-
-
Notifications
You must be signed in to change notification settings - Fork 410
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #3262 Bad word filter #3353
Conversation
^ Done. |
@euantorano PR completed. Thanks for sequential merge. |
Great, will test this one ASAP. |
Tested, seems to be working fine, good job! |
@@ -650,18 +650,12 @@ function parse_badwords($message, $options=array()) | |||
$badword['replacement'] = "*****"; | |||
} | |||
|
|||
if($badword['regex']) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The whole PR works as expected, however, I'm not sure this is the intended behavior. IMHO, a filter with Regex option turned off should replace things without using regexes; so, if you specify whatever123*
and Regex is off, it should replace the word literally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are doing regex with or without regex is on. If it is on we consider the declaration as regex and validate, then use (store), if it is off we create the regex pattern through new function and parse.
Hence turning regex off will generate a pattern for whatever123*
as whatever[^\s\n]*
and will surely catch whatever123
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Briefly tested that, and it doesn’t work. Even with regex turned off, it also replaces words containing the filtered word, which is wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I honestly am not getting the issue. Can you please state steps with what intended and what is happening?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, turns out I was testing in the wrong branch. It works as expected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ha ha, thanks for the merge :D
@effone - please check the last comment - abusing wordfilter by url tags, this will need a new issue and PR in future |
Noted. |
|
|
||
// Ensure we run the replacement enough times but not recursively (i.e. not while(preg_match..)) | ||
$message = preg_replace("#(^|\W)".$badword['badword']."(?=\W|$)#i", '\1'.$badword['replacement'], $message); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed boundaries for words make the new implementation filter strings that are part of longer words
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't get what you say here.
Edit: Nvm. #3399
} | ||
|
||
// Neutralize multiple adjacent wildcards and generate pattern | ||
$ptrn = array('/[\*]{1}[\+]+/', '/[\+]+[\*]{1}/', '/[\*]+/'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
patterns like [\*]{1}
can be simply written as \*
Except that would be nice to open a new issue - bad filter ignores words placed between url tags etc. So it canbe abused easily. |
* Bad word filter - extended refinement #3353 (comment) #3353 (comment) * Ungroup single special character
[Rebased for 1.9 by Laird] * Bad word filter - extended refinement mybb#3353 (comment) mybb#3353 (comment) * Ungroup single special character
Attempt to fix #3262
Implemented effective usage of
*
and+
Note: This is gonna break all the pre-defined bad word filters. Its is required to describe in release note to redefine bad word filters as per the new rule after applying this patch.
Edit:
Here is a draft md that can be included in release notes.
https://github.com/effone/misc.drafts/blob/master/badword.md