* added: class HTMLFilter

files: htmlfilter.h htmlfilter.cpp this is an html filter used to make the html output looking better this is a very lightweight filter (without using any dynamic memory - some memory is allocated only at the beginning - in ctors) this filter has O(n) complexity over the whole html string * added: antyspamming method if the POST request is sent too fast after the GET it is treated as a spam only for no logged users and only in 'emacs' and 'createthread' functions git-svn-id: svn://ttmath.org/publicrep/cmslu/trunk@534 e52654a7-88a9-db11-a3e9-0013d4bc506e
2009-12-09 00:42:40 +00:00
parent 9241fddb1e
commit 717eb526fb
32 changed files with 1356 additions and 198 deletions
--- a/content/Makefile.dep
+++ b/content/Makefile.dep
@@ -6,19 +6,20 @@ cat.o: ../core/requesttypes.h ../core/session.h ../core/done.h ../core/item.h
 cat.o: ../core/error.h ../core/log.h ../core/user.h ../core/rebus.h
 cat.o: ../core/function.h ../core/thread.h ../core/compress.h
 cat.o: ../core/acceptencodingparser.h ../core/acceptbaseparser.h
-cat.o: ../core/error.h
+cat.o: ../core/htmlfilter.h ../core/error.h
 content.o: content.h ../core/item.h ../templates/templates.h
 content.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 content.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 content.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 content.o: ../core/rebus.h ../core/function.h ../core/thread.h
 content.o: ../core/compress.h ../core/acceptencodingparser.h
-content.o: ../core/acceptbaseparser.h ../core/error.h ../core/db.h
-content.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
-content.o: ../core/data.h ../core/dirs.h ../core/users.h ../core/groups.h
-content.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
-content.o: ../core/mount.h ../core/misc.h ../core/plugin.h ../core/request.h
-content.o: ../core/data.h ../core/pluginmsg.h
+content.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/error.h
+content.o: ../core/db.h ../core/group.h ../core/dircontainer.h
+content.o: ../core/ugcontainer.h ../core/data.h ../core/dirs.h
+content.o: ../core/users.h ../core/groups.h ../core/functions.h
+content.o: ../core/lastcontainer.h ../core/mounts.h ../core/mount.h
+content.o: ../core/misc.h ../core/plugin.h ../core/request.h ../core/data.h
+content.o: ../core/pluginmsg.h
 createthread.o: content.h ../core/item.h ../templates/templates.h
 createthread.o: ../templates/patterncacher.h ../core/thread.h
 createthread.o: ../core/request.h ../core/requesttypes.h ../core/session.h
@@ -26,9 +27,9 @@ createthread.o: ../core/done.h ../core/item.h ../core/error.h ../core/log.h
 createthread.o: ../core/user.h ../core/rebus.h ../core/function.h
 createthread.o: ../core/thread.h ../core/compress.h
 createthread.o: ../core/acceptencodingparser.h ../core/acceptbaseparser.h
-createthread.o: ../core/error.h ../core/db.h ../core/group.h
-createthread.o: ../core/dircontainer.h ../core/ugcontainer.h ../core/mount.h
-createthread.o: ../core/data.h ../core/dirs.h ../core/users.h
+createthread.o: ../core/htmlfilter.h ../core/error.h ../core/db.h
+createthread.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
+createthread.o: ../core/mount.h ../core/data.h ../core/dirs.h ../core/users.h
 createthread.o: ../core/groups.h ../core/functions.h ../core/lastcontainer.h
 createthread.o: ../core/mounts.h ../core/mount.h
 default.o: content.h ../core/item.h ../templates/templates.h
@@ -37,22 +38,22 @@ default.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 default.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 default.o: ../core/rebus.h ../core/function.h ../core/thread.h
 default.o: ../core/compress.h ../core/acceptencodingparser.h
-default.o: ../core/acceptbaseparser.h ../core/error.h ../core/db.h
-default.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
-default.o: ../core/data.h ../core/dirs.h ../core/users.h ../core/groups.h
-default.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
-default.o: ../core/mount.h
+default.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/error.h
+default.o: ../core/db.h ../core/group.h ../core/dircontainer.h
+default.o: ../core/ugcontainer.h ../core/data.h ../core/dirs.h
+default.o: ../core/users.h ../core/groups.h ../core/functions.h
+default.o: ../core/lastcontainer.h ../core/mounts.h ../core/mount.h
 emacs.o: content.h ../core/item.h ../templates/templates.h
 emacs.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 emacs.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 emacs.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 emacs.o: ../core/rebus.h ../core/function.h ../core/thread.h
