Browse Source

Print statements everywhere

pull/40/head
towards_a_new_leftypol 2 years ago
committed by towards-a-new-leftypol
parent
commit
3fc760640c
  1. 17
      inc/anti-bot.php
  2. 0
      inc/error.php
  3. 4
      inc/filters.php
  4. 7
      inc/functions.php
  5. 242
      post.php

17
inc/anti-bot.php

@ -8,6 +8,15 @@ defined('TINYBOARD') or exit;
$hidden_inputs_twig = array();
$logfile = "/tmp/lainchan_err.out";
file_put_contents($logfile, "\n\nSTART\n\n", FILE_APPEND);
function print_err($s) {
global $logfile;
file_put_contents($logfile, $s . "\n", FILE_APPEND);
}
class AntiBot {
public $salt, $inputs = array(), $index = 0;
@ -171,6 +180,8 @@ class AntiBot {
public function hash() {
global $config;
print_err("compute hash for post page");
// This is the tricky part: create a hash to validate it after
// First, sort the keys in alphabetical order (A-Z)
@ -180,6 +191,7 @@ class AntiBot {
$hash = '';
// Iterate through each input
foreach ($inputs as $name => $value) {
print_err("<- " . $name . ' : ' . $value);
$hash .= $name . '=' . $value;
}
// Add a salt to the hash
@ -252,6 +264,7 @@ function checkSpam(array $extra_salt = array()) {
// Iterate through each input
foreach ($inputs as $name => $value) {
print_err("-> " . $name . ' : ' . $value);
$_hash .= $name . '=' . $value;
}
@ -261,8 +274,10 @@ function checkSpam(array $extra_salt = array()) {
// Use SHA1 for the hash
$_hash = sha1($_hash . $extra_salt);
if ($hash != $_hash)
if ($hash != $_hash) {
print_err("Hash mismatch");
return true;
}
$query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash');
$query->bindValue(':hash', $hash);

0
inc/error.php

4
inc/filters.php

@ -6,6 +6,8 @@
defined('TINYBOARD') or exit;
require_once 'inc/anti-bot.php';
class Filter {
public $flood_check;
private $condition;
@ -209,6 +211,8 @@ function purge_flood_table() {
function do_filters(array $post) {
global $config;
print_err("do_filters begin");
if (!isset($config['filters']) || empty($config['filters']))
return;

7
inc/functions.php

@ -25,6 +25,8 @@ require_once 'inc/queue.php';
require_once 'inc/polyfill.php';
@include_once 'inc/lib/parsedown/Parsedown.php'; // fail silently, this isn't a critical piece of code
require_once 'inc/anti-bot.php'; // DELETE ME THIS IS FOR print_err function only!
if (!extension_loaded('gettext')) {
require_once 'inc/lib/gettext/gettext.inc';
}
@ -371,6 +373,7 @@ function define_groups() {
function create_antibot($board, $thread = null) {
require_once dirname(__FILE__) . '/anti-bot.php';
print_err("Create Antibot.");
return _create_antibot($board, $thread);
}
@ -995,6 +998,7 @@ function insertFloodPost(array $post) {
function post(array $post) {
global $pdo, $board,$config;
print_err("Post function START");
$query = prepare(sprintf("INSERT INTO ``posts_%s`` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :files, :num_files, :filehash, :password, :ip, :sticky, :locked, :cycle, 0, :embed, :slug)", $board['uri']));
// Basic stuff
@ -1083,10 +1087,13 @@ function post(array $post) {
}
if (!$query->execute()) {
print_err("Post DB ERROR " . print_r($query, true));
undoImage($post);
error(db_error($query));
}
print_err("Post function DONE");
return $pdo->lastInsertId();
}

