From ff8cc62a72b02de7505ba140affa4e708a665eb1 Mon Sep 17 00:00:00 2001 From: Kenji ITO Date: Fri, 10 Nov 2017 23:21:50 +0900 Subject: [PATCH 1/5] Added Redirects Admin Feature (feature request #746) --- language/english.php | 1 + language/english_utf-8.php | 1 + language/japanese_utf-8.php | 3 +- public_html/admin/router.php | 108 ++++++++++++------ public_html/index.php | 6 +- .../denim/admin/router/routereditor.thtml | 14 +++ .../admin/router/routereditor.thtml | 14 +++ sql/mysql_tableanddata.php | 1 + sql/pgsql_tableanddata.php | 1 + sql/updates/mysql_2.1.3_to_2.2.0.php | 5 +- sql/updates/pgsql_2.1.3_to_2.2.0.php | 5 +- system/classes/router.class.php | 60 +++++++++- system/classes/url.class.php | 2 +- 13 files changed, 176 insertions(+), 45 deletions(-) diff --git a/language/english.php b/language/english.php index 93090f072..9c834abe1 100644 --- a/language/english.php +++ b/language/english.php @@ -1413,6 +1413,7 @@ 18 => 'To enable URL routing, you have to enable URL rewrite in the Configuration.', 19 => 'To enable URL routing, you have to enable URL routing in the Configuration.', 20 => '', + 21 => 'Status Code', ); ############################################################################### diff --git a/language/english_utf-8.php b/language/english_utf-8.php index dbe7145dc..8ef6ab904 100644 --- a/language/english_utf-8.php +++ b/language/english_utf-8.php @@ -1413,6 +1413,7 @@ 18 => 'To enable URL routing, you have to enable URL rewrite in the Configuration.', 19 => 'To enable URL routing, you have to enable URL routing in the Configuration.', 20 => '', + 21 => 'Status Code', ); ############################################################################### diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php index 132ae7de1..427174d3e 100644 --- a/language/japanese_utf-8.php +++ b/language/japanese_utf-8.php @@ -1413,7 +1413,8 @@ 17 => 'データベース操作でエラーが発生しました。', 18 => 'URLルーティングを有効にするには、コンフィギュレーションでURLリライトを有効にしてください。', 19 => 'URLルーティングを有効にするには、コンフィギュレーションでURLルーティングを有効にしてください。', - 20 => '' + 20 => '', + 21 => 'ステータスコード', ); ############################################################################### diff --git a/public_html/admin/router.php b/public_html/admin/router.php index 4346798da..ac9bc55e6 100644 --- a/public_html/admin/router.php +++ b/public_html/admin/router.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 2.1 | +// | Geeklog 2.2 | // +---------------------------------------------------------------------------+ // | router.php | // | | @@ -64,11 +64,12 @@ function getRouteEditor($rid = 0) $retval = ''; $A = array( - 'rid' => $rid, - 'method' => Router::HTTP_REQUEST_GET, - 'rule' => '', - 'route' => '', - 'priority' => Router::DEFAULT_PRIORITY, + 'rid' => $rid, + 'method' => Router::HTTP_REQUEST_GET, + 'rule' => '', + 'route' => '', + 'status_code' => Router::DEFAULT_STATUS_CODE, + 'priority' => Router::DEFAULT_PRIORITY, ); $rid = intval($rid, 10); @@ -106,21 +107,44 @@ function getRouteEditor($rid = 0) 'method' => $A['method'], 'rule' => $A['rule'], 'route' => $A['route'], + 'status_code' => $A['status_code'], 'priority' => $A['priority'], 'gltoken_name' => CSRF_TOKEN, 'gltoken' => $securityToken, )); + + $A['method'] = (int) $A['method']; + $T->set_var(array( + 'get_selected' => ($A['method'] === Router::HTTP_REQUEST_GET ? ' selected="selected"' : ''), + 'post_selected' => ($A['method'] === Router::HTTP_REQUEST_POST ? ' selected="selected"' : ''), + 'put_selected' => ($A['method'] === Router::HTTP_REQUEST_PUT ? ' selected="selected"' : ''), + 'delete_selected' => ($A['method'] === Router::HTTP_REQUEST_DELETE ? ' selected="selected"' : ''), + 'head_selected' => ($A['method'] === Router::HTTP_REQUEST_HEAD ? ' selected="selected"' : ''), + )); + + $A['status_code'] = (int) $A['status_code']; $T->set_var(array( - 'lang_router_rid' => $LANG_ROUTER[3], - 'lang_router_method' => $LANG_ROUTER[4], - 'lang_router_rule' => $LANG_ROUTER[5], - 'lang_router_route' => $LANG_ROUTER[6], - 'lang_router_priority' => $LANG_ROUTER[7], - 'lang_router_notice' => $LANG_ROUTER[20], - 'lang_save' => $LANG_ADMIN['save'], - 'lang_cancel' => $LANG_ADMIN['cancel'], - 'lang_delete' => $LANG_ADMIN['delete'], - 'confirm_message' => $MESSAGE[76], + 'status300_selected' => ($A['status_code'] === 300 ? ' selected="selected"' : ''), + 'status301_selected' => ($A['status_code'] === 301 ? ' selected="selected"' : ''), + 'status302_selected' => ($A['status_code'] === 302 ? ' selected="selected"' : ''), + 'status303_selected' => ($A['status_code'] === 303 ? ' selected="selected"' : ''), + 'status304_selected' => ($A['status_code'] === 304 ? ' selected="selected"' : ''), + 'status305_selected' => ($A['status_code'] === 305 ? ' selected="selected"' : ''), + 'status307_selected' => ($A['status_code'] === 307 ? ' selected="selected"' : ''), + 'status308_selected' => ($A['status_code'] === 308 ? ' selected="selected"' : ''), + )); + $T->set_var(array( + 'lang_router_rid' => $LANG_ROUTER[3], + 'lang_router_method' => $LANG_ROUTER[4], + 'lang_router_rule' => $LANG_ROUTER[5], + 'lang_router_route' => $LANG_ROUTER[6], + 'lang_router_status_code' => $LANG_ROUTER[21], + 'lang_router_priority' => $LANG_ROUTER[7], + 'lang_router_notice' => $LANG_ROUTER[20], + 'lang_save' => $LANG_ADMIN['save'], + 'lang_cancel' => $LANG_ADMIN['cancel'], + 'lang_delete' => $LANG_ADMIN['delete'], + 'confirm_message' => $MESSAGE[76], )); $T->set_var( @@ -129,6 +153,7 @@ function getRouteEditor($rid = 0) ); $T->parse('output', 'editor'); $retval .= $T->finish($T->get_var('output')); + CTL_clearCache(); return $retval; } @@ -188,6 +213,9 @@ function ADMIN_getListFieldRoutes($fieldName, $fieldValue, $A, $iconArray, $extr case 'route': break; + case 'status_code': + break; + case 'priority': $rid = $A['rid']; $baseUrl = $_CONF['site_admin_url'] . '/router.php?mode=move&rid=' . $rid . '&' @@ -269,6 +297,11 @@ function listRoutes() 'field' => 'route', 'sort' => true, ), + array( + 'text' => $LANG_ROUTER[21], + 'field' => 'status_code', + 'sort' => true, + ), array( 'text' => $LANG_ROUTER[7], 'field' => 'priority', @@ -290,7 +323,7 @@ function listRoutes() $queryArray = array( 'table' => 'routes', 'sql' => "SELECT * FROM {$_TABLES['routes']} WHERE (1 = 1) ", - 'query_fields' => array('rule', 'route', 'priority'), + 'query_fields' => array('rule', 'route', 'status_code', 'priority'), 'default_filter' => COM_getPermSql('AND'), ); @@ -311,10 +344,11 @@ function listRoutes() * @param int $method * @param string $rule * @param string $route + * @param int $statusCode * @param int $priority * @return string */ -function saveRoute($rid, $method, $rule, $route, $priority) +function saveRoute($rid, $method, $rule, $route, $statusCode, $priority) { global $_CONF, $_TABLES, $MESSAGE, $LANG_ROUTER; @@ -324,6 +358,7 @@ function saveRoute($rid, $method, $rule, $route, $priority) $method = intval($method, 10); $rule = trim($rule); $route = trim($route); + $statusCode = (int) trim($statusCode); $priority = intval($priority, 10); if (($method < Router::HTTP_REQUEST_GET) || ($method > Router::HTTP_REQUEST_HEAD)) { @@ -381,6 +416,11 @@ function saveRoute($rid, $method, $rule, $route, $priority) $messageText = $LANG_ROUTER[15]; } + // If HTTP status code is out of range, then fix it silently + if (($statusCode < 300) || ($statusCode > 308)) { + $statusCode = Router::DEFAULT_STATUS_CODE; + } + // If priority is out of range, then fix it silently if (($priority < 1) || ($priority > 65535)) { $priority = Router::DEFAULT_PRIORITY; @@ -403,16 +443,17 @@ function saveRoute($rid, $method, $rule, $route, $priority) $method = DB_escapeString($method); $rule = DB_escapeString($rule); $route = DB_escapeString($route); + $statusCode = DB_escapeString($statusCode); $priority = DB_escapeString($priority); $count = intval(DB_count($_TABLES['routes'], 'rid', $rid), 10); if ($count === 0) { - $sql = "INSERT INTO {$_TABLES['routes']} (rid, method, rule, route, priority) " - . "VALUES (NULL, {$method}, '{$rule}', '{$route}', {$priority})"; + $sql = "INSERT INTO {$_TABLES['routes']} (rid, method, rule, route, status_code, priority) " + . "VALUES (NULL, {$method}, '{$rule}', '{$route}', {$statusCode}, {$priority})"; } else { $sql = "UPDATE {$_TABLES['routes']} " - . "SET method = {$method}, rule = '{$rule}', route = '{$route}', priority = {$priority} " + . "SET method = {$method}, rule = '{$rule}', route = '{$route}', status_code = {$statusCode}, priority = {$priority} " . "WHERE rid = {$rid} "; } @@ -421,8 +462,7 @@ function saveRoute($rid, $method, $rule, $route, $priority) if (!DB_error()) { reorderRoutes(); - - return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=121'); + COM_redirect($_CONF['site_admin_url'] . '/router.php?msg=121'); } // Retry @@ -463,10 +503,10 @@ function reorderRoutes() DB_query($sql); $priority += $step; } - + // Clear the cache once reordered so any updated urls can be refreshed // reorderRoutes is called by save and delete so it covers those instances as well - CTL_clearCache(); + CTL_clearCache(); } /** @@ -503,7 +543,6 @@ function moveRoute($rid) * Delete a route * * @param int $rid id of block to delete - * @return string HTML redirect or error message */ function deleteRoute($rid) { @@ -512,8 +551,7 @@ function deleteRoute($rid) $rid = intval($rid, 10); DB_delete($_TABLES['routes'], 'rid', $rid); reorderRoutes(); - - return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=123'); + COM_redirect($_CONF['site_admin_url'] . '/router.php?msg=123'); } // MAIN @@ -528,30 +566,28 @@ function deleteRoute($rid) case $LANG_ADMIN['delete']: if ($rid === 0) { COM_errorLog('Attempted to delete route, rid empty or null, value =' . $rid); - $display = COM_refresh($_CONF['site_admin_url'] . '/router.php'); + COM_redirect($_CONF['site_admin_url'] . '/router.php'); } elseif (SEC_checkToken()) { - $display = deleteRoute($rid); + deleteRoute($rid); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete route {$rid} and failed CSRF checks."); - $display = COM_refresh($_CONF['site_admin_url'] . '/index.php'); + COM_redirect($_CONF['site_admin_url'] . '/index.php'); } - echo $display; - die(); break; case $LANG_ADMIN['save']: if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to illegally save route {$rid} and failed CSRF checks."); - echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); - die(); + COM_redirect($_CONF['site_admin_url'] . '/index.php'); } $method = \Geeklog\Input::fPost('method', ''); $rule = \Geeklog\Input::post('rule', ''); $route = \Geeklog\Input::post('route', ''); + $statusCode = (int) \Geeklog\Input::fPost('status_code', 302); $priority = \Geeklog\Input::fPost('priority', Router::DEFAULT_PRIORITY); - $display = saveRoute($rid, $method, $rule, $route, $priority); + $display = saveRoute($rid, $method, $rule, $route, $statusCode, $priority); break; case 'edit': diff --git a/public_html/index.php b/public_html/index.php index b8a73e470..6ab8cddda 100644 --- a/public_html/index.php +++ b/public_html/index.php @@ -2,13 +2,13 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 2.1 | +// | Geeklog 2.2 | // +---------------------------------------------------------------------------+ // | index.php | // | | // | Geeklog homepage. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2000-2010 by the following authors: | +// | Copyright (C) 2000-2017 by the following authors: | // | | // | Authors: Tony Bibbs - tony@tonybibbs.com | // | Mark Limburg - mlimburg@users.sourceforge.net | @@ -99,7 +99,7 @@ function fixTopic(&$A, $tid_list) // Main // If URL routing is enabled, then let the router handle the request if ($_CONF['url_rewrite'] && isset($_CONF['url_routing']) && !empty($_CONF['url_routing'])) { - Router::dispatch(); + \Geeklog\Router::dispatch(); } // See if user has access to view topic else display message. diff --git a/public_html/layout/denim/admin/router/routereditor.thtml b/public_html/layout/denim/admin/router/routereditor.thtml index 6765b9660..9843f61b6 100644 --- a/public_html/layout/denim/admin/router/routereditor.thtml +++ b/public_html/layout/denim/admin/router/routereditor.thtml @@ -28,6 +28,20 @@
+
+
+ +
+
diff --git a/public_html/layout/modern_curve/admin/router/routereditor.thtml b/public_html/layout/modern_curve/admin/router/routereditor.thtml index 59f0fe6b9..04ab8f0e4 100644 --- a/public_html/layout/modern_curve/admin/router/routereditor.thtml +++ b/public_html/layout/modern_curve/admin/router/routereditor.thtml @@ -24,6 +24,20 @@
+
+
+ +
+
diff --git a/sql/mysql_tableanddata.php b/sql/mysql_tableanddata.php index 3e7b53b02..5542b1978 100644 --- a/sql/mysql_tableanddata.php +++ b/sql/mysql_tableanddata.php @@ -267,6 +267,7 @@ method int(11) NOT NULL DEFAULT 1, rule varchar(255) NOT NULL DEFAULT '', route varchar(255) NOT NULL DEFAULT '', + status_code int(11) NOT NULL DEFAULT 302, priority int(11) NOT NULL DEFAULT 100, PRIMARY KEY (rid) ) ENGINE=MyISAM diff --git a/sql/pgsql_tableanddata.php b/sql/pgsql_tableanddata.php index 4397958c2..942b1bfc1 100644 --- a/sql/pgsql_tableanddata.php +++ b/sql/pgsql_tableanddata.php @@ -266,6 +266,7 @@ method int NOT NULL DEFAULT 1, rule varchar(255) NOT NULL DEFAULT '', route varchar(255) NOT NULL DEFAULT '', + status_code int NOT NULL DEFAULT 302, priority int NOT NULL DEFAULT 100, PRIMARY KEY (rid) ) diff --git a/sql/updates/mysql_2.1.3_to_2.2.0.php b/sql/updates/mysql_2.1.3_to_2.2.0.php index 365e16aa5..0cf90cd39 100644 --- a/sql/updates/mysql_2.1.3_to_2.2.0.php +++ b/sql/updates/mysql_2.1.3_to_2.2.0.php @@ -1,9 +1,12 @@ 308)) { + $responseCode = self::DEFAULT_STATUS_CODE; + } + // Try simple comparison without placeholders if (strcasecmp($rule, $pathInfo) === 0) { $route = $_CONF['site_url'] . $route; @@ -129,7 +166,7 @@ public static function dispatch() COM_errorLog(__METHOD__ . ': "' . $pathInfo . '"matched with simple comparison rule "' . $A['rule'] . '", converted into "' . $route . '"'); } - header('Location: ' . $route); + header('Location: ' . $route, $responseCode); COM_errorLog(__METHOD__ . ': somehow could not redirect'); @@ -181,7 +218,7 @@ public static function dispatch() COM_errorLog(__METHOD__ . ': "' . $pathInfo . '" matched with regular expression rule "' . $A['rule'] . '", converted into "' . $route . '"'); } - header('Location: ' . $route); + header('Location: ' . $route, $responseCode); } } @@ -328,4 +365,23 @@ public static function convertUrl($url, $requestMethod = self::HTTP_REQUEST_GET) return $originalUrl; } + + /** + * Return an array of (HTTP response code => message) + * + * @return array + */ + public static function getResponseCodesForRedirect() + { + return array( + 300 => 'Multiple Choices', + 301 => 'Moved Permanently', + 302 => 'Found (Moved Temporarily)', + 303 => 'See Other', + 304 => 'Not Modified', + 305 => 'Use Proxy', + 307 => 'Temporary Redirect', + 308 => 'Permanent Redirect', + ); + } } diff --git a/system/classes/url.class.php b/system/classes/url.class.php index 50b90a739..f8729e6fc 100644 --- a/system/classes/url.class.php +++ b/system/classes/url.class.php @@ -8,7 +8,7 @@ // | | // | class to allow for spider friendly URL's | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2002-2011 by the following authors: | +// | Copyright (C) 2002-2017 by the following authors: | // | | // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | // +---------------------------------------------------------------------------+ From 647d7d19660689c2f3fd16ddb1e8aadfc3d0bf3f Mon Sep 17 00:00:00 2001 From: Tom Homer Date: Fri, 10 Nov 2017 09:26:00 -0500 Subject: [PATCH 2/5] Admins can now edit anonymous names in comments Feature request #778 --- .../layout/denim/comment/commentform.thtml | 8 +- .../denim/comment/commentform_advanced.thtml | 8 +- .../modern_curve/comment/commentform.thtml | 8 +- .../comment/commentform_advanced.thtml | 8 +- system/lib-comment.php | 109 ++++++++++++++---- 5 files changed, 108 insertions(+), 33 deletions(-) diff --git a/public_html/layout/denim/comment/commentform.thtml b/public_html/layout/denim/comment/commentform.thtml index dd80cc161..d22b5e499 100644 --- a/public_html/layout/denim/comment/commentform.thtml +++ b/public_html/layout/denim/comment/commentform.thtml @@ -29,8 +29,8 @@ - {username}  - [{lang_logoutorcreateaccount}] + + {username} [{lang_logoutorcreateaccount}]
@@ -74,4 +74,8 @@
{lang_record_edit}
+ + ({lang_anonymous}) + + {# end {templatelocation} #} diff --git a/public_html/layout/denim/comment/commentform_advanced.thtml b/public_html/layout/denim/comment/commentform_advanced.thtml index 877684c8b..5a7d0af23 100644 --- a/public_html/layout/denim/comment/commentform_advanced.thtml +++ b/public_html/layout/denim/comment/commentform_advanced.thtml @@ -29,8 +29,8 @@ - {username}  - [{lang_logoutorcreateaccount}] + + {username} [{lang_logoutorcreateaccount}]
@@ -79,4 +79,8 @@
{lang_record_edit}
+ + ({lang_anonymous}) + + {# end {templatelocation} #} \ No newline at end of file diff --git a/public_html/layout/modern_curve/comment/commentform.thtml b/public_html/layout/modern_curve/comment/commentform.thtml index 1a467dfe4..fe4ed2885 100644 --- a/public_html/layout/modern_curve/comment/commentform.thtml +++ b/public_html/layout/modern_curve/comment/commentform.thtml @@ -16,8 +16,8 @@ - {username} - {lang_logoutorcreateaccount} + + {username} {lang_logoutorcreateaccount}
@@ -71,4 +71,8 @@
{lang_record_edit}
+ + ({lang_anonymous}) + + {# end {templatelocation} #} \ No newline at end of file diff --git a/public_html/layout/modern_curve/comment/commentform_advanced.thtml b/public_html/layout/modern_curve/comment/commentform_advanced.thtml index 604cc698b..242bfee11 100644 --- a/public_html/layout/modern_curve/comment/commentform_advanced.thtml +++ b/public_html/layout/modern_curve/comment/commentform_advanced.thtml @@ -16,8 +16,8 @@ - {username} - {lang_logoutorcreateaccount} + + {username} {lang_logoutorcreateaccount}
@@ -77,4 +77,8 @@
{lang_record_edit}
+ + ({lang_anonymous}) + + {# end {templatelocation} #} \ No newline at end of file diff --git a/system/lib-comment.php b/system/lib-comment.php index 97d23e9a1..4fe167b19 100644 --- a/system/lib-comment.php +++ b/system/lib-comment.php @@ -869,10 +869,12 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo $commentUid = $uid; $table = ''; + $editsubmission = false; // flag if in edit submission (not regular edit of comment) if ($mode === 'edit' || $mode === $LANG03[28]) { $table = $_TABLES['comments']; } elseif ($mode === 'editsubmission' || $mode == $LANG03[34]) { $table = $_TABLES['commentsubmissions']; + $editsubmission = true; } if (!empty($table)) { $cid = (int) Geeklog\Input::fRequest(CMT_CID, 0); @@ -986,13 +988,17 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo if (($mode == $LANG03[28]) || ($mode == $LANG03[34])) { $A['nice_date'] = DB_getItem($table, 'UNIX_TIMESTAMP(date)', "cid = '" . DB_escapeString($cid) . "'"); if ($_USER['uid'] != $commentUid) { - $uresult = DB_query("SELECT username, fullname, email, photo FROM {$_TABLES['users']} WHERE uid = $commentUid"); - $A = array_merge($A, DB_fetchArray($uresult)); + if (!COM_isAnonUser($commentUid)) { + $uresult = DB_query("SELECT username, fullname, email, photo FROM {$_TABLES['users']} WHERE uid = $commentUid"); + $A = array_merge($A, DB_fetchArray($uresult)); + } } } - if (($uid != 1) || empty($A[CMT_USERNAME])) { - $A[CMT_USERNAME] = DB_getItem($_TABLES['users'], 'username', - "uid = $uid"); + + if (($commentUid != 1) || empty($A[CMT_USERNAME])) { + //if (!($mode == $LANG03[14] || $mode == $LANG03[28] || $mode == $LANG03[34])) { // Preview mode + $A[CMT_USERNAME] = DB_getItem($_TABLES['users'], 'username', "uid = $commentUid"); + //} } if (COMMENT_ON_SAME_PAGE) { @@ -1039,6 +1045,7 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo } // Blocks $comment_template->set_block('form', 'record_edit'); + $comment_template->set_block('form', 'username_anon'); $is_comment_page = CMT_isCommentPage(); if ($is_comment_page) { @@ -1063,7 +1070,7 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo $comment_template->set_var('type', $type); if ($mode == 'edit' || $mode == 'editsubmission' || $mode == $LANG03[28] || $mode == $LANG03[34]) { // Only allow admins to disable record of edit - if (SEC_hasRights('comment.moderate')) { + if (SEC_hasRights('comment.moderate') AND !