BBQ: Block Bad Queries - Version 20201209

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Note: uninstalling/deleting the plugin via the WP Plugins screen results in the removal of all settings and email data from the WP database.

Download this release

Release Info

Developer	specialk
Plugin	BBQ: Block Bad Queries
Version	20201209
Comparing to
See all releases

Code changes from version 20201208 to 20201209

Files changed (2) hide show

block-bad-queries.php +4 -4
readme.txt +7 -2

block-bad-queries.php CHANGED Viewed

	@@ -10,8 +10,8 @@
10	Donate link: https://monzillamedia.com/donate.html
11	Requires at least: 4.1
12	Tested up to: 5.6
13	- Stable tag: ~~20201208~~
14	- Version: ~~20201208~~
15	Requires PHP: 5.6.20
16	Text Domain: block-bad-queries
17	Domain Path: /languages
	@@ -37,7 +37,7 @@
37
38	if (!defined('ABSPATH')) die();
39
40	- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '~~20201208~~');
41	if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42	if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43	if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
	@@ -46,7 +46,7 @@ function bbq_core() {
46
47	$request_uri_array = apply_filters('request_uri_items', array('\s', '<', '>', '\^', '`', '@@', '\?\?', '\/&&', '\\', '\/=', '\/:\/', '\/\/\/', '\.\.\.', '\/\(.)\\/', '\+\+\+', '\{0\}', '0x00', '%00', '$\/\(', '(\/\|;\|=\|,)nt\.', '@eval', 'eval\(', 'union(.)select', '\(null$', 'base64_', '(\/\|%2f)localhost', '(\/\|%2f)pingserver', 'wp-config\.php', '(\/\|\.)(s?ftp-?)?conf(ig)?(uration)?\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https:', '\/http:', '\/ftp:', '\/file:', '\/php:', '\/cgi\/', '\.asp', '\.bak', '\.bash', '\.bat', '\.cfg', '\.cgi', '\.cmd', '\.conf', '\.db', '\.dll', '\.ds_store', '\.exe', '\/\.git', '\.hta', '\.htp', '\.inc', '\.init?', '\.jsp', '\.mysql', '\.pass', '\.pwd', '\.sql', '\/\.svn', '\.exec$', '$\.html$', '\{x\.html\(', '\.php\([0-9]+$', '(benchmark\|sleep)(\s\|%20)$', '\/(db\|mysql)-?admin', '\/document_root', '\/error_log', 'indoxploi', '\/sqlpatch', 'xrumer', 'www\.(.)\.cn', '%3Cscript', '\/vbforum(\/)?', '\/vbulletin(\/)?', '\{\$itemURL\}', '(\/bin\/)(cc\|chmod\|chsh\|cpp\|echo\|id\|kill\|mail\|nasm\|perl\|ping\|ps\|python\|tclsh)(\/)?$', '((curl_\|shell_)?exec\|(f\|p)open\|function\|fwrite\|leak\|p?fsockopen\|passthru\|phpinfo\|posix_(kill\|mkfifo\|setpgid\|setsid\|setuid)\|proc_(close\|get_status\|nice\|open\|terminate)\|system)(.)(\()(.)($)', '(\/)(^$\|0day\|configbak\|curltest\|db\|index\.php\/index\|(my)?sql\|(php\|web)?shell\|php-?info\|temp00\|vuln\|webconfig)(\.php)'));
48
