mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 01:15:13 +00:00
add mention and tag count limits to reduce abuse when bypassing permissions
This commit is contained in:
parent
bb9c687de3
commit
26c7b64e34
3 changed files with 27 additions and 6 deletions
|
@ -159,6 +159,8 @@ class Channel
|
||||||
$noindex = ((x($_POST, 'noindex')) ? intval($_POST['noindex']) : 0);
|
$noindex = ((x($_POST, 'noindex')) ? intval($_POST['noindex']) : 0);
|
||||||
$channel_menu = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : '');
|
$channel_menu = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : '');
|
||||||
|
|
||||||
|
$unless_mention_count = ((x($_POST, 'unless_mention_count')) ? intval($_POST['unless_mention_count']) : 0);
|
||||||
|
$unless_tag_count = ((x($_POST, 'unless_tag_count')) ? intval($_POST['unless_tag_count']) : 0);
|
||||||
$expire_items = ((x($_POST, 'expire_items')) ? intval($_POST['expire_items']) : 0);
|
$expire_items = ((x($_POST, 'expire_items')) ? intval($_POST['expire_items']) : 0);
|
||||||
$expire_starred = ((x($_POST, 'expire_starred')) ? intval($_POST['expire_starred']) : 0);
|
$expire_starred = ((x($_POST, 'expire_starred')) ? intval($_POST['expire_starred']) : 0);
|
||||||
$expire_photos = ((x($_POST, 'expire_photos')) ? intval($_POST['expire_photos']) : 0);
|
$expire_photos = ((x($_POST, 'expire_photos')) ? intval($_POST['expire_photos']) : 0);
|
||||||
|
@ -339,12 +341,14 @@ class Channel
|
||||||
set_pconfig(local_channel(), 'system', 'default_permcat', $defpermcat);
|
set_pconfig(local_channel(), 'system', 'default_permcat', $defpermcat);
|
||||||
set_pconfig(local_channel(), 'system', 'email_notify_host', $mailhost);
|
set_pconfig(local_channel(), 'system', 'email_notify_host', $mailhost);
|
||||||
set_pconfig(local_channel(), 'system', 'profile_assign', $profile_assign);
|
set_pconfig(local_channel(), 'system', 'profile_assign', $profile_assign);
|
||||||
// set_pconfig(local_channel(),'system','anymention',$anymention);
|
// set_pconfig(local_channel(), 'system', 'anymention', $anymention);
|
||||||
set_pconfig(local_channel(), 'system', 'hyperdrive', $hyperdrive);
|
set_pconfig(local_channel(), 'system', 'hyperdrive', $hyperdrive);
|
||||||
set_pconfig(local_channel(), 'system', 'activitypub', $activitypub);
|
set_pconfig(local_channel(), 'system', 'activitypub', $activitypub);
|
||||||
set_pconfig(local_channel(), 'system', 'autoperms', $autoperms);
|
set_pconfig(local_channel(), 'system', 'autoperms', $autoperms);
|
||||||
set_pconfig(local_channel(), 'system', 'tag_username', $tag_username);
|
set_pconfig(local_channel(), 'system', 'tag_username', $tag_username);
|
||||||
set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions);
|
set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions);
|
||||||
|
set_pconfig(local_channel(), 'system', 'unless_mention_count', $unless_mention_count);
|
||||||
|
set_pconfig(local_channel(), 'system', 'unless_tag_count', $unless_tag_count);
|
||||||
set_pconfig(local_channel(), 'system', 'noindex', $noindex);
|
set_pconfig(local_channel(), 'system', 'noindex', $noindex);
|
||||||
|
|
||||||
|
|
||||||
|
@ -624,6 +628,10 @@ class Channel
|
||||||
$followed = EMPTY_STR;
|
$followed = EMPTY_STR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$mention_count = get_pconfig(local_channel(), 'system', 'unless_mention_count',
|
||||||
|
get_config('system', 'unless_mention_count', 20));
|
||||||
|
$tag_count = get_pconfig(local_channel(), 'system', 'unless_tag_count',
|
||||||
|
get_config('system', 'unless_tag_count', 20));
|
||||||
|
|
||||||
$o .= replace_macros(Theme::get_template('settings.tpl'), [
|
$o .= replace_macros(Theme::get_template('settings.tpl'), [
|
||||||
'$ptitle' => t('Channel Settings'),
|
'$ptitle' => t('Channel Settings'),
|
||||||
|
@ -730,6 +738,8 @@ class Channel
|
||||||
'$always_show_in_notices' => array('always_show_in_notices', t('Show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no),
|
'$always_show_in_notices' => array('always_show_in_notices', t('Show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no),