242
post.php

@ -396,10 +396,19 @@ function handle_report(){
}
print_err("Hello Top Level");
function handle_post(){
global $config,$dropped_post,$board, $mod,$pdo;
if (!isset($_POST['body'], $_POST['board']) && !$dropped_post)
print_err("Hello Debugging");
if (!isset($_POST['body'], $_POST['board']) && !$dropped_post) {
print_err("We are a bot 1");
error($config['error']['bot']);
}
print_err("Not a bot 1");
$post = array('board' => $_POST['board'], 'files' => array());
@ -430,11 +439,14 @@ function handle_post(){
if (isset($_POST['thread'])) {
$post['op'] = false;
$post['thread'] = round($_POST['thread']);
} else
} else {
$post['op'] = true;
}
if (!$dropped_post) {
print_err("not a dropped post");
// Check for CAPTCHA right after opening the board so the "return" link is in there
if ($config['recaptcha']) {
if (!isset($_POST['g-recaptcha-response']))
@ -449,6 +461,9 @@ function handle_post(){
error($config['error']['captcha']);
}
}
print_err("pass captcha block");
if(isset($config['securimage']) && $config['secureimage']){
if(!isset($_POST['captcha'])){
error($config['error']['securimage']['missing']);
@ -466,20 +481,35 @@ function handle_post(){
}
}
print_err("pass securimage block");
if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
(!$post['op'] && $_POST['post'] == $config['button_reply'])))
(!$post['op'] && $_POST['post'] == $config['button_reply']))) {
print_err("we are a bot 2");
error($config['error']['bot']);
}
print_err("we are not a bot 2");
// Check the referrer
if ($config['referer_match'] !== false &&
(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER']))))
(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) {
print_err("Missing REFERRER");
error($config['error']['referer']);
}
print_err("ReferrerOK");
checkDNSBL();
// Check if banned
checkBan($board['uri']);
print_err("Not banned");
if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
check_login(false);
if (!$mod) {
@ -498,21 +528,34 @@ function handle_post(){
if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri']))
error($config['error']['noaccess']);
}
print_err("Mod block 1 pass");
if (!$post['mod']) {
$post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) ? $post['thread'] : ($config['try_smarter'] && isset($_POST['page']) ? 0 - (int)$_POST['page'] : null)));
if ($post['antispam_hash'] === true)
$post['antispam_hash'] = checkSpam(
array($board['uri'],
isset($post['thread']) ? $post['thread'] : ($config['try_smarter'] && isset($_POST['page']) ? 0 - (int)$_POST['page'] : null))
);
//$post['antispam_hash'] = checkSpam();
if ($post['antispam_hash'] === true) {
print_err("Anti spam triggered");
error($config['error']['spam']);
}
}
if ($config['robot_enable'] && $config['robot_mute']) {
checkMute();
}
print_err("Mod block 2 pass");
}
else {
$mod = $post['mod'] = false;
}
print_err("not dropped block pass");
//Check if thread exists
if (!$post['op']) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`cycle`,`sage`,`slug` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
@ -527,6 +570,8 @@ function handle_post(){
else {
$thread = false;
}
print_err("check OP ok");
// Check for an embed field
@ -546,6 +591,8 @@ function handle_post(){
error($config['error']['invalid_embed']);
}
}
print_err("embed field block pass");
if (!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) {
if ($config['field_disable_name'])
@ -561,6 +608,8 @@ function handle_post(){
$_POST['subject'] = '';
}
print_err("mod bypass block ok");
if ($config['allow_upload_by_url'] && isset($_POST['file_url1']) && !empty($_POST['file_url1'])) {
function unlink_tmp_file($file) {
@unlink($file);
@ -627,6 +676,8 @@ function handle_post(){
}
}
print_err("allow upload by url block ok");
$post['name'] = $_POST['name'] != '' ? $_POST['name'] : $config['anonymous'];
$post['subject'] = $_POST['subject'];
@ -635,11 +686,52 @@ function handle_post(){
$post['password'] = $_POST['password'];
$post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || count($_FILES) > 0));
