prohibit using same anti-bot hashes across different boards/threads
This commit is contained in:
parent
368050852a
commit
cd30f3b0b9
@ -33,7 +33,8 @@ class Twig_Extensions_Extension_Tinyboard extends Twig_Extension
|
|||||||
public function getFunctions()
|
public function getFunctions()
|
||||||
{
|
{
|
||||||
return Array(
|
return Array(
|
||||||
'time' => new Twig_Filter_Function('time', array('needs_environment' => false))
|
'time' => new Twig_Filter_Function('time', array('needs_environment' => false)),
|
||||||
|
'createHiddenInputs' => new Twig_Filter_Function('createHiddenInputs', array('needs_environment' => false))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1048,9 +1048,16 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function createHiddenInputs() {
|
function createHiddenInputs($extra_salt = Array()) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
|
if(!empty($extra_salt)) {
|
||||||
|
// create a salted hash of the "extra salt"
|
||||||
|
$extra_salt = implode(':', $extra_salt);
|
||||||
|
} else {
|
||||||
|
$extra_salt = '';
|
||||||
|
}
|
||||||
|
|
||||||
$inputs = Array();
|
$inputs = Array();
|
||||||
|
|
||||||
shuffle($config['spam']['hidden_input_names']);
|
shuffle($config['spam']['hidden_input_names']);
|
||||||
@ -1139,7 +1146,7 @@
|
|||||||
$hash .= $config['cookies']['salt'];
|
$hash .= $config['cookies']['salt'];
|
||||||
|
|
||||||
// Use SHA1 for the hash
|
// Use SHA1 for the hash
|
||||||
$hash = sha1($hash);
|
$hash = sha1($hash . $extra_salt);
|
||||||
|
|
||||||
// Append it to the HTML
|
// Append it to the HTML
|
||||||
$content .= '<input type="hidden" name="hash" value="' . $hash . '" />';
|
$content .= '<input type="hidden" name="hash" value="' . $hash . '" />';
|
||||||
@ -1147,7 +1154,7 @@
|
|||||||
return $content;
|
return $content;
|
||||||
}
|
}
|
||||||
|
|
||||||
function checkSpam() {
|
function checkSpam($extra_salt = Array()) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
if(!isset($_POST['hash']))
|
if(!isset($_POST['hash']))
|
||||||
@ -1155,6 +1162,13 @@
|
|||||||
|
|
||||||
$hash = $_POST['hash'];
|
$hash = $_POST['hash'];
|
||||||
|
|
||||||
|
if(!empty($extra_salt)) {
|
||||||
|
// create a salted hash of the "extra salt"
|
||||||
|
$extra_salt = implode(':', $extra_salt);
|
||||||
|
} else {
|
||||||
|
$extra_salt = '';
|
||||||
|
}
|
||||||
|
|
||||||
// Reconsturct the $inputs array
|
// Reconsturct the $inputs array
|
||||||
$inputs = Array();
|
$inputs = Array();
|
||||||
|
|
||||||
@ -1179,7 +1193,7 @@
|
|||||||
$_hash .= $config['cookies']['salt'];
|
$_hash .= $config['cookies']['salt'];
|
||||||
|
|
||||||
// Use SHA1 for the hash
|
// Use SHA1 for the hash
|
||||||
$_hash = sha1($_hash);
|
$_hash = sha1($_hash . $extra_salt);
|
||||||
|
|
||||||
return $hash != $_hash;
|
return $hash != $_hash;
|
||||||
}
|
}
|
||||||
@ -1197,7 +1211,6 @@
|
|||||||
$content['pages'] = $pages;
|
$content['pages'] = $pages;
|
||||||
$content['pages'][$page-1]['selected'] = true;
|
$content['pages'][$page-1]['selected'] = true;
|
||||||
$content['btn'] = getPageButtons($content['pages']);
|
$content['btn'] = getPageButtons($content['pages']);
|
||||||
$content['hidden_inputs'] = createHiddenInputs();
|
|
||||||
file_write($filename, Element('index.html', $content));
|
file_write($filename, Element('index.html', $content));
|
||||||
|
|
||||||
if(isset($md5) && $md5 == md5_file($filename)) {
|
if(isset($md5) && $md5 == md5_file($filename)) {
|
||||||
@ -1460,7 +1473,6 @@
|
|||||||
'id' => $id,
|
'id' => $id,
|
||||||
'mod' => $mod,
|
'mod' => $mod,
|
||||||
'boardlist' => createBoardlist($mod),
|
'boardlist' => createBoardlist($mod),
|
||||||
'hidden_inputs' => $content['hidden_inputs'] = createHiddenInputs(),
|
|
||||||
'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['uri'] . '/' . $config['file_index'])
|
'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['uri'] . '/' . $config['file_index'])
|
||||||
));
|
));
|
||||||
|
|
||||||
|
1
mod.php
1
mod.php
@ -1954,7 +1954,6 @@
|
|||||||
$page['pages'] = getPages(true);
|
$page['pages'] = getPages(true);
|
||||||
$page['pages'][$page_no-1]['selected'] = true;
|
$page['pages'][$page_no-1]['selected'] = true;
|
||||||
$page['btn'] = getPageButtons($page['pages'], true);
|
$page['btn'] = getPageButtons($page['pages'], true);
|
||||||
$page['hidden_inputs'] = createHiddenInputs();
|
|
||||||
$page['mod'] = true;
|
$page['mod'] = true;
|
||||||
|
|
||||||
echo Element('index.html', $page);
|
echo Element('index.html', $page);
|
||||||
|
16
post.php
16
post.php
@ -197,7 +197,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(checkSpam())
|
