Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2024-09-21 16:38:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

[noSpam] Параметры блокировки (#960)

Browse source 
* Параметры блокировки

* Защита от SQLi и доработка поиска

* Фикс блокировки, если дата разблокировки не указана
This commit is contained in:
n1rwana 2023-08-26 13:14:25 +03:00 committed by GitHub
parent e433e46b36
commit 245f8690c6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 191 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Web/Presenters/AdminPresenter.php
View file

@ -363,7 +363,7 @@ final class AdminPresenter extends OpenVKPresenter
if (str_contains($this->queryParam("reason"), "*")) if (str_contains($this->queryParam("reason"), "*"))
exit(json_encode([ "error" => "Incorrect reason" ])); exit(json_encode([ "error" => "Incorrect reason" ]));
$unban_time = strtotime($this->queryParam("date")) ?: NULL; $unban_time = strtotime($this->queryParam("date")) ?: "permanent";
$user = $this->users->get($id); $user = $this->users->get($id);
if(!$user) if(!$user)

45
Web/Presenters/NoSpamPresenter.php
View file

@ -177,26 +177,25 @@ final class NoSpamPresenter extends OpenVKPresenter
if ($conditions) { if ($conditions) {
$logs = $db->query("SELECT * FROM `ChandlerLogs` $whereStart $conditions GROUP BY `object_id`, `object_model`"); $logs = $db->query("SELECT * FROM `ChandlerLogs` $whereStart $conditions GROUP BY `object_id`, `object_model`");
if (!$where) {
foreach ($logs as $log) {
$log = (new Logs)->get($log->id);
$response[] = $log->getObject()->unwrap();
}
} else {
foreach ($logs as $log) { foreach ($logs as $log) {
$log = (new Logs)->get($log->id); $log = (new Logs)->get($log->id);
$object = $log->getObject()->unwrap(); $object = $log->getObject()->unwrap();
if (!$object) continue; if (!$object) continue;
if ($where) {
if (str_starts_with($where, " AND")) { if (str_starts_with($where, " AND")) {
$where = substr_replace($where, "", 0, strlen(" AND")); $where = substr_replace($where, "", 0, strlen(" AND"));
} }
foreach ($db->query("SELECT * FROM `$table` WHERE $where")->fetchAll() as $o) { $a = $db->query("SELECT * FROM `$table` WHERE $where")->fetchAll();
if ($object->id === $o["id"]) { foreach ($a as $o) {
if ($object->id == $o["id"]) {
$response[] = $object; $response[] = $object;
} }
} }
} else {
$response[] = $object;
} }
} }
} }
@ -210,12 +209,16 @@ final class NoSpamPresenter extends OpenVKPresenter
$processed = 0; $processed = 0;
$where = $this->postParam("where"); $where = $this->postParam("where");
$ip = $this->postParam("ip"); $ip = addslashes($this->postParam("ip"));
$useragent = $this->postParam("useragent"); $useragent = addslashes($this->postParam("useragent"));
$searchTerm = $this->postParam("q"); $searchTerm = addslashes($this->postParam("q"));
$ts = (int)$this->postParam("ts"); $ts = (int)$this->postParam("ts");
$te = (int)$this->postParam("te"); $te = (int)$this->postParam("te");
$user = $this->postParam("user"); $user = addslashes($this->postParam("user"));
if ($where) {
$where = explode(";", $where)[0];
}
if (!$ip && !$useragent && !$searchTerm && !$ts && !$te && !$where && !$searchTerm && !$user) if (!$ip && !$useragent && !$searchTerm && !$ts && !$te && !$where && !$searchTerm && !$user)
$this->returnJson(["success" => false, "error" => "Нет запроса. Заполните поле \"подстрока\" или введите запрос \"WHERE\" в поле под ним."]); $this->returnJson(["success" => false, "error" => "Нет запроса. Заполните поле \"подстрока\" или введите запрос \"WHERE\" в поле под ним."]);
@ -256,12 +259,7 @@ final class NoSpamPresenter extends OpenVKPresenter
} }
$rows = []; $rows = [];
if ($ip || $useragent || $ts || $te || $user) {
$rows = searchByAdditionalParams($table, $where, $ip, $useragent, $ts, $te, $user);
}
if (count($rows) === 0) {
if (!$searchTerm) {
if (str_starts_with($where, " AND")) { if (str_starts_with($where, " AND")) {
if ($searchTerm && !$this->postParam("where")) { if ($searchTerm && !$this->postParam("where")) {
$where = substr_replace($where, "", 0, strlen(" AND")); $where = substr_replace($where, "", 0, strlen(" AND"));
@ -270,6 +268,9 @@ final class NoSpamPresenter extends OpenVKPresenter
} }
} }
if ($ip || $useragent || $ts || $te || $user) {
$rows = searchByAdditionalParams($table, $where, $ip, $useragent, $ts, $te, $user);
} else {
if (!$where) { if (!$where) {
$rows = []; $rows = [];
} else { } else {
@ -277,7 +278,6 @@ final class NoSpamPresenter extends OpenVKPresenter
$rows = $result->fetchAll(); $rows = $result->fetchAll();
} }
} }
}
if (!in_array((int)$this->postParam("ban"), [1, 2, 3])) { if (!in_array((int)$this->postParam("ban"), [1, 2, 3])) {
foreach ($rows as $key => $object) { foreach ($rows as $key => $object) {
@ -347,11 +347,18 @@ final class NoSpamPresenter extends OpenVKPresenter
} }
if (in_array((int)$this->postParam("ban"), [2, 3])) { if (in_array((int)$this->postParam("ban"), [2, 3])) {
$reason = mb_strlen(trim($this->postParam("ban_reason"))) > 0 ? addslashes($this->postParam("ban_reason")) : ("**content-noSpamTemplate-" . $log->getId() . "**");
$is_forever = (string)$this->postParam("is_forever") === "true";
$unban_time = $is_forever ? 0 : (int)$this->postParam("unban_time") ?? NULL;
if ($owner) { if ($owner) {
$_id = ($owner instanceof Club ? $owner->getId() * -1 : $owner->getId()); $_id = ($owner instanceof Club ? $owner->getId() * -1 : $owner->getId());
if (!in_array($_id, $banned_ids)) { if (!in_array($_id, $banned_ids)) {
if ($owner instanceof User) { if ($owner instanceof User) {
$owner->ban("**content-noSpamTemplate-" . $log->getId() . "**", false, time() + $owner->getNewBanTime(), $this->user->id); if (!$unban_time && !$is_forever)
$unban_time = time() + $owner->getNewBanTime();
$owner->ban($reason, false, $unban_time, $this->user->id);
} else { } else {
$owner->ban("Подозрительная активность"); $owner->ban("Подозрительная активность");
} }

