当前位置: 首页>>代码示例>>PHP>>正文


PHP antispam_check函数代码示例

本文整理汇总了PHP中antispam_check函数的典型用法代码示例。如果您正苦于以下问题:PHP antispam_check函数的具体用法?PHP antispam_check怎么用?PHP antispam_check使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了antispam_check函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: antispam_create

/**
 * antispam_create(-)
 *
 * Insert a new abuse string into DB
 */
function antispam_create($abuse_string, $aspm_source = 'local')
{
    global $DB;
    // Cut the crap if the string is empty:
    $abuse_string = trim($abuse_string);
    if (empty($abuse_string)) {
        return false;
    }
    // Check if the string already is in the blacklist:
    if (antispam_check($abuse_string)) {
        return false;
    }
    // Insert new string into DB:
    $sql = "INSERT INTO T_antispam( aspm_string, aspm_source )\r\n\t\t\t\t\tVALUES( '" . $DB->escape($abuse_string) . "', '{$aspm_source}' )";
    $DB->query($sql);
    return true;
}
开发者ID:LFSF,项目名称:oras,代码行数:22,代码来源:_antispam.funcs.php

示例2: xmlrpcs_new_comment

/**
 * Create a new Comment and return an XML-RPC response
 *
 * @param array of params
 *			- Item (object)
 *			- User (object) Can be NULL for anonymous comments
 *			- password (string)
 *			- username (string)
 *			- comment_parent (int)
 *			- content (string)
 *			- author (string)
 *			- author_url (string)
 *			- author_email (string)
 * @return xmlrpcmsg
 */
function xmlrpcs_new_comment($params = array(), &$commented_Item)
{
    global $DB, $Plugins, $Messages, $Hit, $localtimenow, $require_name_email, $minimum_comment_interval;
    $params = array_merge(array('password' => '', 'username' => '', 'content' => '', 'comment_parent' => 0, 'author' => '', 'author_url' => '', 'author_email' => ''), $params);
    $comment = $params['content'] = trim($params['content']);
    if (!$commented_Item->can_comment(NULL)) {
        return xmlrpcs_resperror(5, T_('You cannot leave comments on this post!'));
    }
    $commented_Item->load_Blog();
    // Make sure Blog is loaded (will be needed whether logged in or not)
    if (empty($params['username']) && empty($params['password'])) {
        // Anonymous comment
        // NO permission to edit!
        $perm_comment_edit = false;
        $User = NULL;
        $author = trim($params['author']);
        $email = trim($params['author_email']);
        if ($commented_Item->Blog->get_setting('allow_anon_url')) {
            $url = trim($params['author_url']);
        } else {
            $url = NULL;
        }
        // we need some id info from the anonymous user:
        if ($require_name_email) {
            // We want Name and EMail with comments
            if (empty($author)) {
                return xmlrpcs_resperror(5, T_('Please fill in your name.'));
            }
            if (empty($email)) {
                return xmlrpcs_resperror(5, T_('Please fill in your email.'));
            }
        }
        if (!empty($author) && antispam_check($author)) {
            return xmlrpcs_resperror(5, T_('Supplied name is invalid.'));
        }
        if (!empty($email) && (!is_email($email) || antispam_check($email))) {
            return xmlrpcs_resperror(5, T_('Supplied email address is invalid.'));
        }
        if (!stristr($url, '://') && !stristr($url, '@')) {
            // add 'http://' if no protocol defined for URL; but not if the user seems to be entering an email address alone
            $url = 'http://' . $url;
        }
        if (strlen($url) <= 8) {
            // ex: https:// is 8 chars
            $url = '';
        }
        // Note: as part of the validation we require the url to be absolute; otherwise we cannot detect bozos typing in
        // a title for their comment or whatever...
        if ($error = validate_url($url, 'commenting')) {
            return xmlrpcs_resperror(5, T_('Supplied website address is invalid: ') . $error);
        }
    } else {
        $User =& $params['User'];
        $perm_comment_edit = $User->check_perm('blog_comment!published', 'edit', false, $commented_Item->Blog->ID);
        $author = $User->ID;
        $url = $User->url;
        $email = $User->email;
    }
    // Following call says "WARNING: this does *NOT* (necessarilly) make the HTML code safe.":
    $comment = check_html_sanity($comment, $perm_comment_edit ? 'posting' : 'commenting', $User);
    if ($comment === false) {
        // ERROR! Restore original comment for further editing:
        $comment = $params['content'];
    }
    if (empty($comment)) {
        // comment should not be empty!
        return xmlrpcs_resperror(5, T_('Please do not send empty comments.'));
    }
    $now = date2mysql($localtimenow);
    /*
     * Flood-protection
     * NOTE: devs can override the flood protection delay in /conf/_overrides_TEST.php
     * TODO: Put time check into query?
     * TODO: move that as far !!UP!! as possible! We want to waste minimum resources on Floods
     * TODO: have several thresholds. For example:
     * 1 comment max every 30 sec + 5 comments max every 10 minutes + 15 comments max every 24 hours
     * TODO: factorize with trackback
     */
    $query = 'SELECT MAX(comment_date)
				FROM T_comments
				WHERE comment_author_IP = ' . $DB->quote($Hit->IP) . '
				OR comment_author_email = ' . $DB->quote($email);
    $ok = 1;
    if ($then = $DB->get_var($query)) {
        $time_lastcomment = mysql2date("U", $then);
//.........这里部分代码省略.........
开发者ID:ldanielz,项目名称:uesp.blog,代码行数:101,代码来源:_xmlrpcs.funcs.php

