Check-in [95fcd4b384]
Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add basic spam checks. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
95fcd4b384c9451f9bd933e983756671 |
User & Date: | mario 2016-03-27 21:55:25 |
Context
2016-05-05
| ||
02:10 | Allow delayed inserts (releases.json with preset t_published timestamp) check-in: b738d1c708 user: mario tags: trunk | |
2016-03-27
| ||
21:55 | Add basic spam checks. check-in: 95fcd4b384 user: mario tags: trunk | |
2016-03-09
| ||
23:12 | Introduce &offset= parameter for xfer.json feed, as memory gets depleted too quickly from assembling the JSON structure (and json_encode uses twice as much afterwards). check-in: 23c16a1441 user: mario tags: trunk | |
Changes
Changes to aux.php.
1 2 3 4 5 | <?php /** * api: freshmeat * title: template auxiliary code * description: A few utility functions and data for the templates | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 | <?php /** * api: freshmeat * title: template auxiliary code * description: A few utility functions and data for the templates * version: 0.5.2 * license: AGPL * * This function asortment prepares some common output. * While a few are parsing helpers or DB query shortcuts. * */ |
︙ | ︙ | |||
324 325 326 327 328 329 330 331 332 333 334 335 336 337 | // server ENV already contained Apache unique request id etc. $id = sha1(serialize($_SERVER->__vars)); $store[$id] = time() + 3600; // timeout return "<input type=hidden name=.ct value=$id>"; } } #-- Some string parsing | > > > > > > > > > > > > > > > > > > | 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 | // server ENV already contained Apache unique request id etc. $id = sha1(serialize($_SERVER->__vars)); $store[$id] = time() + 3600; // timeout return "<input type=hidden name=.ct value=$id>"; } } /** * Trivial check against well-known project spam. * */ function data_blacklisted($release) { $rules = array( "submitter" => "/wilmix j/", "homepage" => "/wilmix7/"; "name" => "/DOLLAR|JDollar|Jehovah/"; ); foreach ($rules as $field => $rx) { if (preg_match($rx, $release[$field])) { return TRUE; } } return false; } #-- Some string parsing |
︙ | ︙ |
Changes to page_submit.php.
1 2 3 4 5 6 | <?php /** * api: freshcode * type: page * title: Submit/edit project or release * description: Single-page edit form for projects and their releases | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <?php /** * api: freshcode * type: page * title: Submit/edit project or release * description: Single-page edit form for projects and their releases * version: 0.7.3 * category: form * license: AGPLv3 * * Prepares the submission form. On POST checks a few constraints, * but UPDATE itself is handled by release::update() and ::store(). * * Tags: http://aehlke.github.io/tag-it/ |
︙ | ︙ | |||
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) { print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>"); } // Terms and conditions elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) { print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>"; } elseif (!csrf(TRUE)) { print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>"; } // Passed else { // Merge new data $release = new release($data); $release->update( $_REQUEST, array( "flag" => 0, // User flags presumably become obsolete when project gets manually edited "submitter_openid" => $_SESSION["openid"], "via" => "form", ) ); | > | > > > > > | | 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) { print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>"); } // Terms and conditions elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) { print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>"; } // Simple CSRF check elseif (!csrf(TRUE)) { print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>"; } // Passed else { // Merge new data $release = new release($data); $release->update( $_REQUEST, array( "flag" => 0, // User flags presumably become obsolete when project gets manually edited "submitter_openid" => $_SESSION["openid"], "via" => "form", ) ); // A few blacklists if (data_blacklisted($release)) { print "<h2>Error #52</h2> <p>An unspecified issue with storing your data. Please drop a note if you're not a spambot!</p>"; } // Update project elseif ($release->store()) { print "<h2>Submitted</h2> <p>Project and release information have been updated. Thanks for your care!</p> <p>See the published entry on <a href=\"http://freshcode.club/projects/$name\">http://freshcode.club/projects/$name</a>.</p>"; } else { print "Unspecified database error. Please retry later."; } } |
︙ | ︙ | |||
111 112 113 114 115 116 117 | include("template/submit_form.php"); } include("template/submit_sidebar.php"); include("template/table_end.php"); include("template/bottom.php"); | < < | 117 118 119 120 121 122 123 124 125 126 | include("template/submit_form.php"); } include("template/submit_sidebar.php"); include("template/table_end.php"); include("template/bottom.php"); ?> |