⌈⌋ branch:  freshcode


Check-in [95fcd4b384]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
SHA1:95fcd4b384c9451f9bd933e983756671338ea4e9
Date: 2016-03-27 21:55:25
User: mario
Comment:Add basic spam checks.
Tags And Properties
  • branch=trunk inherited from [82405bb421]
  • sym-trunk inherited from [82405bb421]
Context
2016-05-05
02:10
[b738d1c708] Allow delayed inserts (releases.json with preset t_published timestamp) (user: mario, tags: trunk)
2016-03-27
21:55
[95fcd4b384] Add basic spam checks. (user: mario, tags: trunk)
2016-03-09
23:12
[23c16a1441] Introduce &offset= parameter for xfer.json feed, as memory gets depleted too quickly from assembling the JSON structure (and json_encode uses twice as much afterwards). (user: mario, tags: trunk)
Changes

Changes to aux.php.

1
2
3
4
5
6
7
8
9
10
11
12
13
...
324
325
326
327
328
329
330


















331
332
333
334
335
336
337
<?php
/**
 * api: freshmeat
 * title: template auxiliary code
 * description: A few utility functions and data for the templates
 * version: 0.5
 * license: AGPL
 *
 * This function asortment prepares some common output.
 * While a few are parsing helpers or DB query shortcuts.
 *
 */

................................................................................
        // server ENV already contained Apache unique request id etc.
        $id = sha1(serialize($_SERVER->__vars));
        $store[$id] = time() + 3600;  // timeout
        return "<input type=hidden name=.ct value=$id>";
    }
}























#-- Some string parsing







|







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
...
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
<?php
/**
 * api: freshmeat
 * title: template auxiliary code
 * description: A few utility functions and data for the templates
 * version: 0.5.2
 * license: AGPL
 *
 * This function asortment prepares some common output.
 * While a few are parsing helpers or DB query shortcuts.
 *
 */

................................................................................
        // server ENV already contained Apache unique request id etc.
        $id = sha1(serialize($_SERVER->__vars));
        $store[$id] = time() + 3600;  // timeout
        return "<input type=hidden name=.ct value=$id>";
    }
}


/**
 * Trivial check against well-known project spam.
 *
 */
function data_blacklisted($release) {
    $rules = array(
        "submitter" => "/wilmix j/",
        "homepage" => "/wilmix7/";
        "name" => "/DOLLAR|JDollar|Jehovah/";
    );
    foreach ($rules as $field => $rx) {
        if (preg_match($rx, $release[$field])) {
            return TRUE;
        }
    }
    return false;
}




#-- Some string parsing


Changes to page_submit.php.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
..
71
72
73
74
75
76
77

78
79
80
81
82
83
84
..
87
88
89
90
91
92
93
94





95
96
97
98
99
100
101
102
103
...
111
112
113
114
115
116
117
118
119
120
121
122
<?php
/**
 * api: freshcode
 * type: page
 * title: Submit/edit project or release
 * description: Single-page edit form for projects and their releases
 * version: 0.7.2
 * category: form
 * license: AGPLv3
 * 
 * Prepares the submission form. On POST checks a few constraints,
 * but UPDATE itself is handled by release::update() and ::store().
 *
 * Tags: http://aehlke.github.io/tag-it/
................................................................................
    if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) {
        print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>");
    }
    // Terms and conditions
    elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) {
        print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>";
    }

    elseif (!csrf(TRUE)) {
        print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>";
    }
    // Passed
    else {
    
        // Merge new data
................................................................................
            $_REQUEST,
            array(
                "flag" => 0,   // User flags presumably become obsolete when project gets manually edited
                "submitter_openid" => $_SESSION["openid"],
                "via" => "form",
            )
        );
        





        // Update project
        if ($release->store()) {
            print "<h2>Submitted</h2> <p>Project and release information have been updated. Thanks for your care!</p>
                  <p>See the published entry on <a href=\"http://freshcode.club/projects/$name\">http://freshcode.club/projects/$name</a>.</p>";
        }
        else { 
            print "Unspecified database error. Please retry later.";
        }
    }
................................................................................
    include("template/submit_form.php");
}


include("template/submit_sidebar.php");
include("template/table_end.php");
include("template/bottom.php");




?>






|







 







>







 







|
>
>
>
>
>

|







 







<
<



1
2
3
4
5
6
7
8
9
10
11
12
13
14
..
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
..
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
...
117
118
119
120
121
122
123


124
125
126
<?php
/**
 * api: freshcode
 * type: page
 * title: Submit/edit project or release
 * description: Single-page edit form for projects and their releases
 * version: 0.7.3
 * category: form
 * license: AGPLv3
 * 
 * Prepares the submission form. On POST checks a few constraints,
 * but UPDATE itself is handled by release::update() and ::store().
 *
 * Tags: http://aehlke.github.io/tag-it/
................................................................................
    if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) {
        print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>");
    }
    // Terms and conditions
    elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) {
        print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>";
    }
    // Simple CSRF check
    elseif (!csrf(TRUE)) {
        print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>";
    }
    // Passed
    else {
    
        // Merge new data
................................................................................
            $_REQUEST,
            array(
                "flag" => 0,   // User flags presumably become obsolete when project gets manually edited
                "submitter_openid" => $_SESSION["openid"],
                "via" => "form",
            )
        );

        // A few blacklists
        if (data_blacklisted($release)) {
            print "<h2>Error #52</h2> <p>An unspecified issue with storing your data. Please drop a note if you're not a spambot!</p>";
        }
        
        // Update project
        elseif ($release->store()) {
            print "<h2>Submitted</h2> <p>Project and release information have been updated. Thanks for your care!</p>
                  <p>See the published entry on <a href=\"http://freshcode.club/projects/$name\">http://freshcode.club/projects/$name</a>.</p>";
        }
        else { 
            print "Unspecified database error. Please retry later.";
        }
    }
................................................................................
    include("template/submit_form.php");
}


include("template/submit_sidebar.php");
include("template/table_end.php");
include("template/bottom.php");




?>