From 9975cf75d3ab3bce56874a6c7810640f0e9f1e3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=9C=E6=81=92?= <2323333339@qq.com>
Date: Tue, 16 Mar 2021 10:55:03 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
core/factory.php | 29 +++++++++++++++++++----------
core/function.php | 2 +-
core/parse.php | 39 +++++++++++++++++++++++++++++++++------
functions.php | 4 ++--
package.json | 2 +-
5 files changed, 56 insertions(+), 20 deletions(-)
diff --git a/core/factory.php b/core/factory.php
index c9de6e6..2e0fcff 100644
--- a/core/factory.php
+++ b/core/factory.php
@@ -5,18 +5,27 @@ class Intercept
{
public static function message($comment)
{
- /* 判断评论内容是否包含敏感词 */
- if (Helper::options()->JSensitiveWords) {
- if (_checkSensitiveWords(Helper::options()->JSensitiveWords, $comment['text'])) {
- throw new Typecho_Widget_Exception("评论内容包含敏感词汇!", 403);
- }
- }
- /* 判断评论是否至少包含一个中文 */
- if (Helper::options()->JLimitOneChinese === "on") {
- if (!preg_match("/\{!\{.{0,}/", $comment['text']) && preg_match("/[\x{4e00}-\x{9fa5}]/u", $comment['text']) == 0) {
- throw new Typecho_Widget_Exception("评论至少包含一个中文!", 403);
+ /* 如果用户输入内容画图模式 */
+ if (preg_match('/\{!\{(.*)\}!\}/', $comment['text'], $matches)) {
+ /* 如果判断是否有双引号,如果有双引号,则禁止评论 */
+ if (strpos($matches[1], '"') !== false || _checkXSS($matches[1])) {
+ $comment['status'] = 'waiting';
+ }
+ } else {
+ /* 判断评论内容是否包含敏感词 */
+ if (Helper::options()->JSensitiveWords) {
+ if (_checkSensitiveWords(Helper::options()->JSensitiveWords, $comment['text'])) {
+ $comment['status'] = 'waiting';
+ }
+ }
+ /* 判断评论是否至少包含一个中文 */
+ if (Helper::options()->JLimitOneChinese === "on") {
+ if (preg_match("/[\x{4e00}-\x{9fa5}]/u", $comment['text']) == 0) {
+ $comment['status'] = 'waiting';
+ }
}
}
+ Typecho_Cookie::delete('__typecho_remember_text');
return $comment;
}
}
diff --git a/core/function.php b/core/function.php
index 4935464..351e88e 100644
--- a/core/function.php
+++ b/core/function.php
@@ -2,7 +2,7 @@
/* 获取主题当前版本号 */
function _getVersion()
{
- return "6.0.6";
+ return "6.0.7";
};
/* 判断是否是手机 */
diff --git a/core/parse.php b/core/parse.php
index 8566401..5427cc3 100644
--- a/core/parse.php
+++ b/core/parse.php
@@ -7,12 +7,39 @@ function _checkXSS($text)
{
$isXss = false;
$list = array(
- '([\x00-\x08,\x0b-\x0c,\x0e-\x19])', 'script', 'javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'embed', 'object', 'frame', 'layer', 'title', 'bgsound', 'onload', 'onunload', 'onchange', 'onsubmit', 'onreset', 'onselect', 'onblur', 'onfocus',
- 'onabort', 'onkeydown', 'onkeypress', 'onkeyup', 'onclick', 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onunload'
+ '/onabort/is',
+ '/onblur/is',
+ '/onchange/is',
+ '/onclick/is',
+ '/ondblclick/is',
+ '/onerror/is',
+ '/onfocus/is',
+ '/onkeydown/is',
+ '/onkeypress/is',
+ '/onkeyup/is',
+ '/onload/is',
+ '/onmousedown/is',
+ '/onmousemove/is',
+ '/onmouseout/is',
+ '/onmouseover/is',
+ '/onmouseup/is',
+ '/onreset/is',
+ '/onresize/is',
+ '/onselect/is',
+ '/onsubmit/is',
+ '/onunload/is',
+ '/eval/is',
+ '/ascript:/is',
+ '/style=/is',
+ '/width=/is',
+ '/width:/is',
+ '/height=/is',
+ '/height:/is',
+ '/src=/is',
);
if (strip_tags($text)) {
for ($i = 0; $i < count($list); $i++) {
- if (strpos($text, $list[$i]) !== false) {
+ if (preg_match($list[$i], $text) > 0) {
$isXss = true;
break;
}
@@ -30,7 +57,7 @@ function _parseCommentReply($text)
echo "该回复疑似异常,已被系统拦截!";
} else {
$text = _parseReply($text);
- echo preg_replace('/\{!{(.*?)\}!}/', '
', $text);
+ echo preg_replace('/\{!\{([^\"]*)\}!\}/', '', $text);
}
}
@@ -62,7 +89,7 @@ function _parseLeavingReply($text)
} else {
$text = strip_tags($text);
$text = _parseReply($text);
- echo preg_replace('/\{!\{(.*?)\}!\}/', '
', $text);
+ echo preg_replace('/\{!\{([^\"]*)\}!\}/', '', $text);
}
}
@@ -73,7 +100,7 @@ function _parseAsideReply($text, $type = true)
echo "该回复疑似异常,已被系统拦截!";
} else {
$text = strip_tags($text);
- $text = preg_replace('~{!{.*~', '# 图片回复', $text);
+ $text = preg_replace('/\{!\{([^\"]*)\}!\}/', '# 图片回复', $text);
if ($type) echo _parseReply($text);
else echo $text;
}
diff --git a/functions.php b/functions.php
index 3a916b1..fc7a321 100644
--- a/functions.php
+++ b/functions.php
@@ -822,7 +822,7 @@ function themeConfig($form)
NULL,
'你妈死了 || 傻逼 || 操你妈 || 射你妈一脸',
'评论敏感词(非必填)',
- '介绍:用于设置评论敏感词汇,如果用户评论包含这些词汇,则将会禁止评论
+ '介绍:用于设置评论敏感词汇,如果用户评论包含这些词汇,则将会把评论置为审核状态
例如:你妈死了 || 你妈炸了 || 我是你爹 || 你妈坟头冒烟 (多个使用 || 分隔开)'
);
$JSensitiveWords->setAttribute('class', 'joe_content joe_other');
@@ -833,7 +833,7 @@ function themeConfig($form)
array('off' => '关闭(默认)', 'on' => '开启'),
'off',
'是否开启评论至少包含一个中文',
- '介绍:开启后如果评论内容未包含一个中文,则将会禁止评论
+ '介绍:开启后如果评论内容未包含一个中文,则将会把评论置为审核状态
其他:用于屏蔽国外机器人刷的全英文垃圾广告信息'
);
$JLimitOneChinese->setAttribute('class', 'joe_content joe_other');
diff --git a/package.json b/package.json
index e312870..7b64743 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "typecho-joe-next",
- "version": "6.0.6",
+ "version": "6.0.7",
"description": "A Theme Of Typecho",
"main": "index.php",
"keywords": [