[pLog-svn] r3927 - in plugins/trunk/validatetrackback: .
class/security
pwestbro at devel.lifetype.net
pwestbro at devel.lifetype.net
Sat Sep 2 22:17:46 GMT 2006
Author: pwestbro
Date: 2006-09-02 22:17:45 +0000 (Sat, 02 Sep 2006)
New Revision: 3927
Added:
plugins/trunk/validatetrackback/class/security/validatetrackbackfilter.class.php
Modified:
plugins/trunk/validatetrackback/pluginvalidatetrackback.class.php
Log:
Fixed bug 1027
Changed the validate trackback plugin to use a pipeline filter to check trackbacks
Added: plugins/trunk/validatetrackback/class/security/validatetrackbackfilter.class.php
===================================================================
--- plugins/trunk/validatetrackback/class/security/validatetrackbackfilter.class.php 2006-09-02 18:56:34 UTC (rev 3926)
+++ plugins/trunk/validatetrackback/class/security/validatetrackbackfilter.class.php 2006-09-02 22:17:45 UTC (rev 3927)
@@ -0,0 +1,171 @@
+<?php
+
+ /*
+ Copyright 2006 Paul Westbrook (paul at westbrooks.org)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+ include_once( PLOG_CLASS_PATH."class/security/pipelinefilter.class.php" );
+
+
+ // custom error code that will be returned to the pipeline whenever an
+ // error is found... Be careful so as to not to have two different modules
+ // use the same code!!
+ define( "VALIDATE_TRACKBACK_SPAM", 850 );
+
+ class ValidateTrackbackFilter extends PipelineFilter
+ {
+
+ function ValidateTrackbackFilter( $pipelineRequest )
+ {
+ $this->PipelineFilter( $pipelineRequest );
+ }
+
+ function filter()
+ {
+ // get some info
+ $blogInfo = $this->_pipelineRequest->getBlogInfo();
+ $request = $this->_pipelineRequest->getHttpRequest();
+
+ // check if this section has been enabled or disabled
+ $blogSettings = $blogInfo->getSettings();
+ $pluginEnabled = $blogSettings->getValue( "plugin_validatetrackback_enabled" );
+ if( !$pluginEnabled) {
+ // if not, nothing to do here...
+ //_debug("ip address filter not enabled! quitting...<br/>");
+ return new PipelineResult();
+ }
+
+ // we only have to filter the contents if the user is posting a comment
+ // so there's no point in doing anything else if that's not the case
+ if(( $request->getValue( "op" ) != "AddTrackback" )) {
+ $result = new PipelineResult();
+ return $result;
+ }
+
+ // if this is already rejected, there is no reason to do anything here
+ if ( $this->_pipelineRequest->getRejectedState() )
+ return new PipelineResult();
+
+ // text and topic of the comment/trackback
+ $commentText = $request->getValue( "excerpt" );
+ $commentTopic = $request->getValue( "title" );
+ $articleId = $request->getValue( "id" );
+ $userName = $request->getValue( "blog_name" );
+ $userUrl = $request->getValue( "url" );
+
+
+ if ( $blogSettings->getValue( "plugin_validatetrackback_dns_enabled" ) ) {
+ include_once( PLOG_CLASS_PATH."plugins/validatetrackback/class/security/dnsantispamfilter.class.php" );
+
+ // First check to see if the ip address is listed in black lists
+ $clientInfo = new Client();
+
+ $clientIpAddress = $clientInfo->getIp();
+
+ $fTrackBackValid =
+ ValidateTrackbackDNSAntiSpamFilter::checkClientIP( $clientIpAddress );
+
+ if( ! $fTrackBackValid ) {
+ $this->trackbackLog( "Validate Trackback: The ip address ".$clientIpAddress.
