclone", // spam harvester
44
  "PussyCat ", // misc comment spam
45
  "PycURL", // misc comment spam
46
- "Python-urllib", // commonly abused
47
- // WP 2.5 now has Flash; FIXME
48
  // "Shockwave Flash", // spam harvester
 
49
  "Super Happy Fun ", // spam harvester
50
  "TrackBack/", // trackback spam
51
  "user", // suspicious harvester
@@ -71,12 +69,11 @@ function bb2_blacklist($package) {
71
  "grub-client", // search engine ignores robots.txt
72
  "hanzoweb", // very badly behaved crawler
73
  "Indy Library", // misc comment/email spam
74
- "MSIE 7.0; Windows NT 5.2", // Cyveillance
75
  "Murzillo compatible", // comment spam bot
76
  ".NET CLR 1)", // free poker, etc.
77
  "POE-Component-Client", // free poker, etc.
78
  "Turing Machine", // www.anonymizer.com abuse
79
- "unspecified.mail", // stealth harvesters
80
  "User-agent: ", // spam harvester/splogger
81
  "WebaltBot", // spam harvester
82
  "WISEbot", // spam harvester
@@ -86,7 +83,6 @@ function bb2_blacklist($package) {
86
  "Windows NT 5.1;)", // wikispam bot
87
  "Windows XP 5", // spam harvester
88
  "WordPress/4.01", // pingback spam
89
- "Xedant Human Emulator",// spammer script engine
90
  "\\\\)", // spam harvester
91
  );
92
 
@@ -125,3 +121,5 @@ function bb2_blacklist($package) {
125
 
126
  return FALSE;
127
  }
 
 
18
  "EmailCollector", // spam harvester
19
  "Email Siphon", // spam harvester
20
  "EmailSiphon", // spam harvester
 
21
  "grub crawler", // misc comment/email spam
22
  "HttpProxy", // misc comment/email spam
23
  "Internet Explorer", // XMLRPC exploits seen
42
  "psycheclone", // spam harvester
43
  "PussyCat ", // misc comment spam
44
  "PycURL", // misc comment spam
 
 
45
  // "Shockwave Flash", // spam harvester
46
+ // WP 2.5 now has Flash; FIXME
47
  "Super Happy Fun ", // spam harvester
48
  "TrackBack/", // trackback spam
49
  "user", // suspicious harvester
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
+ "larbin@unspecified", // stealth harvesters
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
 
77
  "User-agent: ", // spam harvester/splogger
78
  "WebaltBot", // spam harvester
79
  "WISEbot", // spam harvester
83
  "Windows NT 5.1;)", // wikispam bot
84
  "Windows XP 5", // spam harvester
85
  "WordPress/4.01", // pingback spam
 
86
  "\\\\)", // spam harvester
87
  );
88
 
121
 
122
  return FALSE;
123
  }
124
+
125
+ ?>
bad-behavior/browser.inc.php DELETED
@@ -1,84 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
-
3
- // Analyze user agents claiming to be Konqueror
4
-
5
- function bb2_konqueror($package)
6
- {
7
- // CafeKelsa is a dev project at Yahoo which indexes job listings for
8
- // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
9
- if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
10
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
11
- return "17566707";
12
- }
13
- }
14
- return false;
15
- }
16
-
17
- // Analyze user agents claiming to be Lynx
18
-
19
- function bb2_lynx($package)
20
- {
21
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
22
- return "17566707";
23
- }
24
- return false;
25
- }
26
-
27
- // Analyze user agents claiming to be Mozilla
28
-
29
- function bb2_mozilla($package)
30
- {
31
- // First off, workaround for Google Desktop, until they fix it FIXME
32
- // Google Desktop fixed it, but apparently some old versions are
33
- // still out there. :(
34
- // Always check accept header for Mozilla user agents
35
- if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
36
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
37
- return "17566707";
38
- }
39
- }
40
- return false;
41
- }
42
-
43
- // Analyze user agents claiming to be MSIE
44
-
45
- function bb2_msie($package)
46
- {
47
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
48
- return "17566707";
49
- }
50
-
51
- // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
52
- if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
53
- return "a1084bad";
54
- }
55
-
56
- // MSIE does NOT send Connection: TE but Akamai does
57
- // Bypass this test when Akamai detected
58
- // The latest version of IE for Windows CE also uses Connection: TE
59
- if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
60
- return "2b90f772";
61
- }
62
-
63
- return false;
64
- }
65
-
66
- // Analyze user agents claiming to be Opera
67
-
68
- function bb2_opera($package)
69
- {
70
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
71
- return "17566707";
72
- }
73
- return false;
74
- }
75
-
76
- // Analyze user agents claiming to be Safari
77
-
78
- function bb2_safari($package)
79
- {
80
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
81
- return "17566707";
82
- }
83
- return false;
84
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/cloudflare.inc.php DELETED
@@ -1,14 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
-
3
- // Analyze requests claiming to be from CloudFlare
4
-
5
- require_once(BB2_CORE . "/roundtripdns.inc.php");
6
-
7
- function bb2_cloudflare($package)
8
- {
9
- # Disabled due to http://bugs.php.net/bug.php?id=53092
10
- # if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
11
- # return '70e45496';
12
- # }
13
- return false;
14
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/common_tests.inc.php CHANGED
@@ -4,7 +4,8 @@
4
 
5
  function bb2_protocol($settings, $package)
6
  {
7
- // We should never see Expect: for HTTP/1.0 requests
 
8
  if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
9
  return "a0105122";
10
  }
@@ -40,8 +41,6 @@ function bb2_misc_headers($settings, $package)
40
 
41
  // Broken spambots send URLs with various invalid characters
42
  // Some broken browsers send the #vector in the referer field :(
43
- // Worse yet, some Javascript client-side apps do the same in
44
- // blatant violation of the protocol and good sense.
45
  // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
46
  if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
47
  return "dfd9b1ad";
@@ -70,6 +69,7 @@ function bb2_misc_headers($settings, $package)
70
  // Lowercase via is used by open proxies/referrer spammers
71
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
72
  // may be blocked again in the future)
 
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
@@ -106,10 +106,6 @@ function bb2_misc_headers($settings, $package)
106
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
107
  return "a52f0448";
108
  }
109
- // Keep-Alive format in RFC 2068; some bots mangle these headers
110
- if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
111
- return "b0924802";
112
- }
113
  }
114
 
115
 
@@ -118,8 +114,6 @@ function bb2_misc_headers($settings, $package)
118
  return "b9cc1d86";
119
  }
120
  // Proxy-Connection does not exist and should never be seen in the wild
121
- // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
122
- // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
123
  if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
124
  return "b7830251";
125
  }
@@ -132,7 +126,7 @@ function bb2_misc_headers($settings, $package)
132
 
133
  // Referer, if it exists, must contain a :
134
  // While a relative URL is technically valid in Referer, all known
135
- // legitimate user-agents send an absolute URL
136
  if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
137
  return "45b35e30";
138
  }
@@ -146,3 +140,5 @@ function bb2_misc_headers($settings, $package)
146
 
147
  return false;
148
  }
 
 
4
 
5
  function bb2_protocol($settings, $package)
6
  {
7
+ // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
8
+ // Always run this test; we should never see Expect:
9
  if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
10
  return "a0105122";
11
  }
41
 
42
  // Broken spambots send URLs with various invalid characters
43
  // Some broken browsers send the #vector in the referer field :(
 
 
44
  // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
45
  if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
46
  return "dfd9b1ad";
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
72
+ // Coral CDN uses lowercase via
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
106
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
107
  return "a52f0448";
108
  }
 
 
 
 
109
  }
110
 
111
 
114
  return "b9cc1d86";
115
  }
116
  // Proxy-Connection does not exist and should never be seen in the wild
 
 
117
  if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
118
  return "b7830251";
119
  }
126
 
127
  // Referer, if it exists, must contain a :
128
  // While a relative URL is technically valid in Referer, all known
129
+ // legit user-agents send an absolute URL
130
  if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
131
  return "45b35e30";
132
  }
140
 
141
  return false;
142
  }
143
+
144
+ ?>
bad-behavior/core.inc.php CHANGED
@@ -1,7 +1,6 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.2.3");
3
 
4
- // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
6
  // Go read the bad-behavior-generic.php file.
7
 
@@ -10,6 +9,51 @@ define('BB2_COOKIE', 'bb2_screener_');
10
 
11
  require_once(BB2_CORE . "/functions.inc.php");
12
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
  // Kill 'em all!
14
  function bb2_banned($settings, $package, $key, $previous_key=false)
15
  {
@@ -17,12 +61,13 @@ function bb2_banned($settings, $package, $key, $previous_key=false)
17
  sleep(2);
18
 
19
  require_once(BB2_CORE . "/banned.inc.php");
20
- bb2_display_denial($settings, $package, $key, $previous_key);
21
  bb2_log_denial($settings, $package, $key, $previous_key);
22
  if (is_callable('bb2_banned_callback')) {
23
  bb2_banned_callback($settings, $package, $key);
24
  }
25
  // Penalize the spammers some more
 
26
  bb2_housekeeping($settings, $package);
27
  die();
28
  }
@@ -40,41 +85,29 @@ function bb2_approved($settings, $package)
40
  }
41
  }
42
 
43
- # If this is reverse-proxied or load balanced, obtain the actual client IP
44
- function bb2_reverse_proxy($settings, $headers_mixed)
 
45
  {
46
- # Detect if option is on when it should be off
47
- $header = uc_all($settings['reverse_proxy_header']);
48
- if (!array_key_exists($header, $headers_mixed)) {
49
- return false;
50
  }
51
-
52
- $addrs = @array_reverse(preg_split("/[\s,]+/", $headers_mixed[$header]));
53
- # Skip our known reverse proxies and private addresses
54
- if (!empty($settings['reverse_proxy_addresses'])) {
55
- foreach ($addrs as $addr) {
56
- if (!match_cidr($addr, $settings['reverse_proxy_addresses']) && !is_rfc1918($addr)) {
57
- return $addr;
58
- }
59
- }
60
- } else {
61
- foreach ($addrs as $addr) {
62
- if (!is_rfc1918($addr)) {
63
- return $addr;
64
- }
65
- }
66
  }
67
- # If we got here, someone is playing a trick on us.
68
- return false;
69
  }
70
 
 
71
  // Let God sort 'em out!
72
  function bb2_start($settings)
73
  {
74
  // Gather up all the information we need, first of all.
75
  $headers = bb2_load_headers();
76
  // Postprocess the headers to mixed-case
77
- // TODO: get the world to stop using PHP as CGI
78
  $headers_mixed = array();
79
  foreach ($headers as $h => $v) {
80
  $headers_mixed[uc_all($h)] = $v;
@@ -82,128 +115,106 @@ function bb2_start($settings)
82
 
83
  // IPv6 - IPv4 compatibility mode hack
84
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
 
 
 
 
 
 
 
85
 
86
  // Reconstruct the HTTP entity, if present.
87
  $request_entity = array();
88
- if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
89
  foreach ($_POST as $h => $v) {
90
  $request_entity[$h] = $v;
91
  }
92
  }
93
 
94
- $request_uri = $_SERVER["REQUEST_URI"];
95
- if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
96
 
