Referer checking; more descriptive error message

This commit is contained in:
Savetheinternet 2011-10-03 18:38:19 +11:00
parent 55743a7705
commit 67b954924b
3 changed files with 12 additions and 14 deletions

View File

@ -132,10 +132,11 @@
// For development purposes. Turns 'display_errors' on. Not recommended for production. // For development purposes. Turns 'display_errors' on. Not recommended for production.
$config['verbose_errors'] = true; $config['verbose_errors'] = true;
// Error messages // Error messages
$config['error']['lurk'] = 'Lurk some more before posting.'; $config['error']['lurk'] = 'Lurk some more before posting.';
$config['error']['bot'] = 'You look like a bot.'; $config['error']['bot'] = 'You look like a bot.';
$config['error']['referer'] = 'Your browser sent an invalid or no HTTP referer.';
$config['error']['toolong'] = 'The %s field was too long.'; $config['error']['toolong'] = 'The %s field was too long.';
$config['error']['toolong_body'] = 'The body was too long.'; $config['error']['toolong_body'] = 'The body was too long.';
$config['error']['tooshort_body'] = 'The body was too short or empty.'; $config['error']['tooshort_body'] = 'The body was too short or empty.';

View File

@ -31,23 +31,21 @@
if(!isset($config['post_url'])) if(!isset($config['post_url']))
$config['post_url'] = $config['root'] . $config['file_post']; $config['post_url'] = $config['root'] . $config['file_post'];
if(!isset($config['url_match'])) if(!isset($config['referer_match']))
$config['url_match'] = '/^' . $config['referer_match'] = '/^' .
(preg_match($config['url_regex'], $config['root']) ? '' : (preg_match($config['url_regex'], $config['root']) ? '' :
(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http') . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http') .
':\/\/'.$_SERVER['HTTP_HOST']) . ':\/\/'.$_SERVER['HTTP_HOST']) .
preg_quote($config['root'], '/') . preg_quote($config['root'], '/') .
'(' . '(' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
'(' . preg_quote($config['file_index'], '/') . ')?' .
'|' . '|' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) . str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
preg_quote($config['file_index'], '/') . preg_quote($config['dir']['res'], '/') .
'|' .
str_replace('%s', '\w{1,8}', preg_quote($config['board_path'], '/')) .
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
'|' . '|' .
preg_quote($config['file_mod'], '/') . preg_quote($config['file_mod'], '/') . '\?\/.+' .
'\?\/.+' .
')$/i'; ')$/i';
if(!isset($config['cookies']['path'])) if(!isset($config['cookies']['path']))
@ -240,7 +238,7 @@
function purge($uri) { function purge($uri) {
global $config, $debug; global $config, $debug;
if(preg_match($config['url_match'], $config['root'])) { if(preg_match($config['referer_match'], $config['root'])) {
$uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri; $uri = (str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) == '/' ? '/' : str_replace('\\', '/', dirname($_SERVER['REQUEST_URI'])) . '/') . $uri;
} else { } else {
$uri = $config['root'] . $uri; $uri = $config['root'] . $uri;

View File

@ -151,9 +151,8 @@
error($config['error']['bot']); error($config['error']['bot']);
// Check the referrer // Check the referrer
if($OP) { if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['url_match'], $_SERVER['HTTP_REFERER'])) error($config['error']['bot']); error($config['error']['referer']);
}
// TODO: Since we're now using static HTML files, we can't give them cookies on their first page view // TODO: Since we're now using static HTML files, we can't give them cookies on their first page view
// Find another anti-spam method. // Find another anti-spam method.