$nick = rawurldecode($_REQUEST['nick']);
$comment = rawurldecode(isset($_REQUEST['comment']) ? trim($_REQUEST['comment']) : '');
$tmp_path = tempnam(TMP_PATH, 'board_pic');
$referer = $url;
$fetch_log = LOG_PATH . '/fetch-' . date('Y-m-d') . '.log';
$referer_map = array('yande.re' => 'http://yande.re/post/', 'sankakustatic.com' => 'http://chan.sankakucomplex.com/post/show/42', 'c\\d.sankakucomplex.com' => 'http://chan.sankakucomplex.com/post/show/42', 'cs.sankakucomplex.com' => 'http://chan.sankakucomplex.com/post/show/42', 'is.sankakucomplex.com' => 'http://idol.sankakucomplex.com/post/show/42');
foreach ($referer_map as $pattern => $ref) {
if (preg_match('/' . $pattern . '/i', $url)) {
$referer = $ref;
}
}
$header = curl_head($url, $referer);
list($size, $type) = get_size_and_type($header);
if (preg_match('/\\.gifv$/', $url) && $type == 'text/html') {
$url = preg_replace('/\\.gifv$/', '.gif', $url);
$header = curl_head($url, $referer);
list($size, $type) = get_size_and_type($header);
}
if ($size !== false && $size > FIVE_MEGS) {
file_put_contents($fetch_log, "[" . date('Y-m-d H:i:s') . "]\t{$nick}\tover size limit saving as link\t{$url}\n", FILE_APPEND);
save_link($type, $size, $url, $nick, $tmp_path);
exit;
}
try {
curl_geturl($url, $tmp_path, $referer, array('size_limit' => FIVE_MEGS));
} catch (Exception $e) {
file_put_contents($fetch_log, "[" . date('Y-m-d H:i:s') . "]\t{$nick}\tcan't fetch url:" . $e->getMessage() . " saving as link\t{$url}\n", FILE_APPEND);
save_link($type, $size, $url, $nick, $tmp_path);
exit;
}
$extension = '';
require "module.error.php";
}
} else {
$var_code = ANONNEWS_ERROR_URL_BLACKLISTED;
require "module.error.php";
}
} elseif ($var_id == "submit") {
// Stage 3: Processing the submission.
$recaptcha = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($recaptcha->is_valid) {
if (!empty($_POST['title'])) {
if (!empty($_POST['url'])) {
// It will have to be approved before it appears on the front page.
$spam_score = spam_score($_POST['url'], $_POST['title'], false);
if ($spam_score < 10) {
$request = curl_head($_POST['url']);
if ($request->code == 200) {
$language = mysql_real_escape_string($_POST['language']);
$title = mysql_real_escape_string($_POST['title']);
$url = mysql_real_escape_string($_POST['url']);
$query = "INSERT INTO sites (`Name`, `Url`, `CommentCount`, `Deleted`, `Approved`, `Mod`, `Language`, `Posted`)\n\t\t\t\t\t\t\t\tVALUES ('{$title}', '{$url}', '0', '0', '0', '', '{$language}', CURRENT_TIMESTAMP)";
if (mysql_query($query)) {
$insert_id = mysql_insert_id();
if (!empty($_POST['tags'])) {
// tags were entered.
$tags = $_POST['tags'];
$tags_list = explode(",", $tags);
foreach ($tags_list as $tag) {
$tag = mysql_real_escape_string(trim(clean_tag($tag)));
if (!empty($tag)) {
$query = "INSERT INTO tags (`Table`, `ItemId`, `TagName`) VALUES ('sites', '{$insert_id}', '{$tag}')";