97
- if ($settings['reverse_proxy'] && $ip = bb2_reverse_proxy($settings, $headers_mixed)) {
98
- $headers['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
99
- $headers_mixed['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
100
- } else {
101
- $ip = $_SERVER['REMOTE_ADDR'];
102
- }
103
-
104
- @$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false,);
105
-
106
- $result = bb2_screen($settings, $package);
107
- if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
108
- return $result;
109
- }
110
-
111
- function bb2_screen($settings, $package)
112
- {
113
- // Please proceed to the security checkpoint, have your identification
114
- // and boarding pass ready, and prepare to be nakedized or fondled.
115
-
116
- // CloudFlare-specific checks not handled by reverse proxy code
117
- // Thanks to butchs at Simple Machines
118
- if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
119
- require_once(BB2_CORE . "/cloudflare.inc.php");
120
- $r = bb2_cloudflare($package);
121
- if ($r !== false && $r != $package['ip']) return $r;
122
- }
123
 
124
  // First check the whitelist
125
  require_once(BB2_CORE . "/whitelist.inc.php");
126
- if (!bb2_run_whitelist($package)) {
127
  // Now check the blacklist
128
  require_once(BB2_CORE . "/blacklist.inc.php");
129
- if ($r = bb2_blacklist($package)) return $r;
130
 
131
  // Check the http:BL
132
  require_once(BB2_CORE . "/blackhole.inc.php");
133
- if ($r = bb2_httpbl($settings, $package)) {
134
- if ($r == 1) return false; # whitelisted
135
- return $r;
 
136
  }
137
 
138
  // Check for common stuff
139
  require_once(BB2_CORE . "/common_tests.inc.php");
140
- if ($r = bb2_protocol($settings, $package)) return $r;
141
- if ($r = bb2_cookies($settings, $package)) return $r;
142
- if ($r = bb2_misc_headers($settings, $package)) return $r;
143
 
144
  // Specific checks
145
- @$ua = $package['user_agent'];
146
- // Search engine checks come first
147
  if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
148
- require_once(BB2_CORE . "/searchengine.inc.php");
149
- if ($r = bb2_msnbot($package)) {
150
- if ($r == 1) return false; # whitelisted
151
- return $r;
152
- }
153
- return false;
154
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
155
- require_once(BB2_CORE . "/searchengine.inc.php");
156
- if ($r = bb2_google($package)) {
157
- if ($r == 1) return false; # whitelisted
158
- return $r;
159
- }
160
- return false;
161
  } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
162
- require_once(BB2_CORE . "/searchengine.inc.php");
163
- if ($r = bb2_yahoo($package)) {
164
- if ($r == 1) return false; # whitelisted
165
- return $r;
166
- }
167
- return false;
168
  }
169
  // MSIE checks
170
- if (stripos($ua, "; MSIE") !== FALSE) {
171
  $package['is_browser'] = true;
172
- require_once(BB2_CORE . "/browser.inc.php");
173
  if (stripos($ua, "Opera") !== FALSE) {
174
- if ($r = bb2_opera($package)) return $r;
 
175
  } else {
176
- if ($r = bb2_msie($package)) return $r;
 
177
  }
178
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
179
  $package['is_browser'] = true;
180
- require_once(BB2_CORE . "/browser.inc.php");
181
- if ($r = bb2_konqueror($package)) return $r;
182
  } elseif (stripos($ua, "Opera") !== FALSE) {
183
  $package['is_browser'] = true;
184
- require_once(BB2_CORE . "/browser.inc.php");
185
- if ($r = bb2_opera($package)) return $r;
186
  } elseif (stripos($ua, "Safari") !== FALSE) {
187
  $package['is_browser'] = true;
188
- require_once(BB2_CORE . "/browser.inc.php");
189
- if ($r = bb2_safari($package)) return $r;
190
  } elseif (stripos($ua, "Lynx") !== FALSE) {
191
  $package['is_browser'] = true;
192
- require_once(BB2_CORE . "/browser.inc.php");
193
- if ($r = bb2_lynx($package)) return $r;
194
  } elseif (stripos($ua, "MovableType") !== FALSE) {
195
  require_once(BB2_CORE . "/movabletype.inc.php");
196
- if ($r = bb2_movabletype($package)) return $r;
197
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
198
  $package['is_browser'] = true;
199
- require_once(BB2_CORE . "/browser.inc.php");
200
- if ($r = bb2_mozilla($package)) return $r;
201
  }
202
 
203
  // More intensive screening applies to POST requests
204
  if (!strcasecmp('POST', $package['request_method'])) {
205
  require_once(BB2_CORE . "/post.inc.php");
206
- if ($r = bb2_post($settings, $package)) return $r;
207
  }
208
  }
209
 
@@ -213,5 +224,6 @@ function bb2_screen($settings, $package)
213
 
214
  // And that's about it.
215
  bb2_approved($settings, $package);
216
- return false;
217
  }
 
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
 
2
 
3
+ // Bad Behavior entry point is start_bad_behavior().
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
12
+ // Our log table structure
13
+ function bb2_table_structure($name)
14
+ {
15
+ // It's not paranoia if they really are out to get you.
16
+ $name_escaped = bb2_db_escape($name);
17
+ return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
18
+ `id` INT(11) NOT NULL auto_increment,
19
+ `ip` TEXT NOT NULL,
20
+ `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
21
+ `request_method` TEXT NOT NULL,
22
+ `request_uri` TEXT NOT NULL,
23
+ `server_protocol` TEXT NOT NULL,
24
+ `http_headers` TEXT NOT NULL,
25
+ `user_agent` TEXT NOT NULL,
26
+ `request_entity` TEXT NOT NULL,
27
+ `key` TEXT NOT NULL,
28
+ INDEX (`ip`(15)),
29
+ INDEX (`user_agent`(10)),
30
+ PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
31
+ }
32
+
33
+ // Insert a new record
34
+ function bb2_insert($settings, $package, $key)
35
+ {
36
+ $ip = bb2_db_escape($package['ip']);
37
+ $date = bb2_db_date();
38
+ $request_method = bb2_db_escape($package['request_method']);
39
+ $request_uri = bb2_db_escape($package['request_uri']);
40
+ $server_protocol = bb2_db_escape($package['server_protocol']);
41
+ $user_agent = bb2_db_escape($package['user_agent']);
42
+ $headers = "$request_method $request_uri $server_protocol\n";
43
+ foreach ($package['headers'] as $h => $v) {
44
+ $headers .= bb2_db_escape("$h: $v\n");
45
+ }
46
+ $request_entity = "";
47
+ if (!strcasecmp($request_method, "POST")) {
48
+ foreach ($package['request_entity'] as $h => $v) {
49
+ $request_entity .= bb2_db_escape("$h: $v\n");
50
+ }
51
+ }
52
+ return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
53
+ (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
54
+ ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
55
+ }
56
+
57
  // Kill 'em all!
58
  function bb2_banned($settings, $package, $key, $previous_key=false)
59
  {
61
  sleep(2);
62
 
63
  require_once(BB2_CORE . "/banned.inc.php");
64
+ bb2_display_denial($settings, $key, $previous_key);
65
  bb2_log_denial($settings, $package, $key, $previous_key);
66
  if (is_callable('bb2_banned_callback')) {
67
  bb2_banned_callback($settings, $package, $key);
68
  }
69
  // Penalize the spammers some more
70
+ require_once(BB2_CORE . "/housekeeping.inc.php");
71
  bb2_housekeeping($settings, $package);
72
  die();
73
  }
85
  }
86
  }
87
 
88
+ // Check the results of a particular test; see below for usage
89
+ // Returns FALSE if test passed (yes this is backwards)
90
+ function bb2_test($settings, $package, $result)
91
  {
92
+ // Passthrough a value of 1 for whitelisted/bypass items
93
+ if ($result == 1) {
94
+ return true;
 
95
  }
96
+ if ($result !== FALSE) {
97
+ bb2_banned($settings, $package, $result);
98
+ return TRUE;
 
 
 
 
 
 
 
 
 
 
 
 
99
  }
100
+ return FALSE;
 
101
  }
102
 
103
+
104
  // Let God sort 'em out!
105
  function bb2_start($settings)
106
  {
107
  // Gather up all the information we need, first of all.
108
  $headers = bb2_load_headers();
109
  // Postprocess the headers to mixed-case
110
+ // FIXME: get the world to stop using PHP as CGI
111
  $headers_mixed = array();
112
  foreach ($headers as $h => $v) {
113
  $headers_mixed[uc_all($h)] = $v;
115
 
116
  // IPv6 - IPv4 compatibility mode hack
117
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
118
+ // We use these frequently. Keep a copy close at hand.
119
+ $ip = $_SERVER['REMOTE_ADDR'];
120
+ $request_method = $_SERVER['REQUEST_METHOD'];
121
+ $request_uri = $_SERVER['REQUEST_URI'];
122
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
123
+ $server_protocol = $_SERVER['SERVER_PROTOCOL'];
124
+ @$user_agent = $_SERVER['HTTP_USER_AGENT'];
125
 
126
  // Reconstruct the HTTP entity, if present.
127
  $request_entity = array();
128
+ if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
129
  foreach ($_POST as $h => $v) {
130
  $request_entity[$h] = $v;
131
  }
132
  }
133
 
134
+ $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
 
135
 
136
+ // Please proceed to the security checkpoint and have your
137
+ // identification and boarding pass ready.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
138
 
139
  // First check the whitelist
140
  require_once(BB2_CORE . "/whitelist.inc.php");
141
+ if (!bb2_whitelist($package)) {
142
  // Now check the blacklist
143
  require_once(BB2_CORE . "/blacklist.inc.php");
144
+ bb2_test($settings, $package, bb2_blacklist($package));
145
 
146
  // Check the http:BL
147
  require_once(BB2_CORE . "/blackhole.inc.php");
148
+ if (bb2_test($settings, $package, bb2_httpbl($settings, $package))) {
149
+ // Bypass all checks if http:BL says search engine
150
+ bb2_approved($settings, $package);
151
+ return true;
152
  }
153
 
154
  // Check for common stuff
155
  require_once(BB2_CORE . "/common_tests.inc.php");
156
+ bb2_test($settings, $package, bb2_protocol($settings, $package));
157
+ bb2_test($settings, $package, bb2_cookies($settings, $package));
158
+ bb2_test($settings, $package, bb2_misc_headers($settings, $package));
159
 
160
  // Specific checks
161
+ @$ua = $headers_mixed['User-Agent'];
162
+ // Search engines first
163
  if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
164
+ require_once(BB2_CORE . "/msnbot.inc.php");
165
+ bb2_test($settings, $package, bb2_msnbot($package));
166
+ bb2_approved($settings, $package);
167
+ return true;
 
 
168
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
169
+ require_once(BB2_CORE . "/google.inc.php");
170
+ bb2_test($settings, $package, bb2_google($package));
171
+ bb2_approved($settings, $package);
172
+ return true;
 
 
173
  } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
174
+ require_once(BB2_CORE . "/yahoo.inc.php");
175
+ bb2_test($settings, $package, bb2_yahoo($package));
176
+ bb2_approved($settings, $package);
177
+ return true;
 
 
178
  }
179
  // MSIE checks
180
+ if (stripos($ua, "MSIE") !== FALSE) {
181
  $package['is_browser'] = true;
 