示例3: file_add

/**
 * Add a file to the system using the configured storage method
 *
 * @param integer $p_bug_id          The bug id (should be 0 when adding project doc).
 * @param array   $p_file            The uploaded file info, as retrieved from gpc_get_file().
 * @param string  $p_table           Either 'bug' or 'project' depending on attachment type.
 * @param string  $p_title           File title.
 * @param string  $p_desc            File description.
 * @param integer $p_user_id         User id (defaults to current user).
 * @param integer $p_date_added      Date added.
 * @param boolean $p_skip_bug_update Skip bug last modification update (useful when importing bug attachments).
 * @return void
 */
function file_add($p_bug_id, array $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false)
{
    file_ensure_uploaded($p_file);
    $t_file_name = $p_file['name'];
    $t_tmp_file = $p_file['tmp_name'];
    if (!file_type_check($t_file_name)) {
        trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
    }
    $t_org_filename = $t_file_name;
    $t_suffix_id = 1;
    while (!file_is_name_unique($t_file_name, $p_bug_id)) {
        $t_suffix_id++;
        $t_dot_index = strripos($t_org_filename, '.');
        if ($t_dot_index === false) {
            $t_file_name = $t_org_filename . '-' . $t_suffix_id;
        } else {
            $t_extension = substr($t_org_filename, $t_dot_index, strlen($t_org_filename) - $t_dot_index);
            $t_file_name = substr($t_org_filename, 0, $t_dot_index) . '-' . $t_suffix_id . $t_extension;
        }
    }
    antispam_check();
    $t_file_size = filesize($t_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_bug_id, 'project_id');
        $t_id = (int) $p_bug_id;
    } else {
        $t_project_id = helper_get_current_project();
        $t_id = $t_project_id;
    }
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    if ($p_date_added <= 0) {
        $p_date_added = db_now();
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if (is_blank($t_file_path)) {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $t_unique_name = file_generate_unique_name($t_file_path);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            $t_disk_file_name = $t_file_path . $t_unique_name;
            if (!file_exists($t_disk_file_name)) {
                if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) {
                    trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = '';
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size));
            $t_file_path = '';
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = db_get_table($p_table . '_file');
    $t_id_col = $p_table . '_id';
    $t_param = array($t_id_col => $t_id, 'title' => $p_title, 'description' => $p_desc, 'diskfile' => $t_unique_name, 'filename' => $t_file_name, 'folder' => $t_file_path, 'filesize' => $t_file_size, 'file_type' => $p_file['type'], 'date_added' => $p_date_added, 'user_id' => (int) $p_user_id);
    # Oracle has to update BLOBs separately
    if (!db_is_oracle()) {
        $t_param['content'] = $c_content;
    }
    $t_query_param = db_param();
    for ($i = 1; $i < count($t_param); $i++) {
        $t_query_param .= ', ' . db_param();
    }
    $t_query = 'INSERT INTO ' . $t_file_table . '
		( ' . implode(', ', array_keys($t_param)) . ' )
	VALUES
//.........这里部分代码省略.........
开发者ID:martijnveen,项目名称:mantisbt,代码行数:101,代码来源:file_api.php

示例4: debug_die

            debug_die('Invalid recipient or no permission to contact by email!');
        }
    } elseif (empty($Comment->allow_msgform)) {
        // should be prevented by UI
        debug_die('Invalid recipient or no permission to contact by email!');
    } else {
        $recipient_name = $Comment->get_author_name();
        $recipient_address = $Comment->get_author_email();
    }
}
if (empty($sender_name)) {
    $Messages->add(T_('Please fill in your name.'), 'error');
}
if (empty($sender_address)) {
    $Messages->add(T_('Please fill in your email.'), 'error');
} elseif (!is_email($sender_address) || antispam_check($sender_address)) {
    $Messages->add(T_('Supplied email address is invalid.'), 'error');
}
if (empty($recipient_User) && empty($recipient_address)) {
    // should be prevented by UI
    debug_die('No recipient specified!');
}
// opt-out links:
if ($recipient_User) {
    // Member:
    // Change the locale so the email is in the recipients language
    locale_temp_switch($recipient_User->locale);
} else {
    // Visitor:
    // We don't know the recipient's language - Change the locale so the email is in the blog's language:
    locale_temp_switch($Blog->locale);
开发者ID:Ariflaw,项目名称:b2evolution,代码行数:31,代码来源:message_send.php

示例5: printf

            ?>
</td>
					</tr>
					<?php 
            $count++;
        }
        ?>
			</table>
			<?php 
    }
} else {
    // There is no affected users
    printf('<p>' . T_('No <strong>users</strong> match the keyword [%s]') . '</p>', $keyword);
}
// Check if the string is already in the blacklist:
if (antispam_check($keyword)) {
    // Already there:
    printf('<p>' . T_('The keyword [%s] is <strong>already handled</strong> by the blacklist.') . '</p>', htmlspecialchars($keyword));
} else {
    // Not in blacklist
    ?>
		<p>
		<input type="checkbox" name="blacklist_locally" id="blacklist_locally_cb" value="1" checked="checked" />
		<label for="blacklist_locally_cb">
			<?php 
    printf(T_('<strong>Blacklist</strong> the keyword [%s] locally.'), htmlspecialchars($keyword));
    ?>
		</label>
		</p>

