function check_ban($ban_text, $ban_type, $check_valid = true, $first_level = false) { global $db, $globals; $ban_text = $db->escape($ban_text); $ban_type = $db->escape($ban_type); // If check_valid == false does not check for validity of the address // in order to avoid problems with bad links in external pages switch ($ban_type) { case 'email': case 'hostname': case 'punished_hostname': // Clean protocol and path/arguments $ban_text = preg_replace('/^(https*|ftp):\\/\\//', '', $ban_text); // Delete double "/" that can be used to cheat the control $ban_text = preg_replace('/\\/+/', '/', $ban_text); // It leaves up to second level path $ban_text = preg_replace('/(\\/[^\\/\\?]+)(\\/[^\\/\\?]+){0,1}[\\/\\?]+.*$/', '$1$2', $ban_text); $ban_text = preg_replace('/\\.*$/', '', $ban_text); if ($check_valid && !preg_match('/^([\\w_\\-\\.]+\\.[\\w]{2,4}(\\/[a-z\\.]+\\/*){0,1}|[\\w]{2,5})$/', $ban_text)) { $ban = array(); $ban['match'] = $ban_text; $ban['comment'] = _('No es un dominio correcto'); return $ban; } $where = " ban_text IN (" . subdomains_list($ban_text, $first_level) . ") AND ban_type='{$ban_type}' AND (ban_expire IS null OR ban_expire > now()) "; break; case 'ip': case 'proxy': if ($check_valid && !preg_match('/^([\\da-f]+[\\.\\:])+/is', $ban_text)) { // TODO: check regexp $ban = array(); $ban['match'] = $ban_text; $ban['comment'] = _('No es una IP válida'); syslog(LOG_INFO, "IP inválida: {$ban_text}"); return $ban; } $list = subclasses_list($ban_text); $where = "ban_text IN ({$list}) AND ban_type='{$ban_type}' AND (ban_expire IS null OR ban_expire > now())"; break; case 'noaccess': $where = "ban_text = '{$ban_text}' AND ban_type='{$ban_type}' AND (ban_expire IS null OR ban_expire > now())"; break; default: return false; } $match = $db->get_row("SELECT ban_text, ban_comment, UNIX_TIMESTAMP(ban_date) as date, UNIX_TIMESTAMP(ban_expire) as expire FROM bans WHERE {$where} LIMIT 1"); if ($match) { $ban = array(); $ban['date'] = $match->date; $ban['expire'] = $match->expire; $ban['text'] = htmlentities($ban_text); // For security $ban['match'] = htmlentities(trim($match->ban_text)); $ban['comment'] = $match->ban_comment; return $ban; } return false; }
function check_ban($ban_text, $ban_type, $check_valid = true, $first_level = false) { global $db, $globals; $ban_text = $db->escape($ban_text); $ban_type = $db->escape($ban_type); // If check_valid == false does not check for validity of the address // in order to avoid problems with bad links in external pages switch ($ban_type) { case 'email': case 'hostname': case 'punished_hostname': // Clean protocol and path/arguments $ban_text = preg_replace('/^(https*|ftp):\/\//', '', $ban_text); // Delete double "/" that can be used to cheat the control $ban_text = preg_replace('/\/+/', '/', $ban_text); // It leaves up to second level path $ban_text = preg_replace('/(\/[^\/\?]+)(\/[^\/\?]+){0,1}[\/\?]+.*$/', '$1$2', $ban_text); $ban_text = preg_replace('/\.*$/', '', $ban_text); if ($check_valid && ! preg_match('/^([\w_\-\.]+\.[\w]{2,4}(\/[a-z\.]+\/*){0,1}|[\w]{2,5})$/', $ban_text)) { $ban = array(); $ban['match'] = $ban_text; $ban['comment'] = _('No es un dominio correcto'); return $ban; } $where= " ban_text IN (".subdomains_list($ban_text, $first_level).") AND ban_type='$ban_type' AND (ban_expire IS null OR ban_expire > now()) "; break; case 'ip': case 'proxy': //Quizá convendría revisar este preg_mach para revisar las IPs válidas mejor. if ($check_valid && ! preg_match('/^\d+\.[\d\.]+$/s', $ban_text)) { $ban = array(); $ban['match'] = $ban_text; $ban['comment'] =_('No es una IP válida'); return $ban; } $list = subclasses_list($ban_text); $where="ban_text IN ($list) AND ban_type='$ban_type' AND (ban_expire IS null OR ban_expire > now())"; break; default: return false; } $match=$db->get_row("SELECT ban_text, ban_comment, UNIX_TIMESTAMP(ban_date) as date, UNIX_TIMESTAMP(ban_expire) as expire FROM bans WHERE $where LIMIT 1"); if ($match) { $ban = array(); $ban['date'] = $match->date; $ban['expire'] = $match->expire; $ban['text'] = htmlentities($ban_text); // For security $ban['match'] = htmlentities(trim($match->ban_text)); $ban['comment'] = $match->ban_comment; return $ban; } return false; }