|
||||||
'$permit_all_mentions' => ['permit_all_mentions', t('Accept messages from strangers which mention you'), get_pconfig(local_channel(), 'system', 'permit_all_mentions'), t('This setting bypasses normal permissions'), $yes_no],
|
'$permit_all_mentions' => ['permit_all_mentions', t('Accept messages from strangers which mention you'), get_pconfig(local_channel(), 'system', 'permit_all_mentions'), t('This setting bypasses normal permissions'), $yes_no],
|
||||||
'$followed_tags' => ['followed_tags', t('Accept messages from strangers which include any of the following hashtags'), $followed, t('comma separated, do not include the #')],
|
'$followed_tags' => ['followed_tags', t('Accept messages from strangers which include any of the following hashtags'), $followed, t('comma separated, do not include the #')],
|
||||||
|
'$unless_mention_count' => ['unless_mention_count', t('Unless more than this many channels are mentioned'), $mention_count, t('0 for unlimited')],
|
||||||
|
'$unless_tag_count' => ['unless_tag_count', t('Unless more than this many hashtags are used'), $tag_count, t('0 for unlimited')],
|
||||||
'$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')),
|
'$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')),
|
||||||
'$basic_addon' => $plugin['basic'],
|
'$basic_addon' => $plugin['basic'],
|
||||||
'$sec_addon' => $plugin['security'],
|
'$sec_addon' => $plugin['security'],
|
||||||
|
|
|
@ -2913,6 +2913,7 @@ function tgroup_check($uid, $item) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$tag_result = false;
|
||||||
$terms = ((isset($item['term'])) ? get_terms_oftype($item['term'],TERM_HASHTAG) : false);
|
$terms = ((isset($item['term'])) ? get_terms_oftype($item['term'],TERM_HASHTAG) : false);
|
||||||
if ($terms) {
|
if ($terms) {
|
||||||
$followed_tags = PConfig::Get($uid,'system','followed_tags');
|
$followed_tags = PConfig::Get($uid,'system','followed_tags');
|
||||||
|
@ -2923,13 +2924,17 @@ function tgroup_check($uid, $item) {
|
||||||
foreach ($terms as $term) {
|
foreach ($terms as $term) {
|
||||||
foreach ($followed_tags as $tag) {
|
foreach ($followed_tags as $tag) {
|
||||||
if (strcasecmp($term['term'],$tag) === 0) {
|
if (strcasecmp($term['term'],$tag) === 0) {
|
||||||
return true;
|
$tag_result = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
$unless = intval(get_pconfig($channel['channel_id'], 'system', 'unless_tag_count',
|
||||||
|
get_config('system', 'unless_tag_count', 20)));
|
||||||
return false;
|
if ($unless && count($terms) > $unless) {
|
||||||
|
$tag_result= false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $tag_result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -2958,6 +2963,10 @@ function i_am_mentioned($channel,$item) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
$unless = intval(get_pconfig($channel['channel_id'], 'system', 'unless_mention_count', get_config('system', 'unless_mention_count', 20)));
|
||||||
|
if ($unless && count($terms) > $unless) {
|
||||||
|
$tagged = false;
|
||||||
|
}
|
||||||
return $tagged;
|
return $tagged;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -55,7 +55,9 @@
|
||||||
{{include file="field_input.tpl" field=$close_comments}}
|
{{include file="field_input.tpl" field=$close_comments}}
|
||||||
{{include file="field_select.tpl" field=$mail_perms}}
|
{{include file="field_select.tpl" field=$mail_perms}}
|
||||||
{{include file="field_checkbox.tpl" field=$permit_all_mentions}}
|
{{include file="field_checkbox.tpl" field=$permit_all_mentions}}
|
||||||
|
{{include file="field_input.tpl" field=$unless_mention_count}}
|
||||||
{{include file="field_input.tpl" field=$followed_tags}}
|
{{include file="field_input.tpl" field=$followed_tags}}
|
||||||
|
{{include file="field_input.tpl" field=$unless_tag_count}}
|
||||||
|
|
||||||
<div id="advanced-perm" style="display:{{if $permissions_set}}none{{else}}block{{/if}};">
|
<div id="advanced-perm" style="display:{{if $permissions_set}}none{{else}}block{{/if}};">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
|
|
Loading…
Reference in a new issue