		<?php 
开发者ID:Ariflaw,项目名称:b2evolution,代码行数:31,代码来源:_antispam_ban.form.php

示例6:

 // NO permission to edit!
 $perm_comment_edit = false;
 // we need some id info from the anonymous user:
 if ($require_name_email) {
     // We want Name and EMail with comments
     if (empty($author)) {
         $Messages->add(T_('Please fill in your name.'), 'error');
     }
     if (empty($email)) {
         $Messages->add(T_('Please fill in your email.'), 'error');
     }
 }
 if (!empty($author) && antispam_check($author)) {
     $Messages->add(T_('Supplied name is invalid.'), 'error');
 }
 if (!empty($email) && (!is_email($email) || antispam_check($email))) {
     $Messages->add(T_('Supplied email address is invalid.'), 'error');
 }
 if (!stristr($url, '://') && !stristr($url, '@')) {
     // add 'http://' if no protocol defined for URL; but not if the user seems to be entering an email address alone
     $url = 'http://' . $url;
 }
 if (strlen($url) <= 8) {
     // ex: https:// is 8 chars
     $url = '';
 }
 // Note: as part of the validation we require the url to be absolute; otherwise we cannot detect bozos typing in
 // a title for their comment or whatever...
 if ($error = validate_url($url, 'commenting')) {
     $Messages->add(T_('Supplied website address is invalid: ') . $error, 'error');
 }
开发者ID:Ariflaw,项目名称:b2evolution,代码行数:31,代码来源:comment_post.php

示例7: create

    /**
     * Insert a new bug into the database
     * @return integer integer representing the bug identifier that was created
     * @access public
     * @uses database_api.php
     * @uses lang_api.php
     */
    function create()
    {
        self::validate(true);
        antispam_check();
        # check due_date format
        if (is_blank($this->due_date)) {
            $this->due_date = date_get_null();
        }
        # check date submitted and last modified
        if (is_blank($this->date_submitted)) {
            $this->date_submitted = db_now();
        }
        if (is_blank($this->last_updated)) {
            $this->last_updated = db_now();
        }
        # Insert text information
        $t_query = 'INSERT INTO {bug_text}
					    ( description, steps_to_reproduce, additional_information )
					  VALUES
					    ( ' . db_param() . ',' . db_param() . ',' . db_param() . ')';
        db_query($t_query, array($this->description, $this->steps_to_reproduce, $this->additional_information));
        # Get the id of the text information we just inserted
        # NOTE: this is guaranteed to be the correct one.
        # The value LAST_INSERT_ID is stored on a per connection basis.
        $t_text_id = db_insert_id(db_get_table('bug_text'));
        # check to see if we want to assign this right off
        $t_starting_status = config_get('bug_submit_status');
        $t_original_status = $this->status;
        # if not assigned, check if it should auto-assigned.
        if (0 == $this->handler_id) {
            # if a default user is associated with the category and we know at this point
            # that that the bug was not assigned to somebody, then assign it automatically.
            $t_query = 'SELECT user_id FROM {category} WHERE id=' . db_param();
            $t_result = db_query($t_query, array($this->category_id));
            $t_handler = db_result($t_result);
            if ($t_handler !== false) {
                $this->handler_id = $t_handler;
            }
        }
        # Check if bug was pre-assigned or auto-assigned.
        if ($this->handler_id != 0 && $this->status == $t_starting_status && ON == config_get('auto_set_status_to_assigned')) {
            $t_status = config_get('bug_assigned_status');
        } else {
            $t_status = $this->status;
        }
        # Insert the rest of the data
        $t_query = 'INSERT INTO {bug}
					    ( project_id,reporter_id, handler_id,duplicate_id,
					      priority,severity, reproducibility,status,
					      resolution,projection, category_id,date_submitted,
					      last_updated,eta, bug_text_id,
					      os, os_build,platform, version,build,
					      profile_id, summary, view_state, sponsorship_total, sticky, fixed_in_version,
					      target_version, due_date
					    )
					  VALUES
					    ( ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ',
					      ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ',
					      ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ',
					      ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ',
					      ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ',
					      ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ',
					      ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ')';
        db_query($t_query, array($this->project_id, $this->reporter_id, $this->handler_id, $this->duplicate_id, $this->priority, $this->severity, $this->reproducibility, $t_status, $this->resolution, $this->projection, $this->category_id, $this->date_submitted, $this->last_updated, $this->eta, $t_text_id, $this->os, $this->os_build, $this->platform, $this->version, $this->build, $this->profile_id, $this->summary, $this->view_state, $this->sponsorship_total, $this->sticky, $this->fixed_in_version, $this->target_version, $this->due_date));
        $this->id = db_insert_id(db_get_table('bug'));
        # log new bug
        history_log_event_special($this->id, NEW_BUG);
        # log changes, if any (compare happens in history_log_event_direct)
        history_log_event_direct($this->id, 'status', $t_original_status, $t_status);
        history_log_event_direct($this->id, 'handler_id', 0, $this->handler_id);
        return $this->id;
    }
开发者ID:gtn,项目名称:mantisbt,代码行数:79,代码来源:bug_api.php

