From 010b0620df68fc7785c33f69595f5d47a82d5957 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 30 Nov 2014 13:07:42 +0000 Subject: [PATCH 1/2] add a user flag for bypassing comment checks --- core/userclass.class.php | 2 ++ ext/comment/main.php | 39 +++++++++++++++++++++++---------------- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/core/userclass.class.php b/core/userclass.class.php index e1e5ab2d..05cd96cd 100644 --- a/core/userclass.class.php +++ b/core/userclass.class.php @@ -97,6 +97,7 @@ new UserClass("base", null, array( "create_comment" => False, "delete_comment" => False, + "bypass_comment_checks" => False, # spam etc "replace_image" => False, "create_image" => False, @@ -163,6 +164,7 @@ new UserClass("admin", "base", array( "ban_image" => True, "create_comment" => True, "delete_comment" => True, + "bypass_comment_checks" => True, "replace_image" => True, "manage_extension_list" => True, "manage_alias_list" => True, diff --git a/ext/comment/main.php b/ext/comment/main.php index e8cd8804..70c7712a 100644 --- a/ext/comment/main.php +++ b/ext/comment/main.php @@ -564,6 +564,29 @@ class CommentList extends Extension { private function add_comment_wrapper(/*int*/ $image_id, User $user, /*string*/ $comment) { global $database, $config; + if(!$user->can("bypass_comment_checks")) { + // will raise an exception if anything is wrong + $this->comment_checks($image_id, $user, $comment); + } + + // all checks passed + if($user->is_anonymous()) { + set_prefixed_cookie("nocache", "Anonymous Commenter", time()+60*60*24, "/"); + } + $database->Execute( + "INSERT INTO comments(image_id, owner_id, owner_ip, posted, comment) ". + "VALUES(:image_id, :user_id, :remote_addr, now(), :comment)", + array("image_id"=>$image_id, "user_id"=>$user->id, "remote_addr"=>$_SERVER['REMOTE_ADDR'], "comment"=>$comment)); + $cid = $database->get_last_insert_id('comments_id_seq'); + $snippet = substr($comment, 0, 100); + $snippet = str_replace("\n", " ", $snippet); + $snippet = str_replace("\r", " ", $snippet); + log_info("comment", "Comment #$cid added to Image #$image_id: $snippet", false, array("image_id"=>$image_id, "comment_id"=>$cid)); + } + + private function comment_checks(/*int*/ $image_id, User $user, /*string*/ $comment) { + global $config; + // basic sanity checks if(!$user->can("create_comment")) { throw new CommentPostingException("Anonymous posting has been disabled"); @@ -604,22 +627,6 @@ class CommentList extends Extension { else if($user->is_anonymous() && $this->is_spam_akismet($comment)) { throw new CommentPostingException("Akismet thinks that your comment is spam. Try rewriting the comment, or logging in."); } - - // all checks passed - else { - if($user->is_anonymous()) { - set_prefixed_cookie("nocache", "Anonymous Commenter", time()+60*60*24, "/"); - } - $database->Execute( - "INSERT INTO comments(image_id, owner_id, owner_ip, posted, comment) ". - "VALUES(:image_id, :user_id, :remote_addr, now(), :comment)", - array("image_id"=>$image_id, "user_id"=>$user->id, "remote_addr"=>$_SERVER['REMOTE_ADDR'], "comment"=>$comment)); - $cid = $database->get_last_insert_id('comments_id_seq'); - $snippet = substr($comment, 0, 100); - $snippet = str_replace("\n", " ", $snippet); - $snippet = str_replace("\r", " ", $snippet); - log_info("comment", "Comment #$cid added to Image #$image_id: $snippet", false, array("image_id"=>$image_id, "comment_id"=>$cid)); - } } // }}} } From 8511399076eb0e39874234bb5ef8a8368835d8d3 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 30 Nov 2014 13:11:01 +0000 Subject: [PATCH 2/2] bypass ban_words too --- ext/ban_words/main.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/ban_words/main.php b/ext/ban_words/main.php index 6d4ee986..c9256a58 100644 --- a/ext/ban_words/main.php +++ b/ext/ban_words/main.php @@ -54,7 +54,9 @@ xanax } public function onCommentPosting(CommentPostingEvent $event) { - $this->test_text($event->comment, new CommentPostingException("Comment contains banned terms")); + if(!$user->can("bypass_comment_checks")) { + $this->test_text($event->comment, new CommentPostingException("Comment contains banned terms")); + } } public function onSourceSet(SourceSetEvent $event) {