danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve invalid filter handling + allow new line match with \n

Browse Source
This commit is contained in:
Daniel Winzen
2016-04-15 12:10:29 +02:00
parent ea24d7ae5b
commit 30d460b91e
4 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -1,5 +1,6 @@
Properly escape some parameters Properly escape some parameters
Add caching hack for aggressively caching browsers (e.g. links) Add caching hack for aggressively caching browsers (e.g. links)
Improve invalid filter handling + allow new line match with \n
Version 1.16.3 - Apr. 14, 2016 Version 1.16.3 - Apr. 14, 2016
Fix warning on redirection of links without a scheme Fix warning on redirection of links without a scheme

53
chat.php
View File

@ -183,11 +183,9 @@ if(!isSet($_REQUEST['action'])){
update_setting('guestaccess', $_REQUEST['guestaccess']); update_setting('guestaccess', $_REQUEST['guestaccess']);
} }
}elseif($_REQUEST['do']==='filter'){ }elseif($_REQUEST['do']==='filter'){
manage_filter(); send_filter(manage_filter());
send_filter();
}elseif($_REQUEST['do']==='linkfilter'){ }elseif($_REQUEST['do']==='linkfilter'){
manage_linkfilter(); send_linkfilter(manage_linkfilter());
send_linkfilter();
}elseif($_REQUEST['do']==='topic'){ }elseif($_REQUEST['do']==='topic'){
if(isSet($_REQUEST['topic'])){ if(isSet($_REQUEST['topic'])){
update_setting('topic', htmlspecialchars($_REQUEST['topic'])); update_setting('topic', htmlspecialchars($_REQUEST['topic']));
@ -1057,18 +1055,30 @@ function send_sessions(){
print_end(); print_end();
} }
function check_filter_match(&$reg){
global $I;
$_REQUEST['match']=htmlspecialchars($_REQUEST['match']);
if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){
$_REQUEST['match']=preg_replace('~(^|[^\\\\])/~', "$1\/", $_REQUEST['match']); // Escape "/" if not yet escaped
if(@preg_match("/$_REQUEST[match]/", '')===false){
return "$I[incorregex]<br>$I[prevmatch]: $_REQUEST[match]";
}
$reg=1;
}else{
$_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
$reg=0;
}
if(strlen($_REQUEST['match'])>255){
return "$I[matchtoolong]<br>$I[prevmatch]: $_REQUEST[match]";
}
return false;
}
function manage_filter(){ function manage_filter(){
global $I, $db, $memcached; global $db, $memcached;
if(isSet($_REQUEST['id'])){ if(isSet($_REQUEST['id'])){
$_REQUEST['match']=htmlspecialchars($_REQUEST['match']); if($tmp=check_filter_match($reg)){
if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){ return $tmp;
if(@preg_match("/$_REQUEST[match]/", '')===false){
send_filter($I['incorregex']);
}
$reg=1;
}else{
$_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
$reg=0;
} }
if(isSet($_REQUEST['allowinpm']) && $_REQUEST['allowinpm']==1){ if(isSet($_REQUEST['allowinpm']) && $_REQUEST['allowinpm']==1){
$pm=1; $pm=1;
@ -1105,17 +1115,10 @@ function manage_filter(){
} }
function manage_linkfilter(){ function manage_linkfilter(){
global $I, $db, $memcached; global $db, $memcached;
if(isSet($_REQUEST['id'])){ if(isSet($_REQUEST['id'])){
$_REQUEST['match']=htmlspecialchars($_REQUEST['match']); if($tmp=check_filter_match($reg)){
if(isSet($_REQUEST['regex']) && $_REQUEST['regex']==1){ return $tmp;
if(@preg_match("/$_REQUEST[match]/", '')===false){
send_linkfilter($I['incorregex']);
}
$reg=1;
}else{
$_REQUEST['match']=preg_replace('/([^\w\d])/', "\\\\$1", $_REQUEST['match']);
$reg=0;
} }
if(preg_match('/^[0-9]*$/', $_REQUEST['id'])){ if(preg_match('/^[0-9]*$/', $_REQUEST['id'])){
if(empty($_REQUEST['match'])){ if(empty($_REQUEST['match'])){
@ -2690,6 +2693,7 @@ function apply_filter(){
} }
return "$matched[0]"; return "$matched[0]";
}, $U['message']); }, $U['message']);
$U['message']=str_replace('<br>', "\n", $U['message']);
$filters=get_filters(); $filters=get_filters();
foreach($filters as $filter){ foreach($filters as $filter){
if($U['poststatus']!==9){ if($U['poststatus']!==9){
@ -2702,6 +2706,7 @@ function apply_filter(){
send_error("$I[kicked]"); send_error("$I[kicked]");
} }
} }
$U['message']=str_replace("\n", '<br>', $U['message']);
} }
function apply_linkfilter(){ function apply_linkfilter(){

4
lang_de.php
View File

@ -328,6 +328,8 @@ $T=array(
'guestreg' => 'Gäste sich selbst registrieren lassen', 'guestreg' => 'Gäste sich selbst registrieren lassen',
'asmember' => 'Als Mitglied', 'asmember' => 'Als Mitglied',
'assuguest' => 'Als Anwerber', 'assuguest' => 'Als Anwerber',
'fatalerror' => 'Fataler Fehler' 'fatalerror' => 'Fataler Fehler',
'prevmatch' => 'Ihr regex war folgender',
'matchtoolong' => 'Ihr Match war zu lang. Sie können max. 255 Zeichen benutzen. Versuchen Sie diesen aufzuteilen.'
); );
?> ?>

4
lang_en.php
View File

@ -328,6 +328,8 @@ $I=array(
'guestreg' => 'Let guests register themselves', 'guestreg' => 'Let guests register themselves',
'asmember' => 'As member', 'asmember' => 'As member',
'assuguest' => 'As applicant', 'assuguest' => 'As applicant',
'fatalerror' => 'Fatal error' 'fatalerror' => 'Fatal error',
'prevmatch' => 'Your match was as follows',
'matchtoolong' => 'Your match was too long. You can use max. 255 characters. Try splitting it up.'
); );
?> ?>