+ " disallowed" );
+ $locale = $blogInfo->getLocale();
+ $result = new PipelineResult( false, VALIDATE_TRACKBACK_SPAM, $locale->tr("error_comment_spam_throw_away") );
+ return $result;
+ }
+ // If the client ip address is OK, check the url
+
+ $url = TextFilter::htmlDecode( $userUrl );
+
+ $fTrackBackValid =
+ ValidateTrackbackDNSAntiSpamFilter::checkTrackbackURL( $url );
+
+ if( ! $fTrackBackValid ) {
+ $this->trackbackLog( "Validate Trackback: The url ".$url.
+ " disallowed" );
+ $locale = $blogInfo->getLocale();
+ $result = new PipelineResult( false, VALIDATE_TRACKBACK_SPAM, $locale->tr("error_comment_spam_throw_away") );
+ return $result;
+ }
+ }
+
+
+ if ( $blogSettings->getValue( "plugin_validatetrackback_trackback_enabled" ) ) {
+ // Get the page
+ $url = TextFilter::htmlDecode( $userUrl );
+ $page = $this->fetchPage( $url );
+
+ // Get the trackback client
+ include_once( PLOG_CLASS_PATH."class/dao/trackbackclient.class.php" );
+ $tbClient = new TrackbackClient();
+ // get the trackback url
+ $tbLinks = $tbClient->getTrackbackLinks( $page, $url );
+ if( empty( $tbLinks)) {
+ // there were no trackback links in the page
+ $this->trackbackLog( "Validate Trackback: No trackback urls on resulting page" );
+ $locale = $blogInfo->getLocale();
+ $result = new PipelineResult( false, VALIDATE_TRACKBACK_SPAM, $locale->tr("error_comment_spam_throw_away") );
+ return $result;
+ }
+ }
+
+ // if everything went fine, we can say so by returning
+ // a positive PipelineResult object
+ $result = new PipelineResult( true );
+
+ return $result;
+ }
+
+ /**
+ * Fetches a page from the given url.
+ *
+ * @param url The url with the page we would like to fetch.
+ * @return Returns a string with the contents of the page or an empty string if the page
+ * could not be fetched.
+ */
+ function fetchPage( $url )
+ {
+ include_once( PLOG_CLASS_PATH."class/net/http/httpclient.class.php" );
+ $s = new HttpClient();
+
+ // Set the time out to 15 seconds. We don't want this web server
+ // thread waiting a long time as it could cause a DoS with enough
+ // trackbacks
+ $s->read_timeout = 15;
+
+ $result = $s->fetch( $url );
+
+ if( !$result ) {
+ if($s->timed_out)
+ {
+ //print("timed out!!!");
+ }
+ return "";
+ }
+ else
+ return $s->results;
+ }
+
+ function trackbackLog( $message )
+ {
+ $logger =& LoggerManager::getLogger( "trackback" );
+ $logger->debug( $message );
+ }
+
+
+ }
+
+?>
Modified: plugins/trunk/validatetrackback/pluginvalidatetrackback.class.php
===================================================================
--- plugins/trunk/validatetrackback/pluginvalidatetrackback.class.php 2006-09-02 18:56:34 UTC (rev 3926)
+++ plugins/trunk/validatetrackback/pluginvalidatetrackback.class.php 2006-09-02 22:17:45 UTC (rev 3927)
@@ -1,6 +1,26 @@
<?php
+ /*
+ Copyright 2006 Paul Westbrook (paul at westbrooks.org)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+
include_once( PLOG_CLASS_PATH."class/plugin/pluginbase.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/validatetrackback/class/security/validatetrackbackfilter.class.php" );
/**
* implements moderation of comments
@@ -26,8 +46,7 @@
*/
function init()
{
- // register the events we want
- $this->registerNotification( EVENT_POST_TRACKBACK_ADD );
+ $this->registerFilter( "ValidateTrackbackFilter" );
// register an action that will allow users to see which comments have not been
// accepted yet
@@ -51,131 +70,5 @@
{
return $this->pluginEnabled;
}
-
- /**
- * process the events that we have registered
- *
- * @see PluginBase::process
- * @see PluginManager
- */
- function process( $eventType, $params )
- {
- // make sure we're processing the right event!
