settype($forumid,"int");
$title="Add A Bad Word";
$submit="Add";
}
settype($string, "string");
settype($type, "int");
settype($pcre, "int");
if($error){
phorum_admin_error($error);
}
// load bad-words-list
$banlists=phorum_db_get_banlists();
$bad_words=$banlists[PHORUM_BAD_WORDS];
include_once "./include/admin/PhorumInputForm.php";
$frm = new PhorumInputForm ("", "post", $submit);
$frm->hidden("module", "badwords");
$frm->hidden("curr", "$curr");
$frm->addbreak($title);
$frm->addrow("Bad Word", $frm->text_box("string", $string, 50));
$frm->addrow("Valid for Forum", $frm->select_tag("forumid", $forum_list, $forumid));
/**
* Strips HTML <tags> and BBcode [tags] from the body.
*
* @param body - The block of body text to strip
* @return stripped - The stripped body
*/
function phorum_strip_body($body, $strip_tags = true)
{
if ($strip_tags) {
// Strip HTML <tags>
$stripped = preg_replace("|</*[a-z][^>]*>|i", "", $body);
// Strip BB Code [tags]
$stripped = preg_replace("|\\[/*[a-z][^\\]]*\\]|i", "", $stripped);
} else {
$stripped = $body;
}
// do badwords check
// Prepare the bad-words replacement code.
$bad_word_check = false;
$banlists = NULL;
if (!empty($PHORUM['cache_banlists']) && !empty($PHORUM['banlist_version'])) {
$cache_key = $PHORUM['forum_id'];
$banlists = phorum_cache_get('banlist', $cache_key, $PHORUM['banlist_version']);
}
// not found or no caching enabled
if ($banlists === NULL) {
$banlists = phorum_db_get_banlists();
if (!empty($PHORUM['cache_banlists']) && !empty($PHORUM['banlist_version'])) {
phorum_cache_put('banlist', $cache_key, $banlists, 7200, $PHORUM['banlist_version']);
}
}
if (isset($banlists[PHORUM_BAD_WORDS]) && is_array($banlists[PHORUM_BAD_WORDS])) {
$replace_vals = array();
$replace_words = array();
foreach ($banlists[PHORUM_BAD_WORDS] as $item) {
$replace_words[] = "/\\b" . preg_quote($item['string'], '/') . "(ing|ed|s|er|es)*\\b/i";
$replace_vals[] = PHORUM_BADWORD_REPLACE;
$bad_word_check = true;
}
}
if ($bad_word_check) {
$stripped = preg_replace($replace_words, $replace_vals, $stripped);
}
return $stripped;
}
$frm->hidden("curr", "{$curr}");
$frm->addbreak($title);
if ($curr == "NEW") {
$frm->addmessage("Ban items can be used to deny new user registrations and\n posting of (private) messages, based on various criteria.\n If a ban item applies to a user action, then this action\n will be fully blocked by Phorum. This can for example be used\n to block user registrations and postings from certain IP\n addresses or to prevent certain words from being used in\n forum messages.<br />\n <br />\n If you want to fully ban a user, then it's best to\n set \"Active\" to \"No\" for the user in the\n \"Edit Users\" interface.");
}
$frm->addrow("String To Match", $frm->text_box("string", $string, 50));
$row = $frm->addrow("Field To Match", $frm->select_tag("type", $ban_types, $type));
$frm->addhelp($row, "Field To Match", "\n Below, you will find an overview of what\n ban items are used by what Phorum actions:<br/>\n <br/>\n <b>User registration</b>:<br/>\n \"Name/User Name\" checks the new username<br/>\n \"Email Address\" checks the new email address<br/>\n \"IP Address/Hostname\" checks the visitor's IP<br/>\n <br/>\n <b>Posting forum messages by anonymous users</b><br/>\n \"Name/User Name\" checks the author's name<br/>\n \"Email Address\" checks the author's email address<br/>\n \"Illegal Words (SPAM)\" checks the subject and body<br/>\n \"IP Address/Hostname\" checks the author's IP<br/>\n <br/>\n <b>Posting forum messages by registered users</b><br/>\n \"Name/User Name\" checks the author's username<br/>\n \"User-Id (registered User)\" checks the author's user id<br/>\n \"Email Address\" checks the author's email address<br/>\n \"IP Address/Hostname\" checks the author's IP<br/>\n \"Illegal Words (SPAM)\" checks the subject and body<br/>\n <br/>\n <b>Posting private messages</b><br/>\n \"Name/User Name\" checks the sender's username<br/>\n \"User-Id (registered User)\" checks the sender's user id<br/>\n \"Email Address\" checks the sender's email address<br/>\n \"IP Address/Hostname\" checks the sender's IP\n ");
