Fixed a bug where error occurred when trying to post a comment (SPAM-…

…X issue) (bug #735)

plugins/spamx/BannedUsers.Examine.class.php

@@ -58,9 +58,9 @@ public function execute($comment)
 
         for ($i = 0; $i < $numRows; $i++) {
             list($val) = DB_fetchArray($result);
-            $val = str_replace('#', '\\#', $val);
+            $pattern = $this->prepareRegularExpression($val);
 
-            if (preg_match("#$val#i", $comment)) {
+            if (preg_match($pattern, $comment)) {
                 $ans = 1; // quit on first positive match
                 SPAMX_log($LANG_SX00['foundspam'] . $val .
                     ' (' . $LANG28[42] . ')' .

plugins/spamx/BaseCommand.class.php

@@ -9,6 +9,8 @@
  */
 abstract class BaseCommand
 {
+    const REGX_DELIMITER = '#';
+
     protected $result = PLG_SPAM_ACTION_NONE;   // Result of execute command
     protected $actionCode = PLG_SPAM_ACTION_NONE;   // Action code
 
@@ -108,4 +110,24 @@ protected function updateStat($name, $value)
             . "WHERE name='{$name}' AND value='{$value}' ";
         DB_query($sql, 1);
     }
+
+    /**
+     * Prepare regular expression
+     *
+     * @param  string $str
+     * @param  string $delimiter
+     * @param  bool   $caseSensitive
+     * @return string
+     */
+    protected function prepareRegularExpression($str, $delimiter = self::REGX_DELIMITER, $caseSensitive = false)
+    {
+        $str = preg_quote($str, $delimiter);
+        $str = $delimiter . $str . $delimiter;
+
+        if (!$caseSensitive) {
+            $str .= 'i';
+        }
+
+        return $str;
+    }
 }

plugins/spamx/BlackList.Examine.class.php

@@ -59,12 +59,11 @@ public function execute($comment)
 
         for ($i = 1; $i <= $nrows; $i++) {
             list($val) = DB_fetchArray($result);
-            $originalVal = $val;
-            $val = str_replace('#', '\\#', $val);
+            $pattern = $this->prepareRegularExpression($val);
 
-            if (preg_match("#$val#i", $comment)) {
+            if (preg_match($pattern, $comment)) {
                 $ans = PLG_SPAM_FOUND;  // quit on first positive match
-                $this->updateStat('Personal', $originalVal);
+                $this->updateStat('Personal', $val);
                 SPAMX_log($LANG_SX00['foundspam'] . $val .
                     $LANG_SX00['foundspam2'] . $uid .
                     $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);

plugins/spamx/Header.Examine.class.php

@@ -66,11 +66,11 @@ public function execute($comment)
             $v = explode(':', $entry);
             $name = trim($v[0]);
             $value = trim($v[1]);
-            $value = str_replace('#', '\\#', $value);
+            $pattern = $this->prepareRegularExpression($value);
 
             foreach ($headers as $key => $content) {
                 if (strcasecmp($name, $key) === 0) {
-                    if (preg_match("#{$value}#i", $content)) {
+                    if (preg_match($pattern, $content)) {
                         $ans = PLG_SPAM_FOUND;  // quit on first positive match
                         $this->updateStat('HTTPHeader', $entry);
                         SPAMX_log($LANG_SX00['foundspam'] . $entry .

plugins/spamx/IP.Examine.class.php

@@ -171,7 +171,11 @@ private function _process($ip)
             } elseif (strpos($val, '-') !== false) {
                 $matches = $this->_matchRange($ip, $val);
             } else {
-                $matches = preg_match("#^{$val}$#i", $ip);
+                if (strpos($val, '^') !== 0) {
+                    $val = '^' . $val;
+                }
+                $pattern = $this->prepareRegularExpression($val);
+                $matches = preg_match($pattern, $ip);
             }
 
             if ($matches) {

plugins/spamx/IPofUrl.Examine.class.php

@@ -44,9 +44,7 @@ public function execute($comment)
         /*
         * regex to find urls $2 = fqd
         */
-        $regx = '(ftp|http|file)://([^/\\s]+)';
-        $num = preg_match_all("#{$regx}#", html_entity_decode($comment), $urls);
-
+        $num = preg_match_all('#(https|http|ftps|ftp|file)://([^/\\s]+)#', html_entity_decode($comment), $urls);
         $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='IPofUrl'", 1);
         $numRows = DB_numRows($result);
 

plugins/spamx/SLVbase.class.php

@@ -118,11 +118,11 @@ public function checkWhitelist(&$links)
         for ($i = 0; $i < $nrows; $i++) {
             $A = DB_fetchArray($result);
             $val = $A['value'];
-            $val = str_replace('#', '\\#', $val);
+            $pattern = '#' . preg_quote($val, '#') . '#i';
 
             foreach ($links as $key => $link) {
                 if (!empty($link)) {
-                    if (preg_match("#$val#i", $link)) {
+                    if (preg_match($pattern, $link)) {
                         $links[$key] = '';
                         DB_query("UPDATE {$_TABLES['spamx']} SET counter = counter + 1, regdate = '$timestamp' WHERE name='SLVwhitelist' AND value='" . DB_escapeString($A['value']) . "'", 1);
                     }
@@ -144,16 +144,10 @@ public function getLinks($comment)
 
