[ Index ]

PHP Cross Reference of BuddyPress

title

Body

[close]

/src/bp-core/ -> bp-core-moderation.php (source)

   1  <?php
   2  /**
   3   * BuddyPress Moderation Functions.
   4   *
   5   * @package BuddyPress
   6   * @subpackage Core
   7   * @since 1.6.0
   8   */
   9  
  10  // Exit if accessed directly.
  11  defined( 'ABSPATH' ) || exit;
  12  
  13  /** Moderation ****************************************************************/
  14  
  15  /**
  16   * Check for flooding.
  17   *
  18   * Check to make sure that a user is not making too many posts in a short amount
  19   * of time.
  20   *
  21   * @since 1.6.0
  22   *
  23   * @param int $user_id User id to check for flood.
  24   * @return bool True if there is no flooding, false if there is.
  25   */
  26  function bp_core_check_for_flood( $user_id = 0 ) {
  27  
  28      // Option disabled. No flood checks.
  29      if ( !$throttle_time = bp_get_option( '_bp_throttle_time' ) ) {
  30          return true;
  31      }
  32  
  33      // Bail if no user ID passed.
  34      if ( empty( $user_id ) ) {
  35          return false;
  36      }
  37  
  38      $last_posted = get_user_meta( $user_id, '_bp_last_posted', true );
  39      if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && !current_user_can( 'throttle' ) ) {
  40          return false;
  41      }
  42  
  43      return true;
  44  }
  45  
  46  /**
  47   * Check for moderation keys and too many links.
  48   *
  49   * @since 1.6.0
  50   * @since 2.6.0 Added $error_type parameter.
  51   *
  52   * @param int    $user_id    User ID.
  53   * @param string $title      The title of the content.
  54   * @param string $content    The content being posted.
  55   * @param string $error_type The error type to return. Either 'bool' or 'wp_error'.
  56   * @return bool|WP_Error True if test is passed, false if fail.
  57   */
  58  function bp_core_check_for_moderation( $user_id = 0, $title = '', $content = '', $error_type = 'bool' ) {
  59  
  60      /**
  61       * Filters whether or not to bypass checking for moderation keys and too many links.
  62       *
  63       * @since 2.2.0
  64       *
  65       * @param bool   $value   Whether or not to bypass checking. Default false.
  66       * @param int    $user_id Topic of reply author ID.
  67       * @param string $title   The title of the content.
  68       * @param string $content $the content being posted.
  69       */
  70      if ( apply_filters( 'bp_bypass_check_for_moderation', false, $user_id, $title, $content ) ) {
  71          return true;
  72      }
  73  
  74      // Bail if super admin is author.
  75      if ( is_super_admin( $user_id ) ) {
  76          return true;
  77      }
  78  
  79      // Define local variable(s).
  80      $_post     = array();
  81      $match_out = '';
  82  
  83      /** User Data ************************************************************
  84       */
  85  
  86      if ( ! empty( $user_id ) ) {
  87  
  88          // Get author data.
  89          $user = get_userdata( $user_id );
  90  
  91          // If data exists, map it.
  92          if ( ! empty( $user ) ) {
  93              $_post['author'] = $user->display_name;
  94              $_post['email']  = $user->user_email;
  95              $_post['url']    = $user->user_url;
  96          }
  97      }
  98  
  99      // Current user IP and user agent.
 100      $_post['user_ip'] = bp_core_current_user_ip();
 101      $_post['user_ua'] = bp_core_current_user_ua();
 102  
 103      // Post title and content.
 104      $_post['title']   = $title;
 105      $_post['content'] = $content;
 106  
 107      /** Max Links ************************************************************
 108       */
 109  
 110      $max_links = get_option( 'comment_max_links' );
 111      if ( ! empty( $max_links ) ) {
 112  
 113          // How many links?
 114          $num_links = preg_match_all( '/(http|ftp|https):\/\//i', $content, $match_out );
 115  
 116          // Allow for bumping the max to include the user's URL.
 117          if ( ! empty( $_post['url'] ) ) {
 118  
 119              /**
 120               * Filters the maximum amount of links allowed to include the user's URL.
 121               *
