Issues in LinkFilter.php - All Issues - Inspection of "Daily Inspection: Merge "Add GENDER support to pro..." - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (939199)

unknown

created 2016-11-04 17:19 UTC

includes/LinkFilter.php (1 issue)

Labels

Severity

Informational 1

mrbluesky 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Functions to help implement an external link filter for spam control.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

/**
 * Some functions to help implement an external link filter for spam control.
 *
 * @todo implement the filter. Currently these are just some functions to help
 * maintenance/cleanupSpam.php remove links to a single specified domain. The
 * next thing is to implement functions for checking a given page against a big
 * list of domains.
 *
 * Another cool thing to do would be a web interface for fast spam removal.
 */
class LinkFilter {

	/**
	 * Check whether $content contains a link to $filterEntry
	 *
	 * @param Content $content Content to check
	 * @param string $filterEntry Domainparts, see makeRegex() for more details
	 * @return int 0 if no match or 1 if there's at least one match
	 */
	static function matchEntry( Content $content, $filterEntry ) {
		if ( !( $content instanceof TextContent ) ) {
			// TODO: handle other types of content too.
			//      Maybe create ContentHandler::matchFilter( LinkFilter ).
			//      Think about a common base class for LinkFilter and MagicWord.
			return 0;
		}

		$text = $content->getNativeData();

		$regex = LinkFilter::makeRegex( $filterEntry );
		return preg_match( $regex, $text );
	}

	/**
	 * Builds a regex pattern for $filterEntry.
	 *
	 * @param string $filterEntry URL, if it begins with "*.", it'll be
	 *        replaced to match any subdomain
	 * @return string Regex pattern, for preg_match()
	 */
	private static function makeRegex( $filterEntry ) {
		$regex = '!http://';
		if ( substr( $filterEntry, 0, 2 ) == '*.' ) {
			$regex .= '(?:[A-Za-z0-9.-]+\.|)';
			$filterEntry = substr( $filterEntry, 2 );
		}
		$regex .= preg_quote( $filterEntry, '!' ) . '!Si';
		return $regex;
	}

	/**
	 * Make an array to be used for calls to Database::buildLike(), which
	 * will match the specified string. There are several kinds of filter entry:
	 *     *.domain.com    -  Produces http://com.domain.%, matches domain.com
	 *                        and www.domain.com
	 *     domain.com      -  Produces http://com.domain./%, matches domain.com
	 *                        or domain.com/ but not www.domain.com
	 *     *.domain.com/x  -  Produces http://com.domain.%/x%, matches
	 *                        www.domain.com/xy
	 *     domain.com/x    -  Produces http://com.domain./x%, matches
	 *                        domain.com/xy but not www.domain.com/xy
	 *
	 * Asterisks in any other location are considered invalid.
	 *
	 * This function does the same as wfMakeUrlIndexes(), except it also takes care
	 * of adding wildcards
	 *
	 * @param string $filterEntry Domainparts
	 * @param string $protocol Protocol (default http://)
	 * @return array|bool Array to be passed to Database::buildLike() or false on error
	 */
	public static function makeLikeArray( $filterEntry, $protocol = 'http://' ) {
		$db = wfGetDB( DB_REPLICA );

		$target = $protocol . $filterEntry;
		$bits = wfParseUrl( $target );

		if ( $bits == false ) {
			// Unknown protocol?
			return false;
		}

		if ( substr( $bits['host'], 0, 2 ) == '*.' ) {
			$subdomains = true;
			$bits['host'] = substr( $bits['host'], 2 );
			if ( $bits['host'] == '' ) {
				// We don't want to make a clause that will match everything,
				// that could be dangerous
				return false;
			}
		} else {
			$subdomains = false;
		}

		// Reverse the labels in the hostname, convert to lower case
		// For emails reverse domainpart only
		if ( $bits['scheme'] === 'mailto' && strpos( $bits['host'], '@' ) ) {
			// complete email address
			$mailparts = explode( '@', $bits['host'] );
			$domainpart = strtolower( implode( '.', array_reverse( explode( '.', $mailparts[1] ) ) ) );
			$bits['host'] = $domainpart . '@' . $mailparts[0];
		} elseif ( $bits['scheme'] === 'mailto' ) {
			// domainpart of email address only, do not add '.'
			$bits['host'] = strtolower( implode( '.', array_reverse( explode( '.', $bits['host'] ) ) ) );
		} else {
			$bits['host'] = strtolower( implode( '.', array_reverse( explode( '.', $bits['host'] ) ) ) );
			if ( substr( $bits['host'], -1, 1 ) !== '.' ) {
				$bits['host'] .= '.';
			}
		}

