mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-27 17:00:52 +01:00
commit
3d05ba0247
155
inc/filters.php
155
inc/filters.php
@ -10,54 +10,63 @@ class Filter {
|
|||||||
public $flood_check;
|
public $flood_check;
|
||||||
private $condition;
|
private $condition;
|
||||||
private $post;
|
private $post;
|
||||||
|
|
||||||
|
|
||||||
public function __construct(array $arr) {
|
public function __construct(array $arr) {
|
||||||
foreach ($arr as $key => $value)
|
foreach ($arr as $key => $value) {
|
||||||
$this->$key = $value;
|
$this->$key = $value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function match($condition, $match) {
|
public function match($condition, $match) {
|
||||||
$condition = strtolower($condition);
|
$condition = strtolower($condition);
|
||||||
|
|
||||||
$post = &$this->post;
|
$post = &$this->post;
|
||||||
|
|
||||||
switch($condition) {
|
switch($condition) {
|
||||||
case 'custom':
|
case 'custom':
|
||||||
if (!is_callable($match))
|
if (!is_callable($match)) {
|
||||||
error('Custom condition for filter is not callable!');
|
error('Custom condition for filter is not callable!');
|
||||||
|
}
|
||||||
return $match($post);
|
return $match($post);
|
||||||
case 'flood-match':
|
case 'flood-match':
|
||||||
if (!is_array($match))
|
if (!is_array($match)) {
|
||||||
error('Filter condition "flood-match" must be an array.');
|
error('Filter condition "flood-match" must be an array.');
|
||||||
|
}
|
||||||
|
|
||||||
// Filter out "flood" table entries which do not match this filter.
|
// Filter out "flood" table entries which do not match this filter.
|
||||||
|
|
||||||
$flood_check_matched = array();
|
$flood_check_matched = array();
|
||||||
|
|
||||||
foreach ($this->flood_check as $flood_post) {
|
foreach ($this->flood_check as $flood_post) {
|
||||||
foreach ($match as $flood_match_arg) {
|
foreach ($match as $flood_match_arg) {
|
||||||
switch ($flood_match_arg) {
|
switch ($flood_match_arg) {
|
||||||
case 'ip':
|
case 'ip':
|
||||||
if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR'])
|
if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR']) {
|
||||||
continue 3;
|
continue 3;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'body':
|
case 'body':
|
||||||
if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup']))
|
if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup'])) {
|
||||||
continue 3;
|
continue 3;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'file':
|
case 'file':
|
||||||
if (!isset($post['filehash']))
|
if (!isset($post['filehash'])) {
|
||||||
return false;
|
return false;
|
||||||
if ($flood_post['filehash'] != $post['filehash'])
|
}
|
||||||
|
if ($flood_post['filehash'] != $post['filehash']) {
|
||||||
continue 3;
|
continue 3;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'board':
|
case 'board':
|
||||||
if ($flood_post['board'] != $post['board'])
|
if ($flood_post['board'] != $post['board']) {
|
||||||
continue 3;
|
continue 3;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'isreply':
|
case 'isreply':
|
||||||
if ($flood_post['isreply'] == $post['op'])
|
if ($flood_post['isreply'] == $post['op']) {
|
||||||
continue 3;
|
continue 3;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
error('Invalid filter flood condition: ' . $flood_match_arg);
|
error('Invalid filter flood condition: ' . $flood_match_arg);
|
||||||
@ -65,9 +74,8 @@ class Filter {
|
|||||||
}
|
}
|
||||||
$flood_check_matched[] = $flood_post;
|
$flood_check_matched[] = $flood_post;
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->flood_check = $flood_check_matched;
|
$this->flood_check = $flood_check_matched;
|
||||||
|
|
||||||
return !empty($this->flood_check);
|
return !empty($this->flood_check);
|
||||||
case 'flood-time':
|
case 'flood-time':
|
||||||
foreach ($this->flood_check as $flood_post) {
|
foreach ($this->flood_check as $flood_post) {
|
||||||
@ -97,8 +105,9 @@ class Filter {
|
|||||||
case 'filehash':
|
case 'filehash':
|
||||||
return $match === $post['filehash'];
|
return $match === $post['filehash'];
|
||||||
case 'filename':
|
case 'filename':
|
||||||
if (!$post['files'])
|
if (!$post['files']) {
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
foreach ($post['files'] as $file) {
|
foreach ($post['files'] as $file) {
|
||||||
if (preg_match($match, $file['filename'])) {
|
if (preg_match($match, $file['filename'])) {
|
||||||
@ -107,8 +116,9 @@ class Filter {
|
|||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
case 'extension':
|
case 'extension':
|
||||||
if (!$post['files'])
|
if (!$post['files']) {
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
foreach ($post['files'] as $file) {
|
foreach ($post['files'] as $file) {
|
||||||
if (preg_match($match, $file['extension'])) {
|
if (preg_match($match, $file['extension'])) {
|
||||||
@ -130,56 +140,63 @@ class Filter {
|
|||||||
error('Unknown filter condition: ' . $condition);
|
error('Unknown filter condition: ' . $condition);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function action() {
|
public function action() {
|
||||||
global $board;
|
global $board;
|
||||||
|
|
||||||
$this->add_note = isset($this->add_note) ? $this->add_note : false;
|
$this->add_note = isset($this->add_note) ? $this->add_note : false;
|
||||||
if ($this->add_note) {
|
if ($this->add_note) {
|
||||||
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
|
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
|
||||||
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
||||||
$query->bindValue(':mod', -1);
|
$query->bindValue(':mod', -1);
|
||||||
