⌈⌋ ⎇ branch:  freshcode


Check-in [95fcd4b384]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add basic spam checks.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 95fcd4b384c9451f9bd933e983756671338ea4e9
User & Date: mario 2016-03-27 21:55:25
Context
2016-05-05
02:10
Allow delayed inserts (releases.json with preset t_published timestamp) check-in: b738d1c708 user: mario tags: trunk
2016-03-27
21:55
Add basic spam checks. check-in: 95fcd4b384 user: mario tags: trunk
2016-03-09
23:12
Introduce &offset= parameter for xfer.json feed, as memory gets depleted too quickly from assembling the JSON structure (and json_encode uses twice as much afterwards). check-in: 23c16a1441 user: mario tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to aux.php.

1
2
3
4
5
6
7
8
9
10
11
12
13
<?php
/**
 * api: freshmeat
 * title: template auxiliary code
 * description: A few utility functions and data for the templates
 * version: 0.5
 * license: AGPL
 *
 * This function asortment prepares some common output.
 * While a few are parsing helpers or DB query shortcuts.
 *
 */






|







1
2
3
4
5
6
7
8
9
10
11
12
13
<?php
/**
 * api: freshmeat
 * title: template auxiliary code
 * description: A few utility functions and data for the templates
 * version: 0.5.2
 * license: AGPL
 *
 * This function asortment prepares some common output.
 * While a few are parsing helpers or DB query shortcuts.
 *
 */

324
325
326
327
328
329
330


















331
332
333
334
335
336
337
        // server ENV already contained Apache unique request id etc.
        $id = sha1(serialize($_SERVER->__vars));
        $store[$id] = time() + 3600;  // timeout
        return "<input type=hidden name=.ct value=$id>";
    }
}























#-- Some string parsing









>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
        // server ENV already contained Apache unique request id etc.
        $id = sha1(serialize($_SERVER->__vars));
        $store[$id] = time() + 3600;  // timeout
        return "<input type=hidden name=.ct value=$id>";
    }
}


/**
 * Trivial check against well-known project spam.
 *
 */
function data_blacklisted($release) {
    $rules = array(
        "submitter" => "/wilmix j/",
        "homepage" => "/wilmix7/";
        "name" => "/DOLLAR|JDollar|Jehovah/";
    );
    foreach ($rules as $field => $rx) {
        if (preg_match($rx, $release[$field])) {
            return TRUE;
        }
    }
    return false;
}




#-- Some string parsing


Changes to page_submit.php.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php
/**
 * api: freshcode
 * type: page
 * title: Submit/edit project or release
 * description: Single-page edit form for projects and their releases
 * version: 0.7.2
 * category: form
 * license: AGPLv3
 * 
 * Prepares the submission form. On POST checks a few constraints,
 * but UPDATE itself is handled by release::update() and ::store().
 *
 * Tags: http://aehlke.github.io/tag-it/






|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php
/**
 * api: freshcode
 * type: page
 * title: Submit/edit project or release
 * description: Single-page edit form for projects and their releases
 * version: 0.7.3
 * category: form
 * license: AGPLv3
 * 
 * Prepares the submission form. On POST checks a few constraints,
 * but UPDATE itself is handled by release::update() and ::store().
 *
 * Tags: http://aehlke.github.io/tag-it/
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94





95
96
97
98
99
100
101
102
103
    if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) {
        print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>");
    }
    // Terms and conditions
    elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) {
        print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>";
    }

    elseif (!csrf(TRUE)) {
        print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>";
    }
    // Passed
    else {
    
        // Merge new data
        $release = new release($data);
        $release->update(
            $_REQUEST,
            array(
                "flag" => 0,   // User flags presumably become obsolete when project gets manually edited
                "submitter_openid" => $_SESSION["openid"],
                "via" => "form",
            )
        );
        





        // Update project
        if ($release->store()) {
            print "<h2>Submitted</h2> <p>Project and release information have been updated. Thanks for your care!</p>
                  <p>See the published entry on <a href=\"http://freshcode.club/projects/$name\">http://freshcode.club/projects/$name</a>.</p>";
        }
        else { 
            print "Unspecified database error. Please retry later.";
        }
    }







>
















|
>
>
>
>
>

|







71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
    if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) {
        print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>");
    }
    // Terms and conditions
    elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) {
        print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>";
    }
    // Simple CSRF check
    elseif (!csrf(TRUE)) {
        print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>";
    }
    // Passed
    else {
    
        // Merge new data
        $release = new release($data);
        $release->update(
            $_REQUEST,
            array(
                "flag" => 0,   // User flags presumably become obsolete when project gets manually edited
                "submitter_openid" => $_SESSION["openid"],
                "via" => "form",
            )
        );

        // A few blacklists
        if (data_blacklisted($release)) {
            print "<h2>Error #52</h2> <p>An unspecified issue with storing your data. Please drop a note if you're not a spambot!</p>";
        }
        
        // Update project
        elseif ($release->store()) {
            print "<h2>Submitted</h2> <p>Project and release information have been updated. Thanks for your care!</p>
                  <p>See the published entry on <a href=\"http://freshcode.club/projects/$name\">http://freshcode.club/projects/$name</a>.</p>";
        }
        else { 
            print "Unspecified database error. Please retry later.";
        }
    }
111
112
113
114
115
116
117
118
119
120
121
122
    include("template/submit_form.php");
}


include("template/submit_sidebar.php");
include("template/table_end.php");
include("template/bottom.php");




?>







<
<



117
118
119
120
121
122
123


124
125
126
    include("template/submit_form.php");
}


include("template/submit_sidebar.php");
include("template/table_end.php");
include("template/bottom.php");




?>