[pLog-svn] r6877 - in plugins/branches/lifetype-1.2/contact: . class/action
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Fri May 1 12:27:56 EDT 2009
Author: jondaley
Date: 2009-05-01 12:27:56 -0400 (Fri, 01 May 2009)
New Revision: 6877
Modified:
plugins/branches/lifetype-1.2/contact/class/action/contactpluginsendaction.class.php
plugins/branches/lifetype-1.2/contact/plugincontact.class.php
plugins/branches/lifetype-1.2/contact/readme.txt
Log:
use the security pipeline directly, instead of looking for each security plugin individually. Simplifies our code a ton, and will work with all plugins that are enabled on the system. move form code to a template so the user can customize it if he wants
Modified: plugins/branches/lifetype-1.2/contact/class/action/contactpluginsendaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/contact/class/action/contactpluginsendaction.class.php 2009-05-01 14:59:12 UTC (rev 6876)
+++ plugins/branches/lifetype-1.2/contact/class/action/contactpluginsendaction.class.php 2009-05-01 16:27:56 UTC (rev 6877)
@@ -5,6 +5,8 @@
lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/emailvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/mail/emailservice.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/allowedhtmlfilter.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/javascriptfilter.class.php" );
/**
* Checks the data and sends an email if everything validates
@@ -15,10 +17,14 @@
$this->BlogAction($actionInfo, $request);
$this->registerFieldValidator("userName", new StringValidator());
- $this->registerFieldValidator("userEmailAddress", new EmailValidator());
- $this->registerFieldValidator("contactTopic", new StringValidator());
- $this->registerFieldValidator("contactText", new StringValidator( true ));
+ $this->registerFieldValidator("userEmail", new EmailValidator());
+ $this->registerFieldValidator("commentTopic", new StringValidator());
+ $this->registerFieldValidator("commentText", new StringValidator( true ));
+ $f = new AllowedHtmlFilter();
+ $f->addFilter( new JavascriptFilter());
+ $this->_request->registerFilter( "commentText", $f );
+
$view = new ErrorView($this->_blogInfo);
$view->setErrorMessage($this->_locale->tr("plugin_contact_error_data"));
$this->setValidationErrorView($view);
@@ -43,8 +49,8 @@
$regexp = "/($bannedKeywords)/";
- $text = $this->_request->getValue("contactText");
- $subject = $this->_request->getValue("contactTopic");
+ $text = $this->_request->getValue("commentText");
+ $subject = $this->_request->getValue("commentTopic");
if(preg_match($regexp, $text) || preg_match($regexp, $subject)){
$this->_view = new ErrorView( $this->_blogInfo, $this->_locale->tr("plugin_contact_error_banned_keywords"));
@@ -57,9 +63,9 @@
function perform(){
$username = $this->_request->getValue("userName");
- $emailAddress = $this->_request->getValue("userEmailAddress");
- $text = $this->_request->getValue("contactText");
- $subject = $this->_request->getValue("contactTopic");
+ $emailAddress = $this->_request->getValue("userEmail");
+ $text = $this->_request->getValue("commentText");
+ $subject = $this->_request->getValue("commentTopic");
if($this->_checkSpam($username, $emailAddress, $text, $subject)){
$this->_view = new ErrorView($this->_blogInfo);
@@ -95,31 +101,19 @@
// copied from bayesianfilter::getSpamProbability since that function is marked
// as private
function _checkSpam($userName, $userEmail, $text, $topic){
- $config =& Config::getConfig();
- if($config->getValue("bayesian_filter_enabled")){
- lt_include( PLOG_CLASS_PATH."class/bayesian/bayesiantokenizer.class.php" );
- $tokenizer = new BayesianTokenizer();
+ // make a copy of the request so we can fake the filters into running
+ // during our action
+ $request = new Request($this->_request->getAsArray());
+ $request->setValue("op", "AddComment");
- $tokensTopic = $tokenizer->addContextMark(
- $tokenizer->tokenize($topic), TOKEN_TOPIC_MARK);
- $tokensText = $tokenizer->tokenize($text);
-
- $tokensUserName = $tokenizer->addContextMark(
- $tokenizer->tokenize($userName), TOKEN_USER_NAME_MARK);
- $tokensUserEmail = $tokenizer->addContextMark(
- $tokenizer->tokenize($userEmail), TOKEN_USER_EMAIL_MARK);
-
- $tokens = array_merge($tokensTopic, $tokensText,
- $tokensUserName, $tokensUserEmail);
- $significantTokens = BayesianFilter::_getMostSignificantTokens(
- $this->_blogInfo->getId(), $tokens);
-
- $spamicity = BayesianFilter::_getBayesProbability($significantTokens);
- if($spamicity >= $config->getValue("bayesian_filter_spam_probability_treshold"))
- return true;
- }
+ $pipeline = new Pipeline($request, $this->_blogInfo);
+ $result = $pipeline->process();
- // TODO: use auth image or hidden input?