182
  if (stripos($ua, "Opera") !== FALSE) {
183
+ require_once(BB2_CORE . "/opera.inc.php");
184
+ bb2_test($settings, $package, bb2_opera($package));
185
  } else {
186
+ require_once(BB2_CORE . "/msie.inc.php");
187
+ bb2_test($settings, $package, bb2_msie($package));
188
  }
189
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
190
  $package['is_browser'] = true;
191
+ require_once(BB2_CORE . "/konqueror.inc.php");
192
+ bb2_test($settings, $package, bb2_konqueror($package));
193
  } elseif (stripos($ua, "Opera") !== FALSE) {
194
  $package['is_browser'] = true;
195
+ require_once(BB2_CORE . "/opera.inc.php");
196
+ bb2_test($settings, $package, bb2_opera($package));
197
  } elseif (stripos($ua, "Safari") !== FALSE) {
198
  $package['is_browser'] = true;
199
+ require_once(BB2_CORE . "/safari.inc.php");
200
+ bb2_test($settings, $package, bb2_safari($package));
201
  } elseif (stripos($ua, "Lynx") !== FALSE) {
202
  $package['is_browser'] = true;
203
+ require_once(BB2_CORE . "/lynx.inc.php");
204
+ bb2_test($settings, $package, bb2_lynx($package));
205
  } elseif (stripos($ua, "MovableType") !== FALSE) {
206
  require_once(BB2_CORE . "/movabletype.inc.php");
207
+ bb2_test($settings, $package, bb2_movabletype($package));
208
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
209
  $package['is_browser'] = true;
210
+ require_once(BB2_CORE . "/mozilla.inc.php");
211
+ bb2_test($settings, $package, bb2_mozilla($package));
212
  }
213
 
214
  // More intensive screening applies to POST requests
215
  if (!strcasecmp('POST', $package['request_method'])) {
216
  require_once(BB2_CORE . "/post.inc.php");
217
+ bb2_test($settings, $package, bb2_post($settings, $package));
218
  }
219
  }
220
 
224
 
225
  // And that's about it.
226
  bb2_approved($settings, $package);
227
+ return true;
228
  }
229
+ ?>
bad-behavior/functions.inc.php CHANGED
@@ -2,11 +2,6 @@
2
 
3
  // Miscellaneous helper functions.
4
 
5
- // Quick and dirty check for an IPv6 address
6
- function is_ipv6($address) {
7
- return (strpos($address, ":")) ? TRUE : FALSE;
8
- }
9
-
10
  // stripos() needed because stripos is only present on PHP 5
11
  if (!function_exists('stripos')) {
12
  function stripos($haystack,$needle,$offset = 0) {
@@ -58,10 +53,6 @@ function match_cidr($addr, $cidr) {
58
  return $output;
59
  }
60
 
61
- // Determine if an IP address is reserved by RFC 1918.
62
- function is_rfc1918($addr) {
63
- return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"));
64
- }
65
  // Obtain all the HTTP headers.
66
  // NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
67
  // headers. Run PHP as Apache 2.0 module if possible for best results.
@@ -76,3 +67,5 @@ function bb2_load_headers() {
76
  }
77
  return $headers;
78
  }
 
 
2
 
3
  // Miscellaneous helper functions.
4
 
 
 
 
 
 
5
  // stripos() needed because stripos is only present on PHP 5
6
  if (!function_exists('stripos')) {
7
  function stripos($haystack,$needle,$offset = 0) {
53
  return $output;
54
  }
55
 
 
 
 
 
56
  // Obtain all the HTTP headers.
57
  // NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
58
  // headers. Run PHP as Apache 2.0 module if possible for best results.
67
  }
68
  return $headers;
69
  }
70
+
71
+ ?>
bad-behavior/google.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Googlebot
4
+
5
+ function bb2_google($package)
6
+ {
7
+ if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE && match_cidr($package['ip'], "203.208.32.0/19") === FALSE && match_cidr($package['ip'], "74.125.0.0/16") === FALSE && match_cidr($package['ip'], "216.239.32.0/19") === FALSE && match_cidr($package['ip'], "209.85.128.0/17") === FALSE) {
8
+ return "f1182195";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/housekeeping.inc.php ADDED
@@ -0,0 +1,16 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ function bb2_housekeeping($settings, $package)
4
+ {
5
+ // FIXME Yes, the interval's hard coded (again) for now.
6
+ $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
7
+ bb2_db_query($query);
8
+
9
+ // Waste a bunch more of the spammer's time, sometimes.
10
+ if (rand(1,1000) == 1) {
11
+ $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
12
+ bb2_db_query($query);
13
+ }
14
+ }
15
+
16
+ ?>
bad-behavior/konqueror.inc.php ADDED
@@ -0,0 +1,17 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Konqueror
4
+
5
+ function bb2_konqueror($package)
6
+ {
7
+ // CafeKelsa is a dev project at Yahoo which indexes job listings for
8
+ // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
9
+ if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
10
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
11
+ return "17566707";
12
+ }
13
+ }
14
+ return false;
15
+ }
16
+
17
+ ?>
bad-behavior/lynx.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Lynx
4
+
5
+ function bb2_lynx($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/movabletype.inc.php CHANGED
@@ -10,3 +10,5 @@ function bb2_movabletype($package)
10
  }
11
  return false;
12
  }
 
 
10
  }
11
  return false;
12
  }
13
+
14
+ ?>
bad-behavior/mozilla.inc.php ADDED
@@ -0,0 +1,19 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Mozilla
4
+
5
+ function bb2_mozilla($package)
6
+ {
7
+ // First off, workaround for Google Desktop, until they fix it FIXME
8
+ // Google Desktop fixed it, but apparently some old versions are
9
+ // still out there. :(
10
+ // Always check accept header for Mozilla user agents
11
+ if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
12
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
13
+ return "17566707";
14
+ }
15
+ }
16
+ return false;
17
+ }
18
+
19
+ ?>
bad-behavior/msie.inc.php ADDED
@@ -0,0 +1,26 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be MSIE
4
+
5
+ function bb2_msie($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+
11
+ // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
12
+ if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
13
+ return "a1084bad";
14
+ }
15
+
16
+ // MSIE does NOT send Connection: TE but Akamai does
17
+ // Bypass this test when Akamai detected
18
+ // The latest version of IE for Windows CE also uses Connection: TE
19
+ if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
20
+ return "2b90f772";
21
+ }
22
+
23
+ return false;
24
+ }
25
+
26
+ ?>
bad-behavior/msnbot.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be msnbot
4
+
5
+ function bb2_msnbot($package)
6
+ {
7
+ if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
8
+ return "e4de0453";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/opera.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Opera
4
+
5
+ function bb2_opera($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/post.inc.php CHANGED
@@ -1,36 +1,11 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
- // Specialized screening for trackbacks
4
- function bb2_trackback($package)
5
- {
6
- // Web browsers don't send trackbacks
7
- if ($package['is_browser']) {
8
- return 'f0dcb3fd';
9
- }
10
-
11
- // Proxy servers don't send trackbacks either
12
- if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
13
- return 'd60b87c7';
14
- }
15
-
16
- // Fake WordPress trackbacks
17
- // Real ones do not contain Accept:, and have a charset defined
18
- // Real WP trackbacks may contain Accept: depending on the HTTP
19
- // transport being used by the sending host
20
- if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
21
- if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
22
- return 'e3990b47';
23
- }
24
- }
25
- return false;
26
- }
27
-
28
  // All tests which apply specifically to POST requests
29
  function bb2_post($settings, $package)
30
  {
31
  // Check blackhole lists for known spam/malicious activity
32
  // require_once(BB2_CORE . "/blackhole.inc.php");
33
- // if ($r = bb2_blackhole($package)) return $r;
34
 
35
  // MovableType needs specialized screening
36
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
@@ -42,6 +17,7 @@ function bb2_post($settings, $package)
42
  // Trackbacks need special screening
43
  $request_entity = $package['request_entity'];
44
  if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
 
45
  return bb2_trackback($package);
46
  }
47
 
@@ -54,13 +30,8 @@ function bb2_post($settings, $package)
54
  }
55
 
56
  // If Referer exists, it should refer to a page on our site
57
- if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) {
58
- $url = parse_url($package['headers_mixed']['Referer']);
59
- $url['host'] = preg_replace('|^www\.|', '', $url['host']);
60
- $host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
61
- if (strcasecmp($host, $url['host'])) {
62
- return "cd361abb";
63
- }
64
  }
65
 
66
  // Screen by cookie/JavaScript form add
@@ -105,3 +76,5 @@ function bb2_post($settings, $package)
105
 
106
  return false;
107
  }
 
 
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  // All tests which apply specifically to POST requests
4
  function bb2_post($settings, $package)
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
+ // bb2_test($settings, $package, bb2_blackhole($package));
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
17
  // Trackbacks need special screening
18
  $request_entity = $package['request_entity'];
19
  if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
20
+ require_once(BB2_CORE . "/trackback.inc.php");
21
  return bb2_trackback($package);
22
  }
23
 
30
  }
31
 
32
  // If Referer exists, it should refer to a page on our site
33
+ if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
34
+ return "cd361abb";
 
 
 
 
 
35
  }
36
 
37
  // Screen by cookie/JavaScript form add
76
 
77
  return false;
78
  }
79
+
80
+ ?>
bad-behavior/responses.inc.php CHANGED
@@ -19,7 +19,6 @@ function bb2_get_response($key) {
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
22
- '70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
23
  '71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
24
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
25
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
@@ -30,7 +29,6 @@ function bb2_get_response($key) {
30
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
31
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
32
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
33
- 'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
34
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
35
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
36
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
@@ -49,3 +47,4 @@ function bb2_get_response($key) {
49
  if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
50
  return array('00000000');
51
  }
 
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
 
22
  '71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
23
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
24
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
29
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
30
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
31
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
 
32
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
33
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
34
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
47
  if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
48
  return array('00000000');
49
  }
50
+ ?>
bad-behavior/roundtripdns.inc.php DELETED
@@ -1,20 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die("I said no cheating!");
2
-
3
- # Round trip DNS verification
4
-
5
- # Returns TRUE if DNS matches; FALSE on mismatch
6
- # Returns $ip if an error occurs
7
- # TODO: Not IPv6 safe
8
- # FIXME: Returns false on DNS server failure; PHP provides no distinction
9
- # between no records and error condition
10
- function bb2_roundtripdns($ip,$domain)
11
- {
12
- if (@is_ipv6($ip)) return $ip;
13
-
14
- $host = gethostbyaddr($ip);
15
- $host_result = strpos(strrev($host), strrev($domain));
16
- if ($host_result === false || $host_result > 0) return false;
17
- $addrs = gethostbynamel($host);
18
- if (in_array($ip, $addrs)) return true;
19
- return false;
20
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/safari.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Safari
4
+
5
+ function bb2_safari($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/screener.inc.php CHANGED
@@ -5,7 +5,9 @@
5
  function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
6
  {
7
  // FIXME: Set the real cookie
8
- setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
 
 
9
  }
10
 
11
  function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
@@ -60,3 +62,4 @@ function bb2_screener($settings, $package)
60
  bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
61
  bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
62
  }
 
5
  function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
6
  {
7
  // FIXME: Set the real cookie
8
+ if (!$settings['eu_cookie']) {
9
+ setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
10
+ }
11
  }
12
 
