Typecho 加强评论拦截和自定义敏感词过滤
functions.php
文件添加
设置敏感词过滤后台选项和过滤敏感词函数
function themeConfig($form) {
$SensitiveWords = new Typecho_Widget_Helper_Form_Element_Textarea('SensitiveWords', NULL, NULL, _t('评论敏感词过滤'), _t('过滤词语格式:词语|词语2|词语3'));
$SensitiveWords->setAttribute('class', 'typecho-option option_main');
$form->addInput($SensitiveWords);
}
/* 判断敏感词是否在字符串内 */
function _checkSensitiveWords($words_str, $str){
$words = explode("|", $words_str);
if (empty($words)) {
return false;
}
foreach ($words as $word) {
if (false !== strpos($str, trim($word))) {
return true;
}
}
return false;
}
加强评论拦截
function _checkXSS($text){
$isXss = false;
$list = array(
'/onabort/is',
'/onblur/is',
'/onchange/is',
'/onclick/is',
'/ondblclick/is',
'/onerror/is',
'/onfocus/is',
'/onkeydown/is',
'/onkeypress/is',
'/onkeyup/is',
'/onload/is',
'/onmousedown/is',
'/onmousemove/is',
'/onmouseout/is',
'/onmouseover/is',
'/onmouseup/is',
'/onreset/is',
'/onresize/is',
'/onselect/is',
'/onsubmit/is',
'/onunload/is',
'/eval/is',
'/ascript:/is',
'/style=/is',
'/width=/is',
'/width:/is',
'/height=/is',
'/height:/is',
'/src=/is',
);
if (strip_tags($text)) {
for ($i = 0; $i < count($list); $i++) {
if (preg_match($list[$i], $text) > 0) {
$isXss = true;
break;
}
}
} else {
$isXss = true;
};
return $isXss;
}
/**Typecho 加强评论拦截功能**/
Typecho_Plugin::factory('Widget_Feedback')->comment = array('Intercept', 'message');
class Intercept{
public static function message($comment) {
/* 用户输入内容画图模式 */
if (preg_match('/\{!\{(.*)\}!\}/', $comment['text'], $matches)) {
/* 如果判断是否有双引号,如果有双引号,则禁止评论 */
if (strpos($matches[1], '"') !== false || _checkXSS($matches[1])) {
$comment['status'] = 'waiting';
}
/* 普通评论 */
} else {
/* 判断用户输入是否大于字符 */
if (strlen($comment['text']) > 5) {
$comment['status'] = 'waiting';
} else {
/* 判断评论内容是否包含敏感词 */
$options = Typecho_Widget::widget('Widget_Options');
$SensitiveWords = $options->SensitiveWords;
if (_checkSensitiveWords($SensitiveWords, $comment['text'])) {
$comment['status'] = 'waiting';
}
/* 判断评论是否至少包含一个中文 */
if (preg_match("/[\x{4e00}-\x{9fa5}]/u", $comment['text']) == 0) {
$comment['status'] = 'waiting';
//return false;
}
}
}
Typecho_Cookie::delete('__typecho_remember_text');
return $comment;
}
}