/bp-core/bp-core-moderation.php

  1. <?php 
  2. /** 
  3. * BuddyPress Moderation Functions. 
  4. * 
  5. * @package BuddyPress 
  6. * @subpackage Core 
  7. * @since 1.6.0 
  8. */ 
  9.  
  10. // Exit if accessed directly. 
  11. defined( 'ABSPATH' ) || exit; 
  12.  
  13. /** Moderation ****************************************************************/ 
  14.  
  15. /** 
  16. * Check for flooding. 
  17. * 
  18. * Check to make sure that a user is not making too many posts in a short amount 
  19. * of time. 
  20. * 
  21. * @since 1.6.0 
  22. * 
  23. * @param int $user_id User id to check for flood. 
  24. * @return bool True if there is no flooding, false if there is. 
  25. */ 
  26. function bp_core_check_for_flood( $user_id = 0 ) { 
  27.  
  28. // Option disabled. No flood checks. 
  29. if ( !$throttle_time = bp_get_option( '_bp_throttle_time' ) ) { 
  30. return true; 
  31.  
  32. // Bail if no user ID passed. 
  33. if ( empty( $user_id ) ) { 
  34. return false; 
  35.  
  36. $last_posted = get_user_meta( $user_id, '_bp_last_posted', true ); 
  37. if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && !current_user_can( 'throttle' ) ) { 
  38. return false; 
  39.  
  40. return true; 
  41.  
  42. /** 
  43. * Check for moderation keys and too many links. 
  44. * 
  45. * @since 1.6.0 
  46. * @since 2.6.0 Added $error_type parameter. 
  47. * 
  48. * @param int $user_id User ID. 
  49. * @param string $title The title of the content. 
  50. * @param string $content The content being posted. 
  51. * @param string $error_type The error type to return. Either 'bool' or 'wp_error'. 
  52. * @return bool True if test is passed, false if fail. 
  53. */ 
  54. function bp_core_check_for_moderation( $user_id = 0, $title = '', $content = '', $error_type = 'bool' ) { 
  55.  
  56. /** 
  57. * Filters whether or not to bypass checking for moderation keys and too many links. 
  58. * 
  59. * @since 2.2.0 
  60. * 
  61. * @param bool $value Whether or not to bypass checking. Default false. 
  62. * @param int $user_id Topic of reply author ID. 
  63. * @param string $title The title of the content. 
  64. * @param string $content $the content being posted. 
  65. */ 
  66. if ( apply_filters( 'bp_bypass_check_for_moderation', false, $user_id, $title, $content ) ) { 
  67. return true; 
  68.  
  69. // Bail if super admin is author. 
  70. if ( is_super_admin( $user_id ) ) { 
  71. return true; 
  72.  
  73. // Define local variable(s). 
  74. $_post = array(); 
  75. $match_out = ''; 
  76.  
  77. /** User Data ************************************************************ 
  78. */ 
  79.  
  80. if ( ! empty( $user_id ) ) { 
  81.  
  82. // Get author data. 
  83. $user = get_userdata( $user_id ); 
  84.  
  85. // If data exists, map it. 
  86. if ( ! empty( $user ) ) { 
  87. $_post['author'] = $user->display_name; 
  88. $_post['email'] = $user->user_email; 
  89. $_post['url'] = $user->user_url; 
  90.  
  91. // Current user IP and user agent. 
  92. $_post['user_ip'] = bp_core_current_user_ip(); 
  93. $_post['user_ua'] = bp_core_current_user_ua(); 
  94.  
  95. // Post title and content. 
  96. $_post['title'] = $title; 
  97. $_post['content'] = $content; 
  98.  
  99. /** Max Links ************************************************************ 
  100. */ 
  101.  
  102. $max_links = get_option( 'comment_max_links' ); 
  103. if ( ! empty( $max_links ) ) { 
  104.  
  105. // How many links? 
  106. $num_links = preg_match_all( '/(http|ftp|https):\/\//i', $content, $match_out ); 
  107.  
  108. // Allow for bumping the max to include the user's URL. 
  109. if ( ! empty( $_post['url'] ) ) { 
  110.  
  111. /** 
  112. * Filters the maximum amount of links allowed to include the user's URL. 
  113. * 
  114. * @since 1.6.0 
  115. * 
  116. * @param string $num_links How many links found. 
  117. * @param string $value User's url. 
  118. */ 
  119. $num_links = apply_filters( 'comment_max_links_url', $num_links, $_post['url'] ); 
  120.  
  121. // Das ist zu viele links! 
  122. if ( $num_links >= $max_links ) { 
  123. if ( 'bool' === $error_type ) { 
  124. return false; 
  125. } else { 
  126. return new WP_Error( 'bp_moderation_too_many_links', __( 'You have posted too many links', 'buddypress' ) ); 
  127.  
  128. /** Blacklist ************************************************************ 
  129. */ 
  130.  
  131. // Get the moderation keys. 
  132. $blacklist = trim( get_option( 'moderation_keys' ) ); 
  133.  
  134. // Bail if blacklist is empty. 
  135. if ( ! empty( $blacklist ) ) { 
  136.  
  137. // Get words separated by new lines. 
  138. $words = explode( "\n", $blacklist ); 
  139.  
  140. // Loop through words. 
  141. foreach ( (array) $words as $word ) { 
  142.  
  143. // Trim the whitespace from the word. 
  144. $word = trim( $word ); 
  145.  
  146. // Skip empty lines. 
  147. if ( empty( $word ) ) { 
  148. continue; 
  149.  
  150. // Do some escaping magic so that '#' chars in the 
  151. // spam words don't break things. 