49	- $query_string_array = apply_filters('query_string_items', array('$0x', '0x3c62723e', ';!--=', '\($\}', ':;\};', '\.\.\/', '\/\\\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.)($\|%28)', 'allow_url_(fopen\|include)', '(c99\|php\|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get\|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals\|request)(=\|\[)', 'f(fclose\|fgets\|fputs\|fsbuff)', '\$_(env\|files\|get\|post\|request\|server\|session)', '(\+\|%2b)(concat\|delete\|get\|select\|union)(\+\|%2b)', '(cmd\|command)(=\|%3d)(chdir\|mkdir)', '(absolute_\|base\|root_)(dir\|path)(=\|%3d)(ftp\|https?)', '(s)?(ftp\|inurl\|php)(s)?(:(\/\|%2f\|%u2215)(\/\|%2f\|%u2215))', '(\/\|%2f)(=\|%3d\|\$&\|_mm\|cgi(\.\|-)\|inurl(:\|%3a)(\/\|%2f)\|(mod\|path)(=\|%3d)(\.\|%2e))', '(~~;\|<\|>\|\~~'\|"\|$~~\|%0a\|%0d\|%22\|%27\|%3c\|%3e\|%00)~~(.)(\/\*\|alter\|base64\|benchmark\|cast\|char\|concat\|convert\|create\|declare\|delete\|drop\|encode\|exec\|fopen\|function\|html\|insert\|md5\|request\|script\|select\|set\|union\|update)'));
50
51	$user_agent_array = apply_filters('user_agent_items', array('<', '%0a', '%0d', '%27', '%3c', '%3e', '%00', '0x00', '\/bin\/bash', '360Spider', 'acapbot', 'acoonbot', 'alexibot', 'asterias', 'attackbot', 'backdorbot', 'base64_decode', 'becomebot', 'binlar', 'blackwidow', 'blekkobot', 'blexbot', 'blowfish', 'bullseye', 'bunnys', 'butterfly', 'careerbot', 'casper', 'checkpriv', 'cheesebot', 'cherrypick', 'chinaclaw', 'choppy', 'clshttp', 'cmsworld', 'copernic', 'copyrightcheck', 'cosmos', 'crescent', 'cy_cho', 'datacha', 'demon', 'diavol', 'discobot', 'disconnect', 'dittospyder', 'dotbot', 'dotnetdotcom', 'dumbot', 'emailcollector', 'emailsiphon', 'emailwolf', 'eval\(', 'exabot', 'extract', 'eyenetie', 'feedfinder', 'flaming', 'flashget', 'flicky', 'foobot', 'g00g1e', 'getright', 'gigabot', 'go-ahead-got', 'gozilla', 'grabnet', 'grafula', 'harvest', 'heritrix', 'httrack', 'icarus6j', 'jetbot', 'jetcar', 'jikespider', 'kmccrew', 'leechftp', 'libweb', 'linkextractor', 'linkscan', 'linkwalker', 'loader', 'lwp-download', 'masscan', 'miner', 'majestic', 'md5sum', 'mechanize', 'mj12bot', 'morfeus', 'moveoverbot', 'netmechanic', 'netspider', 'nicerspro', 'nikto', 'ninja', 'nutch', 'octopus', 'pagegrabber', 'planetwork', 'postrank', 'proximic', 'purebot', 'pycurl', 'queryn', 'queryseeker', 'radian6', 'radiation', 'realdownload', 'remoteview', 'rogerbot', 'scooter', 'seekerspider', 'semalt', '(c99\|php\|web)shell', 'shellshock', 'siclab', 'sindice', 'sistrix', 'sitebot', 'site(.*)copier', 'siteexplorer', 'sitesnagger', 'skygrid', 'smartdownload', 'snoopy', 'sosospider', 'spankbot', 'spbot', 'sqlmap', 'stackrambler', 'stripper', 'sucker', 'surftbot', 'sux0r', 'suzukacz', 'suzuran', 'takeout', 'teleport', 'telesoft', 'true_robots', 'turingos', 'turnit', 'unserialize', 'vampire', 'vikspider', 'voideye', 'webleacher', 'webreaper', 'webstripper', 'webvac', 'webviewer', 'webwhacker', 'winhttp', 'wwwoffle', 'woxbot', 'xaldon', 'xxxyy', 'yamanalab', 'yioopbot', 'youda', 'zeus', 'zmeu', 'zune', 'zyborg'));
52


10	Donate link: https://monzillamedia.com/donate.html
11	Requires at least: 4.1
12	Tested up to: 5.6
13	+ Stable tag: 20201209
14	+ Version: 20201209
15	Requires PHP: 5.6.20
16	Text Domain: block-bad-queries
17	Domain Path: /languages

