Bad Behavior - Version 2.2.3

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.2.3
Comparing to
See all releases

Code changes from version 2.2.2 to 2.2.3

Files changed (8) hide show
  1. README.txt +1 -1
  2. bad-behavior-generic.php +5 -0
  3. bad-behavior-mediawiki.php +5 -0
  4. bad-behavior-wordpress-admin.php +77 -21
  5. bad-behavior-wordpress.php +10 -2
  6. bad-behavior/core.inc.php +2 -2
  7. bad-behavior/post.inc.php +7 -2
  8. bad-behavior/whitelist.inc.php +7 -2
README.txt CHANGED
@@ -4,7 +4,7 @@ Contributors: error, markjaquith, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 2.7
6
  Tested up to: 3.3.1
7
- Stable tag: 2.2.2
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 2.7
6
  Tested up to: 3.3.1
7
+ Stable tag: 2.2.3
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
bad-behavior-generic.php CHANGED
@@ -91,6 +91,11 @@ function bb2_email() {
91
  return "example@example.com"; // You need to change this.
92
  }
93
 
 
 
 
 
 
94
  // retrieve settings from database
95
  // Settings are hard-coded for non-database use
96
  function bb2_read_settings() {
91
  return "example@example.com"; // You need to change this.
92
  }
93
 
94
+ // retrieve whitelist
95
+ function bb2_read_whitelist() {
96
+ return @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
97
+ }
98
+
99
  // retrieve settings from database
100
  // Settings are hard-coded for non-database use
101
  function bb2_read_settings() {
bad-behavior-mediawiki.php CHANGED
@@ -107,6 +107,11 @@ function bb2_email() {
107
  return $wgEmergencyContact;
108
  }
109
 
 
 
 
 
 
110
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
111
  // retrieve settings from database
112
  function bb2_read_settings() {
107
  return $wgEmergencyContact;
108
  }
109
 
110
+ // retrieve whitelist
111
+ function bb2_read_whitelist() {
112
+ return @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
113
+ }
114
+
115
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
116
  // retrieve settings from database
117
  function bb2_read_settings() {
bad-behavior-wordpress-admin.php CHANGED
@@ -5,24 +5,10 @@ require_once("bad-behavior/responses.inc.php");
5
  function bb2_admin_pages() {
6
  global $wp_db_version;
7
 
8
- if (function_exists('current_user_can')) {
9
- // The new 2.x way
10
- if (current_user_can('manage_options')) {
11
- $bb2_is_admin = true;
12
- }
13
- } else {
14
- // The old 1.x way
15
- global $user_ID;
16
- if (user_can_edit_user($user_ID, 0)) {
17
- $bb2_is_admin = true;
18
- }
19
- }
20
-
21
- if ($bb2_is_admin) {
22
- add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
23
- if ($wp_db_version >= 4772) { // Version 2.1 or later
24
- add_management_page(__("Bad Behavior Log"), __("Bad Behavior Log"), 8, 'bb2_manage', 'bb2_manage');
25
- }
26
  @session_start();
27
  }
28
  }
@@ -165,7 +151,7 @@ function bb2_manage() {
165
  <h2><?php _e("Bad Behavior Log"); ?></h2>
166
  <form method="post" action="<?php echo $request_uri; ?>">
167
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
168
- <p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a></p>
169
  <div class="tablenav">
170
  <?php
171
  $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
@@ -242,6 +228,74 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
242
  <?php
243
  }
244
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
245
  function bb2_options()
246
  {
247
  $settings = bb2_read_settings();
@@ -250,6 +304,7 @@ function bb2_options()
250
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
251
 
252
  if ($_POST) {
 
253
  if ($_POST['display_stats']) {
254
  $settings['display_stats'] = true;
255
  } else {
@@ -328,7 +383,7 @@ function bb2_options()
328
  <h2><?php _e("Bad Behavior"); ?></h2>
329
  <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
330
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
331
- <p>See also: <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a></p>
332
 
333
  <h3><?php _e('Statistics'); ?></h3>
334
  <?php bb2_insert_stats(true); ?>
@@ -379,7 +434,8 @@ function bb2_plugin_action_links($links, $file) {
379
  if ($file == "bad-behavior/bad-behavior-wordpress.php" && function_exists("admin_url")) {
380
  $log_link = '<a href="' . admin_url("tools.php?page=bb2_manage") . '">Log</a>';
381
  $settings_link = '<a href="' . admin_url("options-general.php?page=bb2_options") . '">Settings</a>';
382
- array_unshift($links, $settings_link, $log_link);
 
383
  }
384
  return $links;
385
  }
5
  function bb2_admin_pages() {
6
  global $wp_db_version;
7
 
8
+ if (current_user_can('manage_options')) {
9
+ add_options_page(__("Bad Behavior"), __("Bad Behavior"), 'manage_options', 'bb2_options', 'bb2_options');
10
+ add_options_page(__("Bad Behavior Whitelist"), __("Bad Behavior Whitelist"), 'manage_options', 'bb2_whitelist', 'bb2_whitelist');
11
+ add_management_page(__("Bad Behavior Log"), __("Bad Behavior Log"), 'manage_options', 'bb2_manage', 'bb2_manage');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  @session_start();
13
  }
14
  }
151
  <h2><?php _e("Bad Behavior Log"); ?></h2>
152
  <form method="post" action="<?php echo $request_uri; ?>">
153
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
154
+ <p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
155
  <div class="tablenav">
156
  <?php
157
  $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
228
  <?php
229
  }
230
 
231
+
232
+ function bb2_whitelist()
233
+ {
234
+ $whitelists = bb2_read_whitelist();
235
+ if (empty($whitelists)) {
236
+ $whitelists = array();
237
+ $whitelists['ip'] = array();
238
+ $whitelists['url'] = array();
239
+ $whitelists['useragent'] = array();
240
+ }
241
+
242
+ $request_uri = $_SERVER["REQUEST_URI"];
243
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
244
+
245
+ if ($_POST) {
246
+ $_POST = array_map('stripslashes_deep', $_POST);
247
+ if ($_POST['ip']) {
248
+ $whitelists['ip'] = preg_split("/\s+/m", $_POST['ip']);
249
+ } else {
250
+ $whitelists['ip'] = array();
251
+ }
252
+ if ($_POST['url']) {
253
+ $whitelists['url'] = preg_split("/\s+/m", $_POST['url']);
254
+ } else {
255
+ $whitelists['url'] = array();
256
+ }
257
+ if ($_POST['useragent']) {
258
+ $whitelists['useragent'] = preg_split("/[\r\n]+/m", $_POST['useragent']);
259
+ } else {
260
+ $whitelists['useragent'] = array();
261
+ }
262
+ update_option('bad_behavior_whitelist', $whitelists);
263
+ ?>
264
+ <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
265
+ <?php
266
+ }
267
+ ?>
268
+ <div class="wrap">
269
+ <?php
270
+ echo bb2_donate_button(admin_url("options-general.php?page=bb2_whitelist"));
271
+ ?>
272
+ <h2><?php _e("Bad Behavior Whitelist"); ?></h2>
273
+ <form method="post" action="<?php echo $request_uri; ?>">
274
+ <p>Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN that you should.</p>
275
+ <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
276
+ <p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> | <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a></p>
277
+
278
+ <h3><?php _e('IP Address'); ?></h3>
279
+ <table class="form-table">
280
+ <tr><td><label>IP address or CIDR format address ranges to be whitelisted (one per line)<br/><textarea cols="24" rows="6" name="ip"><?php echo implode("\n", $whitelists['ip']); ?></textarea></td></tr>
281
+ </table>
282
+
283
+ <h3><?php _e('URL'); ?></h3>
284
+ <table class="form-table">
285
+ <tr><td><label>URL fragments beginning with the / after your web site hostname (one per line)<br/><textarea cols="48" rows="6" name="url"><?php echo implode("\n", $whitelists['url']); ?></textarea></td></tr>
286
+ </table>
287
+
288
+ <h3><?php _e('User Agent'); ?></h3>
289
+ <table class="form-table">
290
+ <tr><td><label>User agent strings to be whitelisted (one per line)<br/><textarea cols="48" rows="6" name="useragent"><?php echo implode("\n", $whitelists['useragent']); ?></textarea></td></tr>
291
+ </table>
292
+
293
+ <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
294
+ </form>
295
+ <?php
296
+ }
297
+
298
+
299
  function bb2_options()
300
  {
301
  $settings = bb2_read_settings();
304
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
305
 
306
  if ($_POST) {
307
+ $_POST = array_map('stripslashes_deep', $_POST);
308
  if ($_POST['display_stats']) {
309
  $settings['display_stats'] = true;
310
  } else {
383
  <h2><?php _e("Bad Behavior"); ?></h2>
384
  <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
385
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
386
+ <p>See also: <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
387
 
