From: Andrew Lewis <nerf@judo.za.org>
Date: Sat, 8 Oct 2016 09:44:55 +0000 (+0200)
Subject: [Minor] Fix FORGED_X_PHP_SCRIPT1
X-Git-Tag: 1.4.0~301^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F1015%2Fhead;p=rspamd.git

[Minor] Fix FORGED_X_PHP_SCRIPT1

 - Narrow regex match
 - Fix syntax error
 - Fix comparison
 - Reduce scoring: worried this could match something real
---

diff --git a/rules/misc.lua b/rules/misc.lua
index 60277c409..27003ce21 100644
--- a/rules/misc.lua
+++ b/rules/misc.lua
@@ -404,16 +404,16 @@ rspamd_config.FORGED_X_PHP_SCRIPT1 = {
   callback = function (task)
     local hdr = task:get_header('X-PHP-Script', true)
     if not hdr then return end
-    local re_txt = ' for (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}), (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})'
+    local re_txt = ' for (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}), (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$)'
     local re = rspamd_regexp.get_cached(re_txt)
     if not re then
       re = rspamd_regexp.create_cached(re_txt)
     end
     local m = re:search(hdr, true, true)
-    if not m and m[2] and m[3] then return end
-    return m[2] == m[3]
+    if not m then return end
+    return m[1][2] == m[1][3]
   end,
-  score = 4.0,
+  score = 1.0,
   description = 'X-PHP-Script header appears forged',
   group = 'header'
 }