rtoss - Diff between revs 12 and 37

Subversion Repositories:
Rev:
Show entire file - Ignore whitespace
Rev 12 Rev 37
Line 7... Line 7...
7         if (get_magic_quotes_gpc()) { 7         if (get_magic_quotes_gpc()) {
8                 $u_str = stripslashes($u_str); 8                 $u_str = stripslashes($u_str);
9         } 9         }
10         $u_str = htmlspecialchars($u_str); 10         $u_str = htmlspecialchars($u_str);
11         return str_replace(array(",",'$'), array(",","$"), $u_str); 11         return str_replace(array(",",'$'), array(",","$"), $u_str);
-   12 }
-   13
-   14 function matchCIDR($addr, $cidr) {
-   15         list($ip, $mask) = explode('/', $cidr);
-   16         return (ip2long($addr) >> (32 - $mask) == ip2long($ip.str_repeat('.0', 3 - substr_count($ip, '.'))) >> (32 - $mask));
-   17 }
-   18 /* 取得 (Transparent) Proxy 提供之 IP 參數 */
-   19 function getREMOTE_ADDR(){
-   20         if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
-   21                 $tmp = preg_split('/[ ,]+/', $_SERVER['HTTP_X_FORWARDED_FOR']);
-   22                 return $tmp[0];
-   23         }
-   24         return $_SERVER['REMOTE_ADDR'];
12 } 25 }
13 26
14 $subject = CleanStr($_REQUEST['subject']); 27 $subject = CleanStr($_REQUEST['subject']);
15 $FROM1 = $_REQUEST['nick']; 28 $FROM1 = $_REQUEST['nick'];
16 $FROM = CleanStr($_REQUEST['nick']); 29 $FROM = CleanStr($_REQUEST['nick']);
Line 18... Line 31...
18 $MESSAGE = CleanStr($_REQUEST['content']); 31 $MESSAGE = CleanStr($_REQUEST['content']);
19 $mail = Cleanstr($_REQUEST['mail']); 32 $mail = Cleanstr($_REQUEST['mail']);
20 $c_pass = $_REQUEST['delk']; 33 $c_pass = $_REQUEST['delk'];
21 $delk = substr(md5($_REQUEST['delk']), 2, 8); 34 $delk = substr(md5($_REQUEST['delk']), 2, 8);
22 $key = $_REQUEST['key']; 35 $key = $_REQUEST['key'];
-   36 $host = gethostbyaddr($IP=getREMOTE_ADDR());
23 37
24 if (ereg("^( | |\t)*$", $MESSAGE)) { 38 if (ereg("^( | |\t)*$", $MESSAGE)) {
25         error("本文がありません!", $FROM, $mail, $host, $MESSAGE); 39         error("本文がありません!", $FROM, $mail, $host, $MESSAGE);
26 } 40 }
27 if ($key == "" && (ereg("^( | |\t)*$", $subject))) { 41 if ($key == "" && (ereg("^( | |\t)*$", $subject))) {
Line 29... Line 43...
29 } 43 }
30 if (!isset($_REQUEST['url']) || (isset($_REQUEST['url']) && $_REQUEST['url']!="")) { 44 if (!isset($_REQUEST['url']) || (isset($_REQUEST['url']) && $_REQUEST['url']!="")) {
31         error("投稿が禁止されています", $FROM, $mail, $host, $MESSAGE); 45         error("投稿が禁止されています", $FROM, $mail, $host, $MESSAGE);
32 } 46 }
33 // ホスト、禁止ホスト 47 // ホスト、禁止ホスト
34 $host = gethostbyaddr($_SERVER["REMOTE_ADDR"]); -  
35 $killip = file("killip.cgi"); 48 $killip = file("killip.cgi");
-   49 $checkTwice = ($IP != $HOST); // 是否需檢查第二次
36 foreach ($killip as $kill) { 50 foreach ($killip as $kill) {
37         $kill = rtrim($kill); 51         $kill = rtrim($kill);
38         if ($kill != "" && stristr($host, $kill)) { -  
39                 error("投稿が禁止されています", $FROM, $mail, $host, $MESSAGE); -  
-   52         if ($kill) {
-   53                 $slash = substr_count($kill, '/');
-   54                 if($slash==2){ // RegExp
-   55                         $kill .= 'i';
-   56                 }elseif($slash==1){ // CIDR Notation
-   57                         if(matchCIDR($IP, $kill)){ $IsBanned = true; break; }
-   58                         continue;
-   59                 }elseif(strpos($kill, '*')!==false || strpos($kill, '?')!==false){ // Wildcard
-   60                         $kill = '/^'.str_replace(array('.', '*', '?'), array('\.', '.*', '.?'), $kill).'$/i';
-   61                 }else{ // Full-text
-   62                         if($IP==$kill || ($checkTwice && $HOST==strtolower($kill))){ $IsBanned = true; break; }
-   63                         $kill = '/'.str_replace('.','\.',$kill).'/i'; // Go for regmatch
-   64 //                      continue;
-   65                 }
-   66                 if(preg_match($kill, $HOST) || ($checkTwice && preg_match($kill, $IP))){ $IsBanned = true; break; }
40         } 67         }
41 } 68 }
-   69 if($IsBanned) error("投稿が禁止されています", $FROM, $mail, $host, $MESSAGE);
42 70
43 if(count($ngfiles)) { 71 if(count($ngfiles)) {
44         foreach($ngfiles as $ngfile) { 72         foreach($ngfiles as $ngfile) {
45                 if(is_file($ngfile)) { 73                 if(is_file($ngfile)) {
46                         $ngwords=explode(',',rtrim(implode('',file($ngfile)))); 74                         $ngwords=explode(',',rtrim(implode('',file($ngfile))));
Line 73... Line 101...