  152. $word = preg_quote( $word, '#' ); 
  153. $pattern = "#$word#i"; 
  154.  
  155. // Loop through post data. 
  156. foreach ( $_post as $post_data ) { 
  157.  
  158. // Check each user data for current word. 
  159. if ( preg_match( $pattern, $post_data ) ) { 
  160. if ( 'bool' === $error_type ) { 
  161. return false; 
  162. } else { 
  163. return new WP_Error( 'bp_moderation_word_match', _x( 'You have posted an inappropriate word.', 'Comment moderation', 'buddypress' ) ); 
  164.  
  165. // Check passed successfully. 
  166. return true; 
  167.  
  168. /** 
  169. * Check for blocked keys. 
  170. * 
  171. * @since 1.6.0 
  172. * @since 2.6.0 Added $error_type parameter. 
  173. * 
  174. * @todo Why don't we use wp_blacklist_check() for this? 
  175. * 
  176. * @param int $user_id User ID. 
  177. * @param string $title The title of the content. 
  178. * @param string $content The content being posted. 
  179. * @param string $error_type The error type to return. Either 'bool' or 'wp_error'. 
  180. * @return bool True if test is passed, false if fail. 
  181. */ 
  182. function bp_core_check_for_blacklist( $user_id = 0, $title = '', $content = '', $error_type = 'bool' ) { 
  183.  
  184. /** 
  185. * Filters whether or not to bypass checking for blocked keys. 
  186. * 
  187. * @since 2.2.0 
  188. * 
  189. * @param bool $value Whether or not to bypass checking. Default false. 
  190. * @param int $user_id Topic of reply author ID. 
  191. * @param string $title The title of the content. 
  192. * @param string $content $the content being posted. 
  193. */ 
  194. if ( apply_filters( 'bp_bypass_check_for_blacklist', false, $user_id, $title, $content ) ) { 
  195. return true; 
  196.  
  197. // Bail if super admin is author. 
  198. if ( is_super_admin( $user_id ) ) { 
  199. return true; 
  200.  
  201. // Define local variable. 
  202. $_post = array(); 
  203.  
  204. /** Blacklist ************************************************************ 
  205. */ 
  206.  
  207. // Get the moderation keys. 
  208. $blacklist = trim( get_option( 'blacklist_keys' ) ); 
  209.  
  210. // Bail if blacklist is empty. 
  211. if ( empty( $blacklist ) ) { 
  212. return true; 
  213.  
  214. /** User Data ************************************************************ 
  215. */ 
  216.  
  217. // Map current user data. 
  218. if ( ! empty( $user_id ) ) { 
  219.  
  220. // Get author data. 
  221. $user = get_userdata( $user_id ); 
  222.  
  223. // If data exists, map it. 
  224. if ( ! empty( $user ) ) { 
  225. $_post['author'] = $user->display_name; 
  226. $_post['email'] = $user->user_email; 
  227. $_post['url'] = $user->user_url; 
  228.  
  229. // Current user IP and user agent. 
  230. $_post['user_ip'] = bp_core_current_user_ip(); 
  231. $_post['user_ua'] = bp_core_current_user_ua(); 
  232.  
  233. // Post title and content. 
  234. $_post['title'] = $title; 
  235. $_post['content'] = $content; 
  236.  
  237. /** Words **************************************************************** 
  238. */ 
  239.  
  240. // Get words separated by new lines. 
  241. $words = explode( "\n", $blacklist ); 
  242.  
  243. // Loop through words. 
  244. foreach ( (array) $words as $word ) { 
  245.  
  246. // Trim the whitespace from the word. 
  247. $word = trim( $word ); 
  248.  
  249. // Skip empty lines. 
  250. if ( empty( $word ) ) { continue; } 
  251.  
  252. // Do some escaping magic so that '#' chars in the 
  253. // spam words don't break things. 
  254. $word = preg_quote( $word, '#' ); 
  255. $pattern = "#$word#i"; 
  256.  
  257. // Loop through post data. 
  258. foreach( $_post as $post_data ) { 
  259.  
  260. // Check each user data for current word. 
  261. if ( preg_match( $pattern, $post_data ) ) { 
  262. if ( 'bool' === $error_type ) { 
  263. return false; 
  264. } else { 
  265. return new WP_Error( 'bp_moderation_blacklist_match', _x( 'You have posted an inappropriate word.', 'Comment blacklist', 'buddypress' ) ); 
  266.  
  267. // Check passed successfully. 
  268. return true; 
  269.  
  270. /** 
  271. * Get the current user's IP address. 
  272. * 
  273. * @since 1.6.0 
  274. * 
  275. * @return string IP address. 
  276. */ 
  277. function bp_core_current_user_ip() { 
  278. $retval = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] ); 
  279.  
  280. /** 
  281. * Filters the current user's IP address. 
  282. * 
  283. * @since 1.6.0 
  284. * 
  285. * @param string $retval Current user's IP Address. 
  286. */ 
  287. return apply_filters( 'bp_core_current_user_ip', $retval ); 
  288.  
  289. /** 
  290. * Get the current user's user-agent. 
  291. * 
  292. * @since 1.6.0 
  293. * 
  294. * @return string User agent string. 
  295. */ 
  296. function bp_core_current_user_ua() { 
  297.  
  298. // Sanity check the user agent. 
  299. if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { 
  300. $retval = substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 ); 
  301. } else { 
  302. $retval = ''; 
  303.  
  304. /** 
  305. * Filters the current user's user-agent. 
  306. * 
  307. * @since 1.6.0 
  308. * 
  309. * @param string $retval Current user's user-agent. 
  310. */ 
  311. return apply_filters( 'bp_core_current_user_ua', $retval ); 
.