$query->bindValue(':time', time());
|
$query->bindValue(':time', time());
|
||||||
$query->bindValue(':body', "Autoban message: ".$this->post['body']);
|
$query->bindValue(':body', "Autoban message: ".$this->post['body']);
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
}
|
}
|
||||||
if (isset ($this->action)) switch($this->action) {
|
if (isset($this->action)) {
|
||||||
case 'reject':
|
switch($this->action) {
|
||||||
error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
|
case 'reject':
|
||||||
case 'ban':
|
error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
|
||||||
if (!isset($this->reason))
|
case 'ban':
|
||||||
error('The ban action requires a reason.');
|
if (!isset($this->reason)) {
|
||||||
|
error('The ban action requires a reason.');
|
||||||
$this->expires = isset($this->expires) ? $this->expires : false;
|
}
|
||||||
$this->reject = isset($this->reject) ? $this->reject : true;
|
|
||||||
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
|
|
||||||
|
|
||||||
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
|
|
||||||
|
|
||||||
if ($this->reject) {
|
$this->expires = isset($this->expires) ? $this->expires : false;
|
||||||
if (isset($this->message))
|
$this->reject = isset($this->reject) ? $this->reject : true;
|
||||||
error($message);
|
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
|
||||||
|
|
||||||
checkBan($board['uri']);
|
Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
|
||||||
exit;
|
|
||||||
}
|
if ($this->reject) {
|
||||||
|
if (isset($this->message)) {
|
||||||
break;
|
error($message);
|
||||||
default:
|
}
|
||||||
error('Unknown filter action: ' . $this->action);
|
|
||||||
|
checkBan($board['uri']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
error('Unknown filter action: ' . $this->action);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function check(array $post) {
|
public function check(array $post) {
|
||||||
$this->post = $post;
|
$this->post = $post;
|
||||||
foreach ($this->condition as $condition => $value) {
|
foreach ($this->condition as $condition => $value) {
|
||||||
if ($condition[0] == '!') {
|
if ($condition[0] == '!') {
|
||||||
$NOT = true;
|
$NOT = true;
|
||||||
$condition = substr($condition, 1);
|
$condition = substr($condition, 1);
|
||||||
} else $NOT = false;
|
} else {
|
||||||
|
$NOT = false;
|
||||||
if ($this->match($condition, $value) == $NOT)
|
}
|
||||||
|
|
||||||
|
if ($this->match($condition, $value) == $NOT) {
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -187,39 +204,41 @@ class Filter {
|
|||||||
|
|
||||||
function purge_flood_table() {
|
function purge_flood_table() {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
// Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not
|
// Determine how long we need to keep a cache of posts for flood prevention. Unfortunately, it is not
|
||||||
// aware of flood filters in other board configurations. You can solve this problem by settings the
|
// aware of flood filters in other board configurations. You can solve this problem by settings the
|
||||||
// config variable $config['flood_cache'] (seconds).
|
// config variable $config['flood_cache'] (seconds).
|
||||||
|
|
||||||
if ($config['flood_cache'] != -1) {
|
if ($config['flood_cache'] != -1) {
|
||||||
$max_time = &$config['flood_cache'];
|
$max_time = &$config['flood_cache'];
|
||||||
} else {
|
} else {
|
||||||
$max_time = 0;
|
$max_time = 0;
|
||||||
foreach ($config['filters'] as $filter) {
|
foreach ($config['filters'] as $filter) {
|
||||||
if (isset($filter['condition']['flood-time']))
|
if (isset($filter['condition']['flood-time'])) {
|
||||||
$max_time = max($max_time, $filter['condition']['flood-time']);
|
$max_time = max($max_time, $filter['condition']['flood-time']);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$time = time() - $max_time;
|
$time = time() - $max_time;
|
||||||
|
|
||||||
query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error());
|
query("DELETE FROM ``flood`` WHERE `time` < $time") or error(db_error());
|
||||||
}
|
}
|
||||||
|
|
||||||
function do_filters(array $post) {
|
function do_filters(array $post) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
if (!isset($config['filters']) || empty($config['filters']))
|
if (!isset($config['filters']) || empty($config['filters'])) {
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
foreach ($config['filters'] as $filter) {
|
foreach ($config['filters'] as $filter) {
|
||||||
if (isset($filter['condition']['flood-match'])) {
|
if (isset($filter['condition']['flood-match'])) {
|
||||||
$has_flood = true;
|
$has_flood = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($has_flood)) {
|
if (isset($has_flood)) {
|
||||||
if ($post['has_file']) {
|
if ($post['has_file']) {
|
||||||
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");
|
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");
|
||||||
@ -236,14 +255,14 @@ function do_filters(array $post) {
|
|||||||
} else {
|
} else {
|
||||||
$flood_check = false;
|
$flood_check = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($config['filters'] as $filter_array) {
|
foreach ($config['filters'] as $filter_array) {
|
||||||
$filter = new Filter($filter_array);
|
$filter = new Filter($filter_array);
|
||||||
$filter->flood_check = $flood_check;
|
$filter->flood_check = $flood_check;
|
||||||
if ($filter->check($post))
|
if ($filter->check($post)) {
|
||||||
$filter->action();
|
$filter->action();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
purge_flood_table();
|
purge_flood_table();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user