73         $idcrypt = substr(crypt(($bbscrypt + $idnum), gmdate("Ymd", time() + $TZ * 3600)), -8); 101         $idcrypt = substr(crypt(($bbscrypt + $idnum), gmdate("Ymd", time() + $TZ * 3600)), -8);
74         $id = " ID:" . $idcrypt; 102         $id = " ID:" . $idcrypt;
75 } 103 }
76 */ 104 */
77 // IP 105 // IP
78 $id = " IP:".preg_replace('/\d+$/','*',$_SERVER['REMOTE_ADDR']); -  
-   106 $id = " IP:".preg_replace('/\d+$/','*',$IP);
79 107
80 $addr=$_SERVER["REMOTE_ADDR"]; -  
81 $qcnt=$exflg=0; 108 $qcnt=$exflg=0;
82 if($extipq && $addr != "127.0.0.1" && strpos($FROM,"fusianasan")===false) { -  
83         $rev = implode('.', array_reverse(explode('.', $addr))); -  
-   109 if($extipq && $IP != "127.0.0.1" && strpos($FROM,"fusianasan")===false && strpos($FROM,"mokorikomo")===false) {
-   110         $rev = implode('.', array_reverse(explode('.', $IP)));
84         $queries = array( 'list.dsbl.org','bbx.2ch.net','dnsbl.ahbl.org','niku.2ch.net','virus.rbl.jp','ircbl.ahbl.org','tor.ahbl.org' ); 111         $queries = array( 'list.dsbl.org','bbx.2ch.net','dnsbl.ahbl.org','niku.2ch.net','virus.rbl.jp','ircbl.ahbl.org','tor.ahbl.org' );
85         foreach ( $queries as $query ) { 112         foreach ( $queries as $query ) {
86                 $qres=gethostbyname($rev.'.'.$query); 113                 $qres=gethostbyname($rev.'.'.$query);
87                 if($rev.'.'.$query!=$qres){ $exflg=1; break; } 114                 if($rev.'.'.$query!=$qres){ $exflg=1; break; }
88                 $qcnt++; 115                 $qcnt++;
Line 91... Line 118...
91 } 118 }
92 if($exflg) error("投稿が禁止されています (#".$qcnt.')', $FROM, $mail, $host, $MESSAGE); 119 if($exflg) error("投稿が禁止されています (#".$qcnt.')', $FROM, $mail, $host, $MESSAGE);
93 120
94 121
95 $FROM = str_replace("fusianasan", "</b>" . $host . "<b>", $FROM); //fusianasan? 122 $FROM = str_replace("fusianasan", "</b>" . $host . "<b>", $FROM); //fusianasan?
-   123 $FROM = str_replace("mokorikomo", "</b>" . $IP . "<b>", $FROM); //mokorikomo?
96 124
97 $MESSAGE = str_replace("\r\n", "\r", $MESSAGE); //改行文字の統一。 125 $MESSAGE = str_replace("\r\n", "\r", $MESSAGE); //改行文字の統一。
98 $MESSAGE = str_replace("\r", "\n", $MESSAGE); 126 $MESSAGE = str_replace("\r", "\n", $MESSAGE);
99 /* 投稿制限 */ 127 /* 投稿制限 */
100 if (substr_count($MESSAGE, "\n") > $postline) error("改行が多すぎます!", $FROM, $mail, $host, $MESSAGE); 128 if (substr_count($MESSAGE, "\n") > $postline) error("改行が多すぎます!", $FROM, $mail, $host, $MESSAGE);