$row = $frm->addrow("Compare As", $frm->select_tag("pcre", $match_types, $pcre) . "<div style=\"font-size:x-small\">If using PCRE for comparison, \"String To Match\" should be a valid PCRE expression.<br/>See <a href=\"http://php.net/pcre\" target=\"_blank\">the PHP manual</a> for more information about PCRE.</div>");
$frm->addhelp($row, "Compare As", "\n This setting can be used to specify the matching method\n that has to be used for the ban item. There are two options:<br/>\n <br/>\n <ul>\n <li><b>String</b><br/>\n The exact string from the \"String To Match\" field\n will be used for matching. Wildcards are not available\n for the String field type.<br/><br/></li>\n\n <li><b>PCRE</b><br/>\n The \"String To Match\" field will be treated as\n a <a href=\"http://www.php.net/pcre\">Perl Compatible\n Regular Expression</a>.</li>\n </ul>\n ");
$frm->addrow("Valid for Forum", $frm->select_tag("forum_id", $forum_list, $forum_id));
$row = $frm->addrow('Comments', $frm->textarea('comments', $comments, 50, 7));
$frm->addhelp($row, "Comments", "This field can be used to add some comments to the ban (why you\n created it, when you did this, when the ban can be deleted, etc.)\n These comments will only be shown on this page and are meant as\n a means for the administrator to do some bookkeeping.");
$frm->show();
if ($curr == "NEW") {
$PHORUM['banlists'] = phorum_db_get_banlists(true);
unset($PHORUM['banlists'][PHORUM_BAD_WORDS]);
echo "<hr class=\"PhorumAdminHR\" />";
if (count($PHORUM['banlists'])) {
echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"0\" class=\"PhorumAdminTable\" width=\"100%\">\n";
echo "<tr>\n";
echo " <td class=\"PhorumAdminTableHead\">String</td>\n";
echo " <td class=\"PhorumAdminTableHead\">Field</td>\n";
echo " <td class=\"PhorumAdminTableHead\">Compare Method</td>\n";
echo " <td class=\"PhorumAdminTableHead\">Valid for Forum</td>\n";
echo " <td class=\"PhorumAdminTableHead\"> </td>\n";
echo "</tr>\n";
foreach ($PHORUM["banlists"] as $type => $content) {
$t_last_string = '';
foreach ($content as $key => $item) {
$edit_url = phorum_admin_build_url(array('module=banlist', 'edit=1', "curr={$key}"));
/**
* Check a single banlist for a match.
* @param value - The value to check.
* @param type - The type of banlist to check the value against.
* @return True if all is okay. False if a match has been found.
*/
function phorum_check_ban_lists($value, $type)
{
$PHORUM = $GLOBALS['PHORUM'];
// Load the ban lists.
if (!isset($GLOBALS["PHORUM"]["banlists"])) {
$cache_key = $PHORUM['forum_id'];
if (isset($PHORUM['cache_banlists']) && $PHORUM['cache_banlists']) {
$GLOBALS["PHORUM"]["banlists"] = phorum_cache_get('banlist', $cache_key, $PHORUM['banlist_version']);
if (!is_array($GLOBALS["PHORUM"]["banlists"]) || !count($GLOBALS["PHORUM"]["banlists"])) {
unset($GLOBALS["PHORUM"]["banlists"]);
}
}
// not found or no caching enabled
if (!isset($GLOBALS["PHORUM"]["banlists"])) {
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();
if (isset($GLOBALS["PHORUM"]["banlists"]) && isset($PHORUM['cache_banlists']) && $PHORUM['cache_banlists']) {
phorum_cache_put('banlist', $cache_key, $GLOBALS["PHORUM"]["banlists"], 7200, $PHORUM['banlist_version']);
}
}
}
if (!isset($GLOBALS['PHORUM']['banlists'])) {
return true;
}
$banlists = $GLOBALS['PHORUM']['banlists'];
$value = trim($value);
if (!empty($value)) {
if (isset($banlists[$type]) && is_array($banlists[$type])) {
foreach ($banlists[$type] as $item) {
if (!empty($item['string']) && ($item["pcre"] && @preg_match("/\\b" . $item['string'] . "\\b/i", $value) || !$item["pcre"] && stristr($value, $item["string"]) && $type != PHORUM_BAD_USERID || $type == PHORUM_BAD_USERID && $value == $item["string"])) {
return false;
}
}
}
}
return true;
}
/**
* Formats forum messages.
*
* @param data - An array containing a messages to be formatted.
* @return data - The formatted messages.
*/
function phorum_format_messages ($data)
{
$PHORUM = $GLOBALS["PHORUM"];
// Prepare the bad-words replacement code.