 122               * @since 1.6.0
 123               *
 124               * @param string $num_links How many links found.
 125               * @param string $value     User's url.
 126               */
 127              $num_links = apply_filters( 'comment_max_links_url', $num_links, $_post['url'] );
 128          }
 129  
 130          // Das ist zu viele links!
 131          if ( $num_links >= $max_links ) {
 132              if ( 'bool' === $error_type ) {
 133                  return false;
 134              } else {
 135                  return new WP_Error( 'bp_moderation_too_many_links', __( 'You have posted too many links', 'buddypress' ) );
 136              }
 137          }
 138      }
 139  
 140      /** Blacklist ************************************************************
 141       */
 142  
 143      // Get the moderation keys.
 144      $disallowed = trim( get_option( 'moderation_keys' ) );
 145  
 146      // Bail if list is empty.
 147      if ( ! empty( $disallowed ) ) {
 148  
 149          // Get words separated by new lines.
 150          $words = explode( "\n", $disallowed );
 151  
 152          // Loop through words.
 153          foreach ( (array) $words as $word ) {
 154  
 155              // Trim the whitespace from the word.
 156              $word = trim( $word );
 157  
 158              // Skip empty lines.
 159              if ( empty( $word ) ) {
 160                  continue;
 161              }
 162  
 163              // Do some escaping magic so that '#' chars in the
 164              // spam words don't break things.
 165              $word    = preg_quote( $word, '#' );
 166              $pattern = "#$word#i";
 167  
 168              // Loop through post data.
 169              foreach ( $_post as $post_data ) {
 170  
 171                  // Check each user data for current word.
 172                  if ( preg_match( $pattern, $post_data ) ) {
 173                      if ( 'bool' === $error_type ) {
 174                          return false;
 175                      } else {
 176                          return new WP_Error( 'bp_moderation_word_match', _x( 'You have posted an inappropriate word.', 'Comment moderation', 'buddypress' ) );
 177                      }
 178                  }
 179              }
 180          }
 181      }
 182  
 183      // Check passed successfully.
 184      return true;
 185  }
 186  
 187  /**
 188   * Check for blocked keys.
 189   *
 190   * @since 7.0.0
 191   *
 192   * @param int    $user_id    User ID.
 193   * @param string $title      The title of the content.
 194   * @param string $content    The content being posted.
 195   * @param string $error_type The error type to return. Either 'bool' or 'wp_error'.
 196   * @return bool|WP_Error True if test is passed, false if fail.
 197   */
 198  function bp_core_check_for_disallowed_keys( $user_id = 0, $title = '', $content = '', $error_type = 'bool' ) {
 199  
 200      /**
 201       * Filters whether or not to bypass checking for blocked keys.
 202       *
 203       * @since 2.2.0
 204       * @deprecated 7.0.0 Use 'bp_bypass_check_for_disallowed_keys' instead.
 205       *
 206       * @param bool   $value   Whether or not to bypass checking. Default false.
 207       * @param int    $user_id Topic of reply author ID.
 208       * @param string $title   The title of the content.
 209       * @param string $content $the content being posted.
 210       */
 211      if ( apply_filters_deprecated( 'bp_bypass_check_for_blacklist', array( false, $user_id, $title, $content ), '7.0.0', 'bp_bypass_check_for_disallowed_keys' ) ) {
 212          return true;
 213      }
 214  
 215      /**
 216       * Filters whether or not to bypass checking for blocked keys.
 217       *
 218       * @since 7.0.0
 219       *
 220       * @param bool   $value   Whether or not to bypass checking. Default false.
 221       * @param int    $user_id Topic of reply author ID.
 222       * @param string $title   The title of the content.
 223       * @param string $content $the content being posted.
 224       */
 225      if ( apply_filters( 'bp_bypass_check_for_disallowed_keys', false, $user_id, $title, $content ) ) {
 226          return true;
 227      }
 228  
 229      // Bail if super admin is author.