		$like[] = $bits['scheme'] . $bits['delimiter'] . $bits['host'];
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}

		if ( $subdomains ) {
			$like[] = $db->anyString();
		}

		if ( isset( $bits['port'] ) ) {
			$like[] = ':' . $bits['port'];
		}
		if ( isset( $bits['path'] ) ) {
			$like[] = $bits['path'];
		} elseif ( !$subdomains ) {
			$like[] = '/';
		}
		if ( isset( $bits['query'] ) ) {
			$like[] = '?' . $bits['query'];
		}
		if ( isset( $bits['fragment'] ) ) {
			$like[] = '#' . $bits['fragment'];
		}

		// Check for stray asterisks: asterisk only allowed at the start of the domain
		foreach ( $like as $likepart ) {
			if ( !( $likepart instanceof LikeMatch ) && strpos( $likepart, '*' ) !== false ) {
				return false;
			}
		}

		if ( !( $like[count( $like ) - 1] instanceof LikeMatch ) ) {
			// Add wildcard at the end if there isn't one already
			$like[] = $db->anyString();
		}

		return $like;
	}

	/**
	 * Filters an array returned by makeLikeArray(), removing everything past first
	 * pattern placeholder.
	 *
	 * @param array $arr Array to filter
	 * @return array Filtered array
	 */
	public static function keepOneWildcard( $arr ) {
		if ( !is_array( $arr ) ) {
			return $arr;
		}

		foreach ( $arr as $key => $value ) {
			if ( $value instanceof LikeMatch ) {
				return array_slice( $arr, 0, $key + 1 );
			}
		}