if(checkSpam(Array($board['uri'], isset($post['thread']) ? $post['thread'] : null)))
|
||||||
error($config['error']['spam']);
|
error($config['error']['spam']);
|
||||||
|
|
||||||
if($config['robot_enable'] && $config['robot_mute']) {
|
if($config['robot_enable'] && $config['robot_mute']) {
|
||||||
@ -250,7 +250,7 @@
|
|||||||
error($config['error']['noimage']);
|
error($config['error']['noimage']);
|
||||||
}
|
}
|
||||||
|
|
||||||
$post['name'] = (!empty($_POST['name'])?$_POST['name']:$config['anonymous']);
|
$post['name'] = !empty($_POST['name']) ? $_POST['name'] : $config['anonymous'];
|
||||||
$post['subject'] = $_POST['subject'];
|
$post['subject'] = $_POST['subject'];
|
||||||
$post['email'] = utf8tohtml($_POST['email']);
|
$post['email'] = utf8tohtml($_POST['email']);
|
||||||
$post['body'] = $_POST['body'];
|
$post['body'] = $_POST['body'];
|
||||||
@ -306,7 +306,7 @@
|
|||||||
if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
|
if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
|
||||||
if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) {
|
if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) {
|
||||||
$post['capcode'] = utf8tohtml($match[3]);
|
$post['capcode'] = utf8tohtml($match[3]);
|
||||||
$post['name'] = !empty($match[2])?$match[2]:$config['anonymous'];
|
$post['name'] = !empty($match[2]) ? $match[2] : $config['anonymous'];
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$post['capcode'] = false;
|
$post['capcode'] = false;
|
||||||
@ -314,7 +314,7 @@
|
|||||||
|
|
||||||
$trip = generate_tripcode($post['name']);
|
$trip = generate_tripcode($post['name']);
|
||||||
$post['name'] = $trip[0];
|
$post['name'] = $trip[0];
|
||||||
$post['trip'] = (isset($trip[1])?$trip[1]:'');
|
$post['trip'] = isset($trip[1]) ? $trip[1] : '';
|
||||||
|
|
||||||
if(strtolower($post['email']) == 'noko') {
|
if(strtolower($post['email']) == 'noko') {
|
||||||
$noko = true;
|
$noko = true;
|
||||||
@ -583,7 +583,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
buildThread(($OP?$id:$post['thread']));
|
buildThread($OP ? $id : $post['thread']);
|
||||||
|
|
||||||
if(!$OP && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) {
|
if(!$OP && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) {
|
||||||
bumpThread($post['thread']);
|
bumpThread($post['thread']);
|
||||||
@ -603,20 +603,20 @@
|
|||||||
// Tell it to delete the cached post for referer
|
// Tell it to delete the cached post for referer
|
||||||
$js->{$_SERVER['HTTP_REFERER']} = true;
|
$js->{$_SERVER['HTTP_REFERER']} = true;
|
||||||
// Encode and set cookie
|
// Encode and set cookie
|
||||||
setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, false);
|
setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
|
$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
|
||||||
|
|
||||||
if($config['always_noko'] || $noko) {
|
if($config['always_noko'] || $noko) {
|
||||||
$redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP?$id:$post['thread']) . (!$OP?'#'.$id:'');
|
$redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP ? $id:$post['thread']) . (!$OP ? '#' . $id : '');
|
||||||
} else {
|
} else {
|
||||||
$redirect = $root . $board['dir'] . $config['file_index'];
|
$redirect = $root . $board['dir'] . $config['file_index'];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if($config['syslog'])
|
if($config['syslog'])
|
||||||
_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP?$id:$post['thread']) . (!$OP?'#'.$id:''));
|
_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP?$id:$post['thread']) . (!$OP ? '#' . $id : ''));
|
||||||
|
|
||||||
rebuildThemes('post');
|
rebuildThemes('post');
|
||||||
header('Location: ' . $redirect, true, $config['redirect_http']);
|
header('Location: ' . $redirect, true, $config['redirect_http']);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
<form name="post" onsubmit="return dopost(this);" enctype="multipart/form-data" action="{{ config.post_url }}" method="post">
|
<form name="post" onsubmit="return dopost(this);" enctype="multipart/form-data" action="{{ config.post_url }}" method="post">
|
||||||
{{ hidden_inputs }}
|
{{ createHiddenInputs([board.uri, id]) }}
|
||||||
{% if id %}<input type="hidden" name="thread" value="{{ id }}" />{% endif %}
|
{% if id %}<input type="hidden" name="thread" value="{{ id }}" />{% endif %}
|
||||||
<input type="hidden" name="board" value="{{ board.uri }}" />
|
<input type="hidden" name="board" value="{{ board.uri }}" />
|
||||||
{% if mod %}<input type="hidden" name="mod" value="1" />{% endif %}
|
{% if mod %}<input type="hidden" name="mod" value="1" />{% endif %}
|
||||||
|
Loading…
Reference in New Issue
Block a user