From 1b1f08062362cf0d89c33ef58f7d2fab4a104734 Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Fri, 17 Aug 2012 13:30:35 +0200 Subject: [PATCH 1/3] SpamBee: Fixed spam log message for wrong Captcha answer, truncated Captcha answer in spam log after 40 characters. --- serendipity_event_spamblock_bee/ChangeLog | 4 ++++ .../serendipity_event_spamblock_bee.php | 9 ++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/serendipity_event_spamblock_bee/ChangeLog b/serendipity_event_spamblock_bee/ChangeLog index c0a83e44..4fe0c68a 100644 --- a/serendipity_event_spamblock_bee/ChangeLog +++ b/serendipity_event_spamblock_bee/ChangeLog @@ -1,3 +1,7 @@ +Version 1.2.4 +* Fixed: Spam log entry for wrong Captcha answer +* Truncated Captcha answer in spam log if it is longer than 40 characters + Version 1.2.3 * Fixed: If core spam plugin was not installed, the check for required fiels was rejecting trackbacks sometimes. * Fixed: Rejecting comments having entry title as body only works for most blogs having the blogtitle as title, too. diff --git a/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php b/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php index 49c09194..7b0a5590 100644 --- a/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php +++ b/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php @@ -106,7 +106,7 @@ class serendipity_event_spamblock_bee extends serendipity_event 'php' => '4.1.0' )); - $propbag->add('version', '1.2.3'); + $propbag->add('version', '1.2.4'); $propbag->add('event_hooks', array( 'frontend_comment' => true, @@ -391,7 +391,7 @@ class serendipity_event_spamblock_bee extends serendipity_event // If provided answer is longer than 1000 characters and RegExp matching is on, // reject comment for security reasons (minimize risk of ReDoS) - if ($this->useRegularExpressions && strlen($answer) > 1000) { + if ($this->useRegularExpressions && mb_strlen($answer) > 1000) { $this->processComment($this->hiddenCaptchaHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_HCAPTCHA, "BEE HiddenCaptcha [ Captcha input too long ]"); return false; } @@ -422,7 +422,10 @@ class serendipity_event_spamblock_bee extends serendipity_event } if (!$isCorrect) { - $this->processComment($this->hiddenCaptchaHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_HCAPTCHA, "BEE HiddenCaptcha [ $correct != $answer ]"); + if (mb_strlen($answer) > 40) { + $answer = substr($answer, 0, 40) . '…'; + } + $this->processComment($this->hiddenCaptchaHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_HCAPTCHA, "BEE HiddenCaptcha [ $correctAnswer[answer] != $answer ]"); return $isCorrect; } } From d8133a34c35bc6a53a103e8ad77570a011825d27 Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Fri, 17 Aug 2012 13:39:01 +0200 Subject: [PATCH 2/3] SpamBee: Added truncation for honeypot log entry as well. --- .../serendipity_event_spamblock_bee.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php b/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php index 7b0a5590..0ceeea63 100644 --- a/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php +++ b/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php @@ -376,8 +376,12 @@ class serendipity_event_spamblock_bee extends serendipity_event if ("NORMAL" == $addData['type']) { // only supported for normal comments // Check for Honey Pot: - if ($this->useHoneyPot && (!empty($serendipity['POST']['phone']) || $serendipity['POST']['phone']=='0') ) { - $this->spamlog($eventData['id'], 'REJECTED', "BEE Honeypot [" . $serendipity['POST']['phone'] . "]", $addData); + $phone = $serendipity['POST']['phone']; + if ($this->useHoneyPot && (!empty($phone) || $phone == '0') ) { + if (mb_strlen($phone) > 40) { + $phone = substr($phone, 0, 40) . '…'; + } + $this->spamlog($eventData['id'], 'REJECTED', "BEE Honeypot [" . $phone . "]", $addData); $eventData = array('allow_comments' => false); return false; } From 9c554b058655e560beded304522d06340fcfe90c Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Fri, 17 Aug 2012 13:43:21 +0200 Subject: [PATCH 3/3] SpamBee: Use multibyte function for log entry truncation. --- .../serendipity_event_spamblock_bee.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php b/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php index 0ceeea63..5f044ea3 100644 --- a/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php +++ b/serendipity_event_spamblock_bee/serendipity_event_spamblock_bee.php @@ -379,7 +379,7 @@ class serendipity_event_spamblock_bee extends serendipity_event $phone = $serendipity['POST']['phone']; if ($this->useHoneyPot && (!empty($phone) || $phone == '0') ) { if (mb_strlen($phone) > 40) { - $phone = substr($phone, 0, 40) . '…'; + $phone = mb_substr($phone, 0, 40) . '…'; } $this->spamlog($eventData['id'], 'REJECTED', "BEE Honeypot [" . $phone . "]", $addData); $eventData = array('allow_comments' => false); @@ -427,7 +427,7 @@ class serendipity_event_spamblock_bee extends serendipity_event if (!$isCorrect) { if (mb_strlen($answer) > 40) { - $answer = substr($answer, 0, 40) . '…'; + $answer = mb_substr($answer, 0, 40) . '…'; } $this->processComment($this->hiddenCaptchaHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_HCAPTCHA, "BEE HiddenCaptcha [ $correctAnswer[answer] != $answer ]"); return $isCorrect;