- if( $eventType != EVENT_POST_TRACKBACK_ADD )
- return true;
-
- // do nothing if the plugin is not enabled!
- $blogSettings = $this->blogInfo->getSettings();
- if( !$blogSettings->getValue( "plugin_validatetrackback_enabled" ))
- return true;
-
- // change the stauts of the comment, as is easy as it seems...
- $trackback = $params["trackback"];
- $this->Validate( $trackback );
-
- return true;
- }
-
- /**
- * Fetches a page from the given url.
- *
- * @param url The url with the page we would like to fetch.
- * @return Returns a string with the contents of the page or an empty string if the page
- * could not be fetched.
- */
- function fetchPage( $url )
- {
- include_once( PLOG_CLASS_PATH."class/net/http/httpclient.class.php" );
- $s = new HttpClient();
-
- // Set the time out to 15 seconds. We don't want this web server
- // thread waiting a long time as it could cause a DoS with enough
- // trackbacks
- $s->read_timeout = 15;
-
- $result = $s->fetch( $url );
-
- if( !$result ) {
- if($s->timed_out)
- {
- //print("timed out!!!");
- }
- return "";
- }
- else
- return $s->results;
- }
-
- function Validate( $trackback )
- {
- $fTrackBackValid = true;
- $blogSettings = $this->blogInfo->getSettings();
-
- if ( $blogSettings->getValue( "plugin_validatetrackback_dns_enabled" ) ) {
- include_once( PLOG_CLASS_PATH."plugins/validatetrackback/class/security/dnsantispamfilter.class.php" );
- // First check to see if the ip address is listed in black lists
- $clientInfo = new Client();
-
- $clientIpAddress = $clientInfo->getIp();
-
- $fTrackBackValid =
- ValidateTrackbackDNSAntiSpamFilter::checkClientIP( $clientIpAddress );
-
- if( ! $fTrackBackValid ) {
- $this->trackbackLog( "Validate Trackback: The ip address ".$clientIpAddress.
- " disallowed" );
- }
- // If the client ip address is OK, check the url
- if ( $fTrackBackValid ) {
- $url = TextFilter::htmlDecode( $trackback->_userUrl );
-
- $fTrackBackValid =
- ValidateTrackbackDNSAntiSpamFilter::checkTrackbackURL( $url );
-
- if( ! $fTrackBackValid ) {
- $this->trackbackLog( "Validate Trackback: The url ".$url.
- " disallowed" );
- }
- }
- }
-
-
- if ( $fTrackBackValid &&
- $blogSettings->getValue( "plugin_validatetrackback_trackback_enabled" ) ) {
- // Get the page
- $url = TextFilter::htmlDecode( $trackback->_userUrl );
- $page = $this->fetchPage( $url );
-
- // Get the trackback client
- include_once( PLOG_CLASS_PATH."class/dao/trackbackclient.class.php" );
- $tbClient = new TrackbackClient();
- // get the trackback url
- $tbLinks = $tbClient->getTrackbackLinks( $page, $url );
- if( empty( $tbLinks)) {
- // there were no trackback links in the page
- $fTrackBackValid = false;
-
- if( ! $fTrackBackValid ) {
- $this->trackbackLog( "Validate Trackback: No trackback urls on resulting page" );
- }
- }
- }
-
- if ( !$fTrackBackValid ) {
- // Trackback is not valid
- // Delete this trackback
- include_once( PLOG_CLASS_PATH."class/dao/trackbacks.class.php" );
- $trackbacks = new Trackbacks();
-
- $trackbacks->deleteTrackback( $trackback->_id );
- //print("Error: trackback unavailable<br/>");
- }
- }
-
- function trackbackLog( $message )
- {
- $logger =& LoggerManager::getLogger( "trackback" );
- $logger->debug( $message );
- }
}
?>
\ No newline at end of file
More information about the pLog-svn
mailing list