示例8: bugnote_add

/**
 * Add a bugnote to a bug
 * return the ID of the new bugnote
 * @param integer $p_bug_id          A bug identifier.
 * @param string  $p_bugnote_text    The bugnote text to add.
 * @param string  $p_time_tracking   Time tracking value - hh:mm string.
 * @param boolean $p_private         Whether bugnote is private.
 * @param integer $p_type            The bugnote type.
 * @param string  $p_attr            Bugnote Attribute.
 * @param integer $p_user_id         A user identifier.
 * @param boolean $p_send_email      Whether to generate email.
 * @param integer $p_date_submitted  Date submitted (defaults to now()).
 * @param integer $p_last_modified   Last modification date (defaults to now()).
 * @param boolean $p_skip_bug_update Skip bug last modification update (useful when importing bugs/bugnotes).
 * @param boolean $p_log_history     Log changes to bugnote history (defaults to true).
 * @return boolean|integer false or indicating bugnote id added
 * @access public
 */
function bugnote_add($p_bug_id, $p_bugnote_text, $p_time_tracking = '0:00', $p_private = false, $p_type = BUGNOTE, $p_attr = '', $p_user_id = null, $p_send_email = true, $p_date_submitted = 0, $p_last_modified = 0, $p_skip_bug_update = false, $p_log_history = true)
{
    $c_bug_id = (int) $p_bug_id;
    $c_time_tracking = helper_duration_to_minutes($p_time_tracking);
    $c_type = (int) $p_type;
    $c_date_submitted = $p_date_submitted <= 0 ? db_now() : (int) $p_date_submitted;
    $c_last_modified = $p_last_modified <= 0 ? db_now() : (int) $p_last_modified;
    antispam_check();
    if (REMINDER !== $p_type) {
        # Check if this is a time-tracking note
        $t_time_tracking_enabled = config_get('time_tracking_enabled');
        if (ON == $t_time_tracking_enabled && $c_time_tracking > 0) {
            $t_time_tracking_without_note = config_get('time_tracking_without_note');
            if (is_blank($p_bugnote_text) && OFF == $t_time_tracking_without_note) {
                error_parameters(lang_get('bugnote'));
                trigger_error(ERROR_EMPTY_FIELD, ERROR);
            }
            $c_type = TIME_TRACKING;
        } else {
            if (is_blank($p_bugnote_text)) {
                # This is not time tracking (i.e. it's a normal bugnote)
                # @todo should we not trigger an error in this case ?
                return false;
            }
        }
    }
    # Event integration
    $t_bugnote_text = event_signal('EVENT_BUGNOTE_DATA', $p_bugnote_text, $c_bug_id);
    # insert bugnote text
    $t_query = 'INSERT INTO {bugnote_text} ( note ) VALUES ( ' . db_param() . ' )';
    db_query($t_query, array($t_bugnote_text));
    # retrieve bugnote text id number
    $t_bugnote_text_id = db_insert_id(db_get_table('bugnote_text'));
    # get user information
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    # Check for private bugnotes.
    if ($p_private && access_has_bug_level(config_get('set_view_status_threshold'), $p_bug_id, $p_user_id)) {
        $t_view_state = VS_PRIVATE;
    } else {
        $t_view_state = VS_PUBLIC;
    }
    # insert bugnote info
    $t_query = 'INSERT INTO {bugnote}
			(bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified, note_type, note_attr, time_tracking)
		VALUES (' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )';
    $t_params = array($c_bug_id, $p_user_id, $t_bugnote_text_id, $t_view_state, $c_date_submitted, $c_last_modified, $c_type, $p_attr, $c_time_tracking);
    db_query($t_query, $t_params);
    # get bugnote id
    $t_bugnote_id = db_insert_id(db_get_table('bugnote'));
    # update bug last updated
    if (!$p_skip_bug_update) {
        bug_update_date($p_bug_id);
    }
    # log new bug
    if (true == $p_log_history) {
        history_log_event_special($p_bug_id, BUGNOTE_ADDED, bugnote_format_id($t_bugnote_id));
    }
    # Event integration
    event_signal('EVENT_BUGNOTE_ADD', array($p_bug_id, $t_bugnote_id));
    # only send email if the text is not blank, otherwise, it is just recording of time without a comment.
    if (true == $p_send_email && !is_blank($t_bugnote_text)) {
        email_bugnote_add($p_bug_id);
    }
    return $t_bugnote_id;
}
开发者ID:spidgorny,项目名称:mantisbt,代码行数:85,代码来源:bugnote_api.php

示例9: check_html_sanity

/**
 * Check raw HTML input for different levels of sanity including:
 * - XHTML validation
 * - Javascript injection
 * - antispam
 *
 * Also cleans up the content on some levels:
 * - trimming
 * - balancing tags
 *
 * WARNING: this does *NOT* (necessarilly) make the HTML code safe.
 * It only checks on it and produces error messages.
 * It is NOT (necessarily) safe to use the output.
 *
 * @param string The content to format
 * @param string
 * @param integer Create automated <br /> tags?
 * @param string Encoding (used for SafeHtmlChecker() only!); defaults to $io_charset
 * @return boolean|string
 */
function check_html_sanity($content, $context = 'posting', $autobr = false, $encoding = NULL)
{
    global $use_balanceTags, $admin_url;
    global $io_charset, $use_xhtmlvalidation_for_comments, $comment_allowed_tags, $comments_allow_css_tweaks;
    global $Messages;
    /**
     * @var User
     */
    global $current_User;
    switch ($context) {
        case 'posting':
        case 'xmlrpc_posting':
            $Group =& $current_User->get_Group();
            if ($context == 'posting') {
                $xhtmlvalidation = $Group->perm_xhtmlvalidation == 'always';
            } else {
                $xhtmlvalidation = $Group->perm_xhtmlvalidation_xmlrpc == 'always';
            }
            $allow_css_tweaks = $Group->perm_xhtml_css_tweaks;
            $allow_javascript = $Group->perm_xhtml_javascript;
            $allow_iframes = $Group->perm_xhtml_iframes;
            $allow_objects = $Group->perm_xhtml_objects;
            $bypass_antispam = $Group->perm_bypass_antispam;
            break;
        case 'commenting':
            $xhtmlvalidation = $use_xhtmlvalidation_for_comments;
            $allow_css_tweaks = $comments_allow_css_tweaks;
            $allow_javascript = false;
            $allow_iframes = false;
            $allow_objects = false;
            // fp> I don't know if it makes sense to bypass antispam in commenting context if the user has that kind of permissions.
            // If so, then we also need to bypass in several other places.
            $bypass_antispam = false;
            break;
        default:
            debug_die('unknown context: ' . $context);
    }
    $error = false;
    // Replace any & that is not a character or entity reference with &amp;
    $content = preg_replace('/&(?!#[0-9]+;|#x[0-9a-fA-F]+;|[a-zA-Z_:][a-zA-Z0-9._:-]*;)/', '&amp;', $content);
    // ANTISPAM check:
    if (!$bypass_antispam && ($block = antispam_check($content))) {
        if ($context == 'xmlrpc_posting') {
            $errmsg = $context == 'commenting' ? T_('Illegal content found (spam?)') : sprintf(T_('Illegal content found: blacklisted word "%s"'), $block);
        } else {
            $errmsg = $context == 'commenting' ? T_('Illegal content found (spam?)') : sprintf(T_('Illegal content found: blacklisted word &laquo;%s&raquo;'), htmlspecialchars($block));
        }
        $Messages->add($errmsg, 'error');
        $error = true;
    }
    if ($autobr) {
        // Auto <br />:
        // may put brs in the middle of multiline tags...
        // TODO: this may create "<br />" tags in "<UL>" (outside of <LI>) and make the HTML invalid! -> use autoP pugin?
        $content = autobrize($content);
    }
    $content = trim($content);
    if ($use_balanceTags) {
        // Auto close open tags:
        $content = balance_tags($content);
    }
    if ($xhtmlvalidation) {
        // We want to validate XHTML:
        load_class('xhtml_validator/_xhtml_validator.class.php');
        $XHTML_Validator =& new XHTML_Validator($context, $allow_css_tweaks, $allow_iframes, $allow_javascript, $allow_objects, $encoding);
        if (!$XHTML_Validator->check($content)) {
            $error = true;
        }
    } else {
        // We do not WANT to validate XHTML, fall back to basic security checking:
        // This is only as strong as its regexps can parse xhtml. This is significantly inferior to the XHTML checker above.
        // The only advantage of this checker is that it can check for a little security without requiring VALID XHTML.
        if ($context == 'commenting') {
            // DEPRECATED but still...
            // echo 'allowed tags:',htmlspecialchars($comment_allowed_tags);
            $content = strip_tags($content, $comment_allowed_tags);
        }
        // Security checking:
        $check = $content;
        // Open comments or '<![CDATA[' are dangerous
//.........这里部分代码省略.........
开发者ID:LFSF,项目名称:oras,代码行数:101,代码来源:_param.funcs.php

示例10: tag_bug_attach

/**
 * Attach a tag to a bug.
 * @param integer $p_tag_id  The tag ID to attach.
 * @param integer $p_bug_id  The bug ID to attach.
 * @param integer $p_user_id The user ID to attach.
 * @return boolean
 */
function tag_bug_attach($p_tag_id, $p_bug_id, $p_user_id = null)
{
    antispam_check();
    access_ensure_bug_level(config_get('tag_attach_threshold'), $p_bug_id, $p_user_id);
    tag_ensure_exists($p_tag_id);
    if (tag_bug_is_attached($p_tag_id, $p_bug_id)) {
        trigger_error(TAG_ALREADY_ATTACHED, ERROR);
    }
    if (null == $p_user_id) {
        $p_user_id = auth_get_current_user_id();
    } else {
        user_ensure_exists($p_user_id);
    }
    $t_query = 'INSERT INTO {bug_tag}
					( tag_id, bug_id, user_id, date_attached )
					VALUES
					( ' . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ')';
    db_query($t_query, array($p_tag_id, $p_bug_id, $p_user_id, db_now()));
    $t_tag_name = tag_get_field($p_tag_id, 'name');
    history_log_event_special($p_bug_id, TAG_ATTACHED, $t_tag_name);
    # updated the last_updated date
    bug_update_date($p_bug_id);
    return true;
}
开发者ID:gtn,项目名称:mantisbt,代码行数:31,代码来源:tag_api.php