13
  function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
62
  bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
63
  bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
64
  }
65
+ ?>
bad-behavior/searchengine.inc.php DELETED
@@ -1,45 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
-
3
- require_once(BB2_CORE . "/roundtripdns.inc.php");
4
-
5
- // Analyze user agents claiming to be Googlebot
6
-
7
- function bb2_google($package)
8
- {
9
- if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
10
- return "f1182195";
11
- }
12
- # Disabled due to http://bugs.php.net/bug.php?id=53092
13
- # if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
14
- # return "f1182195";
15
- # }
16
- return false;
17
- }
18
-
19
- // Analyze user agents claiming to be msnbot
20
-
21
- function bb2_msnbot($package)
22
- {
23
- if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
24
- return "e4de0453";
25
- }
26
- # Disabled due to http://bugs.php.net/bug.php?id=53092
27
- # if (!bb2_roundtripdns($package['ip'], "msn.com")) {
28
- # return "e4de0453";
29
- # }
30
- return false;
31
- }
32
-
33
- // Analyze user agents claiming to be Yahoo!
34
-
35
- function bb2_yahoo($package)
36
- {
37
- if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
38
- return '71436a15';
39
- }
40
- # Disabled due to http://bugs.php.net/bug.php?id=53092
41
- # if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
42
- # return "71436a15";
43
- # }
44
- return false;
45
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/trackback.inc.php ADDED
@@ -0,0 +1,28 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Specialized screening for trackbacks
4
+ function bb2_trackback($package)
5
+ {
6
+ // Web browsers don't send trackbacks
7
+ if ($package['is_browser']) {
8
+ return 'f0dcb3fd';
9
+ }
10
+
11
+ // Proxy servers don't send trackbacks either
12
+ if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
13
+ return 'd60b87c7';
14
+ }
15
+
16
+ // Fake WordPress trackbacks
17
+ // Real ones do not contain Accept:, and have a charset defined
18
+ // Real WP trackbacks may contain Accept: depending on the HTTP
19
+ // transport being used by the sending host
20
+ if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
21
+ if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
22
+ return 'e3990b47';
23
+ }
24
+ }
25
+ return false;
26
+ }
27
+
28
+ ?>
bad-behavior/version.inc.php ADDED
@@ -0,0 +1,3 @@
 
 
 
1
+ <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.0.46");
3
+ ?>
bad-behavior/whitelist.inc.php CHANGED
@@ -1,34 +1,83 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
- function bb2_run_whitelist($package)
4
  {
5
- # FIXME: Transitional, until port maintainters implement bb2_read_whitelist
6
- if (function_exists('bb2_read_whitelist')) {
7
- $whitelists = bb2_read_whitelist();
8
- } else {
9
- $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
10
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
11
 
12
- if (@!empty($whitelists['ip'])) {
13
- foreach ($whitelists['ip'] as $range) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
14
  if (match_cidr($package['ip'], $range)) return true;
15
  }
16
  }
17
- if (@!empty($whitelists['useragent'])) {
18
- foreach ($whitelists['useragent'] as $user_agent) {
19
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
20
  }
21
  }
22
- if (@!empty($whitelists['url'])) {
23
  if (strpos($package['request_uri'], "?") === FALSE) {
24
  $request_uri = $package['request_uri'];
25
  } else {
26
  $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
27
  }
28
- foreach ($whitelists['url'] as $url) {
29
- $pos = strpos($request_uri, $url);
30
- if ($pos !== false && $pos == 0) return true;
31
  }
32
  }
33
  return false;
34
  }
 
 
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
+ function bb2_whitelist($package)
4
  {
5
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
6
+
7
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
8
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
9
+ // are 100% CERTAIN that you should.
10
+
11
+ // IP address ranges use the CIDR format.
12
+
13
+ // Includes four examples of whitelisting by IP address and netblock.
14
+ $bb2_whitelist_ip_ranges = array(
15
+ "64.191.203.34", // Digg whitelisted as of 2.0.12
16
+ "208.67.217.130", // Digg whitelisted as of 2.0.12
17
+ "10.0.0.0/8",
18
+ "172.16.0.0/12",
19
+ "192.168.0.0/16",
20
+ // "127.0.0.1",
21
+ );
22
+
23
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
24
+
25
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
26
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
27
+ // are 100% CERTAIN that you should.
28
+
29
+ // You should not whitelist search engines by user agent. Use the IP
30
+ // netblock for the search engine instead. See http://whois.arin.net/
31
+ // to locate the netblocks for an IP.
32
+
33
+ // User agents are matched by exact match only.
34
 
35
+ // Includes one example of whitelisting by user agent.
36
+ // All are commented out.
37
+ $bb2_whitelist_user_agents = array(
38
+ // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
39
+ );
40
+
41
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
42
+
43
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
44
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
45
+ // are 100% CERTAIN that you should.
46
+
47
+ // URLs are matched from the first / after the server name up to,
48
+ // but not including, the ? (if any).
49
+
50
+ // Includes two examples of whitelisting by URL.
51
+ $bb2_whitelist_urls = array(
52
+ // "/example.php",
53
+ // "/openid/server",
54
+ );
55
+
56
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
57
+
58
+ // Do not edit below this line
59
+
60
+ if (!empty($bb2_whitelist_ip_ranges)) {
61
+ foreach ($bb2_whitelist_ip_ranges as $range) {
62
  if (match_cidr($package['ip'], $range)) return true;
63
  }
64
  }
65
+ if (!empty($bb2_whitelist_user_agents)) {
66
+ foreach ($bb2_whitelist_user_agents as $user_agent) {
67
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
68
  }
69
  }
70
+ if (!empty($bb2_whitelist_urls)) {
71
  if (strpos($package['request_uri'], "?") === FALSE) {
72
  $request_uri = $package['request_uri'];
73
  } else {
74
  $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
75
  }
76
+ foreach ($bb2_whitelist_urls as $url) {
77
+ if (!strcmp($request_uri, $url)) return true;
 
