From 4ea237589a1e17ef0dfd405977fa24fa4d8ad7ab Mon Sep 17 00:00:00 2001 From: David Anderson Date: Mon, 27 Nov 2017 14:12:31 -0800 Subject: [PATCH] web: add option for limiting # of links per post One form of spam involves putting lots of links in a post. This lets you limit it by setting POST_MAX_LINKS in project.inc. Limit doesn't apply to moderators. --- html/inc/forum.inc | 23 +++++++++++++++++++++++ html/inc/util.inc | 3 +++ html/user/forum_edit.php | 6 ++++++ html/user/forum_post.php | 6 +++++- 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/html/inc/forum.inc b/html/inc/forum.inc index d4e644bdf2..6200687edb 100644 --- a/html/inc/forum.inc +++ b/html/inc/forum.inc @@ -113,6 +113,17 @@ $special_user_bitfield[S_VOLUNTEER_TESTER] = tra("Volunteer tester"); $special_user_bitfield[S_SCIENTIST] = tra("Project scientist"); $special_user_bitfield[S_HELP_DESK_EXPERT] = tra("Help desk expert"); +function link_count($x) { + $n = 0; + while (1) { + $x = strstr($x, "[url"); + if (!$x) break; + $n++; + $x = substr($x, 4); + } + return $n; +} + // show a banner with search form on left and PM info on right // function show_forum_header($user) { @@ -865,6 +876,12 @@ function notify_subscribers($thread, $user) { // Don't do these things directly - use these functions // function create_post($content, $parent_id, $user, $forum, $thread, $signature) { + if (POST_MAX_LINKS + && link_count($content) > POST_MAX_LINKS + && !is_moderator($user, $forum) + ) { + return 0; + } $content = substr($content, 0, 64000); $content = BoincDb::escape_string($content); $now = time(); @@ -900,6 +917,12 @@ function update_forum_timestamp($forum) { } function create_thread($title, $content, $user, $forum, $signature, $export) { + if (POST_MAX_LINKS + && link_count($content) > POST_MAX_LINKS + && !is_moderator($user, $forum) + ) { + return 0; + } $title = trim($title); $title = sanitize_tags($title); $title = BoincDb::escape_string($title); diff --git a/html/inc/util.inc b/html/inc/util.inc index d93baa9ae2..6a07d7c366 100644 --- a/html/inc/util.inc +++ b/html/inc/util.inc @@ -94,6 +94,9 @@ if (!defined('NO_GLOBAL_PREFS')) { if (!defined('USER_HOME')) { define('USER_HOME', 'home.php'); } +if (!defined('POST_MAX_LINKS')) { + define('POST_MAX_LINKS', 0); +} // sleep this long on any login failure // (slow the rate of hacker attacks) diff --git a/html/user/forum_edit.php b/html/user/forum_edit.php index c259c202da..ff1fd347ea 100644 --- a/html/user/forum_edit.php +++ b/html/user/forum_edit.php @@ -60,6 +60,12 @@ $title = post_str("title", true); $preview = post_str("preview", true); if (post_str('submit',true) && (!$preview)) { + if (POST_MAX_LINKS + && link_count($content) > POST_MAX_LINKS + && !is_moderator($logged_in_user, $forum) + ) { + error_page("Can't update post"); + } check_tokens($logged_in_user->authenticator); $add_signature = (post_str('add_signature', true) == "1")?1:0; diff --git a/html/user/forum_post.php b/html/user/forum_post.php index b94dea154c..6f748e7f65 100644 --- a/html/user/forum_post.php +++ b/html/user/forum_post.php @@ -67,7 +67,11 @@ if ($content && $title && (!$preview)){ $thread = create_thread( $title, $content, $logged_in_user, $forum, $add_signature, $export ); - header('Location: forum_thread.php?id=' . $thread->id); + if ($thread) { + header('Location: forum_thread.php?id=' . $thread->id); + } else { + error_page("Can't create thread"); + } } }