示例11: validate_url

/**
 * Check the validity of a given URL
 *
 * Checks allowed URI schemes and URL ban list.
 * URL can be empty.
 *
 * Note: We have a problem when trying to "antispam" a keyword which is already blacklisted
 * If that keyword appears in the URL... then the next page has a bad referer! :/
 *
 * {@internal This function gets tested in misc.funcs.simpletest.php.}}
 *
 * @param string Url to validate
 * @param string Context ("posting", "commenting", "download_src", "http-https")
 * @param boolean also do an antispam check on the url
 * @return mixed false (which means OK) or error message
 */
function validate_url($url, $context = 'posting', $antispam_check = true)
{
    global $Debuglog, $debug;
    if (empty($url)) {
        // Empty URL, no problem
        return false;
    }
    // Do not give verbose info for comments, unless debug is enabled.
    $verbose = $debug || $context != 'commenting';
    $allowed_uri_schemes = get_allowed_uri_schemes($context);
    // Validate URL structure
    if ($url[0] == '$') {
        // This is a 'special replace code' URL (used in footers)
        if (!preg_match('~\\$([a-z_]+)\\$~', $url)) {
            return T_('Invalid URL $code$ format');
        }
    } elseif (preg_match('~^\\w+:~', $url)) {
        // there's a scheme and therefor an absolute URL:
        if (substr($url, 0, 7) == 'mailto:') {
            // mailto:link
            if (!in_array('mailto', $allowed_uri_schemes)) {
                // Scheme not allowed
                $scheme = 'mailto:';
                $Debuglog->add('URI scheme &laquo;' . $scheme . '&raquo; not allowed!', 'error');
                return $verbose ? sprintf(T_('URI scheme "%s" not allowed.'), htmlspecialchars($scheme)) : T_('URI scheme not allowed.');
            }
            preg_match('~^(mailto):(.*?)(\\?.*)?$~', $url, $match);
            if (!$match) {
                return $verbose ? sprintf(T_('Invalid email link: %s.'), htmlspecialchars($url)) : T_('Invalid email link.');
            } elseif (!is_email($match[2])) {
                return $verbose ? sprintf(T_('Supplied email address (%s) is invalid.'), htmlspecialchars($match[2])) : T_('Invalid email address.');
            }
        } elseif (substr($url, 0, 6) == 'clsid:') {
            // clsid:link
            if (!in_array('clsid', $allowed_uri_schemes)) {
                // Scheme not allowed
                $scheme = 'clsid:';
                $Debuglog->add('URI scheme &laquo;' . $scheme . '&raquo; not allowed!', 'error');
                return $verbose ? sprintf(T_('URI scheme "%s" not allowed.'), htmlspecialchars($scheme)) : T_('URI scheme not allowed.');
            }
            if (!preg_match('~^(clsid):([a-fA-F0-9\\-]+)$~', $url, $match)) {
                return T_('Invalid class ID format');
            }
        } elseif (substr($url, 0, 11) == 'javascript:') {
            // javascript:
            // Basically there could be anything here
            if (!in_array('javascript', $allowed_uri_schemes)) {
                // Scheme not allowed
                $scheme = 'javascript:';
                $Debuglog->add('URI scheme &laquo;' . $scheme . '&raquo; not allowed!', 'error');
                return $verbose ? sprintf(T_('URI scheme "%s" not allowed.'), htmlspecialchars($scheme)) : T_('URI scheme not allowed.');
            }
            preg_match('~^(javascript):~', $url, $match);
        } else {
            // convert URL to IDN:
            $url = idna_encode($url);
            if (!preg_match('~^           # start
				([a-z][a-z0-9+.\\-]*)             # scheme
				://                              # authorize absolute URLs only ( // not present in clsid: -- problem? ; mailto: handled above)
				(\\w+(:\\w+)?@)?                   # username or username and password (optional)
				( localhost |
						[a-z0-9]([a-z0-9\\-])*            # Don t allow anything too funky like entities
						\\.                               # require at least 1 dot
						[a-z0-9]([a-z0-9.\\-])+           # Don t allow anything too funky like entities
				)
				(:[0-9]+)?                       # optional port specification
				.*                               # allow anything in the path (including spaces - used in FileManager - but no newlines).
				$~ix', $url, $match)) {
                // Cannot validate URL structure
                $Debuglog->add('URL &laquo;' . $url . '&raquo; does not match url pattern!', 'error');
                return $verbose ? sprintf(T_('Invalid URL format (%s).'), htmlspecialchars($url)) : T_('Invalid URL format.');
            }
            $scheme = strtolower($match[1]);
            if (!in_array($scheme, $allowed_uri_schemes)) {
                // Scheme not allowed
                $Debuglog->add('URI scheme &laquo;' . $scheme . '&raquo; not allowed!', 'error');
                return $verbose ? sprintf(T_('URI scheme "%s" not allowed.'), htmlspecialchars($scheme)) : T_('URI scheme not allowed.');
            }
        }
    } else {
        // URL is relative..
        if ($context == 'commenting' || $context == 'download_src' || $context == 'http-https') {
            // We do not allow relative URLs in comments and download urls
            return $verbose ? sprintf(T_('URL "%s" must be absolute.'), htmlspecialchars($url)) : T_('URL must be absolute.');
//.........这里部分代码省略.........
开发者ID:Ariflaw,项目名称:b2evolution,代码行数:101,代码来源:_url.funcs.php