78
  }
79
  }
80
  return false;
81
  }
82
+
83
+ ?>
bad-behavior/yahoo.inc.php ADDED
@@ -0,0 +1,11 @@
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Yahoo!
4
+
5
+ function bb2_yahoo($package)
6
+ {
7
+ if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
8
+ return "71436a15";
9
+ }
10
+ return false;
11
+ }
gpl-2.0.txt ADDED
@@ -0,0 +1,339 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ GNU GENERAL PUBLIC LICENSE
2
+ Version 2, June 1991
3
+
4
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6
+ Everyone is permitted to copy and distribute verbatim copies
7
+ of this license document, but changing it is not allowed.
8
+
9
+ Preamble
10
+
11
+ The licenses for most software are designed to take away your
12
+ freedom to share and change it. By contrast, the GNU General Public
13
+ License is intended to guarantee your freedom to share and change free
14
+ software--to make sure the software is free for all its users. This
15
+ General Public License applies to most of the Free Software
16
+ Foundation's software and to any other program whose authors commit to
17
+ using it. (Some other Free Software Foundation software is covered by
18
+ the GNU Lesser General Public License instead.) You can apply it to
19
+ your programs, too.
20
+
21
+ When we speak of free software, we are referring to freedom, not
22
+ price. Our General Public Licenses are designed to make sure that you
23
+ have the freedom to distribute copies of free software (and charge for
24
+ this service if you wish), that you receive source code or can get it
25
+ if you want it, that you can change the software or use pieces of it
26
+ in new free programs; and that you know you can do these things.
27
+
28
+ To protect your rights, we need to make restrictions that forbid
29
+ anyone to deny you these rights or to ask you to surrender the rights.
30
+ These restrictions translate to certain responsibilities for you if you
31
+ distribute copies of the software, or if you modify it.
32
+
33
+ For example, if you distribute copies of such a program, whether
34
+ gratis or for a fee, you must give the recipients all the rights that
35
+ you have. You must make sure that they, too, receive or can get the
36
+ source code. And you must show them these terms so they know their
37
+ rights.
38
+
39
+ We protect your rights with two steps: (1) copyright the software, and
40
+ (2) offer you this license which gives you legal permission to copy,
41
+ distribute and/or modify the software.
42
+
43
+ Also, for each author's protection and ours, we want to make certain
44
+ that everyone understands that there is no warranty for this free
45
+ software. If the software is modified by someone else and passed on, we
46
+ want its recipients to know that what they have is not the original, so
47
+ that any problems introduced by others will not reflect on the original
48
+ authors' reputations.
49
+
50
+ Finally, any free program is threatened constantly by software
51
+ patents. We wish to avoid the danger that redistributors of a free
52
+ program will individually obtain patent licenses, in effect making the
53
+ program proprietary. To prevent this, we have made it clear that any
54
+ patent must be licensed for everyone's free use or not licensed at all.
55
+
56
+ The precise terms and conditions for copying, distribution and
57
+ modification follow.
58
+
59
+ GNU GENERAL PUBLIC LICENSE
60
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61
+
62
+ 0. This License applies to any program or other work which contains
63
+ a notice placed by the copyright holder saying it may be distributed
64
+ under the terms of this General Public License. The "Program", below,
65
+ refers to any such program or work, and a "work based on the Program"
66
+ means either the Program or any derivative work under copyright law:
67
+ that is to say, a work containing the Program or a portion of it,
68
+ either verbatim or with modifications and/or translated into another
69
+ language. (Hereinafter, translation is included without limitation in
70
+ the term "modification".) Each licensee is addressed as "you".
71
+
72
+ Activities other than copying, distribution and modification are not
73
+ covered by this License; they are outside its scope. The act of
74
+ running the Program is not restricted, and the output from the Program
75
+ is covered only if its contents constitute a work based on the
76
+ Program (independent of having been made by running the Program).
77
+ Whether that is true depends on what the Program does.
78
+
79
+ 1. You may copy and distribute verbatim copies of the Program's
80
+ source code as you receive it, in any medium, provided that you
81
+ conspicuously and appropriately publish on each copy an appropriate
82
+ copyright notice and disclaimer of warranty; keep intact all the
83
+ notices that refer to this License and to the absence of any warranty;
84
+ and give any other recipients of the Program a copy of this License
85
+ along with the Program.
86
+
87
+ You may charge a fee for the physical act of transferring a copy, and
88
+ you may at your option offer warranty protection in exchange for a fee.
89
+
90
+ 2. You may modify your copy or copies of the Program or any portion
91
+ of it, thus forming a work based on the Program, and copy and
92
+ distribute such modifications or work under the terms of Section 1
93
+ above, provided that you also meet all of these conditions:
94
+
95
+ a) You must cause the modified files to carry prominent notices
96
+ stating that you changed the files and the date of any change.
97
+
98
+ b) You must cause any work that you distribute or publish, that in
99
+ whole or in part contains or is derived from the Program or any
100
+ part thereof, to be licensed as a whole at no charge to all third
101
+ parties under the terms of this License.
102
+
103
+ c) If the modified program normally reads commands interactively
104
+ when run, you must cause it, when started running for such
105
+ interactive use in the most ordinary way, to print or display an
106
+ announcement including an appropriate copyright notice and a
107
+ notice that there is no warranty (or else, saying that you provide
108
+ a warranty) and that users may redistribute the program under
109
+ these conditions, and telling the user how to view a copy of this
110
+ License. (Exception: if the Program itself is interactive but
111
+ does not normally print such an announcement, your work based on
112
+ the Program is not required to print an announcement.)
113
+
114
+ These requirements apply to the modified work as a whole. If
115
+ identifiable sections of that work are not derived from the Program,
116
+ and can be reasonably considered independent and separate works in
117
+ themselves, then this License, and its terms, do not apply to those
118
+ sections when you distribute them as separate works. But when you
119
+ distribute the same sections as part of a whole which is a work based
120
+ on the Program, the distribution of the whole must be on the terms of
121
+ this License, whose permissions for other licensees extend to the
122
+ entire whole, and thus to each and every part regardless of who wrote it.
123
+
124
+ Thus, it is not the intent of this section to claim rights or contest
125
+ your rights to work written entirely by you; rather, the intent is to
126
+ exercise the right to control the distribution of derivative or
127
+ collective works based on the Program.
128
+
129
+ In addition, mere aggregation of another work not based on the Program
130
+ with the Program (or with a work based on the Program) on a volume of
131
+ a storage or distribution medium does not bring the other work under
132
+ the scope of this License.
133
+
134
+ 3. You may copy and distribute the Program (or a work based on it,
135
+ under Section 2) in object code or executable form under the terms of
136
+ Sections 1 and 2 above provided that you also do one of the following:
137
+
138
+ a) Accompany it with the complete corresponding machine-readable
139
+ source code, which must be distributed under the terms of Sections
140
+ 1 and 2 above on a medium customarily used for software interchange; or,
141
+
142
+ b) Accompany it with a written offer, valid for at least three
143
+ years, to give any third party, for a charge no more than your
144
+ cost of physically performing source distribution, a complete
145
+ machine-readable copy of the corresponding source code, to be
146
+ distributed under the terms of Sections 1 and 2 above on a medium
147
+ customarily used for software interchange; or,
148
+
149
+ c) Accompany it with the information you received as to the offer
150
+ to distribute corresponding source code. (This alternative is
151
+ allowed only for noncommercial distribution and only if you
152
+ received the program in object code or executable form with such
153
+ an offer, in accord with Subsection b above.)
154
+
155
+ The source code for a work means the preferred form of the work for
156
+ making modifications to it. For an executable work, complete source
157
+ code means all the source code for all modules it contains, plus any
158
+ associated interface definition files, plus the scripts used to
159
+ control compilation and installation of the executable. However, as a
160
+ special exception, the source code distributed need not include
161
+ anything that is normally distributed (in either source or binary
162
+ form) with the major components (compiler, kernel, and so on) of the
163
+ operating system on which the executable runs, unless that component
164
+ itself accompanies the executable.
165
+
166
+ If distribution of executable or object code is made by offering
167
+ access to copy from a designated place, then offering equivalent
168
+ access to copy the source code from the same place counts as
169
+ distribution of the source code, even though third parties are not
170
+ compelled to copy the source along with the object code.
171
+
172
+ 4. You may not copy, modify, sublicense, or distribute the Program
173
+ except as expressly provided under this License. Any attempt
174
+ otherwise to copy, modify, sublicense or distribute the Program is
175
+ void, and will automatically terminate your rights under this License.
176
+ However, parties who have received copies, or rights, from you under
177
+ this License will not have their licenses terminated so long as such
178
+ parties remain in full compliance.
179
+
180
+ 5. You are not required to accept this License, since you have not
181
+ signed it. However, nothing else grants you permission to modify or
182
+ distribute the Program or its derivative works. These actions are
183
+ prohibited by law if you do not accept this License. Therefore, by
184
+ modifying or distributing the Program (or any work based on the
185
+ Program), you indicate your acceptance of this License to do so, and
186
+ all its terms and conditions for copying, distributing or modifying
187
+ the Program or works based on it.
188
+
189
+ 6. Each time you redistribute the Program (or any work based on the
190
+ Program), the recipient automatically receives a license from the
191
+ original licensor to copy, distribute or modify the Program subject to
192
+ these terms and conditions. You may not impose any further
193
+ restrictions on the recipients' exercise of the rights granted herein.
194
+ You are not responsible for enforcing compliance by third parties to
195
+ this License.
196
+
197
+ 7. If, as a consequence of a court judgment or allegation of patent
198
+ infringement or for any other reason (not limited to patent issues),
199
+ conditions are imposed on you (whether by court order, agreement or
200
+ otherwise) that contradict the conditions of this License, they do not
201
+ excuse you from the conditions of this License. If you cannot
202
+ distribute so as to satisfy simultaneously your obligations under this
203
+ License and any other pertinent obligations, then as a consequence you
204
+ may not distribute the Program at all. For example, if a patent
205
+ license would not permit royalty-free redistribution of the Program by
206
+ all those who receive copies directly or indirectly through you, then
207
+ the only way you could satisfy both it and this License would be to
208
+ refrain entirely from distribution of the Program.
209
+
210
+ If any portion of this section is held invalid or unenforceable under
211
+ any particular circumstance, the balance of the section is intended to
212
+ apply and the section as a whole is intended to apply in other
213
+ circumstances.
214
+
215
+ It is not the purpose of this section to induce you to infringe any
216
+ patents or other property right claims or to contest validity of any
217
+ such claims; this section has the sole purpose of protecting the
218
+ integrity of the free software distribution system, which is
219
+ implemented by public license practices. Many people have made
220
+ generous contributions to the wide range of software distributed
221
+ through that system in reliance on consistent application of that
222
+ system; it is up to the author/donor to decide if he or she is willing
223
+ to distribute software through any other system and a licensee cannot
224
+ impose that choice.
225
+
226
+ This section is intended to make thoroughly clear what is believed to
227
+ be a consequence of the rest of this License.
228
+
229
+ 8. If the distribution and/or use of the Program is restricted in
230
+ certain countries either by patents or by copyrighted interfaces, the
231
+ original copyright holder who places the Program under this License
232
+ may add an explicit geographical distribution limitation excluding
233
+ those countries, so that distribution is permitted only in or among
234
+ countries not thus excluded. In such case, this License incorporates
235
+ the limitation as if written in the body of this License.
236
+
237
+ 9. The Free Software Foundation may publish revised and/or new versions
238
+ of the General Public License from time to time. Such new versions will
239
+ be similar in spirit to the present version, but may differ in detail to
240
+ address new problems or concerns.
241
+
242
+ Each version is given a distinguishing version number. If the Program
243
+ specifies a version number of this License which applies to it and "any
244
+ later version", you have the option of following the terms and conditions
245
+ either of that version or of any later version published by the Free
246
+ Software Foundation. If the Program does not specify a version number of
247
+ this License, you may choose any version ever published by the Free Software
248
+ Foundation.
249
+
250
+ 10. If you wish to incorporate parts of the Program into other free
251
+ programs whose distribution conditions are different, write to the author
252
+ to ask for permission. For software which is copyrighted by the Free
253
+ Software Foundation, write to the Free Software Foundation; we sometimes
254
+ make exceptions for this. Our decision will be guided by the two goals
255
+ of preserving the free status of all derivatives of our free software and
256
+ of promoting the sharing and reuse of software generally.
257
+
258
+ NO WARRANTY
259
+
260
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261
+ FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262
+ OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263
+ PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264
+ OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266
+ TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267
+ PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268
+ REPAIR OR CORRECTION.
269
+
270
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271
+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272
+ REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273
+ INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274
+ OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275
+ TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276
+ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277
+ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278
+ POSSIBILITY OF SUCH DAMAGES.
279
+
280
+ END OF TERMS AND CONDITIONS
281
+
282
+ How to Apply These Terms to Your New Programs
283
+
284
+ If you develop a new program, and you want it to be of the greatest
285
+ possible use to the public, the best way to achieve this is to make it
286
+ free software which everyone can redistribute and change under these terms.
287
+
288
+ To do so, attach the following notices to the program. It is safest
289
