Fix filters, disallow urls in name/subj/email using filters
This commit is contained in:
parent
29349e4083
commit
483f0c8b4f
|
|
@ -359,7 +359,7 @@
|
|||
'flood-time-any' => &$config['flood_time_any']
|
||||
),
|
||||
'noip' => true,
|
||||
'find-time' => 60 * 60 * 1,
|
||||
'find_time' => 60 * 60 * 1,
|
||||
'action' => 'reject',
|
||||
'message' => 'New threads are being created too quickly. Hmmm'
|
||||
);
|
||||
|
|
|
|||
|
|
@ -6,28 +6,23 @@
|
|||
|
||||
defined('TINYBOARD') or exit;
|
||||
|
||||
require_once 'inc/anti-bot.php';
|
||||
|
||||
class Filter {
|
||||
public $flood_check;
|
||||
private $condition;
|
||||
private string $action;
|
||||
private string $message;
|
||||
private $expires;
|
||||
private $reject;
|
||||
private $all_boards;
|
||||
private $post;
|
||||
private array $filters;
|
||||
private bool $add_note;
|
||||
private bool $noip;
|
||||
private $find_time;
|
||||
|
||||
public function __construct(array $arr) {
|
||||
|
||||
/*
|
||||
*
|
||||
* Look, this needs to either change or get
|
||||
* into a subvalue, an associative array
|
||||
* by the name of 'filters'
|
||||
*
|
||||
* And then we need to understand how that's used...
|
||||
* however the only place I can see that this is used is
|
||||
* the do_filters function inside this module.
|
||||
*
|
||||
*/
|
||||
$this->filters = $arr;
|
||||
foreach ($arr as $key => $value) {
|
||||
$this->$key = $value;
|
||||
}
|
||||
}
|
||||
|
||||
public function match($condition, $match) {
|
||||
|
|
@ -199,7 +194,7 @@ class Filter {
|
|||
public function check(array $post) {
|
||||
$this->post = $post;
|
||||
|
||||
foreach ($this->filters['condition'] as $condition => $value) {
|
||||
foreach ($this->condition as $condition => $value) {
|
||||
if ($condition[0] == '!') {
|
||||
$NOT = true;
|
||||
$condition = substr($condition, 1);
|
||||
|
|
@ -207,9 +202,11 @@ class Filter {
|
|||
$NOT = false;
|
||||
}
|
||||
|
||||
if ($this->match($condition, $value) == $NOT)
|
||||
if ($this->match($condition, $value) == $NOT) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -239,8 +236,9 @@ function purge_flood_table() {
|
|||
function do_filters(array $post) {
|
||||
global $config;
|
||||
|
||||
if (!isset($config['filters']) || empty($config['filters']))
|
||||
if (!isset($config['filters']) || empty($config['filters'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
// look at the flood table regardless of IP
|
||||
$noip = false;
|
||||
|
|
@ -251,10 +249,10 @@ function do_filters(array $post) {
|
|||
break;
|
||||
} else if ($filter['noip'] == true) {
|
||||
$noip = true;
|
||||
$find_time = time() - $filter['find-time'];
|
||||
$find_time = time() - $filter['find_time'];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if ($noip) {
|
||||
$query = prepare("SELECT * FROM ``flood`` WHERE `time` > $find_time");
|
||||
$query->execute() or error(db_error($query));
|
||||
|
|
@ -287,4 +285,3 @@ function do_filters(array $post) {
|
|||
|
||||
purge_flood_table();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -532,5 +532,31 @@ $config['filters'][] = array(
|
|||
'message' => "$fakereason_ano"
|
||||
);
|
||||
|
||||
|
||||
$url_regex = '/(?:https?:\/\/|www\.)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/))/i'; // match any url
|
||||
$config['filters'][] = array(
|
||||
'condition' => array(
|
||||
'subject' => $url_regex,
|
||||
),
|
||||
'action' => 'reject',
|
||||
'message' => 'Url in the subject field is not allowed'
|
||||
);
|
||||
|
||||
$config['filters'][] = array(
|
||||
'condition' => array(
|
||||
'name' => $url_regex,
|
||||
),
|
||||
'action' => 'reject',
|
||||
'message' => 'Url in the name field is not allowed'
|
||||
);
|
||||
|
||||
$config['filters'][] = array(
|
||||
'condition' => array(
|
||||
'email' => $url_regex,
|
||||
),
|
||||
'action' => 'reject',
|
||||
'message' => 'Url in the email field is not allowed'
|
||||
);
|
||||
|
||||
$config['global_message'] = '<p><a href="https://talk.leftychan.net/#/room/#welcome:matrix.leftychan.net" class="redtext"><span class="heading">Matrix</span></a></p><p><a href="ircs://irc.leftychan.net:6697/#leftychan" class="redtext"><span class="heading">IRC Chat</span></a></p><p><a href="mumble://leftychan.net" class="redtext"><span class="heading">Mumble</span></a></p><p><a href="https://t.me/+RegtyzzrE0M1NDMx" class="red text"><span class="heading">Telegram</a></span></p><p><a href="https://discord.gg/AcZeFKXPmZ" class="redtext"><span class="heading">Discord</a></span></p>';
|
||||
$config['debug'] = false;
|
||||
|
|
|
|||
6
post.php
6
post.php
|
|
@ -743,7 +743,7 @@ function handle_post(){
|
|||
}
|
||||
else {
|
||||
if (!$post['op']) {
|
||||
$numposts = numPosts($post['thread']);
|
||||
$numposts = numPosts($post['thread']);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -847,7 +847,9 @@ function handle_post(){
|
|||
}
|
||||
}
|
||||
|
||||
if (empty($post['files'])) $post['has_file'] = false;
|
||||
if (empty($post['files'])) {
|
||||
$post['has_file'] = false;
|
||||
}
|
||||
|
||||
if (!$dropped_post) {
|
||||
// Check for a file
|
||||
|
|
|
|||
Loading…
Reference in New Issue