function save_comment() { global $link, $db, $comment, $current_user, $globals, $site_key; // Warning, trillion of checkings :-( $user_id = intval($_POST['user_id']); if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.1 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && strlen(trim($_POST['comment_content'])) > 2) { $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); if ($current_user->user_level == 'god') { if ($_POST['type'] == 'admin') { $comment->type = 'admin'; } else { $comment->type = 'normal'; } } if (!$current_user->admin) { $comment->get_links(); } if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})"); echo _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); die; } if (strlen($comment->content) > 0) { $comment->store(); } header('Location: ' . $link->get_permalink() . '#c-' . $comment->order); die; } else { echo _('error actualizando, probablemente tiempo de edición excedido'); die; } }
function save_post($message_id) { global $link, $db, $message, $current_user, $globals, $site_key; $message = new PrivateMessage(); $to_user = User::get_valid_username($_POST['to_user']); if (!$to_user) { echo 'ERROR: ' . _('nombre de usuario erróneo'); die; } $to = User::get_user_id($to_user); if (!$to > 0) { echo 'ERROR: ' . _('usuario erróneo'); die; } if (!PrivateMessage::can_send($current_user->user_id, $to)) { echo 'ERROR: ' . _('el destinatario no lo tiene amigado'); die; } $_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']); if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { echo 'ERROR: ' . $limit_exceded; die; } } if (mb_strlen($_POST['post']) < 2) { echo 'ERROR: ' . _('texto muy corto'); die; } if ($current_user->user_id != intval($_POST['author'])) { die; } // Check the post wasn't already stored $message->randkey = intval($_POST['key']); $message->author = $current_user->user_id; $message->to = $to; $message->content = $_POST['post']; $db->transaction(); $dupe = intval($db->get_var("select count(*) from privates where user = {$current_user->user_id} and date > date_sub(now(), interval 5 minute) and randkey = {$message->randkey} FOR UPDATE")); if (!$dupe) { // Verify that there are a period of 1 minute between posts. if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 15 second)")) > 0) { echo 'ERROR: ' . _('debe esperar 15 segundos entre mensajes'); $db->rollback(); die; } // Verify that there less than X messages from the same user in a day if (intval($db->get_var("select count(*) from privates where user= {$current_user->user_id} and date > date_sub(now(), interval 1 day)")) > 160) { echo 'ERROR: ' . _('demasiados mensajes en un día'); die; } $db->commit(); $message->store(); notify_user($current_user->user_id, $to, $message->content); User::add_notification($message->to, 'private'); } else { $db->commit(); echo 'ERROR: ' . _('mensaje grabado previamente'); die; } // Check image upload or delete if ($_POST['image_delete']) { $message->delete_image(); } else { $message->store_image_from_form('image'); } $message = PrivateMessage::from_db($message->id); // Reread the object $message->print_summary(); }
function check_chat() { global $db, $current_user, $now, $now_f, $globals, $events; if (empty($_POST['chat'])) { return; } $comment = trim(preg_replace("/[\r\n\t]/", ' ', $_REQUEST['chat'])); $comment = clear_whitespace($comment); if ($current_user->user_id > 0 && strlen(strip_tags($comment)) > 2) { // Sends a message back if the user has a very low karma if ($globals['min_karma_for_sneaker'] > 0 && $current_user->user_karma < $globals['min_karma_for_sneaker']) { $comment = _('no tienes suficiente karma para comentar en la fisgona') . ' (' . $current_user->user_karma . ' < ' . $globals['min_karma_for_sneaker'] . ')'; send_chat_warn($comment); return; } $period = $now - 4; $counter = intval($db->get_var("select count(*) from chats where chat_time > {$period} and chat_uid = {$current_user->user_id}")); if ($counter > 0) { $comment = _('tranquilo charlatán') . ' ;-)'; send_chat_warn($comment); return; } if (check_ban_proxy()) { send_chat_warn(_('proxy abierto no permitido')); return; } if (preg_match('/^!/', $comment)) { require_once 'sneaker-stats.php'; if (!