public static function send($from, $to, $subject, $message, $FP = 'common:') { if (trim($to) === "" || !Guardian::check($to, '->email')) { return false; } $header = "MIME-Version: 1.0\n"; $header .= "Content-Type: text/html; charset=ISO-8859-1\n"; $header .= "From: " . $from . "\n"; $header .= "Reply-To: " . $from . "\n"; $header .= "Return-Path: " . $from . "\n"; $header .= "X-Mailer: PHP/" . phpversion(); $header = Filter::apply($FP . 'notification.email.header', $header); $message = Filter::apply($FP . 'notification.email.message', $message); return mail($to, $subject, $message, $header); }
function do_comment_construct() { $config = Config::get(); $speak = Config::speak(); if ($config->page_type === 'article') { $comment_id = 'comment-%d'; // Your comment ID $comment_form_id = 'comment-form'; // Your comment form ID $article = isset($config->article->path) ? $config->article : false; $G = array('data' => array('article' => Mecha::A($article), 'comment_id' => $comment_id, 'comment_form_id' => $comment_form_id)); if ($article !== false && ($request = Request::post())) { if ($task = File::exist(SHIELD . DS . $config->shield . DS . 'workers' . DS . 'task.comment.php')) { require $task; // Custom comment constructor } else { // Check token Guardian::checkToken($request['token'], $article->url . '#' . $comment_form_id); $extension = $config->comments->moderation && !Guardian::happy() ? '.hold' : '.txt'; // Check name if (trim($request['name']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->name)); } // Check email if (trim($request['email']) !== "") { if (!Guardian::check($request['email'], '->email')) { Notify::error($speak->notify_invalid_email); } else { // Disallow passenger(s) from entering your email address in the comment email field if (!Guardian::happy() && $request['email'] === $config->author->email) { Notify::warning(Config::speak('notify_warning_forbidden_input', array('<em>' . $request['email'] . '</em>', strtolower($speak->email)))); } } } else { Notify::error(Config::speak('notify_error_empty_field', $speak->email)); } // Check URL if (trim($request['url']) !== "" && !Guardian::check($request['url'], '->url')) { Notify::error($speak->notify_invalid_url); } // Check message if (trim($request['message']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->message)); } // Check challenge if (!Guardian::checkMath($request['math'])) { Notify::error($speak->notify_invalid_math_answer); } // Check name length if (Guardian::check($request['name'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->name)); } // Check email length if (Guardian::check($request['email'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->email)); } // Check URL length if (Guardian::check($request['url'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->url)); } // Check message length if (Guardian::check($request['message'], '->too_long', 1700)) { Notify::error(Config::speak('notify_error_too_long', $speak->message)); } // Check for spam keyword(s) in comment $fucking_words = explode(',', $config->keywords_spam); foreach ($fucking_words as $spam) { if ($f**k = trim($spam)) { if ($request['email'] === $f**k || strpos(strtolower($request['message']), strtolower($f**k)) !== false) { Notify::warning($speak->notify_warning_intruder_detected . ' <strong class="text-error pull-right">' . $f**k . '</strong>'); break; } } } if (!Notify::errors()) { $post = Date::slug($article->time); $id = (int) time(); $parent = Request::post('parent'); $P = array('data' => $request); $P['data']['id'] = $id; $name = strip_tags($request['name']); $email = Text::parse($request['email'], '->broken_entity'); $url = isset($request['url']) && trim($request['url']) !== "" ? $request['url'] : false; $parser = strip_tags(Request::post('content_type', $config->html_parser->active)); $message = Text::parse($request['message'], '->text', WISE_CELL . '<img>', false); $field = Request::post('fields', array()); include File::D(__DIR__, 2) . DS . 'task.fields.php'; // Temporarily disallow image(s) in comment to prevent XSS $message = preg_replace('#<img(\\s[^<>]*?)>#i', '<img$1>', $message); Page::header(array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => Guardian::happy() ? 1 : 2, 'Content Type' => $parser, 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false))->content($message)->saveTo(COMMENT . DS . $post . '_' . Date::slug($id) . '_' . ($parent ? Date::slug($parent) : '0000-00-00-00-00-00') . $extension); Notify::success(Config::speak('notify_success_submitted', $speak->comment)); if ($extension === '.hold') { Notify::info($speak->notify_info_comment_moderation); } Weapon::fire(array('on_comment_update', 'on_comment_construct'), array($G, $P)); Guardian::kick($config->url_current . $config->ur_query . (!Guardian::happy() && $config->comments->moderation ? '#' . $comment_form_id : '#' . sprintf($comment_id, Date::format($id, 'U')))); } else { Guardian::kick($config->url_current . $config->url_query . '#' . $comment_form_id); } } } } }