示例12: elseif

 } elseif (empty($_POST["prenom"])) {
     $erreur .= "Voornaam ist obligatorisch.";
     $etat = "not";
 } elseif (empty($_POST["pays"])) {
     $erreur .= "Land iist obligatorisch.";
     $etat = "not";
 } elseif (empty($_POST["telephone"])) {
     $erreur .= "Telefoon ist obligatorisch.";
     $etat = "not";
 } elseif (empty($_POST["email"])) {
     $erreur .= "E-mail ist obligatorisch.";
     $etat = "not";
 } elseif (!$Utils->valid_email($_POST["email"])) {
     $erreur .= "E-mail ist ungultig.";
     $etat = "not";
 } elseif (antispam_check() == false) {
     $erreur = "Anti-Spam ergebnis der berechnung ist falsch, bitte versuchen sie es erneut!";
     $etat = "not";
 }
 //Send mail
 if ($etat == "send") {
     $passage_ligne = "\r\n";
     //=====Declaration des messages au format HTML
     $message_html = "\r\n\t\t<div style=\"padding-top:10px;padding-left:10px;color:#707070;font-size:12px;font-style:Verdana;\">\r\n\t\t\t\tDemande via le formulaire Commande<br/>\r\n\t\t\t\t\r\n\t\t\t\t<span style=\"font-weight:bolder;\">R&eacute;sum&eacute; du formulaire:</span><br /><br />\r\n\t\t\t\t<span style=\"font-weight:bolder;\">Demande:</span><br /><br />" . $_POST["demande"] . " <br />" . "Adress&eacute; par : <br />" . $_POST["par"] . "<br />" . "Nom & Pr&eacute;nom: " . $_POST["nom"] . " " . $_POST["nom"] . "<br />" . "Etablissement: " . $_POST["etablissement"] . "<br />" . "TVA: " . $_POST["tva"] . "<br />" . "Adresse: " . $_POST["adresse"] . "<br />" . "Code Postal - Ville: " . $_POST["cpville"] . "<br />" . "Pays: " . $_POST["pays"] . "<br />" . "T&eacute;l&eacute;phone: " . $_POST["telephone"] . "<br />" . "Portable: " . $_POST["portable"] . "<br />" . "Email: " . $_POST["email"] . "<br />" . "Fax: " . $_POST["fax"] . "<br />" . "Demande de contact par : " . $_POST["opinions"] . "<br />" . "Urgence de la demande: " . $_POST["urgence"] . "<br />" . "</div>";
     //=====Creation de la boundary
     $boundary = "-----=" . md5(rand());
     $boundary_alt = "-----=" . md5(rand());
     //=====Definition du sujet
     $sujet = "Formulaire de contact | " . date("d/m/Y") . " " . date("H:i");
     //=========
     //=====Creation du header de l'e-mail
开发者ID:WebPassions,项目名称:2015,代码行数:31,代码来源:pre-contact.php

示例13: elseif

// Core param validation
if (empty($sender_name)) {
    $Messages->add(T_('Please fill in your name.'), 'error');
}
if (empty($sender_address)) {
    $Messages->add(T_('Please fill in your email.'), 'error');
} elseif (!is_email($sender_address) || antispam_check($sender_address)) {
    $Messages->add(T_('Supplied email address is invalid.'), 'error');
}
if (empty($subject)) {
    $Messages->add(T_('Please fill in the subject of your message.'), 'error');
}
if (empty($message)) {
    // message should not be empty!
    $Messages->add(T_('Please do not send empty messages.'), 'error');
} elseif ($antispam_on_message_form && antispam_check($message)) {
    // a blacklisted keyword ha sbeen found in the message:
    $Messages->add(T_('The supplied message is invalid / appears to be spam.'), 'error');
}
// Build message footer:
$BlogCache =& get_Cache('BlogCache');
$message_footer = '';
if (!empty($comment_id)) {
    // Getting current blog info:
    $Blog =& $BlogCache->get_by_ID($blog);
    // Required
    $message_footer .= T_('Message sent from your comment:') . "\n" . url_add_param($Blog->get('url'), 'p=' . $post_id . '#' . $comment_id, '&') . "\n\n";
} elseif (!empty($post_id)) {
    // Getting current blog info:
    $Blog =& $BlogCache->get_by_ID($blog);
    // Required
开发者ID:LFSF,项目名称:oras,代码行数:31,代码来源:message_send.php