($comment = check_stats($comment))) { send_chat_warn(_('comando no reconocido')); } else { send_string($comment); } return; } else { $comment = clean_text_with_tags($comment); $comment = preg_replace('/(^|[\\s\\.,¿#@])\\/me([\\s\\.,\\?]|$)/', "\$1<i>{$current_user->user_login}</i>\$2", $comment); if (mb_strlen($comment) > 255) { // Cut text longer that database, to avoid unclosed html tags $comment = mb_substr($comment, 0, 1) . mb_substr($comment, -254, 254); } } $from = $now - 1500; $db->query("delete from chats where chat_time < {$from}"); if ((!empty($_REQUEST['admin']) || preg_match('/^#/', $comment)) && $current_user->admin) { $room = 'admin'; $comment = preg_replace('/^# */', '', $comment); } elseif (!empty($_REQUEST['friends']) || preg_match('/^@/', $comment)) { $room = 'friends'; $comment = preg_replace('/^@ */', '', $comment); } else { $room = 'all'; } if (strlen($comment) > 0) { $comment = $db->escape(trim(normalize_smileys($comment))); $db->query("insert into chats (chat_time, chat_uid, chat_room, chat_user, chat_text) values ({$now_f}, {$current_user->user_id}, '{$room}', '{$current_user->user_login}', '{$comment}')"); } } }
static function save_from_post($link) { global $db, $current_user, $globals; require_once(mnminclude.'ban.php'); $error = ''; if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida'); // Check if is a POST of a comment if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0 )) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment; $comment->link=$link->id; $comment->ip = $db->escape($globals['user_ip']); $comment->randkey=intval($_POST['randkey']); $comment->author=intval($_POST['user_id']); $comment->karma=round($current_user->user_karma); $comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000); $comment->parent=intval($_POST['parent_id']); //get level $parentComment = new Comment(); $parentComment->id = intval($comment->parent); $parentComment->read_basic(); if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) { return _('Chegache ao nivel límite de comentarios aniñados...'); } $comment->nested_level = $parentComment->nested_level + 1; // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours+1); if ( $clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } // Check the comment wasn't already stored $already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey")); if ($already_stored) { return _('comentario duplicado'); } if (! $current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) $same_links_count *= 2; $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma/6, 2) * 2.5); if ($comment_count > $comment_limit || $same_count > 2) { $reduction = 0; if ($comment_count > $comment_limit) { $reduction += ($comment_count-3) * 0.1; } if($same_count > 1) { $reduction += $same_count * 0.25; } if ($reduction > 0) { $user = new User; $user->id = $current_user->user_id; $user->read(); $user->karma = $user->karma - $reduction; syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)"); $user->store(); $annotation = new Annotation("karma-$user->id"); $annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n"); $error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces'); } } $db->transaction(); $comment->store(); $comment->insert_vote(); $link->update_comments(); $db->commit(); // Comment stored, just redirect to it page header('Location: '.$link->get_permalink() . '#c-'.$comment->order); die; //return $error; }
public static function store_extended_properties($id = false, &$prefs) { if ($id == false) { $id = self::my_id(); } $dict = array(); $defaults = self::$extended_properties; foreach ($prefs as $k => $v) { if ($v !== '' && isset($defaults[$k]) && $defaults[$k] != $v) { switch ($k) { case 'rules': case 'message': $dict[$k] = clean_text_with_tags($v, 0, false, 300); break; default: $dict[$k] = mb_substr(clean_input_string($v), 0, 100); } } } $key = self::PREFERENCES_KEY . $id; $a = new Annotation($key); if (!empty($dict)) { $json = json_encode($dict); $a->text = $json; return $a->store(); } return $a->delete(); }