Notify::error($speak->notify_invalid_math_answer); } // Check name length if (Guardian::check($request['name'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->comment_name)); } // Check email length if (Guardian::check($request['email'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->comment_email)); } // Check URL length if (Guardian::check($request['url'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->comment_url)); } // Check message length if (Guardian::check($request['message'], '->too_long', 1700)) { Notify::error(Config::speak('notify_error_too_long', $speak->comment_message)); } // Check for spam keyword(s) in comment $fucking_words = explode(',', $config->spam_keywords); foreach ($fucking_words as $spam) { $f**k = trim($spam); if ($f**k !== "") { if ($request['email'] === $f**k || $f**k !== 'N/A' && Get::IP() === $f**k || strpos(strtolower($request['message']), strtolower($f**k)) !== false) { Notify::warning($speak->notify_warning_intruder_detected . ' <strong class="text-error pull-right">' . $f**k . '</strong>'); break; } } } if (!Notify::errors()) { $post = Date::format($article->time, 'Y-m-d-H-i-s');
} else { $link = $request['link']; } } // If you set the post slug value with a `*://` or `//` at the beginning, // then Mecha will treat it as an external link value for your post data. // The original slug value will be created automatically based on the // post title text, but you can edit it later. $_ = $request['slug']; if (strpos($_, '://') !== false || strpos($_, '//') === 0) { $slug = Text::parse($title, '->slug'); // Allow relative URL protocol if (strpos($_, '//') === 0) { $_ = str_replace('://', ':', $config->protocol) . $_; } if (!Guardian::check($_, '->url')) { Notify::error($speak->notify_invalid_url); } else { $link = $request['slug']; } } else { $slug = Text::parse(Request::post('slug', $title, false), '->slug'); } $slug = $slug === '--' ? 'post-' . time() : $slug; $content = $request['content']; $description = $request['description']; $author = strip_tags($request['author']); $css = trim(Request::post('css', "", false)); $js = trim(Request::post('js', "", false)); $field = Request::post('fields', array()); // Slug must contains at least one letter or one `-`. This validation added
if (Request::post($page . '.per_page') < 1 || floor(Request::post($page . '.per_page')) != Request::post($page . '.per_page')) { Notify::error($speak->notify_invalid_per_page_number); Guardian::memorize($request); } // Check if slug already exists on static page(s) if (isset($slugs[$request[$page]['slug']])) { Notify::error(Config::speak('notify_error_slug_exist', $request[$page]['slug'])); Guardian::memorize($request); } } if (Request::post('per_page') < 1 || floor(Request::post('per_page')) != Request::post('per_page')) { Notify::error($speak->notify_invalid_per_page_number); Guardian::memorize($request); } // Check for invalid email address if (trim($request['author']['email']) !== "" && !Guardian::check($request['author']['email'], '->email')) { Notify::error($speak->notify_invalid_email); Guardian::memorize($request); } unset($request['token']); // Remove token from request array $G = array('data' => Mecha::A($config)); $P = array('data' => $request); if (!Notify::errors()) { File::serialize($request)->saveTo(STATE . DS . 'config.txt', 0600); Notify::success(Config::speak('notify_success_updated', $speak->config)); foreach (glob(LOG . DS . 'asset.*.log', GLOB_NOSORT) as $asset_cache) { File::open($asset_cache)->delete(); } Weapon::fire('on_config_update', array($G, $P)); Guardian::kick($request['manager']['slug'] . '/config');
$request['parent'] = Request::post('parent'); $extension = $request['extension']; $name = $request['name']; $email = $request['email']; $url = isset($request['url']) && trim($request['url']) !== "" ? $request['url'] : false; $message = $request['message']; $field = Request::post('fields', array()); include __DIR__ . DS . 'task.substance.ignite.php'; include __DIR__ . DS . 'task.fields.php'; // Empty name field if (trim($name) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->name)); Guardian::memorize($request); } // Invalid email address if (trim($email) !== "" && !Guardian::check($request['email'], '->email')) { Notify::error($speak->notify_invalid_email); Guardian::memorize($request); } $email = Text::parse($email, '->broken_entity'); // Check for empty message content if (trim($message) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->message)); Guardian::memorize($request); } $P = array('data' => $request); if (!Notify::errors()) { $header = array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => $request['status'], 'Content Type' => Request::post('content_type', 'HTML'), 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false); $_ = RESPONSE . DS . $segment . DS . Date::slug($request['post']) . '_' . Date::slug($rid) . '_' . ($request['parent'] ? Date::slug($request['parent']) : '0000-00-00-00-00-00') . $extension; // Ignite if (!$id) {
* * -------------------------------------------------------------------------- * */ Get::plug('IP', function ($fallback = false) { if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',') > 0) { $addresses = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $ip = trim($addresses[0]); } else { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } } else { $ip = $_SERVER['REMOTE_ADDR']; } return Guardian::check($ip, '->ip') ? $ip : $fallback; }); /** * ========================================================================== * GET CLIENT USER AGENT INFO * ========================================================================== * * -- CODE: ----------------------------------------------------------------- * * echo Get::UA(); * * -------------------------------------------------------------------------- * */ Get::plug('UA', function () { return $_SERVER['HTTP_USER_AGENT'];