 emacs.o: ../core/compress.h ../core/acceptencodingparser.h
-emacs.o: ../core/acceptbaseparser.h ../core/error.h ../core/db.h
-emacs.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
-emacs.o: ../core/data.h ../core/dirs.h ../core/users.h ../core/groups.h
-emacs.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
-emacs.o: ../core/mount.h ../core/notify.h
+emacs.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/error.h
+emacs.o: ../core/db.h ../core/group.h ../core/dircontainer.h
+emacs.o: ../core/ugcontainer.h ../core/data.h ../core/dirs.h ../core/users.h
+emacs.o: ../core/groups.h ../core/functions.h ../core/lastcontainer.h
+emacs.o: ../core/mounts.h ../core/mount.h ../core/notify.h
 emacs.o: ../templatesnotify/templatesnotify.h ../core/mount.h ../core/misc.h
 last.o: content.h ../core/item.h ../templates/templates.h
 last.o: ../templates/patterncacher.h ../core/thread.h
@@ -62,39 +63,41 @@ login.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 login.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 login.o: ../core/rebus.h ../core/function.h ../core/thread.h
 login.o: ../core/compress.h ../core/acceptencodingparser.h
-login.o: ../core/acceptbaseparser.h ../core/error.h ../core/db.h
-login.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
-login.o: ../core/data.h ../core/dirs.h ../core/users.h ../core/groups.h
-login.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
-login.o: ../core/mount.h
+login.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/error.h
+login.o: ../core/db.h ../core/group.h ../core/dircontainer.h
+login.o: ../core/ugcontainer.h ../core/data.h ../core/dirs.h ../core/users.h
+login.o: ../core/groups.h ../core/functions.h ../core/lastcontainer.h
+login.o: ../core/mounts.h ../core/mount.h
 logout.o: content.h ../core/item.h ../templates/templates.h
 logout.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 logout.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 logout.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 logout.o: ../core/rebus.h ../core/function.h ../core/thread.h
 logout.o: ../core/compress.h ../core/acceptencodingparser.h
-logout.o: ../core/acceptbaseparser.h ../core/data.h ../core/dirs.h
-logout.o: ../core/dircontainer.h ../core/users.h ../core/ugcontainer.h
-logout.o: ../core/groups.h ../core/group.h ../core/functions.h
-logout.o: ../core/lastcontainer.h ../core/mounts.h ../core/mount.h
+logout.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/data.h
+logout.o: ../core/dirs.h ../core/dircontainer.h ../core/users.h
+logout.o: ../core/ugcontainer.h ../core/groups.h ../core/group.h
+logout.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
+logout.o: ../core/mount.h
 ls.o: content.h ../core/item.h ../templates/templates.h
 ls.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 ls.o: ../core/requesttypes.h ../core/session.h ../core/done.h ../core/item.h
 ls.o: ../core/error.h ../core/log.h ../core/user.h ../core/rebus.h
 ls.o: ../core/function.h ../core/thread.h ../core/compress.h
-ls.o: ../core/acceptencodingparser.h ../core/acceptbaseparser.h ../core/db.h
-ls.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
+ls.o: ../core/acceptencodingparser.h ../core/acceptbaseparser.h
+ls.o: ../core/htmlfilter.h ../core/db.h ../core/group.h
+ls.o: ../core/dircontainer.h ../core/ugcontainer.h
 mkdir.o: content.h ../core/item.h ../templates/templates.h
 mkdir.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 mkdir.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 mkdir.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 mkdir.o: ../core/rebus.h ../core/function.h ../core/thread.h
 mkdir.o: ../core/compress.h ../core/acceptencodingparser.h
-mkdir.o: ../core/acceptbaseparser.h ../core/error.h ../core/db.h
-mkdir.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
-mkdir.o: ../core/data.h ../core/dirs.h ../core/users.h ../core/groups.h
-mkdir.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
-mkdir.o: ../core/mount.h ../core/notify.h
+mkdir.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/error.h
+mkdir.o: ../core/db.h ../core/group.h ../core/dircontainer.h
+mkdir.o: ../core/ugcontainer.h ../core/data.h ../core/dirs.h ../core/users.h
+mkdir.o: ../core/groups.h ../core/functions.h ../core/lastcontainer.h
+mkdir.o: ../core/mounts.h ../core/mount.h ../core/notify.h
 mkdir.o: ../templatesnotify/templatesnotify.h ../core/mount.h
 node.o: content.h ../core/item.h ../templates/templates.h
