[SPIP] ~version 3.0.7-->3.0.10

[ptitvelo/web/www.git] / www / config / ecran_securite.php

diff --git a/www/config/ecran_securite.php b/www/config/ecran_securite.php
index 51e48df..63ee299 100644 (file)
--- a/www/config/ecran_securite.php
+++ b/www/config/ecran_securite.php
@@ -5,7 +5,7 @@
  * ------------------
  */
 
-define('_ECRAN_SECURITE', '1.1.5'); // 8 mars 2013
+define('_ECRAN_SECURITE', '1.1.7'); // 24 mai 2013
 
 /*
  * Documentation : http://www.spip.net/fr_article4200.html
@@ -23,8 +23,12 @@ if (isset($_GET['test_ecran_securite']))
 if (!defined('_IS_BOT'))
        define('_IS_BOT',
                isset($_SERVER['HTTP_USER_AGENT'])
-               AND preg_match(',bot|slurp|crawler|spider|webvac|yandex|INA dlweb|EC2LinkFinder|80legs,i',
-                       (string) $_SERVER['HTTP_USER_AGENT'])
+               AND preg_match(
+           // mots generiques
+           ',bot|slurp|crawler|spider|webvac|yandex|'
+           // UA plus cibles
+           . '80legs|accoona|AltaVista|ASPSeek|Baidu|Charlotte|EC2LinkFinder|eStyle|Google|INA dlweb|Java VM|LiteFinder|Lycos|Rambler|Scooter|ScrubbyBloglines|Yahoo|Yeti'
+           . ',i',(string) $_SERVER['HTTP_USER_AGENT'])
        );
 
 /*
@@ -66,6 +70,14 @@ if (preg_match(',^(.*/)?spip_acces_doc\.,', (string)$_SERVER['REQUEST_URI'])) {
        $file = addslashes((string)$_GET['file']);
 }
 
+/*
+ * Pas d'inscription abusive
+ */
+if (isset($_REQUEST['mode']) AND isset($_REQUEST['page'])
+AND !in_array($_REQUEST['mode'],array("6forum","1comite"))
+AND $_REQUEST['page'] == "identifiants")
+       $ecran_securite_raison = "identifiants";
+
 /*
  * Agenda joue à l'injection php
  */
@@ -304,4 +316,4 @@ if (
 }
 
 
-?>
+?>
\ No newline at end of file