function save_post($post_id) { global $link, $db, $post, $current_user, $globals, $site_key; $post = new Post(); $_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']); if (mb_strlen($_POST['post']) < 5) { echo 'ERROR: ' . _('texto muy corto'); die; } if ($post_id > 0) { $post->id = $post_id; if (!$post->read()) { die; } if ((intval($_POST['user_id']) == $current_user->user_id && $current_user->user_id == $post->author && time() - $post->date < 3600 || $current_user->user_level == 'god' && time() - $post->date < 864000) && $_POST['key'] == $post->randkey) { $post->content = $_POST['post']; if (strlen($post->content) > 0) { $post->store(); } } else { echo 'ERROR: ' . _('no tiene permisos para grabar'); die; } } else { if ($current_user->user_id != intval($_POST['user_id'])) { die; } if ($current_user->user_karma < $globals['min_karma_for_posts']) { echo 'ERROR: ' . _('el karma es muy bajo'); die; } // Check the post wasn't already stored $post->randkey = intval($_POST['key']); $post->author = $current_user->user_id; $post->content = $_POST['post']; $dupe = intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 1 hour) and post_randkey = {$post->randkey}")); if (!$dupe && !$post->same_text_count()) { // Verify that there are a period of 1 minute between posts. if (intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 1 minute)")) > 0) { echo 'ERROR: ' . _('debe esperar 1 minuto entre notas'); die; } $same_links = $post->same_links_count(); if ($same_links > 2) { $user = new User(); $user->id = $current_user->user_id; $user->read(); $reduction = $same_links * 0.2; $user->karma = $user->karma - $reduction; syslog(LOG_NOTICE, "Meneame: post_edit decreasing {$reduction} of karma to {$user->username} (now {$user->karma})"); $user->store(); $annotation = new Annotation("karma-{$user->id}"); $annotation->append(_('demasiados enlaces al mismo dominio en las notas') . ": -{$reduction}, karma: {$user->karma}\n"); } // Check again for last seconds, ajax calls sometimes add two posts $dupe = intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 10 second) and post_randkey = {$post->randkey}")); if (!$dupe) { $post->store(); } } else { echo 'ERROR: ' . _('comentario grabado previamente'); die; } } $post->print_summary(); }
function do_save() { global $linkres, $dblang, $current_user; $linkres->read_content_type_buttons($_POST['type']); $linkres->category=intval($_POST['category']); if ($current_user->admin) { if (!empty($_POST['url'])) { $linkres->url = clean_input_url($_POST['url']); } if ($_POST['thumb_delete']) { $linkres->delete_thumb(); } if ($_POST['thumb_get']) { $linkres->get_thumb(); } } $linkres->title = clean_text($_POST['title'], 40); $linkres->content = clean_text_with_tags($_POST['bodytext']); $linkres->tags = tags_normalize_string($_POST['tags']); // change the status if ($_POST['status'] != $linkres->status && ($_POST['status'] == 'autodiscard' || $current_user->admin) && preg_match('/^[a-z]{4,}$/', $_POST['status']) && ( ! $linkres->is_discarded() || $current_user->admin)) { if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) { // Insert a log entry if the link has been manually discarded $insert_discard_log = true; } $linkres->status = $_POST['status']; } // EVENTS $d = $_POST["datepicker1"]; $linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4); $d = $_POST["datepicker2"]; $linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4); if (!link_edit_errors($linkres)) { if (empty($linkres->uri)) $linkres->get_uri(); $linkres->store(); tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date); // Insert edit log/event if the link it's newer than 15 days if ($globals['now'] - $linkres->date < 86400*15) { require_once(mnminclude.'log.php'); if ($insert_discard_log) { // Insert always a link and discard event if the status has been changed to discard log_insert('link_discard', $linkres->id, $current_user->user_id); if ($linkres->author == $current_user->user_id) { // Don't save edit log if it's discarded by an admin log_insert('link_edit', $linkres->id, $current_user->user_id); } } elseif ($linkres->votes > 0) { log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60); } } echo '<div class="form-error-submit"> '._("noticia actualizada").'</div>'."\n"; } $linkres->read(); echo '<div class="formnotice">'."\n"; $linkres->print_summary('preview'); echo '</div>'."\n"; echo '<form class="note" method="GET" action="story.php" >'; echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n"; echo '<input class="button" type="button" onclick="window.history.go(-1)" value="« '._('modificar').'"> '."\n";; echo '<input class="button" type="submit" value="'._('ir a la noticia').'" />'."\n"; echo '</form>'. "\n"; }
