牛猫笔记

functions.php 文件添加

设置敏感词过滤后台选项和过滤敏感词函数

function themeConfig($form) {
    $SensitiveWords = new Typecho_Widget_Helper_Form_Element_Textarea('SensitiveWords', NULL, NULL, _t('评论敏感词过滤'), _t('过滤词语格式：词语|词语2|词语3'));
    $SensitiveWords->setAttribute('class', 'typecho-option option_main');
    $form->addInput($SensitiveWords);
}
/* 判断敏感词是否在字符串内 */
function _checkSensitiveWords($words_str, $str){
    $words = explode("|", $words_str);
    if (empty($words)) {
        return false;
    }
    foreach ($words as $word) {
        if (false !== strpos($str, trim($word))) {
            return true;
        }
    }
    return false;
}

加强评论拦截

function _checkXSS($text){
    $isXss = false;
    $list = array(
        '/onabort/is',
        '/onblur/is',
        '/onchange/is',
        '/onclick/is',
        '/ondblclick/is',
        '/onerror/is',
        '/onfocus/is',
        '/onkeydown/is',
        '/onkeypress/is',
        '/onkeyup/is',
        '/onload/is',
        '/onmousedown/is',
        '/onmousemove/is',
        '/onmouseout/is',
        '/onmouseover/is',
        '/onmouseup/is',
        '/onreset/is',
        '/onresize/is',
        '/onselect/is',
        '/onsubmit/is',
        '/onunload/is',
        '/eval/is',
        '/ascript:/is',
        '/style=/is',
        '/width=/is',
        '/width:/is',
        '/height=/is',
        '/height:/is',
        '/src=/is',
    );
    if (strip_tags($text)) {
        for ($i = 0; $i < count($list); $i++) {
            if (preg_match($list[$i], $text) > 0) {
                $isXss = true;
                break;
            }
        }
    } else {
        $isXss = true;
    };
    return $isXss;
}
/**Typecho 加强评论拦截功能**/
Typecho_Plugin::factory('Widget_Feedback')->comment = array('Intercept', 'message');
class Intercept{
    public static function message($comment) {
        /* 用户输入内容画图模式 */
        if (preg_match('/\{!\{(.*)\}!\}/', $comment['text'], $matches)) {
            /* 如果判断是否有双引号，如果有双引号，则禁止评论 */
            if (strpos($matches[1], '"') !== false || _checkXSS($matches[1])) {
                $comment['status'] = 'waiting';
            }
            /* 普通评论 */
        } else {
            /* 判断用户输入是否大于字符 */
            if (strlen($comment['text']) > 5) {
                $comment['status'] = 'waiting';
            } else {
                /* 判断评论内容是否包含敏感词 */
                $options = Typecho_Widget::widget('Widget_Options');
                $SensitiveWords = $options->SensitiveWords;
                if (_checkSensitiveWords($SensitiveWords, $comment['text'])) {
                    $comment['status'] = 'waiting';
                }
                /* 判断评论是否至少包含一个中文 */
                if (preg_match("/[\x{4e00}-\x{9fa5}]/u", $comment['text']) == 0) {
                    $comment['status'] = 'waiting';
                    //return false;
                }
            }
        }
        Typecho_Cookie::delete('__typecho_remember_text');
        return $comment;
    }
}