37
38	if (!defined('ABSPATH')) die();
39
40	+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20201209');
41	if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42	if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43	if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));

46
47	$request_uri_array = apply_filters('request_uri_items', array('\s', '<', '>', '\^', '`', '@@', '\?\?', '\/&&', '\\', '\/=', '\/:\/', '\/\/\/', '\.\.\.', '\/\(.)\\/', '\+\+\+', '\{0\}', '0x00', '%00', '$\/\(', '(\/\|;\|=\|,)nt\.', '@eval', 'eval\(', 'union(.)select', '\(null$', 'base64_', '(\/\|%2f)localhost', '(\/\|%2f)pingserver', 'wp-config\.php', '(\/\|\.)(s?ftp-?)?conf(ig)?(uration)?\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https:', '\/http:', '\/ftp:', '\/file:', '\/php:', '\/cgi\/', '\.asp', '\.bak', '\.bash', '\.bat', '\.cfg', '\.cgi', '\.cmd', '\.conf', '\.db', '\.dll', '\.ds_store', '\.exe', '\/\.git', '\.hta', '\.htp', '\.inc', '\.init?', '\.jsp', '\.mysql', '\.pass', '\.pwd', '\.sql', '\/\.svn', '\.exec$', '$\.html$', '\{x\.html\(', '\.php\([0-9]+$', '(benchmark\|sleep)(\s\|%20)$', '\/(db\|mysql)-?admin', '\/document_root', '\/error_log', 'indoxploi', '\/sqlpatch', 'xrumer', 'www\.(.)\.cn', '%3Cscript', '\/vbforum(\/)?', '\/vbulletin(\/)?', '\{\$itemURL\}', '(\/bin\/)(cc\|chmod\|chsh\|cpp\|echo\|id\|kill\|mail\|nasm\|perl\|ping\|ps\|python\|tclsh)(\/)?$', '((curl_\|shell_)?exec\|(f\|p)open\|function\|fwrite\|leak\|p?fsockopen\|passthru\|phpinfo\|posix_(kill\|mkfifo\|setpgid\|setsid\|setuid)\|proc_(close\|get_status\|nice\|open\|terminate)\|system)(.)(\()(.)($)', '(\/)(^$\|0day\|configbak\|curltest\|db\|index\.php\/index\|(my)?sql\|(php\|web)?shell\|php-?info\|temp00\|vuln\|webconfig)(\.php)'));
48
49	+ $query_string_array = apply_filters('query_string_items', array('$0x', '0x3c62723e', ';!--=', '\($\}', ':;\};', '\.\.\/', '\/\\\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.)(\(\|%28)', 'allow_url_(fopen\|include)', '(c99\|php\|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get\|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals\|request)(=\|\[)', 'f(fclose\|fgets\|fputs\|fsbuff)', '\$_(env\|files\|get\|post\|request\|server\|session)', '(\+\|%2b)(concat\|delete\|get\|select\|union)(\+\|%2b)', '(cmd\|command)(=\|%3d)(chdir\|mkdir)', '(absolute_\|base\|root_)(dir\|path)(=\|%3d)(ftp\|https?)', '(s)?(ftp\|inurl\|php)(s)?(:(\/\|%2f\|%u2215)(\/\|%2f\|%u2215))', '(\/\|%2f)(=\|%3d\|\$&\|_mm\|cgi(\.\|-)\|inurl(:\|%3a)(\/\|%2f)\|(mod\|path)(=\|%3d)(\.\|%2e))', '(<\|>\|\'\|")(.)(\/\*\|alter\|base64\|benchmark\|cast\|char\|concat\|convert\|create\|declare\|delete\|drop\|encode\|exec\|fopen\|function\|html\|insert\|md5\|request\|script\|select\|set\|union\|update)'));
50