+ to attach them to the start of each source file to most effectively
290
+ convey the exclusion of warranty; and each file should have at least
291
+ the "copyright" line and a pointer to where the full notice is found.
292
+
293
+ <one line to give the program's name and a brief idea of what it does.>
294
+ Copyright (C) <year> <name of author>
295
+
296
+ This program is free software; you can redistribute it and/or modify
297
+ it under the terms of the GNU General Public License as published by
298
+ the Free Software Foundation; either version 2 of the License, or
299
+ (at your option) any later version.
300
+
301
+ This program is distributed in the hope that it will be useful,
302
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
303
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304
+ GNU General Public License for more details.
305
+
306
+ You should have received a copy of the GNU General Public License along
307
+ with this program; if not, write to the Free Software Foundation, Inc.,
308
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309
+
310
+ Also add information on how to contact you by electronic and paper mail.
311
+
312
+ If the program is interactive, make it output a short notice like this
313
+ when it starts in an interactive mode:
314
+
315
+ Gnomovision version 69, Copyright (C) year name of author
316
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317
+ This is free software, and you are welcome to redistribute it
318
+ under certain conditions; type `show c' for details.
319
+
320
+ The hypothetical commands `show w' and `show c' should show the appropriate
321
+ parts of the General Public License. Of course, the commands you use may
322
+ be called something other than `show w' and `show c'; they could even be
323
+ mouse-clicks or menu items--whatever suits your program.
324
+
325
+ You should also get your employer (if you work as a programmer) or your
326
+ school, if any, to sign a "copyright disclaimer" for the program, if
327
+ necessary. Here is a sample; alter the names:
328
+
329
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
331
+
332
+ <signature of Ty Coon>, 1 April 1989
333
+ Ty Coon, President of Vice
334
+
335
+ This General Public License does not permit incorporating your program into
336
+ proprietary programs. If your program is a subroutine library, you may
337
+ consider it more useful to permit linking proprietary applications with the
338
+ library. If this is what you want to do, use the GNU Lesser General
339
+ Public License instead of this License.
gpl-3.0.txt DELETED
@@ -1,674 +0,0 @@
1
- GNU GENERAL PUBLIC LICENSE
2
- Version 3, 29 June 2007
3
-
4
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
5
- Everyone is permitted to copy and distribute verbatim copies
6
- of this license document, but changing it is not allowed.
7
-
8
- Preamble
9
-
10
- The GNU General Public License is a free, copyleft license for
11
- software and other kinds of works.
12
-
13
- The licenses for most software and other practical works are designed
14
- to take away your freedom to share and change the works. By contrast,
15
- the GNU General Public License is intended to guarantee your freedom to
16
- share and change all versions of a program--to make sure it remains free
17
- software for all its users. We, the Free Software Foundation, use the
18
- GNU General Public License for most of our software; it applies also to
19
- any other work released this way by its authors. You can apply it to
20
- your programs, too.
21
-
22
- When we speak of free software, we are referring to freedom, not
23
- price. Our General Public Licenses are designed to make sure that you
24
- have the freedom to distribute copies of free software (and charge for
25
- them if you wish), that you receive source code or can get it if you
26
- want it, that you can change the software or use pieces of it in new
27
- free programs, and that you know you can do these things.
28
-
29
- To protect your rights, we need to prevent others from denying you
30
- these rights or asking you to surrender the rights. Therefore, you have
31
- certain responsibilities if you distribute copies of the software, or if
32
- you modify it: responsibilities to respect the freedom of others.
33
-
34
- For example, if you distribute copies of such a program, whether
35
- gratis or for a fee, you must pass on to the recipients the same
36
- freedoms that you received. You must make sure that they, too, receive
37
- or can get the source code. And you must show them these terms so they
38
- know their rights.
39
-
40
- Developers that use the GNU GPL protect your rights with two steps:
41
- (1) assert copyright on the software, and (2) offer you this License
42
- giving you legal permission to copy, distribute and/or modify it.
43
-
44
- For the developers' and authors' protection, the GPL clearly explains
45
- that there is no warranty for this free software. For both users' and
46
- authors' sake, the GPL requires that modified versions be marked as
47
- changed, so that their problems will not be attributed erroneously to
48
- authors of previous versions.
49
-
50
- Some devices are designed to deny users access to install or run
51
- modified versions of the software inside them, although the manufacturer
52
- can do so. This is fundamentally incompatible with the aim of
53
- protecting users' freedom to change the software. The systematic
54
- pattern of such abuse occurs in the area of products for individuals to
55
- use, which is precisely where it is most unacceptable. Therefore, we
56
- have designed this version of the GPL to prohibit the practice for those
57
- products. If such problems arise substantially in other domains, we
58
- stand ready to extend this provision to those domains in future versions
59
- of the GPL, as needed to protect the freedom of users.
60
-
61
- Finally, every program is threatened constantly by software patents.
62
- States should not allow patents to restrict development and use of
63
- software on general-purpose computers, but in those that do, we wish to
64
- avoid the special danger that patents applied to a free program could
65
- make it effectively proprietary. To prevent this, the GPL assures that
66
- patents cannot be used to render the program non-free.
67
-
68
- The precise terms and conditions for copying, distribution and
69
- modification follow.
70
-
71
- TERMS AND CONDITIONS
72
-
73
- 0. Definitions.
74
-
75
- "This License" refers to version 3 of the GNU General Public License.
76
-
77
- "Copyright" also means copyright-like laws that apply to other kinds of
78
- works, such as semiconductor masks.
79
-
80
- "The Program" refers to any copyrightable work licensed under this
81
- License. Each licensee is addressed as "you". "Licensees" and
82
- "recipients" may be individuals or organizations.
83
-
84
- To "modify" a work means to copy from or adapt all or part of the work
85
- in a fashion requiring copyright permission, other than the making of an
86
- exact copy. The resulting work is called a "modified version" of the
87
- earlier work or a work "based on" the earlier work.
88
-
89
- A "covered work" means either the unmodified Program or a work based
90
- on the Program.
91
-
92
- To "propagate" a work means to do anything with it that, without
93
- permission, would make you directly or secondarily liable for
94
- infringement under applicable copyright law, except executing it on a
95
- computer or modifying a private copy. Propagation includes copying,
96
- distribution (with or without modification), making available to the
97
- public, and in some countries other activities as well.
98
-
99
- To "convey" a work means any kind of propagation that enables other
100
- parties to make or receive copies. Mere interaction with a user through
101
- a computer network, with no transfer of a copy, is not conveying.
102
-
103
- An interactive user interface displays "Appropriate Legal Notices"
104
- to the extent that it includes a convenient and prominently visible
105
- feature that (1) displays an appropriate copyright notice, and (2)
106
- tells the user that there is no warranty for the work (except to the
107
- extent that warranties are provided), that licensees may convey the
108
- work under this License, and how to view a copy of this License. If
109
- the interface presents a list of user commands or options, such as a
110
- menu, a prominent item in the list meets this criterion.
111
-
112
- 1. Source Code.
113
-
114
- The "source code" for a work means the preferred form of the work
115
- for making modifications to it. "Object code" means any non-source
116
- form of a work.
117
-
118
- A "Standard Interface" means an interface that either is an official
119
- standard defined by a recognized standards body, or, in the case of
120
- interfaces specified for a particular programming language, one that
121
- is widely used among developers working in that language.
122
-
123
- The "System Libraries" of an executable work include anything, other
124
- than the work as a whole, that (a) is included in the normal form of
125
- packaging a Major Component, but which is not part of that Major
126
- Component, and (b) serves only to enable use of the work with that
127
- Major Component, or to implement a Standard Interface for which an
128
- implementation is available to the public in source code form. A
129
- "Major Component", in this context, means a major essential component
130
- (kernel, window system, and so on) of the specific operating system
131
- (if any) on which the executable work runs, or a compiler used to
132
- produce the work, or an object code interpreter used to run it.
133
-
134
- The "Corresponding Source" for a work in object code form means all
135
- the source code needed to generate, install, and (for an executable
136
- work) run the object code and to modify the work, including scripts to
137
- control those activities. However, it does not include the work's
138
- System Libraries, or general-purpose tools or generally available free
139
- programs which are used unmodified in performing those activities but
140
- which are not part of the work. For example, Corresponding Source
141
- includes interface definition files associated with source files for
142
- the work, and the source code for shared libraries and dynamically
143
- linked subprograms that the work is specifically designed to require,
144
- such as by intimate data communication or control flow between those
145
- subprograms and other parts of the work.
146
-
147
- The Corresponding Source need not include anything that users
148
- can regenerate automatically from other parts of the Corresponding
149
- Source.
150
-
151
- The Corresponding Source for a work in source code form is that
152
- same work.
153
-
154
- 2. Basic Permissions.
155
-
156
- All rights granted under this License are granted for the term of
157
- copyright on the Program, and are irrevocable provided the stated
158
- conditions are met. This License explicitly affirms your unlimited
159
- permission to run the unmodified Program. The output from running a
160
- covered work is covered by this License only if the output, given its
161
- content, constitutes a covered work. This License acknowledges your
162
- rights of fair use or other equivalent, as provided by copyright law.
163
-
164
- You may make, run and propagate covered works that you do not
165
- convey, without conditions so long as your license otherwise remains
166
- in force. You may convey covered works to others for the sole purpose
167
- of having them make modifications exclusively for you, or provide you
168
- with facilities for running those works, provided that you comply with
169
- the terms of this License in conveying all material for which you do
170
- not control copyright. Those thus making or running the covered works
171
- for you must do so exclusively on your behalf, under your direction
172
- and control, on terms that prohibit them from making any copies of
173
- your copyrighted material outside their relationship with you.
174
-
175
- Conveying under any other circumstances is permitted solely under
176
- the conditions stated below. Sublicensing is not allowed; section 10
177
- makes it unnecessary.
178
-
179
- 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180
-
181
- No covered work shall be deemed part of an effective technological
182
- measure under any applicable law fulfilling obligations under article
183
- 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184
- similar laws prohibiting or restricting circumvention of such
185
- measures.
186
-
187
- When you convey a covered work, you waive any legal power to forbid
188
- circumvention of technological measures to the extent such circumvention
189
- is effected by exercising rights under this License with respect to
190
- the covered work, and you disclaim any intention to limit operation or
191
- modification of the work as a means of enforcing, against the work's
192
- users, your or third parties' legal rights to forbid circumvention of
193
- technological measures.
194
-
195
- 4. Conveying Verbatim Copies.
196
-
197
- You may convey verbatim copies of the Program's source code as you
198
- receive it, in any medium, provided that you conspicuously and
199
- appropriately publish on each copy an appropriate copyright notice;
200
- keep intact all notices stating that this License and any
201
- non-permissive terms added in accord with section 7 apply to the code;
202
- keep intact all notices of the absence of any warranty; and give all
203
- recipients a copy of this License along with the Program.
204
-
205
- You may charge any price or no price for each copy that you convey,
206
- and you may offer support or warranty protection for a fee.
207
-
208
- 5. Conveying Modified Source Versions.
209
-
210
- You may convey a work based on the Program, or the modifications to
211
- produce it from the Program, in the form of source code under the
212
- terms of section 4, provided that you also meet all of these conditions:
213
-
214
- a) The work must carry prominent notices stating that you modified
215
- it, and giving a relevant date.
216
-
217
- b) The work must carry prominent notices stating that it is
218
- released under this License and any conditions added under section
219
- 7. This requirement modifies the requirement in section 4 to
220
- "keep intact all notices".
221
-
222
- c) You must license the entire work, as a whole, under this
223
- License to anyone who comes into possession of a copy. This
224
- License will therefore apply, along with any applicable section 7
225
- additional terms, to the whole of the work, and all its parts,
226
- regardless of how they are packaged. This License gives no
227
- permission to license the work in any other way, but it does not
228
- invalidate such permission if you have separately received it.
229
-
230
- d) If the work has interactive user interfaces, each must display
231
- Appropriate Legal Notices; however, if the Program has interactive
232
- interfaces that do not display Appropriate Legal Notices, your
233
- work need not make them do so.
234
-
235
- A compilation of a covered work with other separate and independent
236
- works, which are not by their nature extensions of the covered work,
237
- and which are not combined with it such as to form a larger program,
238
- in or on a volume of a storage or distribution medium, is called an
239
- "aggregate" if the compilation and its resulting copyright are not
240
- used to limit the access or legal rights of the compilation's users
241
- beyond what the individual works permit. Inclusion of a covered work
242
- in an aggregate does not cause this License to apply to the other
243
- parts of the aggregate.
244
-
245
- 6. Conveying Non-Source Forms.
246
-
247
- You may convey a covered work in object code form under the terms
248
- of sections 4 and 5, provided that you also convey the
249
- machine-readable Corresponding Source under the terms of this License,
250
- in one of these ways:
251
-
252
- a) Convey the object code in, or embodied in, a physical product
253
- (including a physical distribution medium), accompanied by the
254
- Corresponding Source fixed on a durable physical medium
255
- customarily used for software interchange.
256
-
257
- b) Convey the object code in, or embodied in, a physical product
258
- (including a physical distribution medium), accompanied by a
259
- written offer, valid for at least three years and valid for as
260
- long as you offer spare parts or customer support for that product
261