+ // if the pipeline blocked the request, then we have
+ // to let the user know
+ if( !$result->isValid())
+ return true;
+
return false;
}
Modified: plugins/branches/lifetype-1.2/contact/plugincontact.class.php
===================================================================
--- plugins/branches/lifetype-1.2/contact/plugincontact.class.php 2009-05-01 14:59:12 UTC (rev 6876)
+++ plugins/branches/lifetype-1.2/contact/plugincontact.class.php 2009-05-01 16:27:56 UTC (rev 6877)
@@ -14,9 +14,9 @@
{
$this->PluginBase($source);
$this->id = "contact";
- $this->desc = "Allows visitors to submit a message to the blog owner (via email)";
+ $this->desc = "Allows visitors to submit a message to the blog owner (via email). To prevent spam, this plugin uses a keyword blacklist, the built-in bayesian filter, and authimage and hiddeninput if installed and enabled.";
$this->author = "Jon Daley";
- $this->version = "20090418";
+ $this->version = "20090501";
if( $source == "admin" )
$this->initAdmin();
@@ -47,27 +47,10 @@
return "";
$locale =& $this->blogInfo->getLocale();
-
- return "<div id='contact'>
-<form name='contactForm' method='post' action='{$this->blogInfo->getBlogRequestGenerator()->getIndexUrl()}'>
- <label for='userName'>{$locale->tr('plugin_contact_name')}: </label>
- <input type='text' name='userName' /><br/>
-
- <label for='userEmailAddress'>{$locale->tr('plugin_contact_email_address')}: </label>
- <input type='text' name='userEmailAddress' /><br/>
-
- <label for='contactTopic'>{$locale->tr('comment_topic')}: </label>
- <input type='text' name='contactTopic' /><br/>
-
- <label for='contactText'>{$locale->tr('comment_text')}: </label>
- <script type='text/javascript'>var ed1 = new Lifetype.UI.Editor('contactText','ed1');</script>
- <textarea rows='15' id='contactText' name='contactText' style='width:100%'></textarea><br/>
- <input type='hidden' name='op' value='pluginContactSendEmail' />
- <input type='hidden' name='blogId' value='{$this->blogInfo->getId()}' />
- <input type='submit' value='{$locale->tr('comment_send')}' />
-</form>
-</div>";
+ lt_include( PLOG_CLASS_PATH."class/view/plugintemplatedview.class.php" );
+ $view = new PluginTemplatedView($this->blogInfo, "contact", "form");
+ $view->render();
}
function getPluginConfigurationKeys(){
Modified: plugins/branches/lifetype-1.2/contact/readme.txt
===================================================================
--- plugins/branches/lifetype-1.2/contact/readme.txt 2009-05-01 14:59:12 UTC (rev 6876)
+++ plugins/branches/lifetype-1.2/contact/readme.txt 2009-05-01 16:27:56 UTC (rev 6877)
@@ -5,7 +5,8 @@
This plugin offers a method for visitors to privately contact blog
owners via form/email.
-It will use the bayesian filter if it is enabled.
+It will use the security pipeline to check for spam if it is enabled.
+This includes the bayesian filter, authimage, hiddeninput, etc.
Install:
1. Configure and enable the plugin in your LifeType control center
@@ -18,8 +19,4 @@
{/if}
-TODO:
- Can we use authimage and hiddeninput if they are installed?
-
-
More information about the pLog-svn
mailing list