示例14: check_html_sanity

/**
 * Check raw HTML input for different levels of sanity including:
 * - XHTML validation
 * - Javascript injection
 * - antispam
 *
 * Also cleans up the content on some levels:
 * - trimming
 * - balancing tags
 *
 * WARNING: this does *NOT* (necessarilly) make the HTML code safe.
 * It only checks on it and produces error messages.
 * It is NOT (necessarily) safe to use the output.
 *
 * @param string The content to format
 * @param string
 * @param User User (used for "posting" and "xmlrpc_posting" context). Default: $current_User
 * @param string Encoding (used for XHTML_Validator only!); defaults to $io_charset
 * @return boolean|string
 */
function check_html_sanity($content, $context = 'posting', $User = NULL, $encoding = NULL)
{
    global $use_balanceTags, $admin_url;
    global $io_charset, $use_xhtmlvalidation_for_comments, $comment_allowed_tags, $comments_allow_css_tweaks;
    global $Messages;
    if (empty($User)) {
        /**
         * @var User
         */
        global $current_User;
        $User = $current_User;
    }
    // Add error messages
    $verbose = true;
    switch ($context) {
        case 'posting':
        case 'xmlrpc_posting':
            $Group = $User->get_Group();
            if ($context == 'posting') {
                $xhtmlvalidation = $Group->perm_xhtmlvalidation == 'always';
            } else {
                $xhtmlvalidation = $Group->perm_xhtmlvalidation_xmlrpc == 'always';
            }
            $allow_css_tweaks = $Group->perm_xhtml_css_tweaks;
            $allow_javascript = $Group->perm_xhtml_javascript;
            $allow_iframes = $Group->perm_xhtml_iframes;
            $allow_objects = $Group->perm_xhtml_objects;
            $bypass_antispam = $Group->perm_bypass_antispam;
            break;
        case 'commenting':
            $xhtmlvalidation = $use_xhtmlvalidation_for_comments;
            $allow_css_tweaks = $comments_allow_css_tweaks;
            $allow_javascript = false;
            $allow_iframes = false;
            $allow_objects = false;
            // fp> I don't know if it makes sense to bypass antispam in commenting context if the user has that kind of permissions.
            // If so, then we also need to bypass in several other places.
            $bypass_antispam = false;
            break;
        case 'general_array_params':
            $xhtmlvalidation = false;
            $allow_css_tweaks = true;
            $allow_javascript = false;
            $allow_iframes = false;
            $allow_objects = false;
            $bypass_antispam = false;
            // Do not add error messages in this context
            $verbose = false;
            break;
        case 'head_extension':
            $xhtmlvalidation = true;
            // We disable everything else, because the XMHTML validator will set explicit rules for the 'head_extension' context
            $allow_css_tweaks = false;
            $allow_javascript = false;
            $allow_iframes = false;
            $allow_objects = false;
            $bypass_antispam = false;
            // Do not add error messages in this context
            $verbose = false;
            break;
        default:
            debug_die('unknown context: ' . $context);
    }
    $error = false;
    // Replace any & that is not a character or entity reference with &amp;
    $content = preg_replace('/&(?!#[0-9]+;|#x[0-9a-fA-F]+;|[a-zA-Z_:][a-zA-Z0-9._:-]*;)/', '&amp;', $content);
    // ANTISPAM check:
    $error = !$bypass_antispam && ($block = antispam_check($content));
    if ($error && $verbose) {
        // Add error message
        if ($context == 'xmlrpc_posting') {
            $errmsg = $context == 'commenting' ? T_('Illegal content found (spam?)') : sprintf(T_('Illegal content found: blacklisted word "%s".'), $block);
        } else {
            $errmsg = $context == 'commenting' ? T_('Illegal content found (spam?).') : sprintf(T_('Illegal content found: blacklisted word &laquo;%s&raquo;.'), htmlspecialchars($block));
        }
        $Messages->add($errmsg, 'error');
    }
    $content = trim($content);
    if ($use_balanceTags && $context != 'general_array_params') {
        // Auto close open tags:
//.........这里部分代码省略.........
开发者ID:Ariflaw,项目名称:b2evolution,代码行数:101,代码来源:_param.funcs.php

示例15: verifEmptyRow

<?php

//Si l'internaute est déjà connecté, inutile qu'il vienne sur cette page
if (isset($_SESSION['connect'])) {
    include './modules/error.php';
} else {
    //On inclut les fonctions de la page
    include './modules/compte/fonctions/inscription.php';
    if (isset($_POST['bouton'])) {
        //On va vérifier qu'aucun champ est vide
        verifEmptyRow();
        //On va vérifier que le captcha est bon
        antispam_check();
        //On va maintenant vérifier les deux mots de passe
        verifMdp();
        //On va vérifier que l'adresse email rentré est correcte
        verifEmail();
        //On va vérifier que le nom d'utilisateur n'est pas déjà pris
        verifUser();
        //On a fait tous les tests de vérification, on peut lancer la requête d'inscription
        inscription();
        $_SESSION['connect'] = true;
        // On active la variable de connexion
        $_SESSION['id'] = $db_realmd->lastInsertId();
    } else {
        //On génère le captcha
        $captcha = antispam_ins();
    }
    //On inclut maintenant le HTML de la page
    include './modules/compte/html/inscription.php';
    //On n'inclut pas le menu de gauche car on utilise un autre type de vue
开发者ID:pauljenny,项目名称:NoCMS,代码行数:31,代码来源:inscription.php


注:本文中的antispam_check函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。