 230      if ( is_super_admin( $user_id ) ) {
 231          return true;
 232      }
 233  
 234      // Define local variable.
 235      $_post = array();
 236  
 237      /** Blacklist ************************************************************
 238       */
 239  
 240      // Get the moderation keys.
 241      $disallowed = get_option( 'disallowed_keys' );
 242  
 243      // Support for WP < 5.5.
 244      if ( false === $disallowed ) {
 245          $disallowed = get_option( 'blacklist_keys' );
 246      }
 247  
 248      $disallowed = trim( $disallowed );
 249  
 250      // Bail if disallowed list is empty.
 251      if ( empty( $disallowed ) ) {
 252          return true;
 253      }
 254  
 255      /** User Data ************************************************************
 256       */
 257  
 258      // Map current user data.
 259      if ( ! empty( $user_id ) ) {
 260  
 261          // Get author data.
 262          $user = get_userdata( $user_id );
 263  
 264          // If data exists, map it.
 265          if ( ! empty( $user ) ) {
 266              $_post['author'] = $user->display_name;
 267              $_post['email']  = $user->user_email;
 268              $_post['url']    = $user->user_url;
 269          }
 270      }
 271  
 272      // Current user IP and user agent.
 273      $_post['user_ip'] = bp_core_current_user_ip();
 274      $_post['user_ua'] = bp_core_current_user_ua();
 275  
 276      // Post title and content.
 277      $_post['title']   = $title;
 278      $_post['content'] = $content;
 279  
 280      /** Words ****************************************************************
 281       */
 282  
 283      // Get words separated by new lines.
 284      $words = explode( "\n", $disallowed );
 285  
 286      // Loop through words.
 287      foreach ( (array) $words as $word ) {
 288  
 289          // Trim the whitespace from the word.
 290          $word = trim( $word );
 291  
 292          // Skip empty lines.
 293          if ( empty( $word ) ) { continue; }
 294  
 295          // Do some escaping magic so that '#' chars in the
 296          // spam words don't break things.
 297          $word    = preg_quote( $word, '#' );
 298          $pattern = "#$word#i";
 299  
 300          // Loop through post data.
 301          foreach( $_post as $post_data ) {
 302  
 303              // Check each user data for current word.
 304              if ( preg_match( $pattern, $post_data ) ) {
 305                  if ( 'bool' === $error_type ) {
 306                      return false;
 307                  } else {
 308                      return new WP_Error( 'bp_moderation_disallowed_key_match', _x( 'You have posted an inappropriate word.', 'Comment disallowed key', 'buddypress' ) );
 309                  }
 310              }
 311          }
 312      }
 313  
 314      // Check passed successfully.
 315      return true;
 316  }
 317  
 318  /**
 319   * Get the current user's IP address.
 320   *
 321   * @since 1.6.0
 322   *
 323   * @return string IP address.
 324   */
 325  function bp_core_current_user_ip() {
 326      $retval = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] );
 327  
 328      /**
 329       * Filters the current user's IP address.
 330       *
 331       * @since 1.6.0
 332       *
 333       * @param string $retval Current user's IP Address.
 334       */
 335      return apply_filters( 'bp_core_current_user_ip', $retval );
 336  }
 337  
 338  /**
 339   * Get the current user's user-agent.
 340   *
 341   * @since 1.6.0
 342   *
 343   * @return string User agent string.
 344   */
 345  function bp_core_current_user_ua() {
 346  
 347      // Sanity check the user agent.
 348      if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
 349          $retval = substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 );
 350      } else {
 351          $retval = '';
 352      }
 353  
 354      /**
 355       * Filters the current user's user-agent.
 356       *
 357       * @since 1.6.0
 358       *
 359       * @param string $retval Current user's user-agent.
 360       */
 361      return apply_filters( 'bp_core_current_user_ua', $retval );
 362  }


Generated: Sun Dec 22 01:00:54 2024 Cross-referenced by PHPXref 0.7.1