Referer checking; more descriptive error message
This commit is contained in:
parent
55743a7705
commit
67b954924b
@ -132,10 +132,11 @@
|
|||||||
|
|
||||||
// For development purposes. Turns 'display_errors' on. Not recommended for production.
|
// For development purposes. Turns 'display_errors' on. Not recommended for production.
|
||||||
$config['verbose_errors'] = true;
|
$config['verbose_errors'] = true;
|
||||||
|
|
||||||
// Error messages
|
// Error messages
|
||||||
$config['error']['lurk'] = 'Lurk some more before posting.';
|
$config['error']['lurk'] = 'Lurk some more before posting.';
|
||||||
$config['error']['bot'] = 'You look like a bot.';
|
$config['error']['bot'] = 'You look like a bot.';
|
||||||
|
$config['error']['referer'] = 'Your browser sent an invalid or no HTTP referer.';
|
||||||
$config['error']['toolong'] = 'The %s field was too long.';
|
$config['error']['toolong'] = 'The %s field was too long.';
|
||||||
$config['error']['toolong_body'] = 'The body was too long.';
|
$config['error']['toolong_body'] = 'The body was too long.';
|
||||||
$config['error']['tooshort_body'] = 'The body was too short or empty.';
|
$config['error']['tooshort_body'] = 'The body was too short or empty.';
|
||||||
|
@ -31,23 +31,21 @@
|
|||||||
if(!isset($config['post_url']))
|
if(!isset($config['post_url']))
|
||||||
$config['post_url'] = $config['root'] . $config['file_post'];
|
$config['post_url'] = $config['root'] . $config['file_post'];
|
||||||
|
|
||||||
if(!isset($config['url_match']))
|
if(!isset($config['referer_match']))
|
||||||
$config['url_match'] = '/^' .
|
$config['referer_match'] = '/^' .
|
||||||
(preg_match($config['url_regex'], $config['root']) ? '' :
|
(preg_match($config['url_regex'], $config['root']) ? '' :
|
||||||
(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http') .
|
(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http') .
|
||||||
':\/\/'.$_SERVER['HTTP_HOST']) .
|
':\/\/'.$_SERVER['HTTP_HOST']) .
|
||||||
preg_quote($config['root'], '/') .
|
preg_quote($config['root'], '/') .
|
||||||
'(' .
|
'(' .
|
||||||
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
|
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
|
||||||
|
'(' . preg_quote($config['file_index'], '/') . ')?' .
|
||||||
'|' .
|
'|' .
|
||||||
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
|
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
|
||||||
preg_quote($config['file_index'], '/') .
|
preg_quote($config['dir']['res'], '/') .
|
||||||
'|' .
|
|
||||||
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
|
|
||||||
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
|
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
|
||||||
'|' .
|
'|' .
|
||||||
preg_quote($config['file_mod'], '/') .
|
preg_quote($config['file_mod'], '/') . '\?\/.+' .
|
||||||
'\?\/.+' .
|
|
||||||
')$/i';
|
')$/i';
|
||||||
|
|
||||||
if(!isset($config['cookies']['path']))
|
if(!isset($config['cookies']['path']))
|
||||||
@ -240,7 +238,7 @@
|
|||||||
|
|
||||||
function purge($uri) {
|
function purge($uri) {
|
||||||
global $config, $debug;
|
global $config, $debug;
|
||||||
if(preg_match($config['url_match'], $config['root'])) {
|
if(preg_match($config['referer_match'], $config['root'])) {
|
||||||
$uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri;
|
$uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri;
|
||||||
} else {
|
} else {
|
||||||
$uri = $config['root'] . $uri;
|
$uri = $config['root'] . $uri;
|
||||||
|
5
post.php
5
post.php
@ -151,9 +151,8 @@
|
|||||||
error($config['error']['bot']);
|
error($config['error']['bot']);
|
||||||
|
|
||||||
// Check the referrer
|
// Check the referrer
|
||||||
if($OP) {
|
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
|
||||||
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['url_match'], $_SERVER['HTTP_REFERER'])) error($config['error']['bot']);
|
error($config['error']['referer']);
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
|
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
|
||||||
// Find another anti-spam method.
|
// Find another anti-spam method.
|
||||||
|
Loading…
Reference in New Issue
Block a user