function do_submit2() { global $db, $dblang, $globals; $linkres=new Link; $linkres->id=$link_id = intval($_POST['id']); $linkres->read(); if(report_dupe($linkres->url)) return; $linkres->read_content_type_buttons($_POST['type']); // Check if the title contains [IMG], [IMGs], (IMG)... and mark it as image if (preg_match('/[\(\[](IMG|PICT*)s*[\)\]]/i', $_POST['title'])) { $_POST['title'] = preg_replace('/[\(\[](IMG|PICT*)s*[\)\]]/i', ' ', $_POST['title']); $linkres->content_type = 'image'; } elseif (preg_match('/[\(\[](VID|VIDEO|Vídeo*)s*[\)\]]/i', $_POST['title'])) { $_POST['title'] = preg_replace('/[\(\[](VID|VIDEO|Vídeo*)s*[\)\]]/i', ' ', $_POST['title']); $linkres->content_type = 'video'; } $linkres->category=intval($_POST['category']); $linkres->title = clean_text(preg_replace('/(\w) *[;.,] *$/', "$1", $_POST['title']), 40); // It also deletes punctuaction signs at the end $linkres->tags = tags_normalize_string($_POST['tags']); $linkres->content = clean_text_with_tags($_POST['bodytext']); // EVENTS $d = $_POST["datepicker1"]; $linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4); $d = $_POST["datepicker2"]; $linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4); if (link_errors($linkres)) { echo '<form class="genericform">'."\n"; echo '<p><input class="button" type=button onclick="window.history.go(-1)" value="« '._('retroceder').'"/></p>'."\n"; echo '</form>'."\n"; echo '</div>'."\n"; // opened in print_form_submit_error return; } $linkres->store(); tags_insert_string($linkres->id, $dblang, $linkres->tags); $linkres->read(); $edit = true; $link_title = $linkres->title; $link_content = $linkres->content; preload_indicators(); echo '<div class="genericform">'."\n"; echo '<h2>'._('envío de una nueva noticia: paso 3 de 3').'</h2>'."\n"; echo '<form action="submit.php" method="post" class="genericform" onSubmit="$(\'#working\').html(\''._('enviando trackbacks').'... <img src=\\\'\'+img_src1+\'\\\'/>\'); return true;">'."\n"; echo '<fieldset><legend><span class="sign">'._('detalles de la noticia').'</span></legend>'."\n"; echo '<div class="genericformtxt"><label>'._('ATENCIÓN: esto es sólo una muestra!').'</label> <br/>'._('Ahora puedes 1) ').'<label>'._('retroceder').'</label>'._(' o 2) ').'<label>'._('enviar a la cola y finalizar').'</label>. '._('Cualquier otro clic convertirá tu noticia en comida para <del>gatos</del> elefantes (o no).').'</div>'; echo '<div class="formnotice">'."\n"; $linkres->print_summary('preview'); echo '</div>'."\n"; echo '<input type="hidden" name="phase" value="3" />'."\n"; echo '<input type="hidden" name="randkey" value="'.intval($_POST['randkey']).'" />'."\n"; echo '<input type="hidden" name="key" value="'.$_POST['key'].'" />'."\n"; echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n"; echo '<input type="hidden" name="trackback" value="'.htmlspecialchars(trim($_POST['trackback'])).'" />'."\n"; echo '<br style="clear: both;" /><br style="clear: both;" />'."\n"; echo '<input class="button" type="button" onclick="window.history.go(-1)" value="« '._('retroceder').'"/> '."\n"; echo '<input class="button" type="submit" value="'._('enviar a la cola y finalizar').' »" '; echo '/> <span id="working"> </span>'; echo '</fieldset>'."\n"; echo '</form>'."\n"; echo '</div>'."\n"; }