- model, to give anyone who possesses the object code either (1) a
262
- copy of the Corresponding Source for all the software in the
263
- product that is covered by this License, on a durable physical
264
- medium customarily used for software interchange, for a price no
265
- more than your reasonable cost of physically performing this
266
- conveying of source, or (2) access to copy the
267
- Corresponding Source from a network server at no charge.
268
-
269
- c) Convey individual copies of the object code with a copy of the
270
- written offer to provide the Corresponding Source. This
271
- alternative is allowed only occasionally and noncommercially, and
272
- only if you received the object code with such an offer, in accord
273
- with subsection 6b.
274
-
275
- d) Convey the object code by offering access from a designated
276
- place (gratis or for a charge), and offer equivalent access to the
277
- Corresponding Source in the same way through the same place at no
278
- further charge. You need not require recipients to copy the
279
- Corresponding Source along with the object code. If the place to
280
- copy the object code is a network server, the Corresponding Source
281
- may be on a different server (operated by you or a third party)
282
- that supports equivalent copying facilities, provided you maintain
283
- clear directions next to the object code saying where to find the
284
- Corresponding Source. Regardless of what server hosts the
285
- Corresponding Source, you remain obligated to ensure that it is
286
- available for as long as needed to satisfy these requirements.
287
-
288
- e) Convey the object code using peer-to-peer transmission, provided
289
- you inform other peers where the object code and Corresponding
290
- Source of the work are being offered to the general public at no
291
- charge under subsection 6d.
292
-
293
- A separable portion of the object code, whose source code is excluded
294
- from the Corresponding Source as a System Library, need not be
295
- included in conveying the object code work.
296
-
297
- A "User Product" is either (1) a "consumer product", which means any
298
- tangible personal property which is normally used for personal, family,
299
- or household purposes, or (2) anything designed or sold for incorporation
300
- into a dwelling. In determining whether a product is a consumer product,
301
- doubtful cases shall be resolved in favor of coverage. For a particular
302
- product received by a particular user, "normally used" refers to a
303
- typical or common use of that class of product, regardless of the status
304
- of the particular user or of the way in which the particular user
305
- actually uses, or expects or is expected to use, the product. A product
306
- is a consumer product regardless of whether the product has substantial
307
- commercial, industrial or non-consumer uses, unless such uses represent
308
- the only significant mode of use of the product.
309
-
310
- "Installation Information" for a User Product means any methods,
311
- procedures, authorization keys, or other information required to install
312
- and execute modified versions of a covered work in that User Product from
313
- a modified version of its Corresponding Source. The information must
314
- suffice to ensure that the continued functioning of the modified object
315
- code is in no case prevented or interfered with solely because
316
- modification has been made.
317
-
318
- If you convey an object code work under this section in, or with, or
319
- specifically for use in, a User Product, and the conveying occurs as
320
- part of a transaction in which the right of possession and use of the
321
- User Product is transferred to the recipient in perpetuity or for a
322
- fixed term (regardless of how the transaction is characterized), the
323
- Corresponding Source conveyed under this section must be accompanied
324
- by the Installation Information. But this requirement does not apply
325
- if neither you nor any third party retains the ability to install
326
- modified object code on the User Product (for example, the work has
327
- been installed in ROM).
328
-
329
- The requirement to provide Installation Information does not include a
330
- requirement to continue to provide support service, warranty, or updates
331
- for a work that has been modified or installed by the recipient, or for
332
- the User Product in which it has been modified or installed. Access to a
333
- network may be denied when the modification itself materially and
334
- adversely affects the operation of the network or violates the rules and
335
- protocols for communication across the network.
336
-
337
- Corresponding Source conveyed, and Installation Information provided,
338
- in accord with this section must be in a format that is publicly
339
- documented (and with an implementation available to the public in
340
- source code form), and must require no special password or key for
341
- unpacking, reading or copying.
342
-
343
- 7. Additional Terms.
344
-
345
- "Additional permissions" are terms that supplement the terms of this
346
- License by making exceptions from one or more of its conditions.
347
- Additional permissions that are applicable to the entire Program shall
348
- be treated as though they were included in this License, to the extent
349
- that they are valid under applicable law. If additional permissions
350
- apply only to part of the Program, that part may be used separately
351
- under those permissions, but the entire Program remains governed by
352
- this License without regard to the additional permissions.
353
-
354
- When you convey a copy of a covered work, you may at your option
355
- remove any additional permissions from that copy, or from any part of
356
- it. (Additional permissions may be written to require their own
357
- removal in certain cases when you modify the work.) You may place
358
- additional permissions on material, added by you to a covered work,
359
- for which you have or can give appropriate copyright permission.
360
-
361
- Notwithstanding any other provision of this License, for material you
362
- add to a covered work, you may (if authorized by the copyright holders of
363
- that material) supplement the terms of this License with terms:
364
-
365
- a) Disclaiming warranty or limiting liability differently from the
366
- terms of sections 15 and 16 of this License; or
367
-
368
- b) Requiring preservation of specified reasonable legal notices or
369
- author attributions in that material or in the Appropriate Legal
370
- Notices displayed by works containing it; or
371
-
372
- c) Prohibiting misrepresentation of the origin of that material, or
373
- requiring that modified versions of such material be marked in
374
- reasonable ways as different from the original version; or
375
-
376
- d) Limiting the use for publicity purposes of names of licensors or
377
- authors of the material; or
378
-
379
- e) Declining to grant rights under trademark law for use of some
380
- trade names, trademarks, or service marks; or
381
-
382
- f) Requiring indemnification of licensors and authors of that
383
- material by anyone who conveys the material (or modified versions of
384
- it) with contractual assumptions of liability to the recipient, for
385
- any liability that these contractual assumptions directly impose on
386
- those licensors and authors.
387
-
388
- All other non-permissive additional terms are considered "further
389
- restrictions" within the meaning of section 10. If the Program as you
390
- received it, or any part of it, contains a notice stating that it is
391
- governed by this License along with a term that is a further
392
- restriction, you may remove that term. If a license document contains
393
- a further restriction but permits relicensing or conveying under this
394
- License, you may add to a covered work material governed by the terms
395
- of that license document, provided that the further restriction does
396
- not survive such relicensing or conveying.
397
-
398
- If you add terms to a covered work in accord with this section, you
399
- must place, in the relevant source files, a statement of the
400
- additional terms that apply to those files, or a notice indicating
401
- where to find the applicable terms.
402
-
403
- Additional terms, permissive or non-permissive, may be stated in the
404
- form of a separately written license, or stated as exceptions;
405
- the above requirements apply either way.
406
-
407
- 8. Termination.
408
-
409
- You may not propagate or modify a covered work except as expressly
410
- provided under this License. Any attempt otherwise to propagate or
411
- modify it is void, and will automatically terminate your rights under
412
- this License (including any patent licenses granted under the third
413
- paragraph of section 11).
414
-
415
- However, if you cease all violation of this License, then your
416
- license from a particular copyright holder is reinstated (a)
417
- provisionally, unless and until the copyright holder explicitly and
418
- finally terminates your license, and (b) permanently, if the copyright
419
- holder fails to notify you of the violation by some reasonable means
420
- prior to 60 days after the cessation.
421
-
422
- Moreover, your license from a particular copyright holder is
423
- reinstated permanently if the copyright holder notifies you of the
424
- violation by some reasonable means, this is the first time you have
425
- received notice of violation of this License (for any work) from that
426
- copyright holder, and you cure the violation prior to 30 days after
427
- your receipt of the notice.
428
-
429
- Termination of your rights under this section does not terminate the
430
- licenses of parties who have received copies or rights from you under
431
- this License. If your rights have been terminated and not permanently
432
- reinstated, you do not qualify to receive new licenses for the same
433
- material under section 10.
434
-
435
- 9. Acceptance Not Required for Having Copies.
436
-
437
- You are not required to accept this License in order to receive or
438
- run a copy of the Program. Ancillary propagation of a covered work
439
- occurring solely as a consequence of using peer-to-peer transmission
440
- to receive a copy likewise does not require acceptance. However,
441
- nothing other than this License grants you permission to propagate or
442
- modify any covered work. These actions infringe copyright if you do
443
- not accept this License. Therefore, by modifying or propagating a
444
- covered work, you indicate your acceptance of this License to do so.
445
-
446
- 10. Automatic Licensing of Downstream Recipients.
447
-
448
- Each time you convey a covered work, the recipient automatically
449
- receives a license from the original licensors, to run, modify and
450
- propagate that work, subject to this License. You are not responsible
451
- for enforcing compliance by third parties with this License.
452
-
453
- An "entity transaction" is a transaction transferring control of an
454
- organization, or substantially all assets of one, or subdividing an
455
- organization, or merging organizations. If propagation of a covered
456
- work results from an entity transaction, each party to that
457
- transaction who receives a copy of the work also receives whatever
458
- licenses to the work the party's predecessor in interest had or could
459
- give under the previous paragraph, plus a right to possession of the
460
- Corresponding Source of the work from the predecessor in interest, if
461
- the predecessor has it or can get it with reasonable efforts.
462
-
463
- You may not impose any further restrictions on the exercise of the
464
- rights granted or affirmed under this License. For example, you may
465
- not impose a license fee, royalty, or other charge for exercise of
466
- rights granted under this License, and you may not initiate litigation
467
- (including a cross-claim or counterclaim in a lawsuit) alleging that
468
- any patent claim is infringed by making, using, selling, offering for
469
- sale, or importing the Program or any portion of it.
470
-
471
- 11. Patents.
472
-
473
- A "contributor" is a copyright holder who authorizes use under this
474
- License of the Program or a work on which the Program is based. The
475
- work thus licensed is called the contributor's "contributor version".
476
-
477
- A contributor's "essential patent claims" are all patent claims
478
- owned or controlled by the contributor, whether already acquired or
479
- hereafter acquired, that would be infringed by some manner, permitted
480
- by this License, of making, using, or selling its contributor version,
481
- but do not include claims that would be infringed only as a
482
- consequence of further modification of the contributor version. For
483
- purposes of this definition, "control" includes the right to grant
484
- patent sublicenses in a manner consistent with the requirements of
485
- this License.
486
-
487
- Each contributor grants you a non-exclusive, worldwide, royalty-free
488
- patent license under the contributor's essential patent claims, to
489
- make, use, sell, offer for sale, import and otherwise run, modify and
490
- propagate the contents of its contributor version.
491
-
492
- In the following three paragraphs, a "patent license" is any express
493
- agreement or commitment, however denominated, not to enforce a patent
494
- (such as an express permission to practice a patent or covenant not to
495
- sue for patent infringement). To "grant" such a patent license to a
496
- party means to make such an agreement or commitment not to enforce a
497
- patent against the party.
498
-
499
- If you convey a covered work, knowingly relying on a patent license,
500
- and the Corresponding Source of the work is not available for anyone
501
- to copy, free of charge and under the terms of this License, through a
502
- publicly available network server or other readily accessible means,
503
- then you must either (1) cause the Corresponding Source to be so
504
- available, or (2) arrange to deprive yourself of the benefit of the
505
- patent license for this particular work, or (3) arrange, in a manner
506
- consistent with the requirements of this License, to extend the patent
507
- license to downstream recipients. "Knowingly relying" means you have
508
- actual knowledge that, but for the patent license, your conveying the
509
- covered work in a country, or your recipient's use of the covered work
510
- in a country, would infringe one or more identifiable patents in that
511
- country that you have reason to believe are valid.
512
-
513
- If, pursuant to or in connection with a single transaction or
514
- arrangement, you convey, or propagate by procuring conveyance of, a
515
- covered work, and grant a patent license to some of the parties
516
- receiving the covered work authorizing them to use, propagate, modify
517
- or convey a specific copy of the covered work, then the patent license
518
- you grant is automatically extended to all recipients of the covered
519
- work and works based on it.
520
-
521
- A patent license is "discriminatory" if it does not include within
522
- the scope of its coverage, prohibits the exercise of, or is
523
- conditioned on the non-exercise of one or more of the rights that are
524
- specifically granted under this License. You may not convey a covered
525
- work if you are a party to an arrangement with a third party that is
526
- in the business of distributing software, under which you make payment
527
- to the third party based on the extent of your activity of conveying
528
- the work, and under which the third party grants, to any of the
529
- parties who would receive the covered work from you, a discriminatory
530
- patent license (a) in connection with copies of the covered work
531
- conveyed by you (or copies made from those copies), or (b) primarily
532
- for and in connection with specific products or compilations that
533
- contain the covered work, unless you entered into that arrangement,
534
- or that patent license was granted, prior to 28 March 2007.
535
-
536
- Nothing in this License shall be construed as excluding or limiting
537
- any implied license or other defenses to infringement that may
538
- otherwise be available to you under applicable patent law.
539
-
540
- 12. No Surrender of Others' Freedom.
541
-
542
- If conditions are imposed on you (whether by court order, agreement or
543
- otherwise) that contradict the conditions of this License, they do not
544
- excuse you from the conditions of this License. If you cannot convey a
