Proper DNSBL implementation. Very sexy.

inc/functions.php

@@ -1292,6 +1292,7 @@
 	function checkDNSBL() {
 		global $config;
 		
+		
 		if(isIPv6())
 			return; // No IPv6 support yet.
 		
@@ -1303,13 +1304,32 @@
 		
 		$ip = ReverseIPOctets($_SERVER['REMOTE_ADDR']);
 		
-		foreach($config['dnsbl'] as &$blacklist) {
-			$lookup = $ip . '.' . $blacklist;
-			$host = DNS($lookup);
-			if($host !== false) {
-				// On NXDOMAIN (meaning it's not in the blacklist), gethostbyname() returns the host unchanged.
-				if(preg_match('/^127\.0\.0\./', $host) && $host != '127.0.0.10')
-					error(sprintf($config['error']['dnsbl'], $blacklist));
+		foreach($config['dnsbl'] as $blacklist) {
+			if(!is_array($blacklist) == 1)
+				$blacklist = Array($blacklist);
+			
+			if(($lookup = str_replace('%', $ip, $blacklist[0])) == $blacklist[0])
+				$lookup = $ip . '.' . $blacklist[0];
+			
+			if(!$ip = DNS($lookup))
+				continue; // not in list
+			
+			$blacklist_name = isset($blacklist[2]) ? $blacklist[2] : $blacklist[0];
+			
+			if(!isset($blacklist[1])) {
+				// If you're listed at all, you're blocked.
+				error(sprintf($config['error']['dnsbl'], $blacklist_name));
+			} elseif(is_array($blacklist[1])) {
+				foreach($blacklist[1] as $octet) {
+					if($ip == $octet || $ip == '127.0.0.' . $octet)
+						error(sprintf($config['error']['dnsbl'], $blacklist_name));
+				}
+			} elseif(is_callable($blacklist[1])) {
+				if($blacklist[1]($ip))
+					error(sprintf($config['error']['dnsbl'], $blacklist_name));
+			} else {
+				if($ip == $blacklist[1] || $ip == '127.0.0.' . $blacklist_name)
+					error(sprintf($config['error']['dnsbl'], $blacklist_name));
 			}
 		}
 	}