static function save_from_post($link, $redirect = true) { global $db, $current_user, $globals; require_once mnminclude . 'ban.php'; if (check_ban_proxy()) { return _('dirección IP no permitida'); } // Check if is a POST of a comment if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment(); $comment->link = $link->id; $comment->ip = $globals['user_ip']; $comment->randkey = intval($_POST['randkey']); $comment->author = intval($_POST['user_id']); $comment->karma = round($current_user->user_karma); $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours + 1); if ($clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } if (!$current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) { $same_links_count *= 2; } $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5); $karma_penalty = 0; if ($comment_count > $comment_limit || $same_count > 2) { if ($comment_count > $comment_limit) { $karma_penalty += ($comment_count - 3) * 0.1; } if ($same_count > 1) { $karma_penalty += $same_count * 0.25; } } // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { return $limit_exceded; } } $db->transaction(); // Check the comment wasn't already stored $r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE")); $already_stored = intval($r); if ($already_stored) { $db->rollback(); return _('comentario duplicado'); } if ($karma_penalty > 0) { $db->rollback(); $user = new User($current_user->user_id); $user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios')); return _('penalización de karma por texto repetido o abuso de enlaces'); } if (!is_null($r) && $comment->store()) { $comment->insert_vote(); $link->update_comments(); $db->commit(); // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } else { $comment->store_image_from_form('image'); } if ($redirect) { // Comment stored, just redirect to it page header('HTTP/1.1 303 Load'); header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order); die; } else { return $comment; } } $db->rollback(); return _('error insertando comentario'); //return $error; }
function check_and_save($comment, $link) { global $db, $current_user, $globals, $site_key; // Warning, trillion of checkings :-( // TODO: unify with Comment::save_from_post(), careful with the differences // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { return $limit_exceded; } } $user_id = intval($_POST['user_id']); if (intval($_POST['id']) == $comment->id && $current_user->authenticated && ($user_id == $current_user->user_id && $current_user->user_id == $comment->author && time() - $comment->date < $globals['comment_edit_time'] * 1.5 || ($comment->author != $current_user->user_id || $comment->type == 'admin') && $current_user->user_level == 'god') && $_POST['key'] == md5($comment->randkey . $site_key) && mb_strlen(trim($_POST['comment_content'])) > 2) { $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); if ($current_user->user_level == 'god') { if ($_POST['type'] == 'admin') { $comment->type = 'admin'; } else { $comment->type = 'normal'; } } if (!$current_user->admin) { $comment->get_links(); } if ($current_user->user_id == $comment->author && $comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: editcomment not stored, banned link ({$current_user->user_login})"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } if (mb_strlen($comment->content) > 0) { $comment->store(); } // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } else { $comment->store_image_from_form('image'); } return $comment; } return _('error actualizando, probablemente tiempo de edición excedido'); }
function save_post($post_id) { global $link, $db, $post, $current_user, $globals, $site_key; $post = new Post(); $_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']); if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { echo 'ERROR: ' . $limit_exceded; die; } } if (mb_strlen($_POST['post']) < 5) { echo 'ERROR: ' . _('texto muy corto'); die; } if ($post_id > 0) { $post->id = $post_id; if (!