更新
This commit is contained in:
parent
c6ba7de430
commit
9975cf75d3
@ -5,18 +5,27 @@ class Intercept
|
|||||||
{
|
{
|
||||||
public static function message($comment)
|
public static function message($comment)
|
||||||
{
|
{
|
||||||
|
/* 如果用户输入内容画图模式 */
|
||||||
|
if (preg_match('/\{!\{(.*)\}!\}/', $comment['text'], $matches)) {
|
||||||
|
/* 如果判断是否有双引号,如果有双引号,则禁止评论 */
|
||||||
|
if (strpos($matches[1], '"') !== false || _checkXSS($matches[1])) {
|
||||||
|
$comment['status'] = 'waiting';
|
||||||
|
}
|
||||||
|
} else {
|
||||||
/* 判断评论内容是否包含敏感词 */
|
/* 判断评论内容是否包含敏感词 */
|
||||||
if (Helper::options()->JSensitiveWords) {
|
if (Helper::options()->JSensitiveWords) {
|
||||||
if (_checkSensitiveWords(Helper::options()->JSensitiveWords, $comment['text'])) {
|
if (_checkSensitiveWords(Helper::options()->JSensitiveWords, $comment['text'])) {
|
||||||
throw new Typecho_Widget_Exception("评论内容包含敏感词汇!", 403);
|
$comment['status'] = 'waiting';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* 判断评论是否至少包含一个中文 */
|
/* 判断评论是否至少包含一个中文 */
|
||||||
if (Helper::options()->JLimitOneChinese === "on") {
|
if (Helper::options()->JLimitOneChinese === "on") {
|
||||||
if (!preg_match("/\{!\{.{0,}/", $comment['text']) && preg_match("/[\x{4e00}-\x{9fa5}]/u", $comment['text']) == 0) {
|
if (preg_match("/[\x{4e00}-\x{9fa5}]/u", $comment['text']) == 0) {
|
||||||
throw new Typecho_Widget_Exception("评论至少包含一个中文!", 403);
|
$comment['status'] = 'waiting';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
Typecho_Cookie::delete('__typecho_remember_text');
|
||||||
return $comment;
|
return $comment;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
/* 获取主题当前版本号 */
|
/* 获取主题当前版本号 */
|
||||||
function _getVersion()
|
function _getVersion()
|
||||||
{
|
{
|
||||||
return "6.0.6";
|
return "6.0.7";
|
||||||
};
|
};
|
||||||
|
|
||||||
/* 判断是否是手机 */
|
/* 判断是否是手机 */
|
||||||
|
@ -7,12 +7,39 @@ function _checkXSS($text)
|
|||||||
{
|
{
|
||||||
$isXss = false;
|
$isXss = false;
|
||||||
$list = array(
|
$list = array(
|
||||||
'([\x00-\x08,\x0b-\x0c,\x0e-\x19])', 'script', 'javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'embed', 'object', 'frame', 'layer', 'title', 'bgsound', 'onload', 'onunload', 'onchange', 'onsubmit', 'onreset', 'onselect', 'onblur', 'onfocus',
|
'/onabort/is',
|
||||||
'onabort', 'onkeydown', 'onkeypress', 'onkeyup', 'onclick', 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onunload'
|
'/onblur/is',
|
||||||
|
'/onchange/is',
|
||||||
|
'/onclick/is',
|
||||||
|
'/ondblclick/is',
|
||||||
|
'/onerror/is',
|
||||||
|
'/onfocus/is',
|
||||||
|
'/onkeydown/is',
|
||||||
|
'/onkeypress/is',
|
||||||
|
'/onkeyup/is',
|
||||||
|
'/onload/is',
|
||||||
|
'/onmousedown/is',
|
||||||
|
'/onmousemove/is',
|
||||||
|
'/onmouseout/is',
|
||||||
|
'/onmouseover/is',
|
||||||
|
'/onmouseup/is',
|
||||||
|
'/onreset/is',
|
||||||
|
'/onresize/is',
|
||||||
|
'/onselect/is',
|
||||||
|
'/onsubmit/is',
|
||||||
|
'/onunload/is',
|
||||||
|
'/eval/is',
|
||||||
|
'/ascript:/is',
|
||||||
|
'/style=/is',
|
||||||
|
'/width=/is',
|
||||||
|
'/width:/is',
|
||||||
|
'/height=/is',
|
||||||
|
'/height:/is',
|
||||||
|
'/src=/is',
|
||||||
);
|
);
|
||||||
if (strip_tags($text)) {
|
if (strip_tags($text)) {
|
||||||
for ($i = 0; $i < count($list); $i++) {
|
for ($i = 0; $i < count($list); $i++) {
|
||||||
