leftypol
/
leftypol
4
5
Fork 2
Code Issues 54 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Referer checking; more descriptive error message

pull/40/head
Savetheinternet 13 years ago
parent
55743a7705
commit
67b954924b
3 changed files with 12 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      inc/config.php
  2. 18
      inc/functions.php
  3. 5
      post.php

3
inc/config.php
View File

@ -132,10 +132,11 @@
// For development purposes. Turns 'display_errors' on. Not recommended for production.
$config['verbose_errors'] = true;
// Error messages
$config['error']['lurk'] = 'Lurk some more before posting.';
$config['error']['bot'] = 'You look like a bot.';
$config['error']['referer'] = 'Your browser sent an invalid or no HTTP referer.';
$config['error']['toolong'] = 'The %s field was too long.';
$config['error']['toolong_body'] = 'The body was too long.';
$config['error']['tooshort_body'] = 'The body was too short or empty.';

18
inc/functions.php
View File

@ -31,23 +31,21 @@
if(!isset($config['post_url']))
$config['post_url'] = $config['root'] . $config['file_post'];
if(!isset($config['url_match']))
$config['url_match'] = '/^' .
if(!isset($config['referer_match']))
$config['referer_match'] = '/^' .
(preg_match($config['url_regex'], $config['root']) ? '' :
(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http') .
':\/\/'.$_SERVER['HTTP_HOST']) .
preg_quote($config['root'], '/') .
'(' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
'(' . preg_quote($config['file_index'], '/') . ')?' .
'|' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
preg_quote($config['file_index'], '/') .
'|' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
preg_quote($config['dir']['res'], '/') .
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
'|' .
preg_quote($config['file_mod'], '/') .
'\?\/.+' .
preg_quote($config['file_mod'], '/') . '\?\/.+' .
')$/i';
if(!isset($config['cookies']['path']))
@ -240,7 +238,7 @@
function purge($uri) {
global $config, $debug;
if(preg_match($config['url_match'], $config['root'])) {
if(preg_match($config['referer_match'], $config['root'])) {
$uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri;
} else {
$uri = $config['root'] . $uri;

5
post.php
View File

@ -151,9 +151,8 @@
error($config['error']['bot']);
// Check the referrer
if($OP) {
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['url_match'], $_SERVER['HTTP_REFERER'])) error($config['error']['bot']);
}
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
error($config['error']['referer']);
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
// Find another anti-spam method.

Write Preview
Loading…
Cancel
Save