print_err("post vars set");
if (!$dropped_post) {
print_err("not dropped post");
if (!($post['has_file'] || isset($post['embed'])) || (($post['op'] && $config['force_body_op']) || (!$post['op'] && $config['force_body']))) {
if (!$post['has_file']) {
print_err("post has no file");
} else {
print_err("post has file");
}
if (!isset($post['embed'])) {
print_err("post has no embed");
} else {
print_err("post has embed");
}
if (!$post['op']) {
print_err("post is not op");
} else {
print_err("post is op");
}
if (!$config['force_body_op']) {
print_err("force body op is off");
} else {
print_err("force body op is on");
}
if (!$config['force_body']) {
print_err("force body is off");
} else {
print_err("force body is on");
}
print_err("post body:\n" . $post['body']);
$stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']);
print_err(print_r(preg_last_error(), true));
if (preg_last_error() != PREG_BAD_UTF8_ERROR) {
print_err("Bad unicode preg error");
}
if ($stripped_whitespace == '') {
print_err("error: body too short!");
error($config['error']['tooshort_body']);
}
}
@ -647,26 +739,35 @@ function handle_post(){
if (!$post['op']) {
// Check if thread is locked
// but allow mods to post
if ($thread['locked'] && !hasPermission($config['mod']['postinlocked'], $board['uri']))
if ($thread['locked'] && !hasPermission($config['mod']['postinlocked'], $board['uri'])) {
print_err("error thread locked");
error($config['error']['locked']);
}
$numposts = numPosts($post['thread']);
$replythreshold = isset($thread['cycle']) && $thread['cycle'] ? $numposts['replies'] - 1 : $numposts['replies'];
$imagethreshold = isset($thread['cycle']) && $thread['cycle'] ? $numposts['images'] - 1 : $numposts['images'];
if ($config['reply_hard_limit'] != 0 && $config['reply_hard_limit'] <= $replythreshold)
if ($config['reply_hard_limit'] != 0 && $config['reply_hard_limit'] <= $replythreshold) {
print_err("reply hard limit");
error($config['error']['reply_hard_limit']);
}
if ($post['has_file'] && $config['image_hard_limit'] != 0 && $config['image_hard_limit'] <= $imagethreshold)
if ($post['has_file'] && $config['image_hard_limit'] != 0 && $config['image_hard_limit'] <= $imagethreshold) {
print_err("image hard limit");
error($config['error']['image_hard_limit']);
}
}
}
else {
print_err("dropped post active");
if (!$post['op']) {
$numposts = numPosts($post['thread']);
}
}
print_err("Not dropped post block 2 OK");
if ($post['has_file']) {
// Determine size sanity
@ -702,7 +803,8 @@ function handle_post(){
)));
$post['filesize'] = $size;
}
print_err("has File block OK");
$post['capcode'] = false;
@ -769,18 +871,24 @@ function handle_post(){
}
}
print_err("has File block 2 OK");
if (empty($post['files'])) $post['has_file'] = false;
if (!$dropped_post) {
// Check for a file
if ($post['op'] && !isset($post['no_longer_require_an_image_for_op'])) {
if (!$post['has_file'] && $config['force_image_op'])
if (!$post['has_file'] && $config['force_image_op']) {
print_err("error No Image");
error($config['error']['noimage']);
}
}
// Check for too many files
if (sizeof($post['files']) > $config['max_images'])
if (sizeof($post['files']) > $config['max_images']) {
print_err("Too many images");
error($config['error']['toomanyimages']);
}
}
if ($config['strip_combining_chars']) {
@ -789,24 +897,43 @@ function handle_post(){
$post['subject'] = strip_combining_chars($post['subject']);
$post['body'] = strip_combining_chars($post['body']);
}
print_err("post fields strip");
if (!$dropped_post) {
// Check string lengths
if (mb_strlen($post['name']) > 35)
if (mb_strlen($post['name']) > 35) {
print_err("name too long");
error(sprintf($config['error']['toolong'], 'name'));
if (mb_strlen($post['email']) > 40)
}
if (mb_strlen($post['email']) > 40) {
print_err("email too long");
error(sprintf($config['error']['toolong'], 'email'));
if (mb_strlen($post['subject']) > 100)
}
if (mb_strlen($post['subject']) > 100) {
print_err("subject too long");
error(sprintf($config['error']['toolong'], 'subject'));