$post->read()) { die; } if ((intval($_POST['user_id']) == $current_user->user_id && $current_user->user_id == $post->author && time() - $post->date < 3600 || $current_user->user_level == 'god' && time() - $post->date < $globals['posts_edit_time_admin'] * 1.5) && $_POST['key'] == $post->randkey) { $post->content = $_POST['post']; if (strlen($post->content) > 0) { $post->store(); store_image($post); } } else { echo 'ERROR: ' . _('no tiene permisos para grabar'); die; } } else { if ($current_user->user_id != intval($_POST['user_id'])) { die; } if ($current_user->user_karma < $globals['min_karma_for_posts']) { echo 'ERROR: ' . _('el karma es muy bajo'); die; } // Check the post wasn't already stored $post->randkey = intval($_POST['key']); $post->author = $current_user->user_id; $post->content = $_POST['post']; // Verify that there are a period of 1 minute between posts. if (intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval " . $globals['posts_period'] . " second)")) > 0) { echo 'ERROR: ' . _('debe esperar entre notas'); die; } $same_text = $post->same_text_count(); $same_links = $post->same_links_count(10); $db->transaction(); $r = $db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 5 minute) and post_randkey = {$post->randkey} FOR UPDATE"); $dupe = intval($r); if (!is_null($r) && !$dupe && !$same_text) { if ($same_links > 2) { $reduction = $same_links * 0.2; $user = new User($current_user->user_id); $user->add_karma(-$reduction, _('demasiados enlaces al mismo dominio en las notas')); syslog(LOG_NOTICE, "Meneame: post_edit decreasing {$reduction} of karma to {$user->username} (now {$user->karma})"); } $post->store(); $db->commit(); store_image($post); } else { $db->commit(); echo 'ERROR: ' . _('comentario grabado previamente'); die; } } $post->print_summary(); }
function check_field_errors() { global $globals; $errors = array(); if (!$this->sub_id > 0) { $errors[] = _("sub no seleccionado"); $site_id = SitesMgr::my_id(); } else { $site_id = $this->sub_id; } $properties = SitesMgr::get_extended_properties($site_id); if (empty($this->url) && empty($properties['no_link'])) { $errors[] = _("falta url enlace"); } // Filter content and title // It also deletes punctuaction marks at the end $this->title = clean_text(preg_replace('/(\\w) *[.,] *$/', "\$1", $this->title), 50, true, 120); if ($properties['allow_paragraphs']) { $replace_nl = false; } else { $replace_nl = true; } $this->content = clean_text_with_tags($this->content, 0, $replace_nl, $properties['intro_max_len']); if (mb_strlen($this->title) < 8) { $errors[] = _("título incompleto"); } if (get_uppercase_ratio($this->title) > 0.5) { $errors[] = "demasiadas mayúsculas en el título"; } /* The length is already constrained in clean_text() if(mb_strlen(html_entity_decode($this->title, ENT_COMPAT, 'UTF-8'), 'UTF-8') > 120) { $errors[] = ("título demasiado largo"); } */ if ($properties['intro_max_len'] > 0 && $properties['intro_min_len'] > 0 && mb_strlen($this->content) < $properties['intro_min_len']) { $errors[] = _("texto incompleto"); } if (get_uppercase_ratio($this->content) > 0.3) { $errors[] = "demasiadas mayúsculas en el texto"; } /* Already constrained in clean_text_with_tags() if( $properties['intro_max_len'] > 0 && mb_strlen(html_entity_decode($this->content, ENT_COMPAT, 'UTF-8'), 'UTF-8') > $properties['intro_max_len'] ) { $errors[] = ("texto demasiado largo"); } */ if (strlen($this->tags) < 3) { $errors[] = "no has puesto etiquetas"; } if (preg_match('/.*http:\\//', $this->title)) { $errors[] = "no pongas URLs en el título, no ofrece información"; } return $errors; }
function do_save($link) { global $dblang, $globals, $current_user, $db; // Store previous value for the log $link_old = new stdClass(); $link_old->url = $link->url; $link_old->title = $link->title; $link_old->content = $link->content; $link_old->category = $link->category_name; $link_old->tags = $link->tags; $link_old->status = $link->status; $link->read_content_type_buttons($_POST['type']); $link->category = intval($_POST['category']); if ($current_user->admin || $current_user->user_level == 'blogger') { if (!empty($_POST['url'])) { $link->url = clean_input_url($_POST['url']); } if ($_POST['thumb_delete']) { $link->delete_thumb(); } if ($_POST['thumb_get']) { $link->get_thumb(); } elseif (!empty($_POST['thumb_url'])) { $url = clean_input_url($_POST['thumb_url']); $link->get_thumb(false, $url); } } $link->title = clean_text($_POST['title'], 50); $link->content = clean_text_with_tags($_POST['bodytext']); $link->tags = tags_normalize_string($_POST['tags']); // change the status if ($_POST['status'] != $link->status && ($_POST['status'] == 'autodiscard' || $current_user->admin) && preg_match('/^[a-z]{4,}$/', $_POST['status']) && (!