<?php
-// $Id: spam.php,v 1.186 2007/06/17 15:32:18 henoheno Exp $
+// $Id: spam.php,v 1.194 2007/06/29 13:58:29 henoheno Exp $
// Copyright (C) 2006-2007 PukiWiki Developers Team
// License: GPL v2 or (at your option) any later version
//
//
// (PHP 4 >= 4.3.0): preg_match_all(PREG_OFFSET_CAPTURE): $method['uri_XXX'] related feature
-if (! defined('SPAM_INI_FILE')) define('SPAM_INI_FILE', 'spam.ini.php');
+if (! defined('SPAM_INI_FILE')) define('SPAM_INI_FILE', 'spam.ini.php');
+if (! defined('DOMAIN_INI_FILE')) define('DOMAIN_INI_FILE', 'domain.ini.php');
// ---------------------
// Compat etc
// 3: Host
'\[[0-9a-f:.]+\]' . '|' . // IPv6([colon-hex and dot]): RFC2732
'(?:[0-9]{1,3}\.){3}[0-9]{1,3}' . '|' . // IPv4(dot-decimal): 001.22.3.44
- '[a-z0-9][a-z0-9.-]+[a-z0-9]' . // hostname(FQDN) : foo.example.org
+ '[a-z0-9_-][a-z0-9_.-]+[a-z0-9_-]' . // hostname(FQDN) : foo.example.org
')' .
'(?::([0-9]*))?' . // 4: Port
'((?:/+[^\s<>"\'\[\]/\#]+)*/+)?' . // 5: Directory path or path-info
// ---------------------
// Spam-uri pickup
-// Domain exposure callback (See spam_uri_pickup_preprocess())
+// Preprocess: Removing uninterest part for URI detection
+function spam_uri_removing_hocus_pocus($binary = '', $method = array())
+{
+ $length = 4 ; // 'http'(1) and '://'(2) and 'fqdn'(1)
+ if (is_array($method)) {
+ // '<a'(2) or 'href='(5) or '>'(1) or '</a>'(4)
+ // '[uri'(4) or ']'(1) or '[/uri]'(6)
+ if (isset($method['area_anchor']) || isset($method['uri_anchor']) ||
+ isset($method['area_bbcode']) || isset($method['uri_bbcode']))
+ $length = 1; // Seems not effective
+ }
+
+ // Removing sequential spaces and too short lines
+ $binary = strings($binary, $length, TRUE, FALSE); // Multibyte NOT needed
+
+ // Remove words (has no '<>[]:') between spaces
+ $binary = preg_replace('/[ \t][\w.,()\ \t]+[ \t]/', ' ', $binary);
+
+ return $binary;
+}
+
+// Preprocess: Domain exposure callback (See spam_uri_pickup_preprocess())
// http://victim.example.org/?foo+site:nasty.example.com+bar
// => http://nasty.example.com/?refer=victim.example.org
// NOTE: 'refer=' is not so good for (at this time).
return $result;
}
-// Preprocess: Removing uninterest part for URI detection
-function spam_uri_removing_hocus_pocus($binary = '', $method = array())
-{
- $length = 4 ; // 'http'(1) and '://'(2) and 'fqdn'(1)
- if (is_array($method)) {
- // '<a'(2) or 'href='(5) or '>'(1) or '</a>'(4)
- // '[uri'(4) or ']'(1) or '[/uri]'(6)
- if (isset($method['area_anchor']) || isset($method['uri_anchor']) ||
- isset($method['area_bbcode']) || isset($method['uri_bbcode']))
- $length = 1; // Seems not effective
- }
-
- // Removing sequential spaces and too short lines
- $binary = strings($binary, $length, TRUE, FALSE); // Multibyte NOT needed
-
- // Remove words (has no '<>[]:') between spaces
- $binary = preg_replace('/[ \t][\w.,()\ \t]+[ \t]/', ' ', $binary);
-
- return $binary;
-}
-
// Preprocess: rawurldecode() and adding space(s) and something
// to detect/count some URIs _if possible_
// NOTE: It's maybe danger to var_dump(result). [e.g. 'javascript:']
// Domain exposure (See _preg_replace_callback_domain_exposure())
$string = preg_replace_callback(
array(
- '#(http)://' .
+ '#(http)://' . // 1:Scheme
+ // 2:Host
'(' .
// Something Google: http://www.google.com/supported_domains
'(?:[a-z0-9.]+\.)?google\.[a-z]{2,3}(?:\.[a-z]{2})?' .
'|' .
// AltaVista
+ // http://es.altavista.com/web/results?q=site%3Anasty.example.org+foobar
'(?:[a-z0-9.]+\.)?altavista.com' .
-
+ '|' .
+ // Live Search
+ 'search.live.com' .
+ '|' .
+ // MySpace
+ // http://sads.myspace.com/Modules/Search/Pages/Search.aspx?_snip_&searchString=site:nasty.example.org
+ // also searchresults.myspace.com
+ '(?:[a-z0-9.]+\.)?myspace.com' .
+ '|' .
+ 'search.orange.co.uk' .
+ '|' .
+ 'alltheweb.com' .
')' .
'/' .
- '([a-z0-9?=&.%_/\'\\\+-]+)' . // path/?query=foo+bar+
- '\bsite:([a-z0-9.%_-]+\.[a-z0-9.%_-]+)' . // site:nasty.example.com
- //'()' . // Preserve or remove?
+ '([a-z0-9?=&.%_/\'\\\+-]+)' . // 3:path/?query=foo+bar+
+ '\bsite:([a-z0-9.%_-]+\.[a-z0-9.%_-]+)' . // 4:site:nasty.example.com
+ '()' . // 5:Preserve or remove?
'#i',
),
'_preg_replace_callback_domain_exposure',
foreach($progress['hosts'] as $value) {
// 'A.foo.bar.example.com'
$resp = whois_responsibility($value); // 'example.com'
- $rest = rtrim(substr($value, 0, - strlen($resp)), '.'); // 'A.foo.bar'
+ if (empty($resp)) {
+ // One or more test, or do nothing here
+ $resp = strval($value);
+ $rest = '';
+ } else {
+ $rest = rtrim(substr($value, 0, - strlen($resp)), '.'); // 'A.foo.bar'
+ }
$trie = array_merge_recursive($trie, array($resp => array($rest => NULL)));
}
$result[] = ' \'' . $key . '\',';
} else {
// One subdomain-or-host, or several ones
- $result[] = ' \'' . $key . '\' => \'' .
- implode('.' . $key . ', ', array_keys($trie[$key])) . '.' . $key . '\',';
+ $subs = array();
+ foreach(array_keys($trie[$key]) as $sub) {
+ if ($sub == '') {
+ $subs[] = $key;
+ } else {
+ $subs[] = $sub . '.' . $key;
+ }
+ }
+ $result[] = ' \'' . $key . '\' => \'' . implode(', ', $subs) . '\',';
}
unset($trie[$key]);
}
// 'foo.bar.example.act.edu.au' => 'example.act.edu.au' (.act.edu.au has the last whois for it)
function whois_responsibility($fqdn = 'foo.bar.example.com', $parent = FALSE, $implicit = TRUE)
{
- // Domains who have 2nd and/or 3rd level domains
- static $domain = array(
-
- // ccTLD: Australia
- // http://www.auda.org.au/
- // NIC : http://www.aunic.net/
- // Whois: http://www.ausregistry.com.au/
- 'au' => array(
- // .au Second Level Domains
- // http://www.auda.org.au/domains/
- 'asn' => TRUE,
- 'com' => TRUE,
- 'conf' => TRUE,
- 'csiro' => TRUE,
- 'edu' => array( // http://www.domainname.edu.au/
- // Geographic
- 'act' => TRUE,
- 'nt' => TRUE,
- 'nsw' => TRUE,
- 'qld' => TRUE,
- 'sa' => TRUE,
- 'tas' => TRUE,
- 'vic' => TRUE,
- 'wa' => TRUE,
- ),
- 'gov' => array(
- // Geographic
- 'act' => TRUE, // Australian Capital Territory
- 'nt' => TRUE, // Northern Territory
- 'nsw' => TRUE, // New South Wales
- 'qld' => TRUE, // Queensland
- 'sa' => TRUE, // South Australia
- 'tas' => TRUE, // Tasmania
- 'vic' => TRUE, // Victoria
- 'wa' => TRUE, // Western Australia
- ),
- 'id' => TRUE,
- 'net' => TRUE,
- 'org' => TRUE,
- 'info' => TRUE,
- ),
-
- // ccTLD: China
- // NIC : http://www.cnnic.net.cn/en/index/
- // Whois: http://ewhois.cnnic.cn/
- 'cn' => array(
- // Provisional Administrative Rules for Registration of Domain Names in China
- // http://www.cnnic.net.cn/html/Dir/2003/11/27/1520.htm
-
- // Organizational
- 'ac' => TRUE,
- 'com' => TRUE,
- 'edu' => TRUE,
- 'gov' => TRUE,
- 'net' => TRUE,
- 'org' => TRUE,
-
- // Geographic
- 'ah' => TRUE,
- 'bj' => TRUE,
- 'cq' => TRUE,
- 'fj' => TRUE,
- 'gd' => TRUE,
- 'gs' => TRUE,
- 'gx' => TRUE,
- 'gz' => TRUE,
- 'ha' => TRUE,
- 'hb' => TRUE,
- 'he' => TRUE,
- 'hi' => TRUE,
- 'hk' => TRUE,
- 'hl' => TRUE,
- 'hn' => TRUE,
- 'jl' => TRUE,
- 'js' => TRUE,
- 'jx' => TRUE,
- 'ln' => TRUE,
- 'mo' => TRUE,
- 'nm' => TRUE,
- 'nx' => TRUE,
- 'qh' => TRUE,
- 'sc' => TRUE,
- 'sd' => TRUE,
- 'sh' => TRUE,
- 'sn' => TRUE,
- 'sx' => TRUE,
- 'tj' => TRUE,
- 'tw' => TRUE,
- 'xj' => TRUE,
- 'xz' => TRUE,
- 'yn' => TRUE,
- 'zj' => TRUE,
- ),
+ static $domain;
- // ccTLD: India
- // NIC : http://www.inregistry.in/
- // Whois: http://www.inregistry.in/whois_search/
- 'in' => array(
- // Policies http://www.inregistry.in/policies/
- 'ac' => TRUE,
- 'co' => TRUE,
- 'firm' => TRUE,
- 'gen' => TRUE,
- 'gov' => TRUE,
- 'ind' => TRUE,
- 'mil' => TRUE,
- 'net' => TRUE,
- 'org' => TRUE,
- 'res' => TRUE,
- // Reserved Names by the government (for the 2nd level)
- // http://www.inregistry.in/policies/reserved_names
- ),
-
- // ccTLD: South Korea
- // NIC : http://www.nic.or.kr/english/
- // Whois: http://whois.nida.or.kr/english/
- 'kr' => array(
- // .kr domain policy [appendix 1] : Qualifications for Second Level Domains
- // http://domain.nida.or.kr/eng/policy.jsp
-
- // Organizational
- 'co' => TRUE,
- 'ne ' => TRUE,
- 'or ' => TRUE,
- 're ' => TRUE,
- 'pe' => TRUE,
- 'go ' => TRUE,
- 'mil' => TRUE,
- 'ac' => TRUE,
- 'hs' => TRUE,
- 'ms' => TRUE,
- 'es' => TRUE,
- 'sc' => TRUE,
- 'kg' => TRUE,
-
- // Geographic
- 'seoul' => TRUE,
- 'busan' => TRUE,
- 'daegu' => TRUE,
- 'incheon' => TRUE,
- 'gwangju' => TRUE,
- 'daejeon' => TRUE,
- 'ulsan' => TRUE,
- 'gyeonggi' => TRUE,
- 'gangwon' => TRUE,
- 'chungbuk' => TRUE,
- 'chungnam' => TRUE,
- 'jeonbuk' => TRUE,
- 'jeonnam' => TRUE,
- 'gyeongbuk' => TRUE,
- 'gyeongnam' => TRUE,
- 'jeju' => TRUE,
- ),
-
- // ccTLD: Japan
- // NIC : http://jprs.co.jp/en/
- // Whois: http://whois.jprs.jp/en/
- 'jp' => array(
- // Guide to JP Domain Name
- // http://jprs.co.jp/en/jpdomain.html
-
- // Organizational
- 'ac' => TRUE,
- 'ad' => TRUE,
- 'co' => TRUE,
- 'go' => TRUE,
- 'gr' => TRUE,
- 'lg' => TRUE,
- 'ne' => TRUE,
- 'or' => TRUE,
-
- // Geographic
- //
- // Examples for 3rd level domains
- //'kumamoto' => array(
- // // http://www.pref.kumamoto.jp/link/list.asp#4
- // 'amakusa' => TRUE,
- // 'hitoyoshi' => TRUE,
- // 'jonan' => TRUE,
- // 'kumamoto' => TRUE,
- // ...
- //),
- 'aichi' => TRUE,
- 'akita' => TRUE,
- 'aomori' => TRUE,
- 'chiba' => TRUE,
- 'ehime' => TRUE,
- 'fukui' => TRUE,
- 'fukuoka' => TRUE,
- 'fukushima' => TRUE,
- 'gifu' => TRUE,
- 'gunma' => TRUE,
- 'hiroshima' => TRUE,
- 'hokkaido' => TRUE,
- 'hyogo' => TRUE,
- 'ibaraki' => TRUE,
- 'ishikawa' => TRUE,
- 'iwate' => TRUE,
- 'kagawa' => TRUE,
- 'kagoshima' => TRUE,
- 'kanagawa' => TRUE,
- 'kawasaki' => TRUE,
- 'kitakyushu'=> TRUE,
- 'kobe' => TRUE,
- 'kochi' => TRUE,
- 'kumamoto' => TRUE,
- 'kyoto' => TRUE,
- 'mie' => TRUE,
- 'miyagi' => TRUE,
- 'miyazaki' => TRUE,
- 'nagano' => TRUE,
- 'nagasaki' => TRUE,
- 'nagoya' => TRUE,
- 'nara' => TRUE,
- 'niigata' => TRUE,
- 'oita' => TRUE,
- 'okayama' => TRUE,
- 'okinawa' => TRUE,
- 'osaka' => TRUE,
- 'saga' => TRUE,
- 'saitama' => TRUE,
- 'sapporo' => TRUE,
- 'sendai' => TRUE,
- 'shiga' => TRUE,
- 'shimane' => TRUE,
- 'shizuoka' => TRUE,
- 'tochigi' => TRUE,
- 'tokushima' => TRUE,
- 'tokyo' => TRUE,
- 'tottori' => TRUE,
- 'toyama' => TRUE,
- 'wakayama' => TRUE,
- 'yamagata' => TRUE,
- 'yamaguchi' => TRUE,
- 'yamanashi' => TRUE,
- 'yokohama' => TRUE,
- ),
-
- // ccTLD: Mexico
- // NIC : http://www.nic.mx/
- // Whois: http://www.nic.mx/es/Busqueda.Who_Is
- 'mx' => array(
- // Politicas Generales de Nombres de Dominio
- // http://www.nic.mx/es/Politicas?CATEGORY=INDICE
- 'com' => TRUE,
- 'edu' => TRUE,
- 'gob' => TRUE,
- 'net' => TRUE,
- 'org' => TRUE,
- ),
-
- // ccTLD: Taiwan
- // NIC : http://www.twnic.net.tw/
- // Whois: http://www.twnic.net.tw/
- 'tw' => array(
- // Guidelines for Administration of Domain Name Registration
- // http://www.twnic.net.tw/english/dn/dn_02.htm
- // II. Types of TWNIC Domain Names and Application Requirements
- // http://www.twnic.net.tw/english/dn/dn_02_b.htm
- 'club' => TRUE,
- 'com' => TRUE,
- 'ebiz' => TRUE,
- 'edu' => TRUE,
- 'game' => TRUE,
- 'gov' => TRUE,
- 'idv' => TRUE,
- 'mil' => TRUE,
- 'net' => TRUE,
- 'org' => TRUE,
- // Reserved words for the 2nd level
- // http://mydn.twnic.net.tw/en/dn02/INDEX.htm
- ),
-
- // ccTLD: Ukraine
- // NIC : http://www.nic.net.ua/
- // Whois: http://whois.com.ua/
- 'ua' => array(
- // policy for alternative 2nd level domain names (a2ld)
- // http://www.nic.net.ua/doc/a2ld
- // http://whois.com.ua/
- 'cherkassy' => TRUE,
- 'chernigov' => TRUE,
- 'chernovtsy' => TRUE,
- 'ck' => TRUE,
- 'cn' => TRUE,
- 'com' => TRUE,
- 'crimea' => TRUE,
- 'cv' => TRUE,
- 'dn' => TRUE,
- 'dnepropetrovsk' => TRUE,
- 'donetsk' => TRUE,
- 'dp' => TRUE,
- 'edu' => TRUE,
- 'gov' => TRUE,
- 'if' => TRUE,
- 'ivano-frankivsk' => TRUE,
- 'kh' => TRUE,
- 'kharkov' => TRUE,
- 'kherson' => TRUE,
- 'kiev' => TRUE,
- 'kirovograd' => TRUE,
- 'km' => TRUE,
- 'kr' => TRUE,
- 'ks' => TRUE,
- 'lg' => TRUE,
- 'lugansk' => TRUE,
- 'lutsk' => TRUE,
- 'lviv' => TRUE,
- 'mk' => TRUE,
- 'net' => TRUE,
- 'nikolaev' => TRUE,
- 'od' => TRUE,
- 'odessa' => TRUE,
- 'org' => TRUE,
- 'pl' => TRUE,
- 'poltava' => TRUE,
- 'rovno' => TRUE,
- 'rv' => TRUE,
- 'sebastopol' => TRUE,
- 'sumy' => TRUE,
- 'te' => TRUE,
- 'ternopil' => TRUE,
- 'uz' => TRUE,
- 'uzhgorod' => TRUE,
- 'vinnica' => TRUE,
- 'vn' => TRUE,
- 'zaporizhzhe' => TRUE,
- 'zhitomir' => TRUE,
- 'zp' => TRUE,
- 'zt' => TRUE,
- ),
+ if ($fqdn === NULL) {
+ $domain = NULL; // Unset
+ return '';
+ }
+ if (! is_string($fqdn)) return '';
- // ccTLD: United Kingdom
- // NIC : http://www.nic.uk/
- 'uk' => array(
- // Second Level Domains
- // http://www.nic.uk/registrants/aboutdomainnames/sld/
- 'co' => TRUE,
- 'ltd' => TRUE,
- 'me' => TRUE,
- 'net' => TRUE,
- 'nic' => TRUE,
- 'org' => TRUE,
- 'plc' => TRUE,
- 'sch' => TRUE,
-
- // Delegated Second Level Domains
- // http://www.nic.uk/registrants/aboutdomainnames/sld/delegated/
- 'ac' => TRUE,
- 'gov' => TRUE,
- 'mil' => TRUE,
- 'mod' => TRUE,
- 'nhs' => TRUE,
- 'police' => TRUE,
- ),
+ if (is_ip($fqdn)) return $fqdn;
- // ccTLD: United States of America
- // NIC : http://nic.us/
- // Whois: http://whois.us/
- 'us' => array(
- // See RFC1480
-
- // Organizational
- 'dni',
- 'fed',
- 'isa',
- 'kids',
- 'nsn',
-
- // Geographical
- // United States Postal Service: State abbreviations (for postal codes)
- // http://www.usps.com/ncsc/lookups/abbreviations.html
- 'ak' => TRUE, // Alaska
- 'al' => TRUE, // Alabama
- 'ar' => TRUE, // Arkansas
- 'as' => TRUE, // American samoa
- 'az' => TRUE, // Arizona
- 'ca' => TRUE, // California
- 'co' => TRUE, // Colorado
- 'ct' => TRUE, // Connecticut
- 'dc' => TRUE, // District of Columbia
- 'de' => TRUE, // Delaware
- 'fl' => TRUE, // Florida
- 'fm' => TRUE, // Federated states of Micronesia
- 'ga' => TRUE, // Georgia
- 'gu' => TRUE, // Guam
- 'hi' => TRUE, // Hawaii
- 'ia' => TRUE, // Iowa
- 'id' => TRUE, // Idaho
- 'il' => TRUE, // Illinois
- 'in' => TRUE, // Indiana
- 'ks' => TRUE, // Kansas
- 'ky' => TRUE, // Kentucky
- 'la' => TRUE, // Louisiana
- 'ma' => TRUE, // Massachusetts
- 'md' => TRUE, // Maryland
- 'me' => TRUE, // Maine
- 'mh' => TRUE, // Marshall Islands
- 'mi' => TRUE, // Michigan
- 'mn' => TRUE, // Minnesota
- 'mo' => TRUE, // Missouri
- 'mp' => TRUE, // Northern mariana islands
- 'ms' => TRUE, // Mississippi
- 'mt' => TRUE, // Montana
- 'nc' => TRUE, // North Carolina
- 'nd' => TRUE, // North Dakota
- 'ne' => TRUE, // Nebraska
- 'nh' => TRUE, // New Hampshire
- 'nj' => TRUE, // New Jersey
- 'nm' => TRUE, // New Mexico
- 'nv' => TRUE, // Nevada
- 'ny' => TRUE, // New York
- 'oh' => TRUE, // Ohio
- 'ok' => TRUE, // Oklahoma
- 'or' => TRUE, // Oregon
- 'pa' => TRUE, // Pennsylvania
- 'pr' => TRUE, // Puerto Rico
- 'pw' => TRUE, // Palau
- 'ri' => TRUE, // Rhode Island
- 'sc' => TRUE, // South Carolina
- 'sd' => TRUE, // South Dakota
- 'tn' => TRUE, // Tennessee
- 'tx' => TRUE, // Texas
- 'