From ddba48add26fcc4697fef1cc5adefd002fd2b7e6 Mon Sep 17 00:00:00 2001 From: saxmatt Date: Sun, 5 Sep 2004 01:50:39 +0000 Subject: [PATCH] Track and check user agent for comments. git-svn-id: http://svn.automattic.com/wordpress/trunk@1603 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-comments-post.php | 9 ++++++--- wp-includes/functions.php | 1 + wp-trackback.php | 8 +++++--- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/wp-comments-post.php b/wp-comments-post.php index e21313288d..0a8df47a55 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -15,6 +15,7 @@ function add_magic_quotes($array) { if (!get_magic_quotes_gpc()) { $_POST = add_magic_quotes($_POST); $_COOKIE = add_magic_quotes($_COOKIE); + $_SERVER = add_magic_quotes($_SERVER); } $author = trim(strip_tags($_POST['author'])); @@ -28,6 +29,8 @@ $url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url; if (strlen($url) < 7) $url = ''; +$user_agent = $_SERVER['HTTP_USER_AGENT']; + $comment = trim($_POST['comment']); $comment_post_ID = intval($_POST['comment_post_ID']); $user_ip = $_SERVER['REMOTE_ADDR']; @@ -62,16 +65,16 @@ if (!empty($lasttime)) { // If we've made it this far, let's post. -if(check_comment($author, $email, $url, $comment, $user_ip)) { +if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) { $approved = 1; } else { $approved = 0; } $wpdb->query("INSERT INTO $wpdb->comments -(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved) +(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent) VALUES -('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved') +('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent') "); $comment_ID = $wpdb->get_var('SELECT last_insert_id()'); diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 68266944b6..d3c31bd505 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1493,6 +1493,7 @@ function check_comment($author, $email, $url, $comment, $user_ip) { if ( preg_match($pattern, $url) ) return false; if ( preg_match($pattern, $comment) ) return false; if ( preg_match($pattern, $user_ip) ) return false; + if ( preg_match($pattern, $useg_agent) ) return false; } return true; diff --git a/wp-trackback.php b/wp-trackback.php index b616f3d5e4..d5e0a5ae96 100644 --- a/wp-trackback.php +++ b/wp-trackback.php @@ -54,6 +54,8 @@ if ((strlen(''.$tb_id)) && (empty($_GET['__mode'])) && (strlen(''.$tb_url))) { $now = current_time('mysql'); $now_gmt = current_time('mysql', 1); + $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']); + $comment = convert_chars($comment); $comment = format_to_post($comment); @@ -66,16 +68,16 @@ if ((strlen(''.$tb_id)) && (empty($_GET['__mode'])) && (strlen(''.$tb_url))) { $comment_moderation = get_settings('comment_moderation'); $moderation_notify = get_settings('moderation_notify'); - if(check_comment($author, $email, $url, $comment, $user_ip)) { + if(check_comment($author, $email, $url, $comment, $user_ip, $user_agent)) { $approved = 1; } else { $approved = 0; } $result = $wpdb->query("INSERT INTO $wpdb->comments - (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved) + (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent) VALUES - ('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved') + ('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent') "); if (!$result) {