mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-10 08:25:42 +02:00
Merge remote-tracking branch 'ckwalsh/ticket/9661' into develop
* ckwalsh/ticket/9661: [ticket/9661] Remove eval() from functions_privmsgs.php
This commit is contained in:
Igor Wiedler
commit
330b79686a
@ -19,7 +19,8 @@ if (!defined('IN_PHPBB'))
|
||||
Ability to simply add own rules by doing three things:
|
||||
1) Add an appropriate constant
|
||||
2) Add a new check array to the global_privmsgs_rules variable and the condition array (if one is required)
|
||||
3) Add a new language variable to ucp.php
|
||||
3) Implement the rule logic in the check_rule() function
|
||||
4) Add a new language variable to ucp.php
|
||||
|
||||
The user is then able to select the new rule. It will be checked against and handled as specified.
|
||||
To add new actions (yes, checks can be added here too) to the rule management, the core code has to be modified.
|
||||
@ -57,42 +58,42 @@ define('CHECK_TO', 5);
|
||||
*/
|
||||
$global_privmsgs_rules = array(
|
||||
CHECK_SUBJECT => array(
|
||||
RULE_IS_LIKE => array('check0' => 'message_subject', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0})'),
|
||||
RULE_IS_NOT_LIKE => array('check0' => 'message_subject', 'function' => '!(preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0}))'),
|
||||
RULE_IS => array('check0' => 'message_subject', 'function' => '{CHECK0} == {STRING}'),
|
||||
RULE_IS_NOT => array('check0' => 'message_subject', 'function' => '{CHECK0} != {STRING}'),
|
||||
RULE_BEGINS_WITH => array('check0' => 'message_subject', 'function' => 'preg_match("/^" . preg_quote({STRING}, "/") . "/i", {CHECK0})'),
|
||||
RULE_ENDS_WITH => array('check0' => 'message_subject', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "$/i", {CHECK0})'),
|
||||
RULE_IS_LIKE => array('check0' => 'message_subject'),
|
||||
RULE_IS_NOT_LIKE => array('check0' => 'message_subject'),
|
||||
RULE_IS => array('check0' => 'message_subject'),
|
||||
RULE_IS_NOT => array('check0' => 'message_subject'),
|
||||
RULE_BEGINS_WITH => array('check0' => 'message_subject'),
|
||||
RULE_ENDS_WITH => array('check0' => 'message_subject'),
|
||||
),
|
||||
|
||||
CHECK_SENDER => array(
|
||||
RULE_IS_LIKE => array('check0' => 'username', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0})'),
|
||||
RULE_IS_NOT_LIKE => array('check0' => 'username', 'function' => '!(preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0}))'),
|
||||
RULE_IS => array('check0' => 'username', 'function' => '{CHECK0} == {STRING}'),
|
||||
RULE_IS_NOT => array('check0' => 'username', 'function' => '{CHECK0} != {STRING}'),
|
||||
RULE_BEGINS_WITH => array('check0' => 'username', 'function' => 'preg_match("/^" . preg_quote({STRING}, "/") . "/i", {CHECK0})'),
|
||||
RULE_ENDS_WITH => array('check0' => 'username', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "$/i", {CHECK0})'),
|
||||
RULE_IS_FRIEND => array('check0' => 'friend', 'function' => '{CHECK0} == 1'),
|
||||
RULE_IS_FOE => array('check0' => 'foe', 'function' => '{CHECK0} == 1'),
|
||||
RULE_IS_USER => array('check0' => 'author_id', 'function' => '{CHECK0} == {USER_ID}'),
|
||||
RULE_IS_GROUP => array('check0' => 'author_in_group', 'function' => 'in_array({GROUP_ID}, {CHECK0})'),
|
||||
RULE_IS_LIKE => array('check0' => 'username'),
|
||||
RULE_IS_NOT_LIKE => array('check0' => 'username'),
|
||||
RULE_IS => array('check0' => 'username'),
|
||||
RULE_IS_NOT => array('check0' => 'username'),
|
||||
RULE_BEGINS_WITH => array('check0' => 'username'),
|
||||
RULE_ENDS_WITH => array('check0' => 'username'),
|
||||
RULE_IS_FRIEND => array('check0' => 'friend'),
|
||||
RULE_IS_FOE => array('check0' => 'foe'),
|
||||
RULE_IS_USER => array('check0' => 'author_id'),
|
||||
RULE_IS_GROUP => array('check0' => 'author_in_group'),
|
||||
),
|
||||
|
||||
CHECK_MESSAGE => array(
|
||||
RULE_IS_LIKE => array('check0' => 'message_text', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0})'),
