1 ega1 Oct 19, 2005 21:58
3 edb Oct 21, 2005 03:03
Is http://forums.b2evolution.net/viewtopic.php?t=5291 the hack you did, or did you come up with another method? I haven't looked into it, but I'm pretty sure I want to do away with checking the body of a comment for banned words. LINKS in the body should be checked, but not plain text.
4 ega1 Oct 21, 2005 04:21
EdB wrote:
Is http://forums.b2evolution.net/viewtopic.php?t=5291 the hack you did, or did you come up with another method? I haven't looked into it, but I'm pretty sure I want to do away with checking the body of a comment for banned words. LINKS in the body should be checked, but not plain text.
No, so far my biggest problem is not the URLs, but the actual text of the comment. With the sort of blog I'm working on, people tend to post very long comments and it's pretty easy for them to hit one of the keyword list entries.
in htsrv/comment_post.php, around line 92:
elseif( ($block = antispam_check( strip_tags($comment) ) ))
{
errors_add( T_('Supplied comment includes a disallowed term: <b>' . $block . '</b>' ) );
}
Basically the only changes are the error message and catching the return from antispam_check.
It tells them what is wrong (as opposed to an uninformative "invalid") and shows them which word is the actual problem.
I'll probably do the same thing the other places antispam_check is called.
5 edb Oct 21, 2005 06:06
Thanks. With regard to the antispam list, "URL" could refer to a simple keyword, but I see where you got into the guts of the comment posting bit. That is something for me to look at now, because - as I mentioned - I don't think it's appropriate to block the use of a word that is part of the antispam list. After all, I know quite a few people who might say in normal conversation the name of a drug that is currently banned.
Something ELSE to look at someday... :-/
6 ega1 Oct 21, 2005 06:14
EdB wrote:
... I don't think it's appropriate to block the use of a word that is part of the antispam list. After all, I know quite a few people who might say in normal conversation the name of a drug that is currently banned.
Something ELSE to look at someday... :-/
I think you're right about that, especially for me. We require people to be logged in to add comments, and it's unlikely spammers would go to that trouble.
Now trackbacks on the other hand...
Well, even if there is a reason for the terse error message, I can't live with it.
Too many people complaining they can't post comments, and leaving them without a hint is just too unfriendly.
So I've fixed it up to say the comment includes a disallowed word and displayed the return from antispam_check. My only alternative would be to disable the antispam check altogether, and I'd prefer not to do that.