diff --git a/CHANGELOG b/CHANGELOG
index 8234167..281f254 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,6 @@
Properly escape some parameters
Add caching hack for aggressively caching browsers (e.g. links)
+Improve invalid filter handling + allow new line match with \n
Version 1.16.3 - Apr. 14, 2016
Fix warning on redirection of links without a scheme
diff --git a/chat.php b/chat.php
index 382519e..87b56d8 100644
--- a/chat.php
+++ b/chat.php
@@ -183,11 +183,9 @@ if(!isSet($_REQUEST['action'])){
update_setting('guestaccess', $_REQUEST['guestaccess']);
}
}elseif($_REQUEST['do']==='filter'){
- manage_filter();
- send_filter();
+ send_filter(manage_filter());
}elseif($_REQUEST['do']==='linkfilter'){
- manage_linkfilter();
- send_linkfilter();
+ send_linkfilter(manage_linkfilter());
}elseif($_REQUEST['do']==='topic'){
if(isSet($_REQUEST['topic'])){
update_setting('topic', htmlspecialchars($_REQUEST['topic']));
@@ -1057,18 +1055,30 @@ function send_sessions(){
print_end();
}
+function check_filter_match(&$reg){
+ global $I;
+ $_REQUEST['match']=htmlspecialchars($_REQUEST['match']);
+ if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){
+ $_REQUEST['match']=preg_replace('~(^|[^\\\\])/~', "$1\/", $_REQUEST['match']); // Escape "/" if not yet escaped
+ if(@preg_match("/$_REQUEST[match]/", '')===false){
+ return "$I[incorregex]
$I[prevmatch]: $_REQUEST[match]";
+ }
+ $reg=1;
+ }else{
+ $_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
+ $reg=0;
+ }
+ if(strlen($_REQUEST['match'])>255){
+ return "$I[matchtoolong]
$I[prevmatch]: $_REQUEST[match]";
+ }
+ return false;
+}
+
function manage_filter(){
- global $I, $db, $memcached;
+ global $db, $memcached;
if(isSet($_REQUEST['id'])){
- $_REQUEST['match']=htmlspecialchars($_REQUEST['match']);
- if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){
- if(@preg_match("/$_REQUEST[match]/", '')===false){
- send_filter($I['incorregex']);
- }
- $reg=1;
- }else{
- $_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
- $reg=0;
+ if($tmp=check_filter_match($reg)){
+ return $tmp;
}
if(isSet($_REQUEST['allowinpm']) && $_REQUEST['allowinpm']==1){
$pm=1;
@@ -1105,17 +1115,10 @@ function manage_filter(){
}
function manage_linkfilter(){
- global $I, $db, $memcached;
+ global $db, $memcached;
if(isSet($_REQUEST['id'])){
- $_REQUEST['match']=htmlspecialchars($_REQUEST['match']);
- if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){
- if(@preg_match("/$_REQUEST[match]/", '')===false){
- send_linkfilter($I['incorregex']);
- }
- $reg=1;
- }else{
- $_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
- $reg=0;
+ if($tmp=check_filter_match($reg)){
+ return $tmp;
}
if(preg_match('/^[0-9]*$/', $_REQUEST['id'])){
if(empty($_REQUEST['match'])){
@@ -2690,6 +2693,7 @@ function apply_filter(){
}
return "$matched[0]";
}, $U['message']);
+ $U['message']=str_replace('
', "\n", $U['message']);
$filters=get_filters();
foreach($filters as $filter){
if($U['poststatus']!==9){
@@ -2702,6 +2706,7 @@ function apply_filter(){
send_error("$I[kicked]");
}
}
+ $U['message']=str_replace("\n", '
', $U['message']);
}
function apply_linkfilter(){
diff --git a/lang_de.php b/lang_de.php
index d9f036d..f3f6347 100644
--- a/lang_de.php
+++ b/lang_de.php
@@ -328,6 +328,8 @@ $T=array(
'guestreg' => 'Gäste sich selbst registrieren lassen',
'asmember' => 'Als Mitglied',
'assuguest' => 'Als Anwerber',
- 'fatalerror' => 'Fataler Fehler'
+ 'fatalerror' => 'Fataler Fehler',
+ 'prevmatch' => 'Ihr regex war folgender',
+ 'matchtoolong' => 'Ihr Match war zu lang. Sie können max. 255 Zeichen benutzen. Versuchen Sie diesen aufzuteilen.'
);
?>
diff --git a/lang_en.php b/lang_en.php
index d370306..976fb75 100644
--- a/lang_en.php
+++ b/lang_en.php
@@ -328,6 +328,8 @@ $I=array(
'guestreg' => 'Let guests register themselves',
'asmember' => 'As member',
'assuguest' => 'As applicant',
- 'fatalerror' => 'Fatal error'
+ 'fatalerror' => 'Fatal error',
+ 'prevmatch' => 'Your match was as follows',
+ 'matchtoolong' => 'Your match was too long. You can use max. 255 characters. Try splitting it up.'
);
?>