545
- covered work so as to satisfy simultaneously your obligations under this
546
- License and any other pertinent obligations, then as a consequence you may
547
- not convey it at all. For example, if you agree to terms that obligate you
548
- to collect a royalty for further conveying from those to whom you convey
549
- the Program, the only way you could satisfy both those terms and this
550
- License would be to refrain entirely from conveying the Program.
551
-
552
- 13. Use with the GNU Affero General Public License.
553
-
554
- Notwithstanding any other provision of this License, you have
555
- permission to link or combine any covered work with a work licensed
556
- under version 3 of the GNU Affero General Public License into a single
557
- combined work, and to convey the resulting work. The terms of this
558
- License will continue to apply to the part which is the covered work,
559
- but the special requirements of the GNU Affero General Public License,
560
- section 13, concerning interaction through a network will apply to the
561
- combination as such.
562
-
563
- 14. Revised Versions of this License.
564
-
565
- The Free Software Foundation may publish revised and/or new versions of
566
- the GNU General Public License from time to time. Such new versions will
567
- be similar in spirit to the present version, but may differ in detail to
568
- address new problems or concerns.
569
-
570
- Each version is given a distinguishing version number. If the
571
- Program specifies that a certain numbered version of the GNU General
572
- Public License "or any later version" applies to it, you have the
573
- option of following the terms and conditions either of that numbered
574
- version or of any later version published by the Free Software
575
- Foundation. If the Program does not specify a version number of the
576
- GNU General Public License, you may choose any version ever published
577
- by the Free Software Foundation.
578
-
579
- If the Program specifies that a proxy can decide which future
580
- versions of the GNU General Public License can be used, that proxy's
581
- public statement of acceptance of a version permanently authorizes you
582
- to choose that version for the Program.
583
-
584
- Later license versions may give you additional or different
585
- permissions. However, no additional obligations are imposed on any
586
- author or copyright holder as a result of your choosing to follow a
587
- later version.
588
-
589
- 15. Disclaimer of Warranty.
590
-
591
- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592
- APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593
- HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594
- OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595
- THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596
- PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597
- IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598
- ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599
-
600
- 16. Limitation of Liability.
601
-
602
- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603
- WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604
- THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605
- GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606
- USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607
- DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608
- PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609
- EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610
- SUCH DAMAGES.
611
-
612
- 17. Interpretation of Sections 15 and 16.
613
-
614
- If the disclaimer of warranty and limitation of liability provided
615
- above cannot be given local legal effect according to their terms,
616
- reviewing courts shall apply local law that most closely approximates
617
- an absolute waiver of all civil liability in connection with the
618
- Program, unless a warranty or assumption of liability accompanies a
619
- copy of the Program in return for a fee.
620
-
621
- END OF TERMS AND CONDITIONS
622
-
623
- How to Apply These Terms to Your New Programs
624
-
625
- If you develop a new program, and you want it to be of the greatest
626
- possible use to the public, the best way to achieve this is to make it
627
- free software which everyone can redistribute and change under these terms.
628
-
629
- To do so, attach the following notices to the program. It is safest
630
- to attach them to the start of each source file to most effectively
631
- state the exclusion of warranty; and each file should have at least
632
- the "copyright" line and a pointer to where the full notice is found.
633
-
634
- <one line to give the program's name and a brief idea of what it does.>
635
- Copyright (C) <year> <name of author>
636
-
637
- This program is free software: you can redistribute it and/or modify
638
- it under the terms of the GNU General Public License as published by
639
- the Free Software Foundation, either version 3 of the License, or
640
- (at your option) any later version.
641
-
642
- This program is distributed in the hope that it will be useful,
643
- but WITHOUT ANY WARRANTY; without even the implied warranty of
644
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645
- GNU General Public License for more details.
646
-
647
- You should have received a copy of the GNU General Public License
648
- along with this program. If not, see <http://www.gnu.org/licenses/>.
649
-
650
- Also add information on how to contact you by electronic and paper mail.
651
-
652
- If the program does terminal interaction, make it output a short
653
- notice like this when it starts in an interactive mode:
654
-
655
- <program> Copyright (C) <year> <name of author>
656
- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657
- This is free software, and you are welcome to redistribute it
658
- under certain conditions; type `show c' for details.
659
-
660
- The hypothetical commands `show w' and `show c' should show the appropriate
661
- parts of the General Public License. Of course, your program's commands
662
- might be different; for a GUI interface, you would use an "about box".
663
-
664
- You should also get your employer (if you work as a programmer) or school,
665
- if any, to sign a "copyright disclaimer" for the program, if necessary.
666
- For more information on this, and how to apply and follow the GNU GPL, see
667
- <http://www.gnu.org/licenses/>.
668
-
669
- The GNU General Public License does not permit incorporating your program
670
- into proprietary programs. If your program is a subroutine library, you
671
- may consider it more useful to permit linking proprietary applications with
672
- the library. If this is what you want to do, use the GNU Lesser General
673
- Public License instead of this License. But first, please read
674
- <http://www.gnu.org/philosophy/why-not-lgpl.html>.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
lgpl-3.0.txt DELETED
@@ -1,165 +0,0 @@
1
- GNU LESSER GENERAL PUBLIC LICENSE
2
- Version 3, 29 June 2007
3
-
4
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
5
- Everyone is permitted to copy and distribute verbatim copies
6
- of this license document, but changing it is not allowed.
7
-
8
-
9
- This version of the GNU Lesser General Public License incorporates
10
- the terms and conditions of version 3 of the GNU General Public
11
- License, supplemented by the additional permissions listed below.
12
-
13
- 0. Additional Definitions.
14
-
15
- As used herein, "this License" refers to version 3 of the GNU Lesser
16
- General Public License, and the "GNU GPL" refers to version 3 of the GNU
17
- General Public License.
18
-
19
- "The Library" refers to a covered work governed by this License,
20
- other than an Application or a Combined Work as defined below.
21
-
22
- An "Application" is any work that makes use of an interface provided
23
- by the Library, but which is not otherwise based on the Library.
24
- Defining a subclass of a class defined by the Library is deemed a mode
25
- of using an interface provided by the Library.
26
-
27
- A "Combined Work" is a work produced by combining or linking an
28
- Application with the Library. The particular version of the Library
29
- with which the Combined Work was made is also called the "Linked
30
- Version".
31
-
32
- The "Minimal Corresponding Source" for a Combined Work means the
33
- Corresponding Source for the Combined Work, excluding any source code
34
- for portions of the Combined Work that, considered in isolation, are
35
- based on the Application, and not on the Linked Version.
36
-
37
- The "Corresponding Application Code" for a Combined Work means the
38
- object code and/or source code for the Application, including any data
39
- and utility programs needed for reproducing the Combined Work from the
40
- Application, but excluding the System Libraries of the Combined Work.
41
-
42
- 1. Exception to Section 3 of the GNU GPL.
43
-
44
- You may convey a covered work under sections 3 and 4 of this License
45
- without being bound by section 3 of the GNU GPL.
46
-
47
- 2. Conveying Modified Versions.
48
-
49
- If you modify a copy of the Library, and, in your modifications, a
50
- facility refers to a function or data to be supplied by an Application
51
- that uses the facility (other than as an argument passed when the
52
- facility is invoked), then you may convey a copy of the modified
53
- version:
54
-
55
- a) under this License, provided that you make a good faith effort to
56
- ensure that, in the event an Application does not supply the
57
- function or data, the facility still operates, and performs
58
- whatever part of its purpose remains meaningful, or
59
-
60
- b) under the GNU GPL, with none of the additional permissions of
61
- this License applicable to that copy.
62
-
63
- 3. Object Code Incorporating Material from Library Header Files.
64
-
65
- The object code form of an Application may incorporate material from
66
- a header file that is part of the Library. You may convey such object
67
- code under terms of your choice, provided that, if the incorporated
68
- material is not limited to numerical parameters, data structure
69
- layouts and accessors, or small macros, inline functions and templates
70
- (ten or fewer lines in length), you do both of the following:
71
-
72
- a) Give prominent notice with each copy of the object code that the
73
- Library is used in it and that the Library and its use are
74
- covered by this License.
75
-
76
- b) Accompany the object code with a copy of the GNU GPL and this license
77
- document.
78
-
79
- 4. Combined Works.
80
-
81
- You may convey a Combined Work under terms of your choice that,
82
- taken together, effectively do not restrict modification of the
83
- portions of the Library contained in the Combined Work and reverse
84
- engineering for debugging such modifications, if you also do each of
85
- the following:
86
-
87
- a) Give prominent notice with each copy of the Combined Work that
88
- the Library is used in it and that the Library and its use are
89
- covered by this License.
90
-
91
- b) Accompany the Combined Work with a copy of the GNU GPL and this license
92
- document.
93
-
94
- c) For a Combined Work that displays copyright notices during
95
- execution, include the copyright notice for the Library among
96
- these notices, as well as a reference directing the user to the
97
- copies of the GNU GPL and this license document.
98
-
99
- d) Do one of the following:
100
-
101
- 0) Convey the Minimal Corresponding Source under the terms of this
102
- License, and the Corresponding Application Code in a form
103
- suitable for, and under terms that permit, the user to
104
- recombine or relink the Application with a modified version of
105
- the Linked Version to produce a modified Combined Work, in the
106
- manner specified by section 6 of the GNU GPL for conveying
107
- Corresponding Source.
108
-
109
- 1) Use a suitable shared library mechanism for linking with the
110
- Library. A suitable mechanism is one that (a) uses at run time
111
- a copy of the Library already present on the user's computer
112
- system, and (b) will operate properly with a modified version
113
- of the Library that is interface-compatible with the Linked
114
- Version.
115
-
116
- e) Provide Installation Information, but only if you would otherwise
117
- be required to provide such information under section 6 of the
118
- GNU GPL, and only to the extent that such information is
119
- necessary to install and execute a modified version of the
120
- Combined Work produced by recombining or relinking the
121
- Application with a modified version of the Linked Version. (If
122
- you use option 4d0, the Installation Information must accompany
123
- the Minimal Corresponding Source and Corresponding Application
124
- Code. If you use option 4d1, you must provide the Installation
125
- Information in the manner specified by section 6 of the GNU GPL
126
- for conveying Corresponding Source.)
127
-
128
- 5. Combined Libraries.
129
-
130
- You may place library facilities that are a work based on the
131
- Library side by side in a single library together with other library
132
- facilities that are not Applications and are not covered by this
133
- License, and convey such a combined library under terms of your
134
- choice, if you do both of the following:
135
-
136
- a) Accompany the combined library with a copy of the same work based
137
- on the Library, uncombined with any other library facilities,
138
- conveyed under the terms of this License.
139
-
140
- b) Give prominent notice with the combined library that part of it
141
- is a work based on the Library, and explaining where to find the
142
- accompanying uncombined form of the same work.
143
-
144
- 6. Revised Versions of the GNU Lesser General Public License.
145
-
146
- The Free Software Foundation may publish revised and/or new versions
147
- of the GNU Lesser General Public License from time to time. Such new
148
- versions will be similar in spirit to the present version, but may
149
- differ in detail to address new problems or concerns.
150
-
151
- Each version is given a distinguishing version number. If the
152
- Library as you received it specifies that a certain numbered version
153
- of the GNU Lesser General Public License "or any later version"
154
- applies to it, you have the option of following the terms and
155
- conditions either of that published version or of any later version
156
- published by the Free Software Foundation. If the Library as you
157
- received it does not specify a version number of the GNU Lesser
158
- General Public License, you may choose any version of the GNU Lesser
159
- General Public License ever published by the Free Software Foundation.
160
-
161
- If the Library as you received it specifies that a proxy can decide
162
- whether future versions of the GNU Lesser General Public License shall
163
- apply, that proxy's public statement of acceptance of any version is
164
- permanent authorization for you to choose that version for the
165
- Library.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
settings-sample.ini DELETED
@@ -1,15 +0,0 @@
1
- ; settings.ini
2
-
3
- [settings]
4
- display_stats = false
5
- strict = false
6
- verbose = false
7
- logging = true
8
- httpbl_key = ""
9
- httpbl_threat = 25
10
- httpbl_maxage = 30
11
- offsite_forms = false
12
- reverse_proxy = false
13
- reverse_proxy_header = "X-Forwarded-For"
14
- ;reverse_proxy_addresses[] =
15
- ;reverse_proxy_addresses[] =
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
whitelist-sample.ini DELETED
@@ -1,31 +0,0 @@
1
- ; whitelist.ini
2
- ;
3
- ; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
4
- ; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
5
- ; that you should.
6
-
7
- ; IP address ranges use the CIDR format.
8
-
9
- [ip]
10
- ; Digg whitelisted as of 2.0.12
11
- ip[] = "64.191.203.0/24"
12
- ip[] = "208.67.217.130"
13
- ; RFC 1918 addresses
14
- ip[] = "10.0.0.0/8"
15
- ip[] = "172.16.0.0/12"
16
- ip[] = "192.168.0.0/16"
17
-
18
- ; User agents are matched by exact match only.
19
-
20
- [useragent]
21
- useragent[] = "Mozilla/4.0 (It's me, let me in)"
22
-
23
- ; URLs are matched from the first / after the server name up to, but not
24
- ; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
25
- ; A partial URL match is permitted, so URL whitelist entries should be as
26
- ; specific as possible, but no more specific than necessary. For instance,
27
- ; "/example" would match "/example.php" and "/example/address".
28
-
29
- [url]
30
- url[] = "/example.php"
31
- url[] = "/openid/server"