Author: Nikita Popov (nikic)
Date: 2022-03-05T18:16:40+01:00
Commit:
https://github.com/php/web-bugs/commit/d50077c25477efe02fd0647ac81ae89c8c14848e
Raw diff:
https://github.com/php/web-bugs/commit/d50077c25477efe02fd0647ac81ae89c8c14848e.diff
Only allow links to php.net and github.com
Activity on bugs.php.net is pretty much down to link spam now.
Fight it by only allowing php.net and github.com links.
Changed paths:
M include/functions.php
M www/bug.php
M www/report.php
Diff:
diff --git a/include/functions.php b/include/functions.php
index d9e0dc67..9b37d60b 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -195,10 +195,12 @@ function is_spam($string)
return false;
}
- $count = substr_count(strtolower($string), 'http://')
- + substr_count(strtolower($string), 'https://');
- if ($count > 5) {
- return true;
+ if (preg_match_all('/https?:\/\/(\S+)/', $string, $matches)) {
+ foreach ($matches[1] as $match) {
+ if (strpos($match, 'php.net') === false && strpos($match,
'github.com') === false) {
+ return "Due to large amounts of spam, only links to php.net
and github.com (including subdomains like gist.github.com) are allowed.";
+ }
+ }
}
$keywords = [
@@ -245,7 +247,7 @@ function is_spam($string)
];
if (preg_match('/\b('. implode('|', $keywords) . ')\b/i', $string)) {
- return true;
+ return "Comment contains spam word, consider rewording.";
}
return false;
diff --git a/www/bug.php b/www/bug.php
index 433b5d5f..aa90dbed 100644
--- a/www/bug.php
+++ b/www/bug.php
@@ -19,7 +19,6 @@
$obsoletePatchRepository = $container->get(ObsoletePatchRepository::class);
$patchRepository = $container->get(PatchRepository::class);
-define('SPAM_REJECT_MESSAGE', 'Your comment looks like SPAM by its content.
Please consider rewording.');
$email = null;
// Handle preview
@@ -224,8 +223,8 @@
}
// primitive spam detection
- if (is_spam($ncomment)) {
- $errors[] = SPAM_REJECT_MESSAGE;
+ if ($message = is_spam($ncomment)) {
+ $errors[] = $message;
}
if (is_spam($_POST['in']['commentemail'])) {
$errors[] = "Please do not SPAM our bug system.";
@@ -264,8 +263,8 @@
$ncomment = trim($_POST['ncomment']);
// primitive spam detection
- if (is_spam($ncomment)) {
- $errors[] = SPAM_REJECT_MESSAGE;
+ if ($message = is_spam($ncomment)) {
+ $errors[] = $message;
}
$from = $_POST['in']['commentemail'];
@@ -317,8 +316,8 @@
}
// primitive spam detection
- if ($ncomment && is_spam($ncomment)) {
- $errors[] = SPAM_REJECT_MESSAGE;
+ if ($ncomment && $message = is_spam($ncomment)) {
+ $errors[] = $message;
}
if (!empty($_POST['in']['email']) &&
@@ -388,8 +387,8 @@
$from = isset($_POST['in']['commentemail']) ? $_POST['in']['commentemail']
: '';
// primitive spam detection
- if (is_spam($ncomment)) {
- $errors[] = SPAM_REJECT_MESSAGE;
+ if ($message = is_spam($ncomment)) {
+ $errors[] = $message;
}
if (is_spam_user($from)) {
$errors[] = "Please do not SPAM our bug system.";
@@ -417,8 +416,8 @@
}
// primitive spam detection
- if ($ncomment && is_spam($ncomment)) {
- $errors[] = SPAM_REJECT_MESSAGE;
+ if ($ncomment && $message = is_spam($ncomment)) {
+ $errors[] = $message;
}
// Just trusted dev can set CVE-ID
diff --git a/www/report.php b/www/report.php
index 2eacf66a..c42e2876 100644
--- a/www/report.php
+++ b/www/report.php
@@ -52,10 +52,10 @@
} elseif ($_POST['captcha'] != $_SESSION['answer']) {
$errors[] = 'Incorrect Captcha';
}
- if (is_spam($_POST['in']['ldesc']) ||
- is_spam($_POST['in']['expres']) ||
- is_spam($_POST['in']['repcode'])) {
- $errors[] = 'Spam detected';
+ if (($message = is_spam($_POST['in']['ldesc'])) ||
+ ($message = is_spam($_POST['in']['expres'])) ||
+ ($message = is_spam($_POST['in']['repcode']))) {
+ $errors[] = $message;
}
}
--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
