Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 23:35:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add mention and tag count limits to reduce abuse when bypassing permissions

Browse source
This commit is contained in:
Mike Macgirvin 2022-06-23 03:47:35 -07:00
parent bb9c687de3
commit 26c7b64e34
3 changed files with 27 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Code/Module/Settings/Channel.php
View file

@ -159,6 +159,8 @@ class Channel
$noindex = ((x($_POST, 'noindex')) ? intval($_POST['noindex']) : 0); $noindex = ((x($_POST, 'noindex')) ? intval($_POST['noindex']) : 0);
$channel_menu = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : ''); $channel_menu = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : '');
$unless_mention_count = ((x($_POST, 'unless_mention_count')) ? intval($_POST['unless_mention_count']) : 0);
$unless_tag_count = ((x($_POST, 'unless_tag_count')) ? intval($_POST['unless_tag_count']) : 0);
$expire_items = ((x($_POST, 'expire_items')) ? intval($_POST['expire_items']) : 0); $expire_items = ((x($_POST, 'expire_items')) ? intval($_POST['expire_items']) : 0);
$expire_starred = ((x($_POST, 'expire_starred')) ? intval($_POST['expire_starred']) : 0); $expire_starred = ((x($_POST, 'expire_starred')) ? intval($_POST['expire_starred']) : 0);
$expire_photos = ((x($_POST, 'expire_photos')) ? intval($_POST['expire_photos']) : 0); $expire_photos = ((x($_POST, 'expire_photos')) ? intval($_POST['expire_photos']) : 0);
@ -339,12 +341,14 @@ class Channel
set_pconfig(local_channel(), 'system', 'default_permcat', $defpermcat); set_pconfig(local_channel(), 'system', 'default_permcat', $defpermcat);
set_pconfig(local_channel(), 'system', 'email_notify_host', $mailhost); set_pconfig(local_channel(), 'system', 'email_notify_host', $mailhost);
set_pconfig(local_channel(), 'system', 'profile_assign', $profile_assign); set_pconfig(local_channel(), 'system', 'profile_assign', $profile_assign);
// set_pconfig(local_channel(),'system','anymention',$anymention); // set_pconfig(local_channel(), 'system', 'anymention', $anymention);
set_pconfig(local_channel(), 'system', 'hyperdrive', $hyperdrive); set_pconfig(local_channel(), 'system', 'hyperdrive', $hyperdrive);
set_pconfig(local_channel(), 'system', 'activitypub', $activitypub); set_pconfig(local_channel(), 'system', 'activitypub', $activitypub);
set_pconfig(local_channel(), 'system', 'autoperms', $autoperms); set_pconfig(local_channel(), 'system', 'autoperms', $autoperms);
set_pconfig(local_channel(), 'system', 'tag_username', $tag_username); set_pconfig(local_channel(), 'system', 'tag_username', $tag_username);
set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions); set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions);
set_pconfig(local_channel(), 'system', 'unless_mention_count', $unless_mention_count);
set_pconfig(local_channel(), 'system', 'unless_tag_count', $unless_tag_count);
set_pconfig(local_channel(), 'system', 'noindex', $noindex); set_pconfig(local_channel(), 'system', 'noindex', $noindex);
@ -624,7 +628,11 @@ class Channel
$followed = EMPTY_STR; $followed = EMPTY_STR;
} }
$mention_count = get_pconfig(local_channel(), 'system', 'unless_mention_count',
get_config('system', 'unless_mention_count', 20));
$tag_count = get_pconfig(local_channel(), 'system', 'unless_tag_count',
get_config('system', 'unless_tag_count', 20));
$o .= replace_macros(Theme::get_template('settings.tpl'), [ $o .= replace_macros(Theme::get_template('settings.tpl'), [
'$ptitle' => t('Channel Settings'), '$ptitle' => t('Channel Settings'),
'$submit' => t('Submit'), '$submit' => t('Submit'),
@ -730,6 +738,8 @@ class Channel
'$always_show_in_notices' => array('always_show_in_notices', t('Show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), '$always_show_in_notices' => array('always_show_in_notices', t('Show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no),
'$permit_all_mentions' => ['permit_all_mentions', t('Accept messages from strangers which mention you'), get_pconfig(local_channel(), 'system', 'permit_all_mentions'), t('This setting bypasses normal permissions'), $yes_no], '$permit_all_mentions' => ['permit_all_mentions', t('Accept messages from strangers which mention you'), get_pconfig(local_channel(), 'system', 'permit_all_mentions'), t('This setting bypasses normal permissions'), $yes_no],
'$followed_tags' => ['followed_tags', t('Accept messages from strangers which include any of the following hashtags'), $followed, t('comma separated, do not include the #')], '$followed_tags' => ['followed_tags', t('Accept messages from strangers which include any of the following hashtags'), $followed, t('comma separated, do not include the #')],
'$unless_mention_count' => ['unless_mention_count', t('Unless more than this many channels are mentioned'), $mention_count, t('0 for unlimited')],
'$unless_tag_count' => ['unless_tag_count', t('Unless more than this many hashtags are used'), $tag_count, t('0 for unlimited')],
'$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')), '$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')),
'$basic_addon' => $plugin['basic'], '$basic_addon' => $plugin['basic'],
'$sec_addon' => $plugin['security'], '$sec_addon' => $plugin['security'],

