From 30d460b91ef55adae3d77610c4081d20683d2537 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <d@winzen4.de>
Date: Fri, 15 Apr 2016 12:10:29 +0200
Subject: [PATCH] Improve invalid filter handling + allow new line match with
 \n

---
 CHANGELOG   |  1 +
 chat.php    | 53 +++++++++++++++++++++++++++++------------------------
 lang_de.php |  4 +++-
 lang_en.php |  4 +++-
 4 files changed, 36 insertions(+), 26 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8234167..281f254 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,6 @@
 Properly escape some parameters
 Add caching hack for aggressively caching browsers (e.g. links)
+Improve invalid filter handling + allow new line match with \n
 
 Version 1.16.3 - Apr. 14, 2016
 Fix warning on redirection of links without a scheme
diff --git a/chat.php b/chat.php
index 382519e..87b56d8 100644
--- a/chat.php
+++ b/chat.php
@@ -183,11 +183,9 @@ if(!isSet($_REQUEST['action'])){
 			update_setting('guestaccess', $_REQUEST['guestaccess']);
 		}
 	}elseif($_REQUEST['do']==='filter'){
-		manage_filter();
-		send_filter();
+		send_filter(manage_filter());
 	}elseif($_REQUEST['do']==='linkfilter'){
-		manage_linkfilter();
-		send_linkfilter();
+		send_linkfilter(manage_linkfilter());
 	}elseif($_REQUEST['do']==='topic'){
 		if(isSet($_REQUEST['topic'])){
 			update_setting('topic', htmlspecialchars($_REQUEST['topic']));
@@ -1057,18 +1055,30 @@ function send_sessions(){
 	print_end();
 }
 
+function check_filter_match(&$reg){
+	global $I;
+	$_REQUEST['match']=htmlspecialchars($_REQUEST['match']);
+	if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){
+		$_REQUEST['match']=preg_replace('~(^|[^\\\\])/~', "$1\/", $_REQUEST['match']); // Escape "/" if not yet escaped
+		if(@preg_match("/$_REQUEST[match]/", '')===false){
+			return "$I[incorregex]<br>$I[prevmatch]: $_REQUEST[match]";
+		}
+		$reg=1;
+	}else{
+		$_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
+		$reg=0;
+	}
+	if(strlen($_REQUEST['match'])>255){
+		return "$I[matchtoolong]<br>$I[prevmatch]: $_REQUEST[match]";
+	}
+	return false;
+}
+
 function manage_filter(){
-	global $I, $db, $memcached;
+	global $db, $memcached;
 	if(isSet($_REQUEST['id'])){
-		$_REQUEST['match']=htmlspecialchars($_REQUEST['match']);
-		if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){
-			if(@preg_match("/$_REQUEST[match]/", '')===false){
-				send_filter($I['incorregex']);
-			}
-			$reg=1;
-		}else{
-			$_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
-			$reg=0;
+		if($tmp=check_filter_match($reg)){
+			return $tmp;
 		}
 		if(isSet($_REQUEST['allowinpm']) && $_REQUEST['allowinpm']==1){
 			$pm=1;
@@ -1105,17 +1115,10 @@ function manage_filter(){
 }
 
 function manage_linkfilter(){
-	global $I, $db, $memcached;
+	global $db, $memcached;
 	if(isSet($_REQUEST['id'])){
-		$_REQUEST['match']=htmlspecialchars($_REQUEST['match']);
-		if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){
-			if(@preg_match("/$_REQUEST[match]/", '')===false){
-				send_linkfilter($I['incorregex']);
-			}
-			$reg=1;
-		}else{
-			$_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
-			$reg=0;
+		if($tmp=check_filter_match($reg)){
+			return $tmp;
 		}
 		if(preg_match('/^[0-9]*$/', $_REQUEST['id'])){
 			if(empty($_REQUEST['match'])){
@@ -2690,6 +2693,7 @@ function apply_filter(){
 		}
 		return "$matched[0]";
 	}, $U['message']);
+	$U['message']=str_replace('<br>', "\n", $U['message']);
 	$filters=get_filters();
 	foreach($filters as $filter){
 		if($U['poststatus']!==9){
@@ -2702,6 +2706,7 @@ function apply_filter(){
 			send_error("$I[kicked]");
 		}
 	}
+	$U['message']=str_replace("\n", '<br>', $U['message']);
 }
 
 function apply_linkfilter(){
diff --git a/lang_de.php b/lang_de.php
index d9f036d..f3f6347 100644
--- a/lang_de.php
+++ b/lang_de.php
@@ -328,6 +328,8 @@ $T=array(
 	'guestreg' => 'Gäste sich selbst registrieren lassen',
 	'asmember' => 'Als Mitglied',
 	'assuguest' => 'Als Anwerber',
-	'fatalerror' => 'Fataler Fehler'
+	'fatalerror' => 'Fataler Fehler',
+	'prevmatch' => 'Ihr regex war folgender',
+	'matchtoolong' => 'Ihr Match war zu lang. Sie können max. 255 Zeichen benutzen. Versuchen Sie diesen aufzuteilen.'
 );
 ?>
diff --git a/lang_en.php b/lang_en.php
index d370306..976fb75 100644
--- a/lang_en.php
+++ b/lang_en.php
@@ -328,6 +328,8 @@ $I=array(
 	'guestreg' => 'Let guests register themselves',
 	'asmember' => 'As member',
 	'assuguest' => 'As applicant',
-	'fatalerror' => 'Fatal error'
+	'fatalerror' => 'Fatal error',
+	'prevmatch' => 'Your match was as follows',
+	'matchtoolong' => 'Your match was too long. You can use max. 255 characters. Try splitting it up.'
 );
 ?>