$link->is_discarded() || $current_user->admin)) { if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) { // Insert a log entry if the link has been manually discarded $insert_discard_log = true; } $link->status = $_POST['status']; } $errors = link_edit_errors($link); if (!$errors) { if (empty($link->uri)) { $link->get_uri(); } // Check the blog_id $blog_id = Blog::find_blog($link->url, $link->id); if ($blog_id > 0 && $blog_id != $link->blog) { $link->blog = $blog_id; } $db->transaction(); $link->store(); // Disabled table tags // tags_insert_string($link->id, $dblang, $link->tags, $link->date); // Insert edit log/event if the link it's newer than 15 days if ($globals['now'] - $link->date < 86400 * 15) { if ($insert_discard_log) { // Insert always a link and discard event if the status has been changed to discard Log::insert('link_discard', $link->id, $current_user->user_id); if ($link->author == $current_user->user_id) { // Don't save edit log if it's discarded by an admin Log::insert('link_edit', $link->id, $current_user->user_id); } } elseif ($link->votes > 0) { Log::conditional_insert('link_edit', $link->id, $current_user->user_id, 60, serialize($link_old)); } } // Check this one is a draft, allows the user to save and send it to the queue if ($link->votes == 0 && $link->status != 'queued' && $link->author == $current_user->user_id) { $link->enqueue(); } $db->commit(); } $link->read(); Haanga::Load('link/edit_result.html', compact('link', 'errors')); }
function get($url, $maxlen = 150000, $check_ban = true) { global $globals, $current_user; $url = trim($url); $url_components = @parse_url($url); $this->noiframe = false; if ($response = get_url($url)) { $this->content_type = preg_replace('#^(\\w+).+#', '$1', $response['content_type']); // Check if it has pingbacks if (preg_match('/X-Pingback: *(.+)/i', $response['header'], $match)) { $this->pingback = 'ping:' . clean_input_url($match[1]); } /* Were we redirected? */ if ($response['redirect_count'] > 0) { /* update $url with where we were redirected to */ $new_url = clean_input_url($response['location']); } if (!empty($new_url) && $new_url != $url) { syslog(LOG_NOTICE, "Meneame, redirected ({$current_user->user_login}): {$url} -> {$new_url}"); /* Check again the url */ if (!$this->check_url($new_url, $check_ban, true)) { $this->url = $new_url; return false; } // Change the url if we were directed to another host if (strlen($new_url) < 300 && ($new_url_components = @parse_url($new_url))) { if ($url_components['host'] != $new_url_components['host']) { syslog(LOG_NOTICE, "Meneame, changed source URL ({$current_user->user_login}): {$url} -> {$new_url}"); $url = $new_url; $url_components = $new_url_components; } } } $this->html = $response['content']; $url_ok = true; } else { syslog(LOG_NOTICE, "Meneame, error getting ({$current_user->user_login}): {$url}"); $url_ok = false; } $this->url = $url; // Fill content type if empty // Right now only check for typical image extensions if (empty($this->content_type)) { if (preg_match('/(jpg|jpeg|gif|png)(\\?|#|$)/i', $this->url)) { $this->content_type = 'image'; } } // NO more to do if (!$url_ok || !preg_match('/html/', $response['content_type'])) { return true; } // Check if it forbides including in an iframe if (preg_match('/X-Frame-Options: *(.+)/i', $response['header']) || preg_match('/top\\.location\\.href *=/', $response['content'])) { $this->noiframe = true; } if (preg_match('/charset=([a-zA-Z0-9-_]+)/i', $this->html, $matches)) { $this->encoding = trim($matches[1]); if (strcasecmp($this->encoding, 'utf-8') != 0) { $this->html = iconv($this->encoding, 'UTF-8//IGNORE', $this->html); } } // Check if the author doesn't want to share if (preg_match('/<!-- *noshare *-->/', $this->html)) { $this->ban = array(); $this->ban['comment'] = _('el autor no desea que se envíe el artículo, respeta sus deseos'); syslog(LOG_NOTICE, "Meneame, noshare ({$current_user->user_login}): {$url}"); return false; } // Now we analyse the html to find links to banned domains // It avoids the trick of using google or technorati // Ignore it if the link has a rel="nofollow" to ignore comments in blogs if (!preg_match('/content="[^"]*(vBulletin|phpBB)/i', $this->html)) { preg_match_all('/(< *meta +http-equiv|< *frame[^<]*>|window\\.