/** * Compile the search and replace arguments that have to be used * to handle censor word replacements. * * This is implemented as a separate call, so formatting code * can load the compiled arguments, to call preg_replace() on * data on its own. This saves a lot of function calls, which * improves the overall speed. * * @return array * An array containing two elements: * - an array of regular expressions that is used for searching for * bad words. If no bad words have been configured, then NULL is returned. * - The string to replace bad words with. * This is the PHORUM_BAD_WORDS constant. We pushed it in here, in * case we want to make this variable in the future. */ function phorum_api_format_censor_compile() { static $search = ''; // Load the badwords and compile the replacement regexp. if ($search === '') { $words = phorum_api_ban_list(PHORUM_BAD_WORDS); if (!empty($words)) { $search = array(); foreach ($words as $word) { $search[] = "/\\b" . preg_quote($word['string'], '/') . "(ing|ed|s|er|es)*\\b/i"; } } else { $search = NULL; } } return array($search, PHORUM_BADWORD_REPLACE); }
/** * Evaluate a value against the ban list for the current forum * to see if there is a match. * * The id of the current forum is taken from $PHORUM['forum_id']. * * @param mixed $value * The value to check. * In case a check is run against the {@link PHORUM_BAD_IPS} type, * then this parameter can be NULL. This funciton will then * automatically use the IP address of the remote host. * * @param integer $type * The type of banlist to check against. This is one of: * - {@link PHORUM_BAD_NAMES} * - {@link PHORUM_BAD_EMAILS} * - {@link PHORUM_BAD_USERID} * - {@link PHORUM_BAD_IPS} * - {@link PHORUM_BAD_SPAM_WORDS} * * @return bool * An error message in case the value matches the banlist, NULL otherwise. */ function phorum_api_ban_check($value, $type) { global $PHORUM; $values = array($value); // Retrieve the ban list for the requisted type of ban. $list = phorum_api_ban_list($type); if (empty($list)) { return NULL; } // For IP bans, a value of NULL is allowed for checking. In that // case, we will use the IP address of the remote host automatically. if ($value === NULL && $type == PHORUM_BAD_IPS) { if (isset($_SERVER['REMOTE_ADDR'])) { $value = $_SERVER['REMOTE_ADDR']; $values = array($value); } else { return NULL; } } // If the value is empty, then the decision is easy. $value = trim($value); if ($value == '') { return NULL; } // When an IP-address is used for a PHORUM_BAD_IPS check, then we // do a hostname lookup. The host or domain name might be blacklisted too. if (!empty($PHORUM['dns_lookup']) && $type == PHORUM_BAD_IPS && preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $value)) { $resolved = @gethostbyaddr($value); if (!empty($resolved) && $resolved != $value) { $values[] = $resolved; } } // Check if we can find a matching ban list item. $match = NULL; foreach ($list as $item) { foreach ($values as $value) { if ($item['string'] == '') { continue; } // Handle regular expression matching. if ($item['pcre']) { if (@preg_match('/\\b' . $item['string'] . '\\b/i', $value)) { $match = $value; break 2; } } elseif ($type == PHORUM_BAD_USERID) { if ($value == $item['string']) { $match = $value; break 2; } } else { if (stristr($value, $item['string'])) { $match = $value; break 2; } } } } if (!$match) { return NULL; } $langkey = $PHORUM['API']['ban']['type2error'][$type]; $message = $PHORUM['DATA']['LANG'][$langkey]; $message = str_replace('%name%', htmlspecialchars($match), $message); return $message; }