$editsubmission) { $comment_template->set_var('lang_record_edit', $LANG03['record_edit']); $comment_template->parse('record_edit', 'record_edit'); // Add record_edit block to record_edit variable } else { @@ -1123,9 +1130,10 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo } else { $name = COM_getDisplayName(1); // anonymous user } - $usernameblock = ''; - $comment_template->set_var('username', $usernameblock); + //$comment_template->set_var('CMT_USERNAME', CMT_USERNAME); + $comment_template->set_var('username_value', $name); + $comment_template->set_var('lang_anonymous', $LANG03[24]); + $comment_template->parse('username', 'username_anon'); $comment_template->set_var('action_url', $_CONF['site_url'] . '/users.php?mode=new'); @@ -1133,8 +1141,10 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo $LANG03[04]); } else { if ($commentUid != $_USER['uid']) { - $uresult = DB_query("SELECT username, fullname FROM {$_TABLES['users']} WHERE uid = $commentUid"); - list($username, $fullname) = DB_fetchArray($uresult); + if (!COM_isAnonUser($commentUid)) { + $uresult = DB_query("SELECT username, fullname FROM {$_TABLES['users']} WHERE uid = $commentUid"); + list($username, $fullname) = DB_fetchArray($uresult); + } } else { $username = $_USER['username']; $fullname = $_USER['fullname']; @@ -1142,8 +1152,26 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo $comment_template->set_var('gltoken_name', CSRF_TOKEN); $comment_template->set_var('gltoken', SEC_createToken()); $comment_template->set_var('uid', $commentUid); - $name = COM_getDisplayName($commentUid, $username, $fullname); - $comment_template->set_var('username', $name); + + if (COM_isAnonUser($commentUid)) { + // Since anonymous user get name stored with comment + if ($mode == $LANG03[14] || $mode == $LANG03[28] || $mode == $LANG03[34]) { // // Preview mode + $name = $A[CMT_USERNAME]; + } else { + $cn_result = DB_query("SELECT name FROM $table WHERE cid = $cid"); + list($name) = DB_fetchArray($cn_result); + } + $comment_template->set_var('lang_anonymous', $LANG03[24]); + //$comment_template->set_var('CMT_USERNAME', CMT_USERNAME); + $comment_template->set_var('username_value', $name); + $comment_template->parse('username', 'username_anon'); + } else { + + $name = COM_getDisplayName($commentUid, $username, $fullname); + $comment_template->set_var('username', $name); + + } + $comment_template->set_var('action_url', $_CONF['site_url'] . '/users.php?mode=logout'); $comment_template->set_var('lang_logoutorcreateaccount', @@ -1276,7 +1304,7 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) $ret = 0; $cid = 0; - + // Get a valid uid if (empty($_USER['uid'])) { $uid = 1; @@ -1325,13 +1353,14 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) if ($someError = PLG_commentPreSave($uid, $title, $comment, $sid, $pid, $type, $postmode)) { return $someError; } - + // Store unescaped comment and title for use in notification. $comment0 = CMT_prepareText($comment, $postmode, $type); $title0 = COM_checkWords(GLText::stripTags($title), 'comment'); $comment = DB_escapeString($comment0); $title = DB_escapeString($title0); + // Get Name for anonymous user comments being added or edited if (($uid == 1) && isset($_POST[CMT_USERNAME])) { $anon = COM_getDisplayName(1); if (strcmp($_POST[CMT_USERNAME], $anon) != 0) { @@ -1359,7 +1388,10 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) if (($_CONF['commentsubmission'] == 1) && !SEC_hasRights('comment.submit')) { // comment into comment submission table enabled - if (isset($name)) { + if (isset($name) AND trim($name) == '') { + DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,name,comment,type,date,title,pid,ipaddress) " + . "VALUES ('$sid',$uid,NULL,'$comment','$type',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')"); + } elseif (isset($name)) { DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,name,comment,type,date,title,pid,ipaddress) " . "VALUES ('$sid',$uid,'$name','$comment','$type',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')"); } else { @@ -1382,7 +1414,11 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) . "WHERE sid = '$sid' AND type = '$type' AND lft >= $rht"); DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '$sid' AND type = '$type' AND rht >= $rht"); - if (isset($name)) { + + if (isset($name) AND trim($name) == '') { + DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', + "'$sid',$uid,'$comment',now(),'$title',$pid,$rht,$rht2,$indent,'$type','{$_SERVER['REMOTE_ADDR']}',NULL"); + } elseif (isset($name)) { DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', "'$sid',$uid,'$comment',now(),'$title',$pid,$rht,$rht2,$indent,'$type','{$_SERVER['REMOTE_ADDR']}','$name'"); } else { @@ -1434,7 +1470,10 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) } $rht2 = $rht + 1; // value of new comment's "lft" $rht3 = $rht + 2; // value of new comment's "rht" - if (isset($name)) { + if (isset($name) AND trim($name) == '') { + DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', + "'$sid',$uid,'$comment',now(),'$title',$pid,$rht2,$rht3,0,'$type','{$_SERVER['REMOTE_ADDR']}',NULL"); + } elseif (isset($name)) { DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', "'$sid',$uid,'$comment',now(),'$title',$pid,$rht2,$rht3,0,'$type','{$_SERVER['REMOTE_ADDR']}','$name'"); } else { @@ -1808,7 +1847,14 @@ function CMT_handleEditSubmit($mode = null) COM_handle404($_CONF['site_url'] . '/index.php'); } - $commentuid = DB_getItem($_TABLES['comments'], 'uid', "cid = '$cid'"); + if ($mode == $LANG03[35]) { + $table = $_TABLES['commentsubmissions']; + $record_edit = false; + } else { + $table = $_TABLES['comments']; + } + + $commentuid = DB_getItem($table, 'uid', "cid = '$cid'"); $uid = 1; if (!empty($_USER['uid'])) { $uid = $_USER['uid']; @@ -1824,19 +1870,32 @@ function CMT_handleEditSubmit($mode = null) $comment = CMT_prepareText(Geeklog\Input::post('comment'), $postmode, $type); $title = COM_checkWords(GLText::stripTags(Geeklog\Input::post('title')), 'comment'); - if ($mode == $LANG03[35]) { - $table = $_TABLES['commentsubmissions']; - } else { - $table = $_TABLES['comments']; - } + if (!empty($title) && !empty($comment)) { COM_updateSpeedlimit('comment'); $title = DB_escapeString($title); $comment = DB_escapeString($comment); + // Get Name for anonymous user comments being added or edited + $sql_name = ""; + if (COM_isAnonUser($commentuid)) { + $anon = COM_getDisplayName($commentuid); + if (strcmp($_POST[CMT_USERNAME], $anon) != 0) { + $username = COM_checkWords(GLText::stripTags(Geeklog\Input::post(CMT_USERNAME)), 'comment'); + $name = DB_escapeString($username); + + // Add name to update sql + if (trim($name) != '') { + $sql_name = ", name = '$name' "; + } else { // if Blank set to Null (will use anonymous) + $sql_name = ", name = NULL "; + } + } + } + // save the comment into the table - DB_query("UPDATE $table SET comment = '$comment', title = '$title', type = '$type'" + DB_query("UPDATE $table SET comment = '$comment', title = '$title', type = '$type'" . $sql_name . " WHERE cid=$cid AND sid='$sid'"); if (DB_error()) { //saving to non-existent comment or comment in wrong article From e5a0586c03b36d1d46fc567702bf799854b0a3ed Mon Sep 17 00:00:00 2001 From: Tom Homer Date: Fri, 10 Nov 2017 11:45:06 -0500 Subject: [PATCH 3/5] Fixed Comment Signatures and User Edits Fixed comment signature issues and User Edit dates #812. Comment signatures now are added on the fly. Updated install to remove old comment signatures directly from comment records. --- .../admin/install/classes/installer.class.php | 13 +- .../admin/install/language/english.php | 3 +- .../admin/install/language/japanese_utf-8.php | 3 +- sql/updates/mysql_2.1.3_to_2.2.0.php | 45 ++++++- sql/updates/pgsql_2.1.3_to_2.2.0.php | 45 ++++++- system/lib-comment.php | 121 +++++++----------- 6 files changed, 147 insertions(+), 83 deletions(-) diff --git a/public_html/admin/install/classes/installer.class.php b/public_html/admin/install/classes/installer.class.php index b0fbcfebe..4d8351f3b 100644 --- a/public_html/admin/install/classes/installer.class.php +++ b/public_html/admin/install/classes/installer.class.php @@ -2886,9 +2886,16 @@ private function doDatabaseUpgrades($currentGlVersion, $checkForMessage = false) case '2.1.3': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.1.3_to_2.2.0.php'; - update_ConfValuesFor220(); - addThemeAdminFor220(); - + if ($checkForMessage) { + $retval = upgrade_message213(); + if (is_array($retval)) { + $this->upgradeMessages = array_merge($this->upgradeMessages, $retval); + } + } else { + removeCommentSig220(); + update_ConfValuesFor220(); + addThemeAdminFor220(); + } $currentGlVersion = '2.2.0'; $_SQL = array(); break; diff --git a/public_html/admin/install/language/english.php b/public_html/admin/install/language/english.php index e658413b5..7c7834772 100644 --- a/public_html/admin/install/language/english.php +++ b/public_html/admin/install/language/english.php @@ -335,7 +335,8 @@ 14 => 'Upgrade Notices', 15 => 'Topic IDs and Names max length have changed from 128 to 75. This may cause issues when topic ids are truncated (if id is larger than 75 characters) during the upgrade. Please double check your topic ids that are larger than 75 characters will be unique when the max length is changed.', 16 => 'Topic IDs and Names have changed from 128 to 75. It has been detected you need to modify 1 or more topic ids before this upgrade can proceed.', - 17 => 'Professional Theme support has been dropped from Geeklog. If you are currently using the Professional theme or Professional_css theme from Geeklog 2.1.1 or older your website may not function properly.' + 17 => 'Professional Theme support has been dropped from Geeklog. If you are currently using the Professional theme or Professional_css theme from Geeklog 2.1.1 or older your website may not function properly.', + 18 => 'Comment Signatures before Geeklog 2.2.0 where stored with the comment. Now they are added when the comment is viewed. For backwards compatibility the upgrade will remove all comment signatures stored directly with the comment (so comment signatures will not display twice).' ); // +---------------------------------------------------------------------------+ diff --git a/public_html/admin/install/language/japanese_utf-8.php b/public_html/admin/install/language/japanese_utf-8.php index 3e5766e21..6830d490b 100644 --- a/public_html/admin/install/language/japanese_utf-8.php +++ b/public_html/admin/install/language/japanese_utf-8.php @@ -340,7 +340,8 @@ 14 => 'アップグレードの注意点', 15 => '話題IDと話題の最大長が128文字から75文字へ変更されました。このため、アップグレードの際に話題IDが強制的に切り詰められ、問題が発生するかもしれません(話題IDが75文字を超える場合)。75文字を超える話題IDを75文字に切り詰めたものが他の話題IDと重複しないか確認してください。', 16 => '話題IDと話題の最大長が128文字から75文字へ変更されました。アップグレードを進める前に修正する必要のある話題IDを検出しました。', - 17 => 'Professionalテーマはサポートされなくなりました。Geeklog 2.1.1以前からProfessionalテーマやProfessional_cssテーマを使っている場合はサイトが正常に機能しなくなる可能性があります。' + 17 => 'Professionalテーマはサポートされなくなりました。Geeklog 2.1.1以前からProfessionalテーマやProfessional_cssテーマを使っている場合はサイトが正常に機能しなくなる可能性があります。', + 18 => 'Comment Signatures before Geeklog 2.2.0 where stored with the comment. Now they are added when the comment is viewed. For backwards compatibility the upgrade will remove all comment signatures stored directly with the comment (so comment signatures will not display twice).' ); // +---------------------------------------------------------------------------+ diff --git a/sql/updates/mysql_2.1.3_to_2.2.0.php b/sql/updates/mysql_2.1.3_to_2.2.0.php index 0cf90cd39..9f20dd9d7 100644 --- a/sql/updates/mysql_2.1.3_to_2.2.0.php +++ b/sql/updates/mysql_2.1.3_to_2.2.0.php @@ -10,9 +10,21 @@ /** * Upgrade Messages */ -// None yet -// function upgrade_message220() { } +function upgrade_message213() +{ + global $_TABLES; + + // 3 upgrade message types exist 'information', 'warning', 'error' + // error type means the user cannot continue upgrade until fixed + + + // Comment signatures will be removed from old comments + $upgradeMessages['2.1.3'] = array( + 'warning' => 18 + ); + return $upgradeMessages; +} /** * Add new config options @@ -86,3 +98,32 @@ function addThemeAdminFor220() return true; } + +/** + * Remove old Comment Signatures and User Edit Dates + * + * @return bool + */ +function removeCommentSig220() +{ + global $_TABLES; + + $sql = "SELECT cid, comment FROM {$_TABLES['comments']} + WHERE comment LIKE '%%' + OR comment LIKE '%%'"; + + $result = DB_query($sql); + $numRows = DB_numRows($result); + for ($i = 0; $i < $numRows; $i++) { + $A = DB_fetchArray($result); + + $text = str_replace('