388
  <h3><?php _e('Statistics'); ?></h3>
389
  <?php bb2_insert_stats(true); ?>
434
  if ($file == "bad-behavior/bad-behavior-wordpress.php" && function_exists("admin_url")) {
435
  $log_link = '<a href="' . admin_url("tools.php?page=bb2_manage") . '">Log</a>';
436
  $settings_link = '<a href="' . admin_url("options-general.php?page=bb2_options") . '">Settings</a>';
437
+ $whitelist_link = '<a href="' . admin_url("options-general.php?page=bb2_whitelist") . '">Whitelist</a>';
438
+ array_unshift($links, $settings_link, $log_link, $whitelist_link);
439
  }
440
  return $links;
441
  }
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.2.2
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
@@ -97,6 +97,11 @@ function bb2_email() {
97
  return get_bloginfo('admin_email');
98
  }
99
 
 
 
 
 
 
100
  // retrieve settings from database
101
  function bb2_read_settings() {
102
  global $wpdb;
@@ -170,7 +175,10 @@ function bb2_insert_stats($force = false) {
170
  // Return the top-level relative path of wherever we are (for cookies)
171
  function bb2_relative_path() {
172
  $url = parse_url(get_bloginfo('url'));
173
- return $url['path'] . '/';
 
 
 
174
  }
175
 
176
  // FIXME: figure out what's wrong on 2.0 that this doesn't work
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.2.3
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
97
  return get_bloginfo('admin_email');
98
  }
99
 
100
+ // retrieve whitelist
101
+ function bb2_read_whitelist() {
102
+ return get_option('bad_behavior_whitelist');
103
+ }
104
+
105
  // retrieve settings from database
106
  function bb2_read_settings() {
107
  global $wpdb;
175
  // Return the top-level relative path of wherever we are (for cookies)
176
  function bb2_relative_path() {
177
  $url = parse_url(get_bloginfo('url'));
178
+ if (array_key_exists('path', $url)) {
179
+ return $url['path'] . '/';
180
+ }
181
+ return '/';
182
  }
183
 
184
  // FIXME: figure out what's wrong on 2.0 that this doesn't work
bad-behavior/core.inc.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.2.2");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
@@ -123,7 +123,7 @@ function bb2_screen($settings, $package)
123
 
124
  // First check the whitelist
125
  require_once(BB2_CORE . "/whitelist.inc.php");
126
- if (!bb2_whitelist($package)) {
127
  // Now check the blacklist
128
  require_once(BB2_CORE . "/blacklist.inc.php");
129
  if ($r = bb2_blacklist($package)) return $r;
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.2.3");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
123
 
124
  // First check the whitelist
125
  require_once(BB2_CORE . "/whitelist.inc.php");
126
+ if (!bb2_run_whitelist($package)) {
127
  // Now check the blacklist
128
  require_once(BB2_CORE . "/blacklist.inc.php");
129
  if ($r = bb2_blacklist($package)) return $r;
bad-behavior/post.inc.php CHANGED
@@ -54,8 +54,13 @@ function bb2_post($settings, $package)
54
  }
55
 
56
  // If Referer exists, it should refer to a page on our site
57
- if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
58
- return "cd361abb";
 
 
 
 
 
59
  }
60
 
61
  // Screen by cookie/JavaScript form add
54
  }
55
 
56
  // If Referer exists, it should refer to a page on our site
57
+ if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) {
58
+ $url = parse_url($package['headers_mixed']['Referer']);
59
+ $url['host'] = preg_replace('|^www\.|', '', $url['host']);
60
+ $host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
61
+ if (strcasecmp($host, $url['host'])) {
62
+ return "cd361abb";
63
+ }
64
  }
65
 
66
  // Screen by cookie/JavaScript form add
bad-behavior/whitelist.inc.php CHANGED
@@ -1,8 +1,13 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
- function bb2_whitelist($package)
4
  {
5
- $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
 
 
 
 
 
6
 
7
  if (@!empty($whitelists['ip'])) {
8
  foreach ($whitelists['ip'] as $range) {
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
+ function bb2_run_whitelist($package)
4
  {
5
+ # FIXME: Transitional, until port maintainters implement bb2_read_whitelist
6
+ if (function_exists('bb2_read_whitelist')) {
7
+ $whitelists = bb2_read_whitelist();
8
+ } else {
9
+ $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
10
+ }
11
 
12
  if (@!empty($whitelists['ip'])) {
13
  foreach ($whitelists['ip'] as $range) {