Referer checking; more descriptive error message
This commit is contained in:
parent
55743a7705
commit
67b954924b
@ -132,10 +132,11 @@
|
||||
|
||||
// For development purposes. Turns 'display_errors' on. Not recommended for production.
|
||||
$config['verbose_errors'] = true;
|
||||
|
||||
|
||||
// Error messages
|
||||
$config['error']['lurk'] = 'Lurk some more before posting.';
|
||||
$config['error']['bot'] = 'You look like a bot.';
|
||||
$config['error']['referer'] = 'Your browser sent an invalid or no HTTP referer.';
|
||||
$config['error']['toolong'] = 'The %s field was too long.';
|
||||
$config['error']['toolong_body'] = 'The body was too long.';
|
||||
$config['error']['tooshort_body'] = 'The body was too short or empty.';
|
||||
|
@ -31,23 +31,21 @@
|
||||
if(!isset($config['post_url']))
|
||||
$config['post_url'] = $config['root'] . $config['file_post'];
|
||||
|
||||
if(!isset($config['url_match']))
|
||||
$config['url_match'] = '/^' .
|
||||
if(!isset($config['referer_match']))
|
||||
$config['referer_match'] = '/^' .
|
||||
(preg_match($config['url_regex'], $config['root']) ? '' :
|
||||
(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http') .
|
||||
':\/\/'.$_SERVER['HTTP_HOST']) .
|
||||
preg_quote($config['root'], '/') .
|
||||
'(' .
|
||||
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
|
||||
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
|
||||
'(' . preg_quote($config['file_index'], '/') . ')?' .
|
||||
'|' .
|
||||
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
|
||||
preg_quote($config['file_index'], '/') .
|
||||
'|' .
|
||||
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
|
||||
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
|
||||
preg_quote($config['dir']['res'], '/') .
|
||||
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
|
||||
'|' .
|
||||
preg_quote($config['file_mod'], '/') .
|
||||
'\?\/.+' .
|
||||
preg_quote($config['file_mod'], '/') . '\?\/.+' .
|
||||
')$/i';
|
||||
|
||||
if(!isset($config['cookies']['path']))
|
||||
@ -240,7 +238,7 @@
|
||||
|
||||
function purge($uri) {
|
||||
global $config, $debug;
|
||||
if(preg_match($config['url_match'], $config['root'])) {
|
||||
if(preg_match($config['referer_match'], $config['root'])) {
|
||||
$uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri;
|
||||
} else {
|
||||
$uri = $config['root'] . $uri;
|
||||
|
5
post.php
5
post.php
@ -151,9 +151,8 @@
|
||||
error($config['error']['bot']);
|
||||
|
||||
// Check the referrer
|
||||
if($OP) {
|
||||
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['url_match'], $_SERVER['HTTP_REFERER'])) error($config['error']['bot']);
|
||||
}
|
||||
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
|
||||
error($config['error']['referer']);
|
||||
|
||||
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
|
||||
// Find another anti-spam method.
|
||||
|
Loading…
Reference in New Issue
Block a user