', '', $A['comment']); + $text = str_replace('
', '', $text); + $text = str_replace('
', '', $text); + $text = str_replace('
', '', $text); + + DB_query("UPDATE {$_TABLES['comments']} SET comment = '$text' WHERE cid = {$A['cid']}"); + } + + return true; +} diff --git a/sql/updates/pgsql_2.1.3_to_2.2.0.php b/sql/updates/pgsql_2.1.3_to_2.2.0.php index 546691bb5..32df18da6 100644 --- a/sql/updates/pgsql_2.1.3_to_2.2.0.php +++ b/sql/updates/pgsql_2.1.3_to_2.2.0.php @@ -10,9 +10,21 @@ /** * Upgrade Messages */ -// None yet -// function upgrade_message220() { } +function upgrade_message213() +{ + global $_TABLES; + + // 3 upgrade message types exist 'information', 'warning', 'error' + // error type means the user cannot continue upgrade until fixed + + + // Comment signatures will be removed from old comments + $upgradeMessages['2.1.3'] = array( + 'warning' => 18 + ); + return $upgradeMessages; +} /** * Add new config options @@ -86,3 +98,32 @@ function addThemeAdminFor220() return true; } + +/** + * Remove old Comment Signatures and User Edit Dates + * + * @return bool + */ +function removeCommentSig220() +{ + global $_TABLES; + + $sql = "SELECT cid, comment FROM {$_TABLES['comments']} + WHERE comment LIKE '%%' + OR comment LIKE '%%'"; + + $result = DB_query($sql); + $numRows = DB_numRows($result); + for ($i = 0; $i < $numRows; $i++) { + $A = DB_fetchArray($result); + + $text = str_replace('
', '', $A['comment']); + $text = str_replace('
', '', $text); + $text = str_replace('
', '', $text); + $text = str_replace('
', '', $text); + + DB_query("UPDATE {$_TABLES['comments']} SET comment = '$text' WHERE cid = {$A['cid']}"); + } + + return true; +} diff --git a/system/lib-comment.php b/system/lib-comment.php index 4fe167b19..923da6021 100644 --- a/system/lib-comment.php +++ b/system/lib-comment.php @@ -295,24 +295,6 @@ function CMT_getComment(&$comments, $mode, $type, $order, $delete_option = false $row = 1; do { - // check for comment edit - $commentEdit = DB_query("SELECT cid,uid,UNIX_TIMESTAMP(time) AS time FROM {$_TABLES['commentedits']} WHERE cid = {$A['cid']}"); - $B = DB_fetchArray($commentEdit); - if ($B) { //comment edit present - // get correct editor name - if ($A['uid'] == $B['uid']) { - $editName = $A['username']; - } else { - $editName = DB_getItem($_TABLES['users'], 'username', "uid={$B['uid']}"); - } - // add edit info to text - list($date, ) = COM_getUserDateTimeFormat($B['time'], 'date'); - $A['comment'] .= '
' . $LANG03[30] . ' ' - . $date . ' ' - . $LANG03[31] . ' ' . $editName - . '
'; - } - // determines indentation for current comment if ($mode === 'threaded' || $mode === 'nested') { $indent = ($A['indent'] - $A['pindent']) * $_CONF['comment_indent']; @@ -541,15 +523,8 @@ function CMT_getComment(&$comments, $mode, $type, $order, $delete_option = false $template->set_var('delete_option', ''); } - //and finally: format the actual text of the comment, but check only the text, not sig or edit - $text = str_replace('
', '', - $A['comment']); - $text = str_replace('
', '', $text); - $text = str_replace('
', '', $text); - $text = str_replace('
', '', $text); - if (preg_match('/<.*>/', $text) == 0) { - $A['comment'] = '
' . COM_nl2br($A['comment']) . '
'; - } + // Not sure if we need to wrap the comment in a div anymore???? + $A['comment'] = '
' . COM_nl2br($A['comment']) . '
'; // highlight search terms if specified if (!empty($_REQUEST['query'])) { @@ -584,6 +559,38 @@ function CMT_getComment(&$comments, $mode, $type, $order, $delete_option = false $template->set_var('reply_option', ''); } $template->set_var('reply_link', $reply_link); + + // Check for User Signature and add first + // Get signature of comment owner + if ($A['uid'] > 1) { + $sig = DB_getItem($_TABLES['users'], 'sig', "uid = {$A['uid']}"); + if (!empty($sig)) { + $A['comment'] .= '
'; + $A['comment'] .= '---' . COM_nl2br($sig); + $A['comment'] .= '
'; + } + } + + // check for comment edit + $commentEdit = DB_query("SELECT cid,uid,UNIX_TIMESTAMP(time) AS time FROM {$_TABLES['commentedits']} WHERE cid = {$A['cid']}"); + $B = DB_fetchArray($commentEdit); + if ($B) { //comment edit present + // get correct editor name + if ($A['uid'] == $B['uid']) { + $editName = $A['username']; + } else { + $editName = DB_getItem($_TABLES['users'], 'username', "uid={$B['uid']}"); + } + + + // add edit info to text + list($date, ) = COM_getUserDateTimeFormat($B['time'], 'date'); + $A['comment'] .= '
' . $LANG03[30] . ' ' + . $date . ' ' + . $LANG03[31] . ' ' . $editName + . '
'; + + } // format title for display, must happen after reply_link is created $A['title'] = htmlspecialchars($A['title']); @@ -869,12 +876,14 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo $commentUid = $uid; $table = ''; - $editsubmission = false; // flag if in edit submission (not regular edit of comment) + $edit_comment = false; + $edit_comment_submission = false; // flag if in edit submission (not regular edit of comment) if ($mode === 'edit' || $mode === $LANG03[28]) { $table = $_TABLES['comments']; + $edit_comment = true; } elseif ($mode === 'editsubmission' || $mode == $LANG03[34]) { $table = $_TABLES['commentsubmissions']; - $editsubmission = true; + $edit_comment_submission = true; } if (!empty($table)) { $cid = (int) Geeklog\Input::fRequest(CMT_CID, 0); @@ -951,13 +960,16 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo // $title = str_replace('$','$',$title); done in CMT_getComment $_POST['title'] = $title; + /* if ($mode == $LANG03[28]) { // for preview $newComment = CMT_prepareText($comment, $postMode, $type, true, $cid); } elseif ($mode == $LANG03[34]) { $newComment = CMT_prepareText($comment, $postMode, $type, true); } else { $newComment = CMT_prepareText($comment, $postMode, $type); - } + } */ + $newComment = CMT_prepareText($comment, $postMode, $type); + $_POST['comment'] = $newComment; // Preview mode: @@ -1070,7 +1082,7 @@ function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMo $comment_template->set_var('type', $type); if ($mode == 'edit' || $mode == 'editsubmission' || $mode == $LANG03[28] || $mode == $LANG03[34]) { // Only allow admins to disable record of edit - if (SEC_hasRights('comment.moderate') AND !$editsubmission) { + if (SEC_hasRights('comment.moderate') AND !$edit_comment_submission) { $comment_template->set_var('lang_record_edit', $LANG03['record_edit']); $comment_template->parse('record_edit', 'record_edit'); // Add record_edit block to record_edit variable } else { @@ -1867,11 +1879,9 @@ function CMT_handleEditSubmit($mode = null) COM_handle404($_CONF['site_url'] . '/index.php'); } - $comment = CMT_prepareText(Geeklog\Input::post('comment'), $postmode, $type); + $comment = CMT_prepareText(Geeklog\Input::post('comment'), $postmode, $mode); $title = COM_checkWords(GLText::stripTags(Geeklog\Input::post('title')), 'comment'); - - if (!empty($title) && !empty($comment)) { COM_updateSpeedlimit('comment'); $title = DB_escapeString($title); @@ -1893,7 +1903,7 @@ function CMT_handleEditSubmit($mode = null) } } } - + // save the comment into the table DB_query("UPDATE $table SET comment = '$comment', title = '$title', type = '$type'" . $sql_name . " WHERE cid=$cid AND sid='$sid'"); @@ -1940,11 +1950,9 @@ function CMT_handleEditSubmit($mode = null) * @param string $comment comment text * @param string $postMode ('html', 'plaintext', ...) * @param string $type Type of item (article, polls, etc.) - * @param boolean $edit if true append edit tag - * @param int $cid comment id if editing comment (for proper sig) * @return string of comment text */ -function CMT_prepareText($comment, $postMode, $type, $edit = false, $cid = null) +function CMT_prepareText($comment, $postMode, $type) { global $_USER, $_TABLES, $LANG03, $_CONF; @@ -1974,35 +1982,6 @@ function CMT_prepareText($comment, $postMode, $type, $edit = false, $cid = null) } } - if ($edit) { - list($date, ) = COM_getUserDateTimeFormat(time(), 'date'); - $comment .= '
' . $LANG03[30] . ' ' - . $date . ' ' . $LANG03[31] . ' ' - . $_USER['username'] . '
'; - } - - if (empty($_USER['uid'])) { - $uid = 1; - } elseif ($edit && is_numeric($cid)) { - //if comment moderator - $uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '$cid'"); - } else { - $uid = $_USER['uid']; - } - - if ($uid > 1) { - $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '$uid'"); - if (!empty($sig)) { - $comment .= '
'; - if ($postMode == 'html') { - $comment .= '---' . COM_nl2br($sig); - } else { - $comment .= '---' . LB . $sig; - } - $comment .= '