         $links = array();
 
-        preg_match_all("/<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)<\/a>/i",
-            $comment, $matches);
+        preg_match_all("|<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)</a>|i", $comment, $matches);
         for ($i = 0; $i < count($matches[0]); $i++) {
             $url = $matches[1][$i];
-            if (!empty($_CONF['site_url']) &&
-                strpos($url, $_CONF['site_url']) === 0
-            ) {
-                // skip links to our own site
-                continue;
-            } else {
+            if (empty($_CONF['site_url']) || stripos($url, $_CONF['site_url']) !== 0) {
                 $links[] = $url;
             }
         }
@@ -169,22 +163,19 @@ public function getLinks($comment)
      * through getLinks() twice.
      *
      * @param    string $comment The post to check
-     * @return   string              All the URLs in the post, sep. by linefeeds
+     * @return   string          All the URLs in the post, sep. by line feeds
      */
     public function prepareLinks($comment)
     {
-        $links = array();
-        $linklist = '';
+        $linkList = '';
 
         // some spam posts have extra backslashes
         $comment = stripslashes($comment);
 
         // some spammers have yet to realize that we're not supporting BBcode
         // but since we want the URLs, convert it here ...
-        $comment = preg_replace('/\[url=([^\]]*)\]/i', '<a href="\1">',
-            $comment);
-        $comment = str_replace(array('[/url]', '[/URL]'),
-            array('</a>', '</a>'), $comment);
+        $comment = preg_replace('/\[url=([^\]]*)\]/i', '<a href="\1">', $comment);
+        $comment = str_ireplace('[/url]', '</a>', $comment);
 
         // get all links from <a href="..."> tags
         $links = $this->getLinks($comment);
@@ -195,9 +186,9 @@ public function prepareLinks($comment)
 
         if (count($links) > 0) {
             $this->checkWhitelist($links);
-            $linklist = implode("\n", $links);
+            $linkList = implode("\n", $links);
         }
 
-        return trim($linklist);
+        return trim($linkList);
     }
 }

plugins/spamx/SNLbase.class.php

@@ -54,18 +54,19 @@ public function CheckForSpam($post)
         }
 
         $links = $this->prepareLinks($post);
+        $numLinks = count($links);
 
-        if (empty($links)) {
+        if ($numLinks === 0) {
             return $retval;
         }
 
         if (!isset($_SPX_CONF['snl_num_links'])) {
             $_SPX_CONF['snl_num_links'] = 5;
         }
 
-        if ($links > $_SPX_CONF['snl_num_links']) {
+        if ($numLinks > $_SPX_CONF['snl_num_links']) {
             $retval = true;
-            SPAMX_log('SNL: spam detected, found ' . $links . ' links.');
+            SPAMX_log('SNL: spam detected, found ' . $numLinks . ' links.');
         }
 
         return $retval;
@@ -76,24 +77,20 @@ public function CheckForSpam($post)
      * Extracts all the links from a post; expects HTML links, i.e. <a> tags
      *
      * @param    string $comment The post to check
-     * @return   string              All the URLs in the post, sep. by line feeds
+     * @return   array           an array of links in the post
      */
     public function getLinks($comment)
     {
         global $_CONF;
 
-        $links = '';
+        $links = array();
 
-        preg_match_all("/<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)<\/a>/i", $comment, $matches);
+        preg_match_all("|<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)</a>|i", $comment, $matches);
         for ($i = 0; $i < count($matches[0]); $i++) {
             $url = $matches[1][$i];
 
-            if (stripos($url, $_CONF['site_url']) === 0) {
-                // skip links to our own site
-                continue;
-            } else {
-                // $links .= $url . "\n";
-                $links++;
+            if (stripos($url, $_CONF['site_url']) !== 0) {
+                $links[] = $url;
             }
         }
 
@@ -108,7 +105,7 @@ public function getLinks($comment)
      * through getLinks() twice.
      *
      * @param    string $comment The post to check
-     * @return   string              All the URLs in the post, sep. by linefeeds
+     * @return   array           an array of all the URLs in the post
      */
     public function prepareLinks($comment)
     {
@@ -117,10 +114,8 @@ public function prepareLinks($comment)
 
         // some spammers have yet to realize that we're not supporting BBcode
         // but since we want the URLs, convert it here ...
-        $comment = preg_replace('/\[url=([^\]]*)\]/i', '<a href="\1">',
-            $comment);
-        $comment = str_replace(array('[/url]', '[/URL]'),
-            array('</a>', '</a>'), $comment);
+        $comment = preg_replace('/\[url=([^\]]*)\]/i', '<a href="\1">', $comment);
+        $comment = str_ireplace('[/url]','</a>', $comment);
 
         // get all links from <a href="..."> tags
         $links = $this->getLinks($comment);