 node.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
@@ -102,52 +105,52 @@ node.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 node.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 node.o: ../core/rebus.h ../core/function.h ../core/thread.h
 node.o: ../core/compress.h ../core/acceptencodingparser.h
-node.o: ../core/acceptbaseparser.h
+node.o: ../core/acceptbaseparser.h ../core/htmlfilter.h
 priv.o: content.h ../core/item.h ../templates/templates.h
 priv.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 priv.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 priv.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 priv.o: ../core/rebus.h ../core/function.h ../core/thread.h
 priv.o: ../core/compress.h ../core/acceptencodingparser.h
-priv.o: ../core/acceptbaseparser.h ../core/error.h ../core/db.h
-priv.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
-priv.o: ../core/data.h ../core/dirs.h ../core/users.h ../core/groups.h
-priv.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
-priv.o: ../core/mount.h
+priv.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/error.h
+priv.o: ../core/db.h ../core/group.h ../core/dircontainer.h
+priv.o: ../core/ugcontainer.h ../core/data.h ../core/dirs.h ../core/users.h
+priv.o: ../core/groups.h ../core/functions.h ../core/lastcontainer.h
+priv.o: ../core/mounts.h ../core/mount.h
 reload.o: content.h ../core/item.h ../templates/templates.h
 reload.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 reload.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 reload.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 reload.o: ../core/rebus.h ../core/function.h ../core/thread.h
 reload.o: ../core/compress.h ../core/acceptencodingparser.h
-reload.o: ../core/acceptbaseparser.h ../core/error.h
+reload.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/error.h
 rm.o: content.h ../core/item.h ../templates/templates.h
 rm.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 rm.o: ../core/requesttypes.h ../core/session.h ../core/done.h ../core/item.h
 rm.o: ../core/error.h ../core/log.h ../core/user.h ../core/rebus.h
 rm.o: ../core/function.h ../core/thread.h ../core/compress.h
 rm.o: ../core/acceptencodingparser.h ../core/acceptbaseparser.h
-rm.o: ../core/error.h ../core/db.h ../core/group.h ../core/dircontainer.h
-rm.o: ../core/ugcontainer.h ../core/data.h ../core/dirs.h ../core/users.h
-rm.o: ../core/groups.h ../core/functions.h ../core/lastcontainer.h
-rm.o: ../core/mounts.h ../core/mount.h
+rm.o: ../core/htmlfilter.h ../core/error.h ../core/db.h ../core/group.h
+rm.o: ../core/dircontainer.h ../core/ugcontainer.h ../core/data.h
+rm.o: ../core/dirs.h ../core/users.h ../core/groups.h ../core/functions.h
+rm.o: ../core/lastcontainer.h ../core/mounts.h ../core/mount.h
 run.o: content.h ../core/item.h ../templates/templates.h
 run.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 run.o: ../core/requesttypes.h ../core/session.h ../core/done.h ../core/item.h
 run.o: ../core/error.h ../core/log.h ../core/user.h ../core/rebus.h
 run.o: ../core/function.h ../core/thread.h ../core/compress.h
 run.o: ../core/acceptencodingparser.h ../core/acceptbaseparser.h
-run.o: ../core/error.h
+run.o: ../core/htmlfilter.h ../core/error.h
 thread.o: content.h ../core/item.h ../templates/templates.h
 thread.o: ../templates/patterncacher.h ../core/thread.h ../core/request.h
 thread.o: ../core/requesttypes.h ../core/session.h ../core/done.h
 thread.o: ../core/item.h ../core/error.h ../core/log.h ../core/user.h
 thread.o: ../core/rebus.h ../core/function.h ../core/thread.h
 thread.o: ../core/compress.h ../core/acceptencodingparser.h
-thread.o: ../core/acceptbaseparser.h ../core/db.h ../core/group.h
-thread.o: ../core/dircontainer.h ../core/ugcontainer.h ../core/data.h
-thread.o: ../core/dirs.h ../core/users.h ../core/groups.h ../core/functions.h
-thread.o: ../core/lastcontainer.h ../core/mounts.h ../core/mount.h
-thread.o: ../core/mount.h
+thread.o: ../core/acceptbaseparser.h ../core/htmlfilter.h ../core/db.h
+thread.o: ../core/group.h ../core/dircontainer.h ../core/ugcontainer.h
+thread.o: ../core/data.h ../core/dirs.h ../core/users.h ../core/groups.h
+thread.o: ../core/functions.h ../core/lastcontainer.h ../core/mounts.h
+thread.o: ../core/mount.h ../core/mount.h
 who.o: content.h ../core/item.h ../templates/templates.h
 who.o: ../templates/patterncacher.h ../core/thread.h
--- a/content/content.cpp
+++ b/content/content.cpp
@@ -189,6 +189,10 @@ void Content::MakePost()
 	
