X-Git-Url: https://git.toastfreeware.priv.at/toast/cookiecaptcha.git/blobdiff_plain/a14d91cde60e19ad5aba5c3da2be932f464e802b..def5670e9b43c6204d0fc36ea236f3b7910bd820:/ConfirmEdit.php diff --git a/ConfirmEdit.php b/ConfirmEdit.php index 729322b..f6cab65 100644 --- a/ConfirmEdit.php +++ b/ConfirmEdit.php @@ -6,7 +6,7 @@ * can extend the base to produce their fancy images in place of the * text-based test output here. * - * Copyright (C) 2005, 2006 Brion Vibber + * Copyright (C) 2005-2007 Brion Vibber * http://www.mediawiki.org/ * * This program is free software; you can redistribute it and/or modify @@ -140,7 +140,7 @@ $ceAllowConfirmedEmail = false; * Regex to whitelist URLs to known-good sites... * For instance: * $wgCaptchaWhitelist = '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i'; - * @fixme Use the 'spam-whitelist' thingy instead? + * Local admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]] */ $wgCaptchaWhitelist = false; @@ -179,6 +179,18 @@ function ceSetup() { $wgHooks['LoginAuthenticateAudit'][] = array( &$wgCaptcha, 'triggerUserLogin' ); $wgHooks['UserLoginForm'][] = array( &$wgCaptcha, 'injectUserLogin' ); $wgHooks['AbortLogin'][] = array( &$wgCaptcha, 'confirmUserLogin' ); + + global $wgGroupPermissions, $wgCaptchaTriggers; + if( !$wgGroupPermissions['*']['read'] && $wgCaptchaTriggers['badlogin'] ) { + // We need to ensure that the captcha interface is accessible + // so that unauthenticated users can actually get in after a + // mistaken password typing. + global $wgWhitelistRead; + $image = Title::makeTitle( NS_SPECIAL, 'Captcha/image' ); + $help = Title::makeTitle( NS_SPECIAL, 'Captcha/help' ); + $wgWhitelistRead[] = $image->getPrefixedText(); + $wgWhitelistRead[] = $help->getPrefixedText(); + } } /** @@ -468,12 +480,70 @@ class SimpleCaptcha { /** * Filter callback function for URL whitelisting + * @param string url to check * @return bool true if unknown, false if whitelisted * @access private */ function filterLink( $url ) { global $wgCaptchaWhitelist; - return !( $wgCaptchaWhitelist && preg_match( $wgCaptchaWhitelist, $url ) ); + $source = wfMsgForContent( 'captcha-addurl-whitelist' ); + + $whitelist = wfEmptyMsg( 'captcha-addurl-whitelist', $source ) + ? false + : $this->buildRegexes( explode( "\n", $source ) ); + + $cwl = $wgCaptchaWhitelist !== false ? preg_match( $wgCaptchaWhitelist, $url ) : false; + $wl = $whitelist !== false ? preg_match( $whitelist, $url ) : false; + + return !( $cwl || $wl ); + } + + /** + * Build regex from whitelist + * @param string lines from [[MediaWiki:Captcha-addurl-whitelist]] + * @return string Regex or bool false if whitelist is empty + * @access private + */ + function buildRegexes( $lines ) { + # Code duplicated from the SpamBlacklist extension (r19197) + + # Strip comments and whitespace, then remove blanks + $lines = array_filter( array_map( 'trim', preg_replace( '/#.*$/', '', $lines ) ) ); + + # No lines, don't make a regex which will match everything + if ( count( $lines ) == 0 ) { + wfDebug( "No lines\n" ); + return false; + } else { + # Make regex + # It's faster using the S modifier even though it will usually only be run once + //$regex = 'http://+[a-z0-9_\-.]*(' . implode( '|', $lines ) . ')'; + //return '/' . str_replace( '/', '\/', preg_replace('|\\\*/|', '/', $regex) ) . '/Si'; + $regexes = ''; + $regexStart = '/http:\/\/+[a-z0-9_\-.]*('; + $regexEnd = ')/Si'; + $regexMax = 4096; + $build = false; + foreach( $lines as $line ) { + // FIXME: not very robust size check, but should work. :) + if( $build === false ) { + $build = $line; + } elseif( strlen( $build ) + strlen( $line ) > $regexMax ) { + $regexes .= $regexStart . + str_replace( '/', '\/', preg_replace('|\\\*/|', '/', $build) ) . + $regexEnd; + $build = $line; + } else { + $build .= '|' . $line; + } + } + if( $build !== false ) { + $regexes .= $regexStart . + str_replace( '/', '\/', preg_replace('|\\\*/|', '/', $build) ) . + $regexEnd; + } + return $regexes; + } } /** @@ -705,4 +775,4 @@ class CaptchaCacheStore { } # End invocation guard -?> +