39
Web/Presenters/templates/NoSpam/Index.xml
View file

@ -106,13 +106,31 @@
<span class="nobold">Параметры блокировки:</span> <span class="nobold">Параметры блокировки:</span>
</td> </td>
<td> <td>
<select name="ban_type" id="noSpam-ban-type"> <select name="ban_type" id="noSpam-ban-type" style="width: 140px;">
<option value="1">Только откат</option> <option value="1">Только откат</option>
<option value="2">Только блокировка</option> <option value="2">Только блокировка</option>
<option value="3">Откат и блокировка</option> <option value="3">Откат и блокировка</option>
</select> </select>
</td> </td>
</tr> </tr>
<tr class="banSettings" style="width: 129px; border-top: 1px solid #ECECEC; display: none;">
<td>
<span class="nobold">Причина:</span>
</td>
<td>
<input type="text" name="ban-reason" id="ban-reason" style="width: 140px;" />
</td>
</tr>
<tr class="banSettings" style="width: 129px; border-top: 1px solid #ECECEC; display: none;">
<td>
<span class="nobold">До:</span>
</td>
<td>
<input type="datetime-local" name="unban-time" id="unban-time" style="width: 140px;" />
<br />
<input type="checkbox" name="is_forever" id="is-forever" /> навсегда
</td>
</tr>
</tbody> </tbody>
</table> </table>
<div style="border-top: 1px solid #ECECEC; margin: 8px 0;"/> <div style="border-top: 1px solid #ECECEC; margin: 8px 0;"/>
@ -158,7 +176,6 @@
$("#noSpam-results-loader").show(); $("#noSpam-results-loader").show();
$("#noSpam-loader").show(); $("#noSpam-loader").show();
let models = []; let models = [];
$(".model").each(function (i) { $(".model").each(function (i) {
let name = $(this).val(); let name = $(this).val();
@ -178,6 +195,10 @@
let ts = $("#ts").val() ? Math.floor(new Date($("#ts").val()).getTime() / 1000) : null; let ts = $("#ts").val() ? Math.floor(new Date($("#ts").val()).getTime() / 1000) : null;
let te = $("#te").val() ? Math.floor(new Date($("#te").val()).getTime() / 1000) : null; let te = $("#te").val() ? Math.floor(new Date($("#te").val()).getTime() / 1000) : null;
let user = $("#user").val(); let user = $("#user").val();
let ban_reason = $("#ban-reason").val();
let unban_time = $("#unban-time").val() ? Math.floor(new Date($("#unban-time").val()).getTime() / 1000) : null;
let is_forever = $("#is-forever").prop('checked');
console.log(ban_reason, unban_time, is_forever);
await $.ajax({ await $.ajax({
type: "POST", type: "POST",
@ -193,6 +214,9 @@
ts: ts, ts: ts,
te: te, te: te,
user: user, user: user,
ban_reason: ban_reason,
unban_time: unban_time,
is_forever: is_forever,
hash: {=$csrfToken} hash: {=$csrfToken}
}, },
success: (response) => { success: (response) => {
@ -277,6 +301,17 @@
selectChange(e.target.value); selectChange(e.target.value);
}) })
$("#noSpam-ban-type").change(async (e) => {
if (e.target.value > 1) {
$(".banSettings").show();
} else {
$("#ban-reason").val(null);
$("#unban-time").val(null);
$("#is-forever").prop('checked', false);
$(".banSettings").hide();
}
});
$("#add-model").on("click", () => { $("#add-model").on("click", () => {
console.log($(".model").length); console.log($(".model").length);
$("#models-list").append(` $("#models-list").append(`