bad-behaviorを2.2.18に更新。

DB接続を閉じてなかった問題を修正

vendor/bad-behavior/README.txt

@@ -2,9 +2,9 @@
 Tags: comment,trackback,referrer,spam,robot,antispam
 Contributors: error
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
-Requires at least: 3.1
-Tested up to: 4.0.1
-Stable tag: 2.2.16
+Requires at least: 3.5
+Tested up to: 4.4.1
+Stable tag: 2.2.18
 
 Bad Behavior prevents spammers from ever delivering their junk, and in many
 cases, from ever reading your site in the first place.

vendor/bad-behavior/bad-behavior-sqlite.php

@@ -88,11 +88,19 @@ function bb2_db_query($query) {
 		$query = 'DELETE FROM `' . $matches[1] . '` WHERE date(`' . $matches[2] . '`) < date(\''. $matches[3] .'\', \'-'.$matches[4].' days\')';
 	}
 	try {
-		return $bb2_db->query($query);
+    	// Connect to the SQLite Database.
+		$bb2_db = new PDO('sqlite:'.BB2_DB_FILE);
+	} catch(Exception $e) {
+		die('connection_unsuccessful: ' . $e->getMessage());
+	}
+	try {
+		$ret = $bb2_db->query($query);
 	} catch( PDOException $ex ) {
 		// DBアクセス時にエラーとなった時
 		throw new Exception('Bad-behavior :' . $query. '<br />' .$ex->getMessage());
 	}
+	$bb2_db = null;
+	return $ret;
 }
 
 // Return all rows in a particular query.
@@ -175,10 +183,14 @@ function bb2_install() {
 		touch(BB2_DB_FILE);
 	}
 
-	if (! $bb2_db = new \PDO('sqlite:'.BB2_DB_FILE)) {
-		die("DB Connection Failed.");
+	try {
+    	// Connect to the SQLite Database.
+		$bb2_db = new PDO('sqlite:'.BB2_DB_FILE);
+	} catch(Exception $e) {
+		die('connection_unsuccessful: ' . $e->getMessage());
 	}
 	$bb2_db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+	$bb2_db = null;
 
 	$sql = join("\n", array(
 		'CREATE TABLE IF NOT EXISTS `' . $settings['log_table'] . '` (',

vendor/bad-behavior/bad-behavior-wordpress.php

@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: Bad Behavior
-Version: 2.2.16
+Version: 2.2.18
 Description: Deny automated spambots access to your PHP-based Web site.
 Plugin URI: http://bad-behavior.ioerror.us/
 Author: Michael Hampton
@@ -76,7 +76,7 @@ function bb2_db_query($query) {
 	$result = $wpdb->get_results($query, ARRAY_A);
 	if ( defined('WP_DEBUG') and WP_DEBUG == true )
 		$wpdb->show_errors();
-	if (mysql_error()) {
+	if ($wpdb->last_error) {
 		return FALSE;
 	}
 	return $result;

vendor/bad-behavior/bad-behavior/blacklist.inc.php

@@ -6,6 +6,7 @@ function bb2_blacklist($package) {
 	// These user agent strings occur at the beginning of the line.
 	$bb2_spambots_0 = array(
 		"8484 Boston Project",	// video poker/porn spam
+		"ArchiveTeam",	// ignores robots.txt and hammers server
 		"adwords",		// referrer spam
 		"autoemailspider",	// spam harvester
 		"blogsearchbot-martin",	// from honeypot
@@ -77,6 +78,7 @@ function bb2_blacklist($package) {
 		"<sc",			// XSS exploit attempts
 		"; Widows ",		// misc comment/email spam
 		"a href=",		// referrer spam
+		"ArchiveBot",	// ignores robots.txt and hammers server
 		"Bad Behavior Test",	// Add this to your user-agent to test BB
 		"compatible ; MSIE",	// misc comment/email spam
 		"compatible-",		// misc comment/email spam

vendor/bad-behavior/bad-behavior/core.inc.php

@@ -1,5 +1,5 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.16");
+define('BB2_VERSION', "2.2.18");
 
 // Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.
@@ -68,6 +68,19 @@ function bb2_reverse_proxy($settings, $headers_mixed)
 	return false;
 }
 
+# FIXME: Bug #12. But this code doesn't currently work.
+function bb2_unpack_php_post_array($key, $value)
+{
+	$unpacked = array();
+	foreach ($value as $k => $v) {
+		$i = $key. '[' . $k . ']';
+		if (is_array($v))
+			$v = bb2_unpack_php_post_array($i, $v);
+		$unpacked[$i] = $v;
+	}
+	return $unpacked;
+}
+
 // Let God sort 'em out!
 function bb2_start($settings)
 {
@@ -87,6 +100,10 @@ function bb2_start($settings)
 	$request_entity = array();
 	if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
 		foreach ($_POST as $h => $v) {
+			if (is_array($v)) {
+				# Workaround, see Bug #12
+				$v = "Array";
+			}
 			$request_entity[$h] = $v;
 		}
 	}

vendor/bad-behavior/bad-behavior/post.inc.php

@@ -58,6 +58,8 @@ function bb2_post($settings, $package)
 		$url = parse_url($package['headers_mixed']['Referer']);
 		$url['host'] = preg_replace('|^www\.|', '', $url['host']);
 		$host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
+		# Strip port
+		$host = preg_replace('|:\d+$|', '', $host);
 		if (strcasecmp($host, $url['host'])) {
 			return "cd361abb";
 		}

vendor/bad-behavior/bad-behavior/searchengine.inc.php

@@ -23,7 +23,7 @@ function bb2_google($package)
 function bb2_msnbot($package)
 {
 	if (@is_ipv6($package['ip'])) return false;	# TODO
-	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20")) === FALSE) {
+	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20", "40.76.0.0/14")) === FALSE) {
 		return false;	# Soft fail, must pass other screening
 		#return "e4de0453";	# Hard fail
 	}