$bad_word_check= false;
$banlists = phorum_db_get_banlists();
if (isset($banlists[PHORUM_BAD_WORDS]) && is_array($banlists[PHORUM_BAD_WORDS])) {
$replace_vals = array();
$replace_words = array();
foreach ($banlists[PHORUM_BAD_WORDS] as $item) {
$replace_words[] = "/\b".preg_quote($item['string'])."(ing|ed|s|er|es)*\b/i";
$replace_vals[] = PHORUM_BADWORD_REPLACE;
$bad_word_check = true;
}
}
// A special <br> tag to keep track of breaks that are added by phorum.
$phorum_br = '<phorum break>';
// Apply Phorum's formatting rules to all messages.
foreach( $data as $key => $message )
{
// Work on the message body ========================
if (isset($message["body"]))
{
$body = $message["body"];
// Convert legacy <> urls into bare urls.
$body = preg_replace("/<((http|https|ftp):\/\/[a-z0-9;\/\?:@=\&\$\-_\.\+!*'\(\),~%]+?)>/i", "$1", $body);
// Escape special HTML characters. The function htmlspecialchars()
// does too much, prior to PHP version 4.0.3.
$body = str_replace(array("&","<",">"), array("&","<",">"), $body);
// Replace newlines with $phorum_br temporarily.
// This way the mods know what Phorum did vs the user.
$body = str_replace("\n", "$phorum_br\n", $body);
// Run bad word replacement code.
if($bad_word_check) {
$body = preg_replace($replace_words, $replace_vals, $body);
}
$data[$key]["body"] = $body;
}
// Work on the other fields ========================
// Run bad word replacement code on subject and author.
if($bad_word_check) {
if (isset($message["subject"]))
$message["subject"] = preg_replace($replace_words, $replace_vals, $message["subject"]);
if (isset($message["author"]))
$message["author"] = preg_replace($replace_words, $replace_vals, $message["author"]);
}
// Escape special HTML characters in fields.
if (isset($message["email"]))
$data[$key]["email"] = str_replace(array("<",">"), array("<",">"), $message["email"]);
if (isset($message["subject"]))
$data[$key]["subject"] = str_replace(array("&","<",">"), array("&","<",">"), $message["subject"]);
// Some special things we have to do for the escaped author name.
// We never should have put HTML in the core. Now we have to
// do this hack to get the escaped author name in the linked_author.
if (isset($message["author"])) {
$data[$key]["author"] = str_replace(array("<",">"), array("<",">"), $message["author"]);
$safe_author = str_replace(array("&","<",">"), array("&","<",">"), $message["author"]);
if ($safe_author != $data[$key]["author"] && isset($data[$key]["linked_author"])) {
$data[$key]["linked_author"] = str_replace($data[$key]["author"], $safe_author, $data[$key]["linked_author"]);
$data[$key]["author"] = $safe_author;
}
}
}
// A hook for module writers to apply custom message formatting.
$data = phorum_hook("format", $data);
// Clean up after the mods are done.
foreach( $data as $key => $message ) {
// Clean up line breaks inside pre and xmp tags. These tags
// take care of showing newlines as breaks themselves.
if (isset($message["body"])) {
foreach (array("pre","goep","xmp") as $tagname) {
if (preg_match_all( "/(<$tagname.*?>).+?(<\/$tagname>)/si", $message["body"], $matches)) {
foreach ($matches[0] as $match) {
$stripped = str_replace ($phorum_br, "", $match);
$message["body"] = str_replace ($match, $stripped, $message["body"]);
}
}
}
// Remove line break after quote and code tags. These tags have
// their own line break. Without this, there would be to much
// white lines.
$message["body"] = preg_replace("/\s*(<\/*(xmp|blockquote|pre).*?>)\s*\Q$phorum_br\E/", "$1", $message["body"]);
// Normalize the Phorum line breaks that are left.
$data[$key]["body"] = str_replace($phorum_br, "<br />", $message["body"]);
}
}
return $data;
}
/**
* Check a single banlist for a match.
* @param value - The value to check.
* @param type - The type of banlist to check the value against.
* @return True if all is okay. False if a match has been found.
*/
function phorum_check_ban_lists($value, $type)
{
// Load the ban lists.
if (! isset($GLOBALS["PHORUM"]["banlists"]))
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();
if(! isset($GLOBALS['PHORUM']['banlists'])) return true;
$banlists = $GLOBALS['PHORUM']['banlists'];
$value = trim($value);
if (!empty($value)) {
if (isset($banlists[$type]) && is_array($banlists[$type])) {
foreach($banlists[$type] as $item) {
if ( !empty($item['string']) && (
($item["pcre"] && @preg_match("/\b".$item['string']."\b/i", $value)) ||
(!$item["pcre"] && stristr($value , $item["string"]) && $type != PHORUM_BAD_USERID) ||
($type == PHORUM_BAD_USERID && $value == $item["string"])) ) {
return false;
}
}
}
}
return true;
}