'; - } - } - return $comment; } @@ -2381,13 +2360,7 @@ function CMT_handleEdit($mode = '', $postMode = '', $format, $order, $page) $A = DB_fetchArray($result); $title = COM_stripslashes($A['title']); $commentText = COM_stripslashes(COM_undoSpecialChars($A['comment'])); - - //remove signature - $pos = strpos($commentText, ''); - if ($pos > 0) { - $commentText = substr($commentText, 0, $pos); - } - + //get format mode if (preg_match('/<.*>/', $commentText) != 0) { $postMode = 'html'; From 224ad7a629a44cad939ce458abcbf097b5a4e592 Mon Sep 17 00:00:00 2001 From: Kenji ITO Date: Sat, 11 Nov 2017 06:36:00 +0900 Subject: [PATCH 4/5] Fixed a bug which occurs during installation when COM_errorLog function is not available --- system/databases/mysql.class.php | 42 +++++++++++++++++++++------ system/databases/mysqli.class.php | 34 ++++++++++++++-------- system/databases/pgsql.class.php | 47 +++++++++++++++++++------------ 3 files changed, 85 insertions(+), 38 deletions(-) diff --git a/system/databases/mysql.class.php b/system/databases/mysql.class.php index 9adddc00a..d9d776fda 100644 --- a/system/databases/mysql.class.php +++ b/system/databases/mysql.class.php @@ -87,7 +87,7 @@ class Database private $_display_error = false; /** - * @var callable + * @var string|callable */ private $_errorlog_fn = ''; @@ -120,8 +120,7 @@ class Database */ private function _errorLog($msg) { - $function = $this->_errorlog_fn; - $function($msg); + call_user_func($this->_errorlog_fn, $msg); } /** @@ -376,6 +375,25 @@ public function isVerbose() return $this->_verbose && COM_isEnableDeveloperModeLog('database'); } + /** + * Default logger when COM_errorLog is not available + * + * @param string $msg + */ + private function defaultLogger($msg) + { + if (is_callable('error_log')) { + $msg .= PHP_EOL; + error_log($msg, 0); + } else { + if (!headers_sent()) { + header('Content-Type: text/html; charset=utf-8'); + } + + echo nl2br($msg) . '
' . PHP_EOL; + } + } + /** * Sets the function this class should call to log debug messages * @@ -386,7 +404,7 @@ public function setErrorFunction($functionName) if (is_callable($functionName)) { $this->_errorlog_fn = $functionName; } else { - throw new \InvalidArgumentException('function "' . $functionName . '" is not callable'); + $this->_errorlog_fn = array($this, 'defaultLogger'); } } @@ -468,6 +486,8 @@ public function dbQuery($sql, $ignore_errors = 0) $this->_errorLog("\n***sql caused an error***"); $this->_errorLog("\n*** Leaving database->dbQuery ***"); } + + return false; } } @@ -795,7 +815,13 @@ public function dbResult($recordSet, $row, $field = 0) */ public function dbNumFields($recordSet) { - return @mysql_numfields($recordSet); + $retval = @mysql_num_fields($recordSet); + + if ($retval === false) { + $retval = 0; + } + + return $retval; } /** @@ -808,7 +834,7 @@ public function dbNumFields($recordSet) */ public function dbFieldName($recordSet, $fieldNumber) { - return @mysql_fieldname($recordSet, $fieldNumber); + return @mysql_field_name($recordSet, (int) $fieldNumber); } /** @@ -820,7 +846,7 @@ public function dbFieldName($recordSet, $fieldNumber) */ public function dbAffectedRows($recordSet) { - return @mysql_affected_rows(); + return @mysql_affected_rows($this->_db); } /** @@ -856,7 +882,7 @@ public function dbFetchArray($recordSet, $both = false) public function dbInsertId($link_identifier = null, $sequence = '') { if (empty($link_identifier)) { - return @mysql_insert_id(); + return @mysql_insert_id($this->_db); } else { return @mysql_insert_id($link_identifier); } diff --git a/system/databases/mysqli.class.php b/system/databases/mysqli.class.php index 72340f927..afa100f5c 100644 --- a/system/databases/mysqli.class.php +++ b/system/databases/mysqli.class.php @@ -121,22 +121,17 @@ class Database */ private function _errorLog($msg) { - $function = $this->_errorlog_fn; - $function($msg); + call_user_func($this->_errorlog_fn, $msg); } /** * Connects to the MySQL database server - * This function connects to the MySQL server and returns the connection object - * - * @return bool Returns connection object + * This function connects to the MySQL server */ private function _connect() { global $_TABLES, $use_innodb; - $result = true; - if ($this->_verbose) { $this->_errorLog("\n*** Inside database->_connect ***"); } @@ -162,7 +157,6 @@ private function _connect() // damn, got an error. $this->dbError(); - $result = false; } // Set the character set @@ -186,8 +180,6 @@ private function _connect() if ($this->_verbose) { $this->_errorLog("\n***leaving database->_connect***"); } - - return $result; } /** @@ -383,18 +375,36 @@ public function isVerbose() return $this->_verbose && COM_isEnableDeveloperModeLog('database'); } + /** + * Default logger when COM_errorLog is not available + * + * @param string $msg + */ + private function defaultLogger($msg) + { + if (is_callable('error_log')) { + $msg .= PHP_EOL; + error_log($msg, 0); + } else { + if (!headers_sent()) { + header('Content-Type: text/html; charset=utf-8'); + } + + echo nl2br($msg) . '
' . PHP_EOL; + } + } + /** * Sets the function this class should call to log debug messages * * @param string $functionName Function name - * @throws \InvalidArgumentException */ public function setErrorFunction($functionName) { if (is_callable($functionName)) { $this->_errorlog_fn = $functionName; } else { - throw new \InvalidArgumentException('function "' . $functionName . '" is not callable'); + $this->_errorlog_fn = array($this, 'defaultLogger'); } } diff --git a/system/databases/pgsql.class.php b/system/databases/pgsql.class.php index ca8af3a07..6a9e59d76 100644 --- a/system/databases/pgsql.class.php +++ b/system/databases/pgsql.class.php @@ -2,13 +2,13 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 2.1 | +// | Geeklog 2.2 | // +---------------------------------------------------------------------------+ // | pgsql.class.php | // | | // | PostgreSQL database class | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2000-2011 by the following authors: | +// | Copyright (C) 2000-2017 by the following authors: | // | | // | Authors: Stanislav Palatnik, spalatnikk AT gmail DoT com | // +---------------------------------------------------------------------------+ @@ -80,7 +80,7 @@ class Database private $_display_error = false; /** - * @var callable + * @var string|callable */ private $_errorlog_fn = ''; @@ -104,11 +104,7 @@ class Database */ private function _errorLog($msg) { - $function = $this->_errorlog_fn; - - if (function_exists($function)) { - $function($msg); - } + call_user_func($this->_errorlog_fn, $msg); } /** @@ -147,8 +143,6 @@ public function dbTableExists($tableName, $ignoreErrors = 0) /** * Connects to the pgSQL database server * This function connects to the PostgreSQL server and returns the connection object - * - * @return object Returns connection object */ private function _connect() { @@ -185,18 +179,36 @@ private function _connect() } } + /** + * Default logger when COM_errorLog is not available + * + * @param string $msg + */ + private function defaultLogger($msg) + { + if (is_callable('error_log')) { + $msg .= PHP_EOL; + error_log($msg, 0); + } else { + if (!headers_sent()) { + header('Content-Type: text/html; charset=utf-8'); + } + + echo nl2br($msg) . '
' . PHP_EOL; + } + } + /** * Sets the function this class should call to log debug messages * * @param string $functionName Function name - * @throws \InvalidArgumentException */ public function setErrorFunction($functionName) { if (is_callable($functionName)) { $this->_errorlog_fn = $functionName; } else { - throw new \InvalidArgumentException('function "' . $functionName . '" is not callable'); + $this->_errorlog_fn = array($this, 'defaultLogger'); } } @@ -220,7 +232,6 @@ public function __construct($dbhost, $dbname, $dbuser, $dbpass, $tablePrefix, $e $this->_pass = $dbpass; $this->setErrorFunction($errorlogfn); $this->_verbose = false; - $this->_errorlog_fn = $errorlogfn; $this->_charset = strtolower($charset); $this->_pgsql_version = 0; @@ -231,16 +242,16 @@ public function __construct($dbhost, $dbname, $dbuser, $dbpass, $tablePrefix, $e * Retrieves returns the number of effected rows for last query * Retrieves returns the number of effected rows for last query * - * @param object $recordset The recordset to operate on + * @param object $recordSet The recordset to operate on * @return int Number of rows affected by last query */ - public function dbAffectedRows($recordset) + public function dbAffectedRows($recordSet) { - if (!isset($recordset)) { - $recordset = pg_get_result($this->_db); + if (!isset($recordSet)) { + $recordSet = pg_get_result($this->_db); } - return @pg_affected_rows($recordset); + return @pg_affected_rows($recordSet); } /** From 7d7b939be7244e3a8b0f3ee5eb77c7d69d5054ea Mon Sep 17 00:00:00 2001 From: Kenji ITO Date: Sat, 11 Nov 2017 16:07:45 +0900 Subject: [PATCH 5/5] Added Ban Plugin Support to Admin Comments Manager (feature request #742) --- language/english.php | 2 +- language/english_utf-8.php | 2 +- language/japanese_utf-8.php | 4 +- plugins/spamx/BanUser.Action.class.php | 2 +- plugins/spamx/BannedUsers.Examine.class.php | 8 +- plugins/spamx/BlackList.Examine.class.php | 2 +- plugins/spamx/DeleteComment.Action.class.php | 2 +- plugins/spamx/EditBlackList.Admin.class.php | 2 +- plugins/spamx/EditHeader.Admin.class.php | 2 +- plugins/spamx/EditIP.Admin.class.php | 2 +- plugins/spamx/EditIPofURL.Admin.class.php | 2 +- plugins/spamx/EditSFS.Admin.class.php | 2 +- plugins/spamx/Header.Examine.class.php | 2 +- plugins/spamx/IP.Examine.class.php | 2 +- plugins/spamx/IPofUrl.Examine.class.php | 2 +- plugins/spamx/MailAdmin.Action.class.php | 2 +- .../spamx/MassDelTrackback.Admin.class.php | 2 +- plugins/spamx/MassDelete.Admin.class.php | 2 +- plugins/spamx/SFS.Examine.class.php | 2 +- plugins/spamx/SFS.Misc.class.php | 3 +- plugins/spamx/SFSbase.class.php | 2 +- plugins/spamx/SFSreport.Action.class.php | 2 +- plugins/spamx/SLV.Examine.class.php | 2 +- plugins/spamx/SLVbase.class.php | 2 +- plugins/spamx/SLVreport.Action.class.php | 2 +- plugins/spamx/SLVwhitelist.Admin.class.php | 2 +- plugins/spamx/SNL.Examine.class.php | 2 +- plugins/spamx/SNLbase.class.php | 2 +- plugins/spamx/SNLreport.Action.class.php | 4 +- plugins/spamx/autoinstall.php | 6 +- plugins/spamx/configuration_validation.php | 4 +- plugins/spamx/functions.inc | 232 +++++++++++++++--- plugins/spamx/install_defaults.php | 4 +- plugins/spamx/sql/mysql_install.php | 2 +- plugins/spamx/sql/mysql_updates.php | 2 +- plugins/spamx/sql/pgsql_install.php | 4 +- plugins/spamx/sql/pgsql_updates.php | 4 +- public_html/admin/comment.php | 19 +- system/classes/IP.php | 146 +++++++++++ 39 files changed, 401 insertions(+), 91 deletions(-) create mode 100644 system/classes/IP.php diff --git a/language/english.php b/language/english.php index 9c834abe1..f9efac3ed 100644 --- a/language/english.php +++ b/language/english.php @@ -255,7 +255,7 @@ 103 => 'Ban this user', 104 => 'Ban this IP address with the Spamx plugin', 105 => 'IP Address', - 106 => 'Perform bulk action on comments and comment submissions including approval, deleting, and banning of user or IP address.', + 106 => 'Perform bulk action on comments and comment submissions including approval, deleting, and banning of user or IP address. IP addresses in red are the ones banned by the Spam-X plugin.', 'record_edit' => 'Record user and time of edit?' ); diff --git a/language/english_utf-8.php b/language/english_utf-8.php index 8ef6ab904..2ed093ca4 100644 --- a/language/english_utf-8.php +++ b/language/english_utf-8.php @@ -255,7 +255,7 @@ 103 => 'Ban this user', 104 => 'Ban this IP address with the Spamx plugin', 105 => 'IP Address', - 106 => 'Perform bulk action on comments and comment submissions including approval, deleting, and banning of user or IP address.', + 106 => 'Perform bulk action on comments and comment submissions including approval, deleting, and banning of user or IP address. IP addresses in red are the ones banned by the Spam-X plugin.', 'record_edit' => 'Record user and time of edit?' ); diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php index 427174d3e..3bb02df51 100644 --- a/language/japanese_utf-8.php +++ b/language/japanese_utf-8.php @@ -263,8 +263,8 @@ 103 => 'このユーザーを禁止する', 104 => 'このIPアドレスをSpamxプラグインで禁止する', 105 => 'IPアドレス', - 106 => 'ユーザーやIPアドレスの一括承認・削除・禁止を含めて、コメントに対するアクションを一括して行います。', - 'record_edit' => 'Record user and time of edit?' + 106 => 'ユーザーやIPアドレスの一括承認・削除・禁止を含めて、コメントに対するアクションを一括して行います。