		return $arr;
	}
}


1			<?php
2			/**
3			* Functions to help implement an external link filter for spam control.
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License along
16			* with this program; if not, write to the Free Software Foundation, Inc.,
17			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18			* http://www.gnu.org/copyleft/gpl.html
19			*
20			* @file
21			*/
22
23			/**
24			* Some functions to help implement an external link filter for spam control.
25			*
26			* @todo implement the filter. Currently these are just some functions to help
27			* maintenance/cleanupSpam.php remove links to a single specified domain. The
28			* next thing is to implement functions for checking a given page against a big
29			* list of domains.
30			*
31			* Another cool thing to do would be a web interface for fast spam removal.
32			*/
33			class LinkFilter {
34
35			/**
36			* Check whether $content contains a link to $filterEntry
37			*
38			* @param Content $content Content to check
39			* @param string $filterEntry Domainparts, see makeRegex() for more details
40			* @return int 0 if no match or 1 if there's at least one match
41			*/
42			static function matchEntry( Content $content, $filterEntry ) {
43			if ( !( $content instanceof TextContent ) ) {
44			// TODO: handle other types of content too.
45			// Maybe create ContentHandler::matchFilter( LinkFilter ).
46			// Think about a common base class for LinkFilter and MagicWord.
47			return 0;
48			}
49
50			$text = $content->getNativeData();
51
52			$regex = LinkFilter::makeRegex( $filterEntry );
53			return preg_match( $regex, $text );
54			}
55
56			/**
57			* Builds a regex pattern for $filterEntry.
58			*
59			* @param string $filterEntry URL, if it begins with "*.", it'll be
60			* replaced to match any subdomain
61			* @return string Regex pattern, for preg_match()
62			*/
63			private static function makeRegex( $filterEntry ) {
64			$regex = '!http://';
65			if ( substr( $filterEntry, 0, 2 ) == '*.' ) {
66			$regex .= '(?:[A-Za-z0-9.-]+\.\|)';
67			$filterEntry = substr( $filterEntry, 2 );
68			}
69			$regex .= preg_quote( $filterEntry, '!' ) . '!Si';
70			return $regex;
71			}
72
73			/**
74			* Make an array to be used for calls to Database::buildLike(), which
75			* will match the specified string. There are several kinds of filter entry:
76			* *.domain.com - Produces http://com.domain.%, matches domain.com
77			* and www.domain.com
78			* domain.com - Produces http://com.domain./%, matches domain.com
79			* or domain.com/ but not www.domain.com
80			* *.domain.com/x - Produces http://com.domain.%/x%, matches
81			* www.domain.com/xy
82			* domain.com/x - Produces http://com.domain./x%, matches
83			* domain.com/xy but not www.domain.com/xy
84			*
85			* Asterisks in any other location are considered invalid.
86			*
87			* This function does the same as wfMakeUrlIndexes(), except it also takes care
88			* of adding wildcards
89			*
90			* @param string $filterEntry Domainparts
91			* @param string $protocol Protocol (default http://)
92			* @return array\|bool Array to be passed to Database::buildLike() or false on error
93			*/
94			public static function makeLikeArray( $filterEntry, $protocol = 'http://' ) {
95			$db = wfGetDB( DB_REPLICA );
96
97			$target = $protocol . $filterEntry;
98			$bits = wfParseUrl( $target );
99
100			if ( $bits == false ) {
101			// Unknown protocol?
102			return false;
103			}
104
105			if ( substr( $bits['host'], 0, 2 ) == '*.' ) {
106			$subdomains = true;
107			$bits['host'] = substr( $bits['host'], 2 );
108			if ( $bits['host'] == '' ) {
109			// We don't want to make a clause that will match everything,
110			// that could be dangerous
111			return false;
112			}
113			} else {
114			$subdomains = false;
115			}
116
117			// Reverse the labels in the hostname, convert to lower case
118			// For emails reverse domainpart only
119			if ( $bits['scheme'] === 'mailto' && strpos( $bits['host'], '@' ) ) {
120			// complete email address
121			$mailparts = explode( '@', $bits['host'] );
122			$domainpart = strtolower( implode( '.', array_reverse( explode( '.', $mailparts[1] ) ) ) );
123			$bits['host'] = $domainpart . '@' . $mailparts[0];
124			} elseif ( $bits['scheme'] === 'mailto' ) {
125			// domainpart of email address only, do not add '.'
126			$bits['host'] = strtolower( implode( '.', array_reverse( explode( '.', $bits['host'] ) ) ) );
127			} else {
128			$bits['host'] = strtolower( implode( '.', array_reverse( explode( '.', $bits['host'] ) ) ) );
129			if ( substr( $bits['host'], -1, 1 ) !== '.' ) {
130			$bits['host'] .= '.';
131			}
132			}
133
134			$like[] = $bits['scheme'] . $bits['delimiter'] . $bits['host'];
			0 ignored issues – show Coding Style Comprehensibility introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$like` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$like = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
135
136			if ( $subdomains ) {
137			$like[] = $db->anyString();
138			}
139
140			if ( isset( $bits['port'] ) ) {
141			$like[] = ':' . $bits['port'];
142			}
143			if ( isset( $bits['path'] ) ) {
144			$like[] = $bits['path'];
145			} elseif ( !$subdomains ) {
146			$like[] = '/';
147			}
148			if ( isset( $bits['query'] ) ) {
149			$like[] = '?' . $bits['query'];
150			}
151			if ( isset( $bits['fragment'] ) ) {
152			$like[] = '#' . $bits['fragment'];
153			}
154
155			// Check for stray asterisks: asterisk only allowed at the start of the domain
156			foreach ( $like as $likepart ) {
157			if ( !( $likepart instanceof LikeMatch ) && strpos( $likepart, '*' ) !== false ) {
158			return false;
159			}
160			}
161
162			if ( !( $like[count( $like ) - 1] instanceof LikeMatch ) ) {
163			// Add wildcard at the end if there isn't one already
164			$like[] = $db->anyString();
165			}
166
167			return $like;
168			}
169
170			/**
171			* Filters an array returned by makeLikeArray(), removing everything past first
172			* pattern placeholder.
173			*
174			* @param array $arr Array to filter
175			* @return array Filtered array
176			*/
177			public static function keepOneWildcard( $arr ) {
178			if ( !is_array( $arr ) ) {
179			return $arr;
180			}
181
182			foreach ( $arr as $key => $value ) {
183			if ( $value instanceof LikeMatch ) {
184			return array_slice( $arr, 0, $key + 1 );
185			}
186			}
187
188			return $arr;
189			}
190			}
191

wikimedia / mediawiki

Branch — master (939199)

includes/LinkFilter.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like