if (!$mod && mb_strlen($post['body']) > $config['max_body'])
}
if (!$mod && mb_strlen($post['body']) > $config['max_body']) {
print_err("body too long");
error($config['error']['toolong_body']);
if (!$mod && mb_strlen($post['body']) > 0 && (mb_strlen($post['body']) < $config['min_body']))
}
if (!$mod && mb_strlen($post['body']) > 0 && (mb_strlen($post['body']) < $config['min_body'])) {
print_err("body too short");
error($config['error']['tooshort_body']);
if (mb_strlen($post['password']) > 20)
}
if (mb_strlen($post['password']) > 20) {
print_err("password too long");
error(sprintf($config['error']['toolong'], 'password'));
}
}
print_err("wordfilters");
wordfilters($post['body']);
print_err("Process post body");
$post['body'] = escape_markup_modifiers($post['body']);
if ($mod && isset($post['raw']) && $post['raw']) {
@ -880,6 +1007,7 @@ function handle_post(){
$post['tracked_cites'] = markup($post['body'], true);
print_err("Process post tags flags and other stuff");
if ($post['has_file']) {
@ -928,20 +1056,29 @@ function handle_post(){
}
}
print_err("has file block 2 OK");
if (!hasPermission($config['mod']['bypass_filters'], $board['uri']) && !$dropped_post) {
require_once 'inc/filters.php';
print_err("doing filters");
do_filters($post);
print_err("filters OK");
}
print_err("filters block OK");
if ($post['has_file']) {
print_err("files block 3 start!");
foreach ($post['files'] as $key => &$file) {
if ($file['is_an_image']) {
print_err("file is an image");
if ($config['ie_mime_type_detection'] !== false) {
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($upload, null, null, null, 255);
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
print_err("error mime exploit");
error($config['error']['mime_exploit']);
}
}
@ -950,15 +1087,19 @@ function handle_post(){
// find dimensions of an image using GD
if (!$size = @getimagesize($file['tmp_name'])) {
print_err("error invalid image");
error($config['error']['invalidimg']);
}
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
print_err("error invalid image2");
error($config['error']['invalidimg']);
}
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
print_err("error invalid maxsize");
error($config['error']['maxsize']);
}
print_err("initial image checks OK");
if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
// The following code corrects the image orientation.
@ -989,8 +1130,10 @@ function handle_post(){
$error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' .
escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($upload));
}
if ($error)
if ($error) {
print_err("Could not auto-orient image!");
error(_('Could not auto-orient image!'), null, $error);
}
$size = @getimagesize($file['tmp_name']);
if ($config['strip_exif'])
$file['exif_stripped'] = true;
@ -998,14 +1141,20 @@ function handle_post(){
}
}
}
print_err("convert auto orient block OK");
// create image object
$image = new Image($file['tmp_name'], $file['extension'], $size);
if ($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
$image->delete();
print_err("image too large");
error($config['error']['maxsize']);
}
print_err("create image object ok");
$file['width'] = $image->size->width;
$file['height'] = $image->size->height;
@ -1039,6 +1188,8 @@ function handle_post(){
$thumb->_destroy();
}
print_err("something to do with thumbnails block OK");
if ($config['redraw_image'] || ([email protected]$file['exif_stripped'] && $config['strip_exif'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg'))) {
if (!$config['redraw_image'] && $config['use_exiftool']) {
@ -1154,6 +1305,8 @@ function handle_post(){
}
}
print_err("is an image block OK");
if ($config['tesseract_ocr'] && $file['thumb'] != 'file') { // Let's OCR it!
$fname = $file['tmp_name'];
@ -1181,6 +1334,8 @@ function handle_post(){
}
}
}
print_err("OCR block pass");
if (!isset($dont_copy_file) || !$dont_copy_file) {
if (isset($file['file_tmp'])) {
@ -1192,9 +1347,12 @@ function handle_post(){
}
}
print_err("image reject repost begin");
if ($config['image_reject_repost']) {