赤字のIPアドレスはSpam-Xプラグインで禁止されているIPです。', + 'record_edit' => '編集者と編集時刻を記録する' ); ############################################################################### diff --git a/plugins/spamx/BanUser.Action.class.php b/plugins/spamx/BanUser.Action.class.php index 9ccc3fc4e..cac08e8d8 100644 --- a/plugins/spamx/BanUser.Action.class.php +++ b/plugins/spamx/BanUser.Action.class.php @@ -3,7 +3,7 @@ /** * File: BanUser.Action.class.php * This is the Ban User Action for the Geeklog Spam-X plugin - * Copyright (C) 2012 by the following authors: + * Copyright (C) 2012-2017 by the following authors: * Author Dirk Haun dirk AT haun-online DOT net * based on earlier works by Tom Willett * Licensed under GNU General Public License diff --git a/plugins/spamx/BannedUsers.Examine.class.php b/plugins/spamx/BannedUsers.Examine.class.php index 19f382334..9733c2107 100644 --- a/plugins/spamx/BannedUsers.Examine.class.php +++ b/plugins/spamx/BannedUsers.Examine.class.php @@ -4,7 +4,7 @@ * File: BannedUsers.Examine.class.php * This Exame class for Geeklog's Spam-X plugin checks posts against URLs * that banned users used as their homepage URL. - * Copyright (C) 2012 by the following authors: + * Copyright (C) 2012-2017 by the following authors: * Author Dirk Haun dirk AT haun-online DOT de * Licensed under GNU General Public License * @@ -62,10 +62,10 @@ public function execute($comment) if (preg_match($pattern, $comment)) { $ans = 1; // quit on first positive match - SPAMX_log($LANG_SX00['foundspam'] . $val . - ' (' . $LANG28[42] . ')' . + SPAMX_log($LANG_SX00['foundspam'] . $val . ' (' . $LANG28[42] . ')' . $LANG_SX00['foundspam2'] . $uid . - $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']); + $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR'] + ); break; } } diff --git a/plugins/spamx/BlackList.Examine.class.php b/plugins/spamx/BlackList.Examine.class.php index 403db0e2d..219bf913d 100644 --- a/plugins/spamx/BlackList.Examine.class.php +++ b/plugins/spamx/BlackList.Examine.class.php @@ -3,7 +3,7 @@ /** * File: BlackList.Examine.class.php * This is the Personal BlackList Examine class for the Geeklog Spam-X plugin - * Copyright (C) 2004-2006 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Licensed under GNU General Public License * diff --git a/plugins/spamx/DeleteComment.Action.class.php b/plugins/spamx/DeleteComment.Action.class.php index 3142d7d54..778d2c5c9 100644 --- a/plugins/spamx/DeleteComment.Action.class.php +++ b/plugins/spamx/DeleteComment.Action.class.php @@ -3,7 +3,7 @@ /** * File: DeleteComment.Action.class.php * This is the Delete Comment Action for the Geeklog Spam-X plugin - * Copyright (C) 2004-2005 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Licensed under GNU General Public License * diff --git a/plugins/spamx/EditBlackList.Admin.class.php b/plugins/spamx/EditBlackList.Admin.class.php index 4e1bb8834..d675ce4b0 100644 --- a/plugins/spamx/EditBlackList.Admin.class.php +++ b/plugins/spamx/EditBlackList.Admin.class.php @@ -3,7 +3,7 @@ /** * File: EditBlackList.Admin.class.php * This is the Edit Personal Blacklist Module for the Geeklog Spam-X plugin - * Copyright (C) 2004-2009 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Dirk Haun dirk AT haun-online DOT de * Licensed under GNU General Public License diff --git a/plugins/spamx/EditHeader.Admin.class.php b/plugins/spamx/EditHeader.Admin.class.php index 62b3a0344..36bf506a5 100644 --- a/plugins/spamx/EditHeader.Admin.class.php +++ b/plugins/spamx/EditHeader.Admin.class.php @@ -3,7 +3,7 @@ /** * File: EditHeader.Admin.class.php * This is the Edit HTTP Header Module for the Geeklog Spam-X plugin - * Copyright (C) 2005-2009 by the following authors: + * Copyright (C) 2005-2017 by the following authors: * Author Dirk Haun * based on the works of Tom Willett * Licensed under GNU General Public License diff --git a/plugins/spamx/EditIP.Admin.class.php b/plugins/spamx/EditIP.Admin.class.php index 150a46927..4860b2d58 100644 --- a/plugins/spamx/EditIP.Admin.class.php +++ b/plugins/spamx/EditIP.Admin.class.php @@ -3,7 +3,7 @@ /** * File: EditIP.Admin.class.php * This is the Edit IPBlacklist Module for the Geeklog Spam-X plugin - * Copyright (C) 2004-2009 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Dirk Haun dirk AT haun-online DOT de * Licensed under GNU General Public License diff --git a/plugins/spamx/EditIPofURL.Admin.class.php b/plugins/spamx/EditIPofURL.Admin.class.php index 7bbf574ea..d7a42b1ca 100644 --- a/plugins/spamx/EditIPofURL.Admin.class.php +++ b/plugins/spamx/EditIPofURL.Admin.class.php @@ -3,7 +3,7 @@ /** * File: EditIPofURL.Admin.class.php * This is the Edit IP of URL Module for the Geeklog Spam-X plugin - * Copyright (C) 2004-2010 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Dirk Haun dirk AT haun-online DOT de * Licensed under GNU General Public License diff --git a/plugins/spamx/EditSFS.Admin.class.php b/plugins/spamx/EditSFS.Admin.class.php index 701078938..d2391bdb2 100644 --- a/plugins/spamx/EditSFS.Admin.class.php +++ b/plugins/spamx/EditSFS.Admin.class.php @@ -3,7 +3,7 @@ /** * File: EditSFS.Admin.class.php * This is the Edit Personal Blacklist Module for the glFusion Spam-X plugin - * Copyright (C) 2004-2009 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Dirk Haun dirk AT haun-online DOT de * Licensed under GNU General Public License diff --git a/plugins/spamx/Header.Examine.class.php b/plugins/spamx/Header.Examine.class.php index d6beb30de..9881f8c29 100644 --- a/plugins/spamx/Header.Examine.class.php +++ b/plugins/spamx/Header.Examine.class.php @@ -3,7 +3,7 @@ /** * File: Header.Examine.class.php * This is the HTTP Header Examine class for the Geeklog Spam-X plugin - * Copyright (C) 2005-2009 by the following authors: + * Copyright (C) 2005-2017 by the following authors: * Author Dirk Haun * based on the works of Tom Willett * Licensed under the GNU General Public License diff --git a/plugins/spamx/IP.Examine.class.php b/plugins/spamx/IP.Examine.class.php index d0616df03..f1a63556e 100644 --- a/plugins/spamx/IP.Examine.class.php +++ b/plugins/spamx/IP.Examine.class.php @@ -3,7 +3,7 @@ /** * File: IP.Examine.class.php * This is the IP BlackList Examine class for the Geeklog Spam-X plugin - * Copyright (C) 2004-2010 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Licensed under GNU General Public License * diff --git a/plugins/spamx/IPofUrl.Examine.class.php b/plugins/spamx/IPofUrl.Examine.class.php index bb5b9ffa2..2191a53e2 100644 --- a/plugins/spamx/IPofUrl.Examine.class.php +++ b/plugins/spamx/IPofUrl.Examine.class.php @@ -3,7 +3,7 @@ /** * File: IPofUrl.Examine.class.php * This is the Personal BlackList Examine class for the Geeklog Spam-X plugin - * Copyright (C) 2004-2006 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Licensed under GNU General Public License * diff --git a/plugins/spamx/MailAdmin.Action.class.php b/plugins/spamx/MailAdmin.Action.class.php index 61efd2b06..a3cafb449 100644 --- a/plugins/spamx/MailAdmin.Action.class.php +++ b/plugins/spamx/MailAdmin.Action.class.php @@ -3,7 +3,7 @@ /** * File: MailAdmin.Action.class.php * This is the Mail Admin Action for the Geeklog Spam-X plugin - * Copyright (C) 2004-2008 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Licensed under GNU General Public License * diff --git a/plugins/spamx/MassDelTrackback.Admin.class.php b/plugins/spamx/MassDelTrackback.Admin.class.php index e57e712e4..cf1cb7062 100644 --- a/plugins/spamx/MassDelTrackback.Admin.class.php +++ b/plugins/spamx/MassDelTrackback.Admin.class.php @@ -3,7 +3,7 @@ /** * File: MassDelTrackback.Admin.class.php * Mass delete trackback spam - * Copyright (C) 2004-2008 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * * @author Tom Willett tomw AT pigstye DOT net * @author Dirk Haun dirk AT haun-online DOT de diff --git a/plugins/spamx/MassDelete.Admin.class.php b/plugins/spamx/MassDelete.Admin.class.php index 93b0623d4..86bd543a9 100644 --- a/plugins/spamx/MassDelete.Admin.class.php +++ b/plugins/spamx/MassDelete.Admin.class.php @@ -3,7 +3,7 @@ /** * File: MassDelete.Admin.class.php * Mass delete comment spam - * Copyright (C) 2004-2008 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Licensed under GNU General Public License * diff --git a/plugins/spamx/SFS.Examine.class.php b/plugins/spamx/SFS.Examine.class.php index 9fbc2b44d..930993277 100644 --- a/plugins/spamx/SFS.Examine.class.php +++ b/plugins/spamx/SFS.Examine.class.php @@ -3,7 +3,7 @@ /** * File: SFS.Examine.class.php * This is the Stop Forum Spam Examine class for the Geeklog Spam-X plugin - * Copyright (C) 2014 Tom Homer - WebSiteMaster AT cogeco DOT com + * Copyright (C) 2014-2017 Tom Homer - WebSiteMaster AT cogeco DOT com * Licensed under the GNU General Public License */ diff --git a/plugins/spamx/SFS.Misc.class.php b/plugins/spamx/SFS.Misc.class.php index 257161b90..691979595 100644 --- a/plugins/spamx/SFS.Misc.class.php +++ b/plugins/spamx/SFS.Misc.class.php @@ -1,4 +1,5 @@ - * @copyright Copyright (c) 2010 Lee Garner + * @copyright Copyright (c) 2010-2017 Lee Garner * @package spamx * @subpackage Modules * @version 1.0.0 diff --git a/plugins/spamx/SFSbase.class.php b/plugins/spamx/SFSbase.class.php index d60d5110d..c8dce6e17 100644 --- a/plugins/spamx/SFSbase.class.php +++ b/plugins/spamx/SFSbase.class.php @@ -3,7 +3,7 @@ /** * File: SFSbase.class.php * Stop Forum Spam (SFS) Base Class - * Copyright (C) 2014 Tom Homer - WebSiteMaster AT cogeco DOT com + * Copyright (C) 2014-2017 Tom Homer - WebSiteMaster AT cogeco DOT com * Licensed under the GNU General Public License diff --git a/plugins/spamx/SFSreport.Action.class.php b/plugins/spamx/SFSreport.Action.class.php index 3951f8496..71aa14dae 100644 --- a/plugins/spamx/SFSreport.Action.class.php +++ b/plugins/spamx/SFSreport.Action.class.php @@ -3,7 +3,7 @@ /** * File: SFS.Action.class.php * This is the Stop Forum Spam Action class for the Geeklog Spam-X plugin - * Copyright (C) 2014 Tom Homer - WebSiteMaster AT cogeco DOT com + * Copyright (C) 2014-2017 Tom Homer - WebSiteMaster AT cogeco DOT com * Licensed under the GNU General Public License diff --git a/plugins/spamx/SLV.Examine.class.php b/plugins/spamx/SLV.Examine.class.php index b528bcec4..ffcd1f3af 100644 --- a/plugins/spamx/SLV.Examine.class.php +++ b/plugins/spamx/SLV.Examine.class.php @@ -3,7 +3,7 @@ /** * File: SLV.Examine.class.php * This is the Spam Link Verification Examine class for the Geeklog Spam-X plugin - * Copyright (C) 2006 by the following authors: + * Copyright (C) 2006-2017 by the following authors: * Author Dirk Haun dirk AT haun-online DOT de * Licensed under the GNU General Public License * diff --git a/plugins/spamx/SLVbase.class.php b/plugins/spamx/SLVbase.class.php index ff9bbb701..a840e8763 100644 --- a/plugins/spamx/SLVbase.class.php +++ b/plugins/spamx/SLVbase.class.php @@ -3,7 +3,7 @@ /** * File: SLVbase.class.php * Spam Link Verification (SLV) Base Class - * Copyright (C) 2006 by the following authors: + * Copyright (C) 2006-2017 by the following authors: * Author Dirk Haun dirk AT haun-online DOT de * Licensed under the GNU General Public License * diff --git a/plugins/spamx/SLVreport.Action.class.php b/plugins/spamx/SLVreport.Action.class.php index e1ab815be..0663e361b 100644 --- a/plugins/spamx/SLVreport.Action.class.php +++ b/plugins/spamx/SLVreport.Action.class.php @@ -3,7 +3,7 @@ /** * File: SLV.Action.class.php * This is the Spam Link Verification Action class for the Geeklog Spam-X plugin - * Copyright (C) 2006 by the following authors: + * Copyright (C) 2006-2017 by the following authors: * Author Dirk Haun dirk AT haun-online DOT de * Licensed under the GNU General Public License * diff --git a/plugins/spamx/SLVwhitelist.Admin.class.php b/plugins/spamx/SLVwhitelist.Admin.class.php index 81064a581..e2f2a0a6a 100644 --- a/plugins/spamx/SLVwhitelist.Admin.class.php +++ b/plugins/spamx/SLVwhitelist.Admin.class.php @@ -3,7 +3,7 @@ /** * File: SLVwhitelist.Admin.class.php * This is the SLV Whitelist Module for the Geeklog Spam-X plugin - * Copyright (C) 2004-2010 by the following authors: + * Copyright (C) 2004-2017 by the following authors: * Author Tom Willett tomw AT pigstye DOT net * Dirk Haun dirk AT haun-online DOT de * Licensed under GNU General Public License diff --git a/plugins/spamx/SNL.Examine.class.php b/plugins/spamx/SNL.Examine.class.php index ef8ffb362..693fc536a 100644 --- a/plugins/spamx/SNL.Examine.class.php +++ b/plugins/spamx/SNL.Examine.class.php @@ -3,7 +3,7 @@ /** * File: SNL.Examine.class.php * This is the Spam Number of Links Examine class for the Geeklog Spam-X plugin - * Copyright (C) 2006 Tom Homer - WebSiteMaster AT cogeco DOT com + * Copyright (C) 2006-2017 Tom Homer - WebSiteMaster AT cogeco DOT com * Licensed under the GNU General Public License diff --git a/plugins/spamx/SNLbase.class.php b/plugins/spamx/SNLbase.class.php index 036b8713f..2b11abfc6 100644 --- a/plugins/spamx/SNLbase.class.php +++ b/plugins/spamx/SNLbase.class.php @@ -3,7 +3,7 @@ /** * File: SNLbase.class.php * Spam Number of Links (SNL) Base Class - * Copyright (C) 2006 Tom Homer - WebSiteMaster AT cogeco DOT com + * Copyright (C) 2006-2017 Tom Homer - WebSiteMaster AT cogeco DOT com * Licensed under the GNU General Public License diff --git a/plugins/spamx/SNLreport.Action.class.php b/plugins/spamx/SNLreport.Action.class.php index bd1bb844e..69770f8ac 100644 --- a/plugins/spamx/SNLreport.Action.class.php +++ b/plugins/spamx/SNLreport.Action.class.php @@ -3,10 +3,8 @@ /** * File: SNL.Action.class.php * This is the Spam Number of Links Action class for the Geeklog Spam-X plugin - * Copyright (C) 2006 Tom Homer - WebSiteMaster AT cogeco DOT com + * Copyright (C) 2006-2017 Tom Homer - WebSiteMaster AT cogeco DOT com * Licensed under the GNU General Public License - - */ if (stripos($_SERVER['PHP_SELF'], basename(__FILE__)) !== false) { diff --git a/plugins/spamx/autoinstall.php b/plugins/spamx/autoinstall.php index 0744ebc9d..8e9bcc067 100644 --- a/plugins/spamx/autoinstall.php +++ b/plugins/spamx/autoinstall.php @@ -8,7 +8,7 @@ // | | // | This file provides helper functions for the automatic plugin install. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2008-2010 by the following authors: | +// | Copyright (C) 2008-2017 by the following authors: | // | | // | Authors: Dirk Haun - dirk AT haun-online DOT de | // +---------------------------------------------------------------------------+ @@ -50,8 +50,8 @@ function plugin_autoinstall_spamx($pi_name) $info = array( 'pi_name' => $pi_name, 'pi_display_name' => $pi_display_name, - 'pi_version' => '1.3.4', - 'pi_gl_version' => '2.1.2', + 'pi_version' => '1.3.5', + 'pi_gl_version' => '2.2.0', 'pi_homepage' => 'https://www.geeklog.net/', ); diff --git a/plugins/spamx/configuration_validation.php b/plugins/spamx/configuration_validation.php index accae0420..b45fc02c8 100644 --- a/plugins/spamx/configuration_validation.php +++ b/plugins/spamx/configuration_validation.php @@ -2,13 +2,13 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Spam-X | +// | Spam-X 1.3 | // +---------------------------------------------------------------------------+ // | configuration_validation.php | // | | // | List of validation rules for the Links plugin configurations | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2007-2010 by the following authors: | +// | Copyright (C) 2007-2017 by the following authors: | // | | // | Authors: Akeda Bagus - admin AT gedex DOT web DOT id | // | Tom Homer - tomhomer AT gmail DOT com | diff --git a/plugins/spamx/functions.inc b/plugins/spamx/functions.inc index 801cfe9bd..2226ddb0a 100644 --- a/plugins/spamx/functions.inc +++ b/plugins/spamx/functions.inc @@ -1,15 +1,33 @@ $LANG_SX00['stats_page_title'], 'field' => 'label', 'header_class' => 'stats-header-title'), - array('text' => $LANG_SX00['stats_entries'], 'field' => 'stats', 'header_class' => 'stats-header-count', 'field_class' => 'stats-list-count'), + array( + 'text' => $LANG_SX00['stats_page_title'], + 'field' => 'label', + 'header_class' => 'stats-header-title' + ), + array( + 'text' => $LANG_SX00['stats_entries'], + 'field' => 'stats', + 'header_class' => 'stats-header-count', + 'field_class' => 'stats-list-count' + ), ); $data_arr = array(); $text_arr = array( @@ -100,8 +127,8 @@ function plugin_showstats_spamx($showSiteStats) /** * New stats plugin API function for proper integration with the site stats * - * @return array(item text, item count); - * @see plugin_showstats_spamx + * @return array(item text, item count); + * @see plugin_showstats_spamx */ function plugin_statssummary_spamx() { @@ -124,9 +151,11 @@ function plugin_cclabel_spamx() $retval = array(); if (SEC_hasRights('spamx.admin')) { - $retval = array($LANG_SX00['plugin_name'], + $retval = array( + $LANG_SX00['plugin_name'], $_CONF['site_admin_url'] . '/plugins/spamx/index.php', - plugin_geticon_spamx(), 'tools'); + plugin_geticon_spamx(), 'tools' + ); } return $retval; @@ -148,6 +177,8 @@ function plugin_getadminoption_spamx() $count = $A['cnt']; return array($LANG_SX00['plugin_name'], $_CONF['site_admin_url'] . '/plugins/spamx/index.php', $count, 'tools'); + } else { + return array(); } } @@ -351,7 +382,18 @@ function plugin_upgrade_spamx() } $current_version = '1.3.4'; // Shipped with Geeklog-2.1.3 - break; + break; + + case '1.3.4': + if (isset($_UPDATES[$current_version])) { + $_SQL = $_UPDATES[$current_version]; + foreach ($_SQL as $sql) { + DB_query($sql); + } + } + + $current_version = '1.3.5'; // Shipped with Geeklog-2.2.0 + break; default: $done = true; @@ -380,8 +422,7 @@ function plugin_migrate_spamx($old_conf) for ($i = 0; $i < $num; $i++) { list($name, $value) = DB_fetchArray($result); - $new_value = DB_escapeString(str_replace($old_conf['site_url'], - $_CONF['site_url'], $value)); + $new_value = DB_escapeString(str_replace($old_conf['site_url'], $_CONF['site_url'], $value)); $old_value = DB_escapeString($value); DB_query("UPDATE {$_TABLES['spamx']} SET value = '$new_value' WHERE name = 'SLVwhitelist' AND value = '$old_value'"); @@ -418,24 +459,24 @@ function plugin_checkforSpam_spamx($comment, $action = -1) } // Clear out any old records - $deletelist = ''; + $deleteList = ''; if (is_array($_SPX_CONF['records_delete'])) { foreach ($_SPX_CONF['records_delete'] as $record) { if (!empty($record)) { $record = DB_escapeString($record); - if ($deletelist == '') { - $deletelist = "'$record'"; + if ($deleteList == '') { + $deleteList = "'$record'"; } else { - $deletelist .= ", '$record'"; + $deleteList .= ", '$record'"; } } } } - if ($_SPX_CONF['max_age'] > 1 && $deletelist != '') { + if ($_SPX_CONF['max_age'] > 1 && $deleteList != '') { $timestamp = DB_escapeString(date('Y-m-d')); $sql = "DELETE FROM {$_TABLES['spamx']} WHERE DATE_ADD(regdate,INTERVAL {$_SPX_CONF['max_age']} DAY) < '$timestamp' - AND name IN ($deletelist)"; + AND name IN ($deleteList)"; DB_query($sql); } @@ -500,7 +541,7 @@ function plugin_spamaction_spamx($comment, $action) if (is_file($spamx_path . $file)) { if (substr($file, -17) == '.Action.class.php') { $sfile = str_replace('.Action.class.php', '', $file); - require_once($spamx_path . $file); + require_once $spamx_path . $file; $CM = new $sfile; $Spamx_Action[$sfile] = $CM->getActionCode(); } @@ -524,15 +565,14 @@ function plugin_spamaction_spamx($comment, $action) * Logs message to spamx.log * This will print a message to the spamx log * - * @param string $logentry Message to write to log + * @param string $logEntry Message to write to log */ -function SPAMX_log($logentry) +function SPAMX_log($logEntry) { global $_CONF, $LANG01, $_SPX_CONF; - if ((!isset($_SPX_CONF['logging']) || ($_SPX_CONF['logging'] === true)) && !empty($logentry)) { - $logentry = str_replace(array(''), array('(@', '@)'), $logentry); - + if ((!isset($_SPX_CONF['logging']) || ($_SPX_CONF['logging'] === true)) && !empty($logEntry)) { + $logEntry = str_replace(array(''), array('(@', '@)'), $logEntry); $timestamp = strftime('%c'); $logfile = $_CONF['path_log'] . 