|document.\\|parent\\.|top\\.|self\\.)[^><]*(url|src|replace) *[=\\(] *[\'"]{0,1}https*:\\/\\/[^\\s "\'>]+[\'"\\;\\)]{0,1}[^>]*>/i', $this->html, $matches); } else { preg_match_all('/(<* meta +http-equiv|<* iframe|<* frame[^<]*>|window\\.|document.\\|parent\\.|top\\.|self\\.)[^><]*(href|url|src|replace) *[=\\(] *[\'"]{0,1}https*:\\/\\/[^\\s "\'>]+[\'"\\;\\)]{0,1}[^>]*>/i', $this->html, $matches); } $check_counter = 0; $second_level = preg_quote(preg_replace('/^(.+\\.)*([^\\.]+)\\.[^\\.]+$/', "\$2", $url_components['host'])); foreach ($matches[0] as $match) { if (!preg_match('/<a.+rel=.*nofollow.*>/', $match)) { preg_match('/(href|url|src|replace) *[=\\(] *[\'"]{0,1}(https*:\\/\\/[^\\s "\'>]+)[\'"\\;\\)]{0,1}/i', $match, $url_a); $embeded_link = $url_a[2]; $new_url_components = @parse_url($embeded_link); if (!empty($embeded_link) && $check_counter < 5 && !$checked_links[$new_url_components['host']]) { if (!preg_match("/{$second_level}\\.[^\\.]+\$/", $new_url_components['host'])) { $check_counter++; } $checked_links[$new_url_components['host']] = true; if (!$this->check_url($embeded_link, false) && $this->banned) { return false; } } } } // The URL has been checked $this->valid = true; if (preg_match('/<title[^<>]*>([^<>]*)<\\/title>/si', $this->html, $matches)) { $url_title = clean_text($matches[1]); if (mb_strlen($url_title) > 3) { $this->url_title = $url_title; } } if (preg_match('/< *meta +name=[\'"]description[\'"] +content=[\'"]([^<>]+)[\'"] *\\/*>/si', $this->html, $matches)) { $this->url_description = clean_text_with_tags($matches[1], 0, false, 400); } return true; }
function do_submit2() { global $db, $dblang, $globals, $errors; $link = new Link(); $link->id = $link_id = intval($_POST['id']); $link->read(); if (report_duplicated($link->url)) { return true; } $link->read_content_type_buttons($_POST['type']); // Check if the title contains [IMG], [IMGs], (IMG)... and mark it as image if (preg_match('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', $_POST['title'])) { $_POST['title'] = preg_replace('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', ' ', $_POST['title']); $link->content_type = 'image'; } elseif (preg_match('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', $_POST['title'])) { $_POST['title'] = preg_replace('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', ' ', $_POST['title']); $link->content_type = 'video'; } $link->category = intval($_POST['category']); $link->title = clean_text(preg_replace('/(\\w) *[;.,] *$/', "\$1", $_POST['title']), 40); // It also deletes punctuaction signs at the end $link->tags = tags_normalize_string($_POST['tags']); $link->key = $_POST['key']; $link->content = clean_text_with_tags($_POST['bodytext']); if (link_errors($link)) { // Show the edit form again $link->is_new = true; // Disable several options in the editing form Haanga::Load('link/submit1.html', compact('link', 'errors')); return true; } $link->store(); // Disabled table tags // tags_insert_string($link->id, $dblang, $link->tags); $link->read(); $link->randkey = $_POST['randkey']; $related = $link->get_related(6); Haanga::Load('link/submit2.html', compact('link', 'errors', 'related')); return true; }
public static function store_extended_properties($id = false, &$prefs) { if ($id == false) { $id = self::my_id(); } $dict = array(); $defaults = array_merge(self::$extended_properties, self::$extra_extended_properties); foreach ($prefs as $k => $v) { if ($v !== '' && isset($defaults[$k]) && $defaults[$k] != $v) { switch ($k) { case 'rules': case 'message': $dict[$k] = clean_text_with_tags($v, 0, false, 3000); break; case 'post_html': // TODO: validate the HTML $dict[$k] = $v; break; default: if (isset($defaults[$k]) && is_int($defaults[$k])) { $dict[$k] = intval($v); } else { $dict[$k] = mb_substr(clean_input_string($v), 0, 140); } } } } $key = self::PREFERENCES_KEY . $id; $a = new Annotation($key); if (!empty($dict)) { $json = json_encode($dict); $a->text = $json; return $a->store(); } return $a->delete(); }