Version 2.0.30 of Bad-Behavior introduced a whitelist mechanism to exclude some pages from Bad-Behavior's protection. Unfortunately, the respective code is broken. The whitelisting is ignored.
I contacted the author, Michael Hampton, and he confirmed my findings. Though, for some reasons he never approved my comment with details and a fix so I publish it here. May it help others.
Update 2009-11-02: Version 2.0.32 has been published today, and my original comment has been approved.
The code in bad-behavior/whitelist.inc.php (of version 2.0.31) after if (!empty($bb2_whitelist_urls)) does not work. The following works for me:
if (!empty($bb2_whitelist_urls)) { if (strpos($package['request_uri'], "?") === FALSE) { $request_uri = $package['request_uri']; } else { $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?")); } foreach ($bb2_whitelist_urls as $url) { if (!strcmp($request_uri, $url)) return true; } }
Code also available at http://pastebin.com/f362a0492
disclaimer & imprint :: copyright :: go to top ::