 	switch( request.pfunction->code )
 	{
+		case FUN_RUN:
+		PostFunRun();
+		break;	
+
 		case FUN_EMACS:
 		PostFunEmacs();
 		break;	
@@ -215,7 +219,6 @@ void Content::MakePost()

 		default:
 		log << log1 << "Content: unknown post function" << logend;
-		// !! moze daj tutaj tez access denied?
 		break;
 	}
 }
@@ -235,20 +238,19 @@ void Content::Make()
 	{
 		if( DirsHaveReadExecPerm() )
 		{	
-			
 			if( request.method == Request::post )
 				MakePost();
 			
-			if( !request.redirect_to.empty() )
-				return;
-			
-			if( request.status == Error::ok )
+			if( request.redirect_to.empty() && request.status == Error::ok )
 				MakeStandardFunction();
 		}
 		else
 			request.status = Error::permision_denied;
 	}

+	if( request.session->spam_score > 0 )
+		log << log1 << "Content: spam score: " << request.session->spam_score << logend;
+
 	if( !request.redirect_to.empty() )
 		return;
 	
@@ -375,6 +377,10 @@ bool Content::CheckRebus()
 		// logged user don't have to use the rebus
 		return true;

+	if( request.session->rebus_checked )
+		return true;
+
+	request.session->rebus_checked = true;

 	if( !request.session->rebus_item )
 	{
@@ -394,8 +400,10 @@ bool Content::CheckRebus()
 	}

 	log << log1 << "Content: rebus has an incorrect answer" << logend;
+	// don't add request.session->spam_score when the rebus has incorrect answer
+	// a user could have made a mistake

-return false;	
+return false;
 }


@@ -412,3 +420,26 @@ void Content::SetUser(Item & item)
 		request.PostVar("guestname", item.guest_name);
 	}
 }
+
+
+
+void Content::CheckGetPostTimes(time_t difference)
+{
+	time_t now = std::time(0);
+
+	if( request.session->puser )
+		return;
+	
+	if( request.method != Request::post )
+		return;
+
+	if( now - request.session->last_time_get >= (time_t)difference )
+		return;
+
+	if( request.AllPostVarEmpty() )
+		return;
+
+	request.session->spam_score += 1;
+	log << log1 << "Content: spam +1: POST after GET sent too fast" << logend;
+}
+
--- a/content/content.h
+++ b/content/content.h
@@ -55,6 +55,7 @@ class Content
 	void FunMkdir();
 	void FunDefault();
 	void FunRun();
+	void PostFunRun();
 	void FunWho();
 	void FunLast();

@@ -77,11 +78,13 @@ class Content
 	void PostFunPriv(Item & item);
 	
 	bool FunCreateThreadCheckAccess();
+	bool FunCreateThreadCheckAbuse();
 	void PostFunCreateThread();

 	void RedirectTo(const Item & item);
 	void RedirectTo(long item_id);
 	
+	void CheckGetPostTimes(time_t difference = 10);

 public:

--- a/content/createthread.cpp
+++ b/content/createthread.cpp
@@ -28,20 +28,44 @@ return true;
 }


+bool Content::FunCreateThreadCheckAbuse()
+{
+	if( !CheckRebus() )
+	{
+		request.status = Error::incorrect_rebus;
+		request.session->done = Done::added_thread;
+		request.session->done_status = Error::incorrect_rebus;
+		
+		return false;
+	}
+
+	CheckGetPostTimes();
+
+	if( request.session->spam_score > 0 )
+	{
+		request.status = Error::spam;
+		request.session->done = Done::added_thread;
+		request.session->done_status = Error::spam;
+		
+		log << log1 << "Content: ignoring due to suspected spamming" << logend;
+		return false;
+	}
+
+return true;
+}
+

 void Content::PostFunCreateThread()
 {
 	if( !FunCreateThreadCheckAccess() )
 		return;

-	if( !CheckRebus() )
+	if( !FunCreateThreadCheckAbuse() )
 	{
-		request.status = Error::rebus_bad_answer;
 		request.PostVar("url", request.item.url);
 		request.PostVar("subject", request.item.subject);
 		request.PostVar("content", request.item.content);
 		SetUser(request.item);
-
 		return;
 	}

@@ -68,12 +92,11 @@ void Content::PostFunCreateThread()
 		if( request.session->done_status == Error::ok )
 		{
 			request.session->done = Done::added_thread;
+
+			log << log2 << "Content: added a new thread" << logend;
 			RedirectTo(*request.dir_table.back());
 		}
-		
 	}
-	
-	
 }


--- a/content/emacs.cpp
+++ b/content/emacs.cpp
@@ -62,6 +62,7 @@ void Content::PostFunEmacsAdd()
 	
 	if( request.session->done_status == Error::ok )
 	{
+		log << log2 << "Content: added a new item" << logend;
 		request.notify_code |= CMSLU_NOTIFY_ITEM_ADD;
 	}
 }
@@ -83,7 +84,8 @@ void Content::PostFunEmacsEdit(bool with_url)
 	if( request.session->done_status == Error::ok )
 	{
 		TemplatesFunctions::pattern_cacher.UpdatePattern(request.item);
-		
+		log << log2 << "Content: modified an item" << logend;
+
 		request.notify_code |= CMSLU_NOTIFY_ITEM_EDIT;
 	}
 }
@@ -142,8 +144,25 @@ bool adding = !request.is_item;

 		if( !CheckRebus() )
 		{
-			request.status = Error::rebus_bad_answer;
+			request.status = Error::spam;
 			SetUser(request.item);
+			request.session->done = (adding)? Done::added_item : Done::edited_item;
+			request.session->done_status = Error::incorrect_rebus;
+
+			return;
+		}
+
+		// !! is tested in createthread once
+		CheckGetPostTimes();
+
+		if( request.session->spam_score > 0 )
+		{
+			request.status = Error::spam;
+			SetUser(request.item);
+			request.session->done = (adding)? Done::added_item : Done::edited_item;
+			request.session->done_status = Error::spam;
+
+			log << log1 << "Content: ignoring due to suspected spamming" << logend;
 			return;
 		}

--- a/content/login.cpp
+++ b/content/login.cpp
@@ -41,7 +41,8 @@ void Content::PostFunLogin()
 		if( login && pass && db.CheckUser(*login, *pass, user_id) )
 		{
 			request.session->puser = data.users.GetUser(user_id);
-			
+			request.session->spam_score = 0;
+
 			if( !request.session->puser )
 			{
 				log << log1 << "Content: user: " << login << " is in the database but is not in data.users" << logend;	
--- a/content/reload.cpp
+++ b/content/reload.cpp
@@ -19,7 +19,6 @@ void Content::FunReloadTemplates()

 	request.session->done = Done::reloaded_templates;
 	request.session->done_status = Error::ok;
-	request.session->done_timer = 1;
 }


--- a/content/run.cpp
+++ b/content/run.cpp
@@ -31,5 +31,8 @@ void Content::FunRun()
 }


-
+void Content::PostFunRun()
+{
+	FunRun();
+}