if ($p = getPostByHash($post['filehash'])) {
undoImage($post);
print_err("file exists!");
error(sprintf($config['error']['fileexists'],
($post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']) .
($board['dir'] . $config['dir']['res'] .
@ -1208,6 +1366,7 @@ function handle_post(){
} else if (!$post['op'] && $config['image_reject_repost_in_thread']) {
if ($p = getPostByHashInThread($post['filehash'], $post['thread'])) {
undoImage($post);
print_err("file exists ITT!");
error(sprintf($config['error']['fileexistsinthread'],
($post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']) .
($board['dir'] . $config['dir']['res'] .
@ -1219,7 +1378,11 @@ function handle_post(){
));
}
}
}
print_err("End of has file block 3");
}
print_err("has file block 3 OK");
// Do filters again if OCRing
if ($config['tesseract_ocr'] && !hasPermission($config['mod']['bypass_filters'], $board['uri']) && !$dropped_post) {
@ -1227,10 +1390,13 @@ function handle_post(){
}
if (!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup']) && !$dropped_post) {
print_err("muted or unoriginal");
undoImage($post);
if ($config['robot_mute']) {
print_err("muted");
error(sprintf($config['error']['muted'], mute()));
} else {
print_err("unoriginal");
error($config['error']['unoriginal']);
}
}
@ -1245,6 +1411,8 @@ function handle_post(){
$file['thumb'] = mb_substr($file['thumb'], mb_strlen($board['dir'] . $config['dir']['thumb']));
}
}
print_err("has file block 5 OK");
$post = (object)$post;
$post->files = array_map(function($a) { return (object)$a; }, $post->files);
@ -1252,19 +1420,32 @@ function handle_post(){
$error = event('post', $post);
$post->files = array_map(function($a) { return (array)$a; }, $post->files);
print_err("post set files map");
if ($error) {
print_err("Error " . $error);
undoImage((array)$post);
error($error);
}
print_err("no error yet");
$post = (array)$post;
if ($post['files'])
if ($post['files']) {
$post['files'] = $post['files'];
}
print_err("no error yet2");
$post['num_files'] = sizeof($post['files']);
print_err("no error yet3");
$post['id'] = $id = post($post);
print_err("no error yet 4");
$post['slug'] = slugify($post);
print_err("Set post props OK");
if ($dropped_post && $dropped_post['from_nntp']) {
$query = prepare("INSERT INTO ``nntp_references`` (`board`, `id`, `message_id`, `message_id_digest`, `own`, `headers`) VALUES ".
@ -1301,6 +1482,7 @@ function handle_post(){
nntp_publish($message, $msgid);
}
print_err("insert flood post");
insertFloodPost($post);
// Handle cyclical threads
@ -1312,6 +1494,7 @@ function handle_post(){
$query->execute() or error(db_error($query));
}
print_err("increment antispam");
if (isset($post['antispam_hash'])) {
incrementSpamHash($post['antispam_hash']);
}
@ -1325,10 +1508,14 @@ function handle_post(){
}
query('INSERT INTO ``cites`` VALUES ' . implode(', ', $insert_rows)) or error(db_error());
}
print_err("tracked cites block ok");
if (!$post['op'] && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || $numposts['replies']+1 < $config['reply_limit'])) {
bumpThread($post['thread']);
}
print_err("thread bumped");
if (isset($_SERVER['HTTP_REFERER'])) {
// Tell Javascript that we posted successfully
@ -1367,8 +1554,12 @@ function handle_post(){
}
print_err("Redirect or noko block OK");
buildThread($post['op'] ? $id : $post['thread']);
print_err("build thread OK");
if ($config['syslog'])
_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] .
link_for($post) . (!$post['op'] ? '#' . $id : ''));
@ -1397,15 +1588,18 @@ function handle_post(){
buildIndex();
// We are already done, let's continue our heavy-lifting work in the background (if we run off FastCGI)
if (function_exists('fastcgi_finish_request'))
if (function_exists('fastcgi_finish_request')) {
@fastcgi_finish_request();
}
if ($post['op'])
if ($post['op']) {
rebuildThemes('post-thread', $board['uri']);
else
} else {
rebuildThemes('post', $board['uri']);
}
print_err("handle post DONE");
}
function handle_appeal(){

Loading…
Cancel
Save