if (strpos($text, $list[$i]) !== false) {
|
if (preg_match($list[$i], $text) > 0) {
|
||||||
$isXss = true;
|
$isXss = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -30,7 +57,7 @@ function _parseCommentReply($text)
|
|||||||
echo "该回复疑似异常,已被系统拦截!";
|
echo "该回复疑似异常,已被系统拦截!";
|
||||||
} else {
|
} else {
|
||||||
$text = _parseReply($text);
|
$text = _parseReply($text);
|
||||||
echo preg_replace('/\{!{(.*?)\}!}/', '<img class="lazyload draw_image" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="$1" onerror="javascript: this.src=\'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\';" alt="画图"/>', $text);
|
echo preg_replace('/\{!\{([^\"]*)\}!\}/', '<img class="lazyload draw_image" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="$1" onerror="javascript: this.src=\'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\';" alt="画图"/>', $text);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -62,7 +89,7 @@ function _parseLeavingReply($text)
|
|||||||
} else {
|
} else {
|
||||||
$text = strip_tags($text);
|
$text = strip_tags($text);
|
||||||
$text = _parseReply($text);
|
$text = _parseReply($text);
|
||||||
echo preg_replace('/\{!\{(.*?)\}!\}/', '<img class="draw_image" src="$1" alt="画图"/>', $text);
|
echo preg_replace('/\{!\{([^\"]*)\}!\}/', '<img class="draw_image" src="$1" alt="画图"/>', $text);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,7 +100,7 @@ function _parseAsideReply($text, $type = true)
|
|||||||
echo "该回复疑似异常,已被系统拦截!";
|
echo "该回复疑似异常,已被系统拦截!";
|
||||||
} else {
|
} else {
|
||||||
$text = strip_tags($text);
|
$text = strip_tags($text);
|
||||||
$text = preg_replace('~{!{.*~', '# 图片回复', $text);
|
$text = preg_replace('/\{!\{([^\"]*)\}!\}/', '# 图片回复', $text);
|
||||||
if ($type) echo _parseReply($text);
|
if ($type) echo _parseReply($text);
|
||||||
else echo $text;
|
else echo $text;
|
||||||
}
|
}
|
||||||
|
@ -822,7 +822,7 @@ function themeConfig($form)
|
|||||||
NULL,
|
NULL,
|
||||||
'你妈死了 || 傻逼 || 操你妈 || 射你妈一脸',
|
'你妈死了 || 傻逼 || 操你妈 || 射你妈一脸',
|
||||||
'评论敏感词(非必填)',
|
'评论敏感词(非必填)',
|
||||||
'介绍:用于设置评论敏感词汇,如果用户评论包含这些词汇,则将会禁止评论 <br />
|
'介绍:用于设置评论敏感词汇,如果用户评论包含这些词汇,则将会把评论置为审核状态 <br />
|
||||||
例如:你妈死了 || 你妈炸了 || 我是你爹 || 你妈坟头冒烟 (多个使用 || 分隔开)'
|
例如:你妈死了 || 你妈炸了 || 我是你爹 || 你妈坟头冒烟 (多个使用 || 分隔开)'
|
||||||
);
|
);
|
||||||
$JSensitiveWords->setAttribute('class', 'joe_content joe_other');
|
$JSensitiveWords->setAttribute('class', 'joe_content joe_other');
|
||||||
@ -833,7 +833,7 @@ function themeConfig($form)
|
|||||||
array('off' => '关闭(默认)', 'on' => '开启'),
|
array('off' => '关闭(默认)', 'on' => '开启'),
|
||||||
'off',
|
'off',
|
||||||
'是否开启评论至少包含一个中文',
|
'是否开启评论至少包含一个中文',
|
||||||
'介绍:开启后如果评论内容未包含一个中文,则将会禁止评论 <br />
|
'介绍:开启后如果评论内容未包含一个中文,则将会把评论置为审核状态 <br />
|
||||||
其他:用于屏蔽国外机器人刷的全英文垃圾广告信息'
|
其他:用于屏蔽国外机器人刷的全英文垃圾广告信息'
|
||||||
);
|
);
|
||||||
$JLimitOneChinese->setAttribute('class', 'joe_content joe_other');
|
$JLimitOneChinese->setAttribute('class', 'joe_content joe_other');
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "typecho-joe-next",
|
"name": "typecho-joe-next",
|
||||||
"version": "6.0.6",
|
"version": "6.0.7",
|
||||||
"description": "A Theme Of Typecho",
|
"description": "A Theme Of Typecho",
|
||||||
"main": "index.php",
|
"main": "index.php",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
|
Loading…
Reference in New Issue
Block a user