'spamx.log'; @@ -540,7 +580,8 @@ function SPAMX_log($logentry) COM_errorLog($LANG01[33] . $logfile . ' (' . $timestamp . ')', 1); } - fputs($file, "$timestamp - $logentry \n"); + fputs($file, "$timestamp - $logEntry \n"); + fclose($file); } } @@ -651,3 +692,124 @@ function plugin_itemPreSave_spamx($type, $username) return ''; } + +/** + * Public APIs to provide the information the Spam-X has stored or to manipulate the data it has + * + * @since v2.2.0 + */ + +/** + * @param string $ipToCheck + * @return bool + */ +function SPAMX_isIPBanned($ipToCheck) +{ + global $_TABLES; + + $ipToCheck = trim($ipToCheck); + $ipToCheck = strtolower($ipToCheck); + + if ($ipToCheck !== '') { + $sql = "SELECT value FROM {$_TABLES['spamx']} WHERE (name = 'IP')"; + $result = DB_query($sql); + + if (!DB_error()) { + while (($A = DB_fetchArray($result, false)) !== false) { + $target = strtolower($A['value']); + + if (strpos($target, '/') !== false) { + $check = Geeklog\IP::matchCIDR($ipToCheck, $target); + } elseif (strpos($target, '-') !== false) { + $check = Geeklog\IP::matchRange($ipToCheck, $target); + } else { + $target = '/' . preg_quote($target, '/') . '/'; + $check = (preg_match($target, $ipToCheck) == 1); + } + + if ($check) { + return true; + } + } + } + } + + return false; +} + +/** + * Return an array of banned IPs + * + * @return array of string representing an IP + */ +function SPAMX_getBannedIPs() +{ + global $_TABLES; + + $retval = array(); + $sql = "SELECT value FROM {$_TABLES['spamx']} WHERE name = 'IP'"; + $result = DB_query($sql); + + if (!DB_error()) { + while (($A = DB_fetchArray($result, false)) !== false) { + $retval[] = $A['value']; + } + } + + return $retval; +} + +/** + * Register or update banned IPs + * + * @param string|array $ips + */ +function SPAMX_registerBannedIPs($ips) +{ + global $_TABLES; + + $ips = (array) $ips; + + foreach ($ips as $ip) { + $ip = trim($ip); + + if ($ip !== '') { + $ip = DB_escapeString($ip); + + if (DB_count($_TABLES['spamx'], array('name', 'value'), array('IP', $ip)) == 1) { + // The IP given already exists + $sql = "UPDATE {$_TABLES['spamx']} SET counter = counter + 1 " + . "WHERE (name = 'IP') AND (value = '{$ip}')"; + } else { + // The IP given not found + $timestamp = DB_escapeString(date('Y-m-d H:i:s')); + $sql = "INSERT INTO {$_TABLES['spamx']} (name, value, counter, regdate) " + . "VALUES('IP', '{$ip}', 1, '{$timestamp}')"; + } + + DB_query($sql); + } + } +} + +/** + * Delete IPs from the database + * + * @param string|array $ips + */ +function SPAMX_deleteBannedIPs($ips) +{ + global $_TABLES; + + $ips = (array) $ips; + + foreach ($ips as $ip) { + $ip = trim($ip); + + if ($ip !== '') { + $ip = DB_escapeString($ip); + $sql = "DELETE FROM {$_TABLES['spamx']} WHERE (name = 'IP') AND (value = '{$ip}') LIMIT 1"; + DB_query($sql); + } + } +} diff --git a/plugins/spamx/install_defaults.php b/plugins/spamx/install_defaults.php index bf3de13ba..91861b47f 100644 --- a/plugins/spamx/install_defaults.php +++ b/plugins/spamx/install_defaults.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Spam-X plugin 1.2 | +// | Spam-X plugin 1.3 | // +---------------------------------------------------------------------------+ // | install_defaults.php | // | | @@ -10,7 +10,7 @@ // | records. These settings are only used during the initial installation | // | and not referenced any more once the plugin is installed. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2008-2009 by the following authors: | +// | Copyright (C) 2008-2017 by the following authors: | // | | // | Authors: Dirk Haun - dirk AT haun-online DOT de | // +---------------------------------------------------------------------------+ diff --git a/plugins/spamx/sql/mysql_install.php b/plugins/spamx/sql/mysql_install.php index 3d5773cd5..d6adc4e2f 100644 --- a/plugins/spamx/sql/mysql_install.php +++ b/plugins/spamx/sql/mysql_install.php @@ -6,7 +6,7 @@ // +---------------------------------------------------------------------------+ // | Installation SQL | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2004-2010 by the following authors: | +// | Copyright (C) 2004-2017 by the following authors: | // | | // | Authors: Tom Willett - tomw AT pigstye DOT net | // +---------------------------------------------------------------------------+ diff --git a/plugins/spamx/sql/mysql_updates.php b/plugins/spamx/sql/mysql_updates.php index 8573f50eb..b40030a2c 100644 --- a/plugins/spamx/sql/mysql_updates.php +++ b/plugins/spamx/sql/mysql_updates.php @@ -6,7 +6,7 @@ // +---------------------------------------------------------------------------+ // | Upgrade SQL | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2010-2011 by the following authors: | +// | Copyright (C) 2010-2017 by the following authors: | // | | // | Authors: Tom Homer - websitemaster AT cogeco DOT net | // +---------------------------------------------------------------------------+ diff --git a/plugins/spamx/sql/pgsql_install.php b/plugins/spamx/sql/pgsql_install.php index 6d4b8ba17..98e194077 100644 --- a/plugins/spamx/sql/pgsql_install.php +++ b/plugins/spamx/sql/pgsql_install.php @@ -2,11 +2,11 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Spam-X Plugin 1.2 | +// | Spam-X Plugin 1.3 | // +---------------------------------------------------------------------------+ // | Installation SQL | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2004-2009 by the following authors: | +// | Copyright (C) 2004-2017 by the following authors: | // | | // | Authors: Tom Willett - tomw AT pigstye DOT net | // +---------------------------------------------------------------------------+ diff --git a/plugins/spamx/sql/pgsql_updates.php b/plugins/spamx/sql/pgsql_updates.php index 2193b4334..18fd97d94 100644 --- a/plugins/spamx/sql/pgsql_updates.php +++ b/plugins/spamx/sql/pgsql_updates.php @@ -2,11 +2,11 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Spam-X Plugin 1.2 | +// | Spam-X Plugin 1.3 | // +---------------------------------------------------------------------------+ // | Upgrade SQL | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2010 by the following authors: | +// | Copyright (C) 2010-2017 by the following authors: | // | | // | Authors: Tom Homer - websitemaster AT cogeco DOT net | // +---------------------------------------------------------------------------+ diff --git a/public_html/admin/comment.php b/public_html/admin/comment.php index 90b58f5b5..0cd56c08a 100644 --- a/public_html/admin/comment.php +++ b/public_html/admin/comment.php @@ -2,13 +2,13 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 2.1 | +// | Geeklog 2.2 | // +---------------------------------------------------------------------------+ // | comment.php | // | | // | Geeklog block administration. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2000-2016 by the following authors: | +// | Copyright (C) 2000-2017 by the following authors: | // | | // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | @@ -169,7 +169,14 @@ function ADMIN_getListField_comments($fieldName, $fieldValue, $A, $iconArray, $s break; case 'ipaddress': - $fieldValue = htmlspecialchars($fieldValue, ENT_QUOTES, $encoding); + $forDisplay = htmlspecialchars($fieldValue, ENT_QUOTES, $encoding); + + if (SPAMX_isIPBanned($fieldValue)) { + $fieldValue = '' . $forDisplay . ''; + } else { + $fieldValue = $forDisplay; + } + break; default: @@ -508,11 +515,7 @@ function banIpAddresses($suffix) $ipAddresses[] = $A['ipaddress']; } - foreach ($ipAddresses as $ipAddress) { - $sql = "INSERT INTO {$_TABLES['spamx']} (name, value) " - . "VALUES ('IP', '" . DB_escapeString($ipAddress) . "')"; - DB_query($sql); - } + SPAMX_registerBannedIPs($ipAddresses); } COM_redirect($_CONF['site_admin_url'] . '/comment.php?msg=144'); diff --git a/system/classes/IP.php b/system/classes/IP.php new file mode 100644 index 000000000..435f595b7 --- /dev/null +++ b/system/classes/IP.php @@ -0,0 +1,146 @@ += $low) && ($check <= $high)) { + return true; + } + } + + return false; + } + + /** + * Private internal method to match an IP address against an address range + * Original authors: dh06 and Stephane, taken from + * + * @link http://www.php.net/manual/en/function.ip2long.php#70707 + * @param string $ip IP address to check + * @param string $range IP address range to check against + * @return bool true if IP falls into the IP range, else false + */ + public static function matchRange($ip, $range) + { + // not for IPv6 addresses + if (strpos($ip, ':') !== false) { + return false; + } + + $d = strpos($range, '-'); + if ($d !== false) { + $from = ip2long(trim(substr($range, 0, $d))); + $to = ip2long(trim(substr($range, $d + 1))); + + $ip = ip2long($ip); + + return (($ip >= $from) && ($ip <= $to)); + } + + return false; + } + + /** + * Return if the IP address given is valid + * + * @param string $ip + * @return bool + */ + public static function isValidIP($ip) + { + return (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => FILTER_FLAG_IPV4 || FILTER_FLAG_IPV6)) !== false); + } + + /** + * Return if the IP address given is valid as an IPv4 address + * + * @param string $ip + * @return bool + */ + public static function isValidIPv4($ip) + { + return (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => FILTER_FLAG_IPV4)) !== false); + } + + /** + * Return if the IP address given is valid as an IPv6 address + * + * @param string $ip + * @return bool + */ + public static function isValidIPv6($ip) + { + return (filter_var($ip, FILTER_VALIDATE_IP, array('flags' => FILTER_FLAG_IPV6)) !== false); + } + + /** + * Return if the IP is a private address + * + * @param string $ip + * @return bool + */ + public static function isGlobalIP($ip) + { + $retval = self::isValidIP($ip) && + filter_var($ip, FILTER_VALIDATE_IP, array('flags' => FILTER_FLAG_NO_PRIV_RANGE || FILTER_FLAG_NO_RES_RANGE)); + + return $retval; + } +}