source ip and time check on anon comments, and rearrange to have heavier checks later in the process
This commit is contained in:
Shish
parent
fa94f51a61
commit
9908a617b3
@ -284,6 +284,21 @@ class CommentList implements Extension {
|
|||||||
return ($recent_comments >= $max);
|
return ($recent_comments >= $max);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function hash_match() {
|
||||||
|
return ($_POST['hash'] == $this->get_hash());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* get a hash which semi-uniquely identifies a submission form,
|
||||||
|
* to stop spam bots which download the form once then submit
|
||||||
|
* many times.
|
||||||
|
*
|
||||||
|
* FIXME: assumes comments are posted via HTTP...
|
||||||
|
*/
|
||||||
|
public function get_hash() {
|
||||||
|
return md5($_SERVER['REMOTE_ADDR'] . date("%Y%m%d"));
|
||||||
|
}
|
||||||
|
|
||||||
private function is_spam($text) {
|
private function is_spam($text) {
|
||||||
global $user;
|
global $user;
|
||||||
global $config;
|
global $config;
|
||||||
@ -329,6 +344,7 @@ class CommentList implements Extension {
|
|||||||
global $database;
|
global $database;
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
|
// basic sanity checks
|
||||||
if(!$config->get_bool('comment_anon') && $user->is_anonymous()) {
|
if(!$config->get_bool('comment_anon') && $user->is_anonymous()) {
|
||||||
$event->veto("Anonymous posting has been disabled");
|
$event->veto("Anonymous posting has been disabled");
|
||||||
}
|
}
|
||||||
@ -338,21 +354,32 @@ class CommentList implements Extension {
|
|||||||
else if(trim($comment) == "") {
|
else if(trim($comment) == "") {
|
||||||
$event->veto("Comments need text...");
|
$event->veto("Comments need text...");
|
||||||
}
|
}
|
||||||
|
else if(strlen($comment) > 9000) {
|
||||||
|
$event->veto("Comment too long~");
|
||||||
|
}
|
||||||
|
|
||||||
|
// advanced sanity checks
|
||||||
|
else if(strlen($comment)/strlen(gzcompress($comment)) > 10) {
|
||||||
|
$event->veto("Comment too repetitive~");
|
||||||
|
}
|
||||||
|
else if($user->is_anonymous() && !$this->hash_match()) {
|
||||||
|
$event->veto("Comment submission form is out of date; refresh the comment form to show you aren't a spammer~");
|
||||||
|
}
|
||||||
|
|
||||||
|
// database-querying checks
|
||||||
else if($this->is_comment_limit_hit()) {
|
else if($this->is_comment_limit_hit()) {
|
||||||
$event->veto("You've posted several comments recently; wait a minute and try again...");
|
$event->veto("You've posted several comments recently; wait a minute and try again...");
|
||||||
}
|
}
|
||||||
else if($this->is_dupe($image_id, $comment)) {
|
else if($this->is_dupe($image_id, $comment)) {
|
||||||
$event->veto("Someone already made that comment on that image -- try and be more original?");
|
$event->veto("Someone already made that comment on that image -- try and be more original?");
|
||||||
}
|
}
|
||||||
else if(strlen($comment) > 9000) {
|
|
||||||
$event->veto("Comment too long~");
|
// rate-limited external service checks last
|
||||||
}
|
|
||||||
else if(strlen($comment)/strlen(gzcompress($comment)) > 10) {
|
|
||||||
$event->veto("Comment too repetitive~");
|
|
||||||
}
|
|
||||||
else if($user->is_anonymous() && $this->is_spam($comment)) {
|
else if($user->is_anonymous() && $this->is_spam($comment)) {
|
||||||
$event->veto("Akismet thinks that your comment is spam. Try rewriting the comment, or logging in.");
|
$event->veto("Akismet thinks that your comment is spam. Try rewriting the comment, or logging in.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// all checks passed
|
||||||
else {
|
else {
|
||||||
$database->Execute(
|
$database->Execute(
|
||||||
"INSERT INTO comments(image_id, owner_id, owner_ip, posted, comment) ".
|
"INSERT INTO comments(image_id, owner_id, owner_ip, posted, comment) ".
|
||||||
|
|||||||
@ -113,9 +113,11 @@ class CommentListTheme extends Themelet {
|
|||||||
|
|
||||||
protected function build_postbox($image_id) {
|
protected function build_postbox($image_id) {
|
||||||
$i_image_id = int_escape($image_id);
|
$i_image_id = int_escape($image_id);
|
||||||
|
$hash = CommentList::get_hash();
|
||||||
return "
|
return "
|
||||||
<form action='".make_link("comment/add")."' method='POST'>
|
<form action='".make_link("comment/add")."' method='POST'>
|
||||||
<input type='hidden' name='image_id' value='$i_image_id' />
|
<input type='hidden' name='image_id' value='$i_image_id' />
|
||||||
|
<input type='hidden' name='hash' value='$hash' />
|
||||||
<textarea name='comment' rows='5' cols='50'></textarea>
|
<textarea name='comment' rows='5' cols='50'></textarea>
|
||||||
<br><input type='submit' value='Post' />
|
<br><input type='submit' value='Post' />
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user