Track and check user agent for comments.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2004-09-05 01:50:39 +00:00
parent 5d597fb226
commit ddba48add2
3 changed files with 12 additions and 6 deletions

View File

@ -15,6 +15,7 @@ function add_magic_quotes($array) {
if (!get_magic_quotes_gpc()) { if (!get_magic_quotes_gpc()) {
$_POST = add_magic_quotes($_POST); $_POST = add_magic_quotes($_POST);
$_COOKIE = add_magic_quotes($_COOKIE); $_COOKIE = add_magic_quotes($_COOKIE);
$_SERVER = add_magic_quotes($_SERVER);
} }
$author = trim(strip_tags($_POST['author'])); $author = trim(strip_tags($_POST['author']));
@ -28,6 +29,8 @@ $url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
if (strlen($url) < 7) if (strlen($url) < 7)
$url = ''; $url = '';
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$comment = trim($_POST['comment']); $comment = trim($_POST['comment']);
$comment_post_ID = intval($_POST['comment_post_ID']); $comment_post_ID = intval($_POST['comment_post_ID']);
$user_ip = $_SERVER['REMOTE_ADDR']; $user_ip = $_SERVER['REMOTE_ADDR'];
@ -62,16 +65,16 @@ if (!empty($lasttime)) {
// If we've made it this far, let's post. // If we've made it this far, let's post.
if(check_comment($author, $email, $url, $comment, $user_ip)) { if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) {
$approved = 1; $approved = 1;
} else { } else {
$approved = 0; $approved = 0;
} }
$wpdb->query("INSERT INTO $wpdb->comments $wpdb->query("INSERT INTO $wpdb->comments
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved) (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
VALUES VALUES
('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved') ('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
"); ");
$comment_ID = $wpdb->get_var('SELECT last_insert_id()'); $comment_ID = $wpdb->get_var('SELECT last_insert_id()');

View File

@ -1493,6 +1493,7 @@ function check_comment($author, $email, $url, $comment, $user_ip) {
if ( preg_match($pattern, $url) ) return false; if ( preg_match($pattern, $url) ) return false;
if ( preg_match($pattern, $comment) ) return false; if ( preg_match($pattern, $comment) ) return false;
if ( preg_match($pattern, $user_ip) ) return false; if ( preg_match($pattern, $user_ip) ) return false;
if ( preg_match($pattern, $useg_agent) ) return false;
} }
return true; return true;

View File

@ -54,6 +54,8 @@ if ((strlen(''.$tb_id)) && (empty($_GET['__mode'])) && (strlen(''.$tb_url))) {
$now = current_time('mysql'); $now = current_time('mysql');
$now_gmt = current_time('mysql', 1); $now_gmt = current_time('mysql', 1);
$user_agent = addslashes($_SERVER['HTTP_USER_AGENT']);
$comment = convert_chars($comment); $comment = convert_chars($comment);
$comment = format_to_post($comment); $comment = format_to_post($comment);
@ -66,16 +68,16 @@ if ((strlen(''.$tb_id)) && (empty($_GET['__mode'])) && (strlen(''.$tb_url))) {
$comment_moderation = get_settings('comment_moderation'); $comment_moderation = get_settings('comment_moderation');
$moderation_notify = get_settings('moderation_notify'); $moderation_notify = get_settings('moderation_notify');
if(check_comment($author, $email, $url, $comment, $user_ip)) { if(check_comment($author, $email, $url, $comment, $user_ip, $user_agent)) {
$approved = 1; $approved = 1;
} else { } else {
$approved = 0; $approved = 0;
} }
$result = $wpdb->query("INSERT INTO $wpdb->comments $result = $wpdb->query("INSERT INTO $wpdb->comments
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved) (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
VALUES VALUES
('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved') ('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
"); ");
if (!$result) { if (!$result) {