51	$user_agent_array = apply_filters('user_agent_items', array('<', '%0a', '%0d', '%27', '%3c', '%3e', '%00', '0x00', '\/bin\/bash', '360Spider', 'acapbot', 'acoonbot', 'alexibot', 'asterias', 'attackbot', 'backdorbot', 'base64_decode', 'becomebot', 'binlar', 'blackwidow', 'blekkobot', 'blexbot', 'blowfish', 'bullseye', 'bunnys', 'butterfly', 'careerbot', 'casper', 'checkpriv', 'cheesebot', 'cherrypick', 'chinaclaw', 'choppy', 'clshttp', 'cmsworld', 'copernic', 'copyrightcheck', 'cosmos', 'crescent', 'cy_cho', 'datacha', 'demon', 'diavol', 'discobot', 'disconnect', 'dittospyder', 'dotbot', 'dotnetdotcom', 'dumbot', 'emailcollector', 'emailsiphon', 'emailwolf', 'eval\(', 'exabot', 'extract', 'eyenetie', 'feedfinder', 'flaming', 'flashget', 'flicky', 'foobot', 'g00g1e', 'getright', 'gigabot', 'go-ahead-got', 'gozilla', 'grabnet', 'grafula', 'harvest', 'heritrix', 'httrack', 'icarus6j', 'jetbot', 'jetcar', 'jikespider', 'kmccrew', 'leechftp', 'libweb', 'linkextractor', 'linkscan', 'linkwalker', 'loader', 'lwp-download', 'masscan', 'miner', 'majestic', 'md5sum', 'mechanize', 'mj12bot', 'morfeus', 'moveoverbot', 'netmechanic', 'netspider', 'nicerspro', 'nikto', 'ninja', 'nutch', 'octopus', 'pagegrabber', 'planetwork', 'postrank', 'proximic', 'purebot', 'pycurl', 'queryn', 'queryseeker', 'radian6', 'radiation', 'realdownload', 'remoteview', 'rogerbot', 'scooter', 'seekerspider', 'semalt', '(c99\|php\|web)shell', 'shellshock', 'siclab', 'sindice', 'sistrix', 'sitebot', 'site(.*)copier', 'siteexplorer', 'sitesnagger', 'skygrid', 'smartdownload', 'snoopy', 'sosospider', 'spankbot', 'spbot', 'sqlmap', 'stackrambler', 'stripper', 'sucker', 'surftbot', 'sux0r', 'suzukacz', 'suzuran', 'takeout', 'teleport', 'telesoft', 'true_robots', 'turingos', 'turnit', 'unserialize', 'vampire', 'vikspider', 'voideye', 'webleacher', 'webreaper', 'webstripper', 'webvac', 'webviewer', 'webwhacker', 'winhttp', 'wwwoffle', 'woxbot', 'xaldon', 'xxxyy', 'yamanalab', 'yioopbot', 'youda', 'zeus', 'zmeu', 'zune', 'zyborg'));
52

readme.txt CHANGED Viewed

	@@ -10,8 +10,8 @@ Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsul
10	Donate link: https://monzillamedia.com/donate.html
11	Requires at least: 4.1
12	Tested up to: 5.6
13	- Stable tag: ~~20201208~~
14	- Version: ~~20201208~~
15	Requires PHP: 5.6.20
16	Text Domain: block-bad-queries
17	Domain Path: /languages
	@@ -248,6 +248,11 @@ Links, tweets and likes also appreciated. Thank you! :)
248	If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
249
250





251	2020/12/08
252
253	* Removes `order` pattern from Query String rules


10	Donate link: https://monzillamedia.com/donate.html
11	Requires at least: 4.1
12	Tested up to: 5.6
13	+ Stable tag: 20201209
14	+ Version: 20201209
15	Requires PHP: 5.6.20
16	Text Domain: block-bad-queries
17	Domain Path: /languages

248	If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
249
250
251	+ 2020/12/09
252	+
253	+ * Tweaks query string pattern for optimal matching
254	+ * Further tests on WordPress 5.6
255	+
256	2020/12/08
257
258	* Removes `order` pattern from Query String rules