From 55dc5cedc338f56268d8e302cdc52e97206543de Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Sat, 7 Sep 2013 12:50:32 +1000 Subject: [PATCH] Steal make_comment_hex() from plainib --- inc/filters.php | 6 +++--- inc/functions.php | 22 +++++++++++++++++++++- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/inc/filters.php b/inc/filters.php index 212118bf..27b167ea 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -39,7 +39,7 @@ class Filter { continue 3; break; case 'body': - if ($flood_post['posthash'] != md5($post['body_nomarkup'])) + if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup'])) continue 3; break; case 'file': @@ -216,12 +216,12 @@ function do_filters(array $post) { if ($post['has_file']) { $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':posthash', md5($post['body_nomarkup'])); + $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); $query->bindValue(':filehash', $post['filehash']); } else { $query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); - $query->bindValue(':posthash', md5($post['body_nomarkup'])); + $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); } $query->execute() or error(db_error($query)); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC); diff --git a/inc/functions.php b/inc/functions.php index df3a4eeb..ba1b04c8 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -763,7 +763,7 @@ function insertFloodPost(array $post) { $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board['uri']); $query->bindValue(':time', time()); - $query->bindValue(':posthash', md5($post['body_nomarkup'])); + $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); if ($post['has_file']) $query->bindValue(':filehash', $post['filehash']); else @@ -1191,6 +1191,26 @@ function getPages($mod=false) { return $pages; } +// Stolen with permission from PlainIB (by Frank Usrs) +function make_comment_hex($str) { + // remove cross-board citations + // the numbers don't matter + $str = preg_replace('!>>>/[A-Za-z0-9]+/!', '', $str); + + if (function_exists('iconv')) { + // remove diacritics and other noise + // FIXME: this removes cyrillic entirely + $str = iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $str); + } + + $str = strtolower($str); + + // strip all non-alphabet characters + $str = preg_replace('/[^a-z]/', '', $str); + + return md5($str); +} + function makerobot($body) { global $config; $body = strtolower($body);