17
include/items.php
View file

@ -2913,6 +2913,7 @@ function tgroup_check($uid, $item) {
return true; return true;
} }
$tag_result = false;
$terms = ((isset($item['term'])) ? get_terms_oftype($item['term'],TERM_HASHTAG) : false); $terms = ((isset($item['term'])) ? get_terms_oftype($item['term'],TERM_HASHTAG) : false);
if ($terms) { if ($terms) {
$followed_tags = PConfig::Get($uid,'system','followed_tags'); $followed_tags = PConfig::Get($uid,'system','followed_tags');
@ -2923,13 +2924,17 @@ function tgroup_check($uid, $item) {
foreach ($terms as $term) { foreach ($terms as $term) {
foreach ($followed_tags as $tag) { foreach ($followed_tags as $tag) {
if (strcasecmp($term['term'],$tag) === 0) { if (strcasecmp($term['term'],$tag) === 0) {
return true; $tag_result = true;
} }
} }
} }
} $unless = intval(get_pconfig($channel['channel_id'], 'system', 'unless_tag_count',
get_config('system', 'unless_tag_count', 20)));
return false; if ($unless && count($terms) > $unless) {
$tag_result= false;
}
}
return $tag_result;
} }
@ -2958,6 +2963,10 @@ function i_am_mentioned($channel,$item) {
} }
} }
} }
$unless = intval(get_pconfig($channel['channel_id'], 'system', 'unless_mention_count', get_config('system', 'unless_mention_count', 20)));
if ($unless && count($terms) > $unless) {
$tagged = false;
}
return $tagged; return $tagged;
} }

2
view/tpl/settings.tpl
View file

@ -55,7 +55,9 @@
{{include file="field_input.tpl" field=$close_comments}} {{include file="field_input.tpl" field=$close_comments}}
{{include file="field_select.tpl" field=$mail_perms}} {{include file="field_select.tpl" field=$mail_perms}}
{{include file="field_checkbox.tpl" field=$permit_all_mentions}} {{include file="field_checkbox.tpl" field=$permit_all_mentions}}
{{include file="field_input.tpl" field=$unless_mention_count}}
{{include file="field_input.tpl" field=$followed_tags}} {{include file="field_input.tpl" field=$followed_tags}}
{{include file="field_input.tpl" field=$unless_tag_count}}
<div id="advanced-perm" style="display:{{if $permissions_set}}none{{else}}block{{/if}};"> <div id="advanced-perm" style="display:{{if $permissions_set}}none{{else}}block{{/if}};">
<div class="form-group"> <div class="form-group">