|
||||
RULE_IS_NOT_LIKE => array('check0' => 'message_text', 'function' => '!(preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0}))'),
|
||||
RULE_IS => array('check0' => 'message_text', 'function' => '{CHECK0} == {STRING}'),
|
||||
RULE_IS_NOT => array('check0' => 'message_text', 'function' => '{CHECK0} != {STRING}'),
|
||||
RULE_IS_LIKE => array('check0' => 'message_text'),
|
||||
RULE_IS_NOT_LIKE => array('check0' => 'message_text'),
|
||||
RULE_IS => array('check0' => 'message_text'),
|
||||
RULE_IS_NOT => array('check0' => 'message_text'),
|
||||
),
|
||||
|
||||
CHECK_STATUS => array(
|
||||
RULE_ANSWERED => array('check0' => 'pm_replied', 'function' => '{CHECK0} == 1'),
|
||||
RULE_FORWARDED => array('check0' => 'pm_forwarded', 'function' => '{CHECK0} == 1'),
|
||||
RULE_ANSWERED => array('check0' => 'pm_replied'),
|
||||
RULE_FORWARDED => array('check0' => 'pm_forwarded'),
|
||||
),
|
||||
|
||||
CHECK_TO => array(
|
||||
RULE_TO_GROUP => array('check0' => 'to', 'check1' => 'bcc', 'check2' => 'user_in_group', 'function' => 'in_array("g_" . {CHECK2}, {CHECK0}) || in_array("g_" . {CHECK2}, {CHECK1})'),
|
||||
RULE_TO_ME => array('check0' => 'to', 'check1' => 'bcc', 'function' => 'in_array("u_" . $user_id, {CHECK0}) || in_array("u_" . $user_id, {CHECK1})'),
|
||||
RULE_TO_GROUP => array('check0' => 'to', 'check1' => 'bcc', 'check2' => 'user_in_group'),
|
||||
RULE_TO_ME => array('check0' => 'to', 'check1' => 'bcc'),
|
||||
)
|
||||
);
|
||||
|
||||
@ -260,16 +261,60 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
|
||||
|
||||
$check_ary = $rules[$rule_row['rule_check']][$rule_row['rule_connection']];
|
||||
|
||||
// Replace Check Literals
|
||||
$evaluate = $check_ary['function'];
|
||||
$evaluate = preg_replace('/{(CHECK[0-9])}/', '$message_row[$check_ary[strtolower("\1")]]', $evaluate);
|
||||
|
||||
// Replace Rule Literals
|
||||
$evaluate = preg_replace('/{(STRING|USER_ID|GROUP_ID)}/', '$rule_row["rule_" . strtolower("\1")]', $evaluate);
|
||||
|
||||
// Evil Statement
|
||||
$result = false;
|
||||
eval('$result = (' . $evaluate . ') ? true : false;');
|
||||
|
||||
$check0 = $message_row[$check_ary['check0']];
|
||||
|
||||
switch ($rule_row['rule_connection'])
|
||||
{
|
||||
case RULE_IS_LIKE:
|
||||
$result = preg_match("/" . preg_quote($rule_row['rule_string'], '/') . '/i', $check0);
|
||||
break;
|
||||
|
||||
case RULE_IS_NOT_LIKE:
|
||||
$result = !preg_match("/" . preg_quote($rule_row['rule_string'], '/') . '/i', $check0);
|
||||
break;
|
||||
|
||||
case RULE_IS:
|
||||
$result = ($check0 == $rule_row['rule_string']);
|
||||
break;
|
||||
|
||||
case RULE_IS_NOT:
|
||||
$result = ($check0 != $rule_row['rule_string']);
|
||||
break;
|
||||
|
||||
case RULE_BEGINS_WITH:
|
||||
$result = preg_match("/^" . preg_quote($rule_row['rule_string'], '/') . '/i', $check0);
|
||||
break;
|
||||
|
||||
case RULE_ENDS_WITH:
|
||||
$result = preg_match("/" . preg_quote($rule_row['rule_string'], '/') . '$/i', $check0);
|
||||
break;
|
||||
|
||||
case RULE_IS_FRIEND:
|
||||
case RULE_IS_FOE:
|
||||
case RULE_ANSWERED:
|
||||
case RULE_FORWARDED:
|
||||
$result = ($check0 == 1);
|
||||
break;
|
||||
|
||||
case RULE_IS_USER:
|
||||
$result = ($check0 == $rule_row['rule_user_id']);
|
||||
break;
|
||||
|
||||
case RULE_IS_GROUP:
|
||||
$result = in_array($rule_row['rule_group_id'], $check0);
|
||||
break;
|
||||
|
||||
case RULE_TO_GROUP:
|
||||
$result = (in_array('g_' . $message_row[$check_ary['check2']], $check0) || in_array('g_' . $message_row[$check_ary['check2']], $message_row[$check_ary['check1']]));
|
||||
break;
|
||||
|
||||
case RULE_TO_ME:
|
||||
$result = (in_array('u_' . $user_id, $check0) || in_array('u_' . $user_id, $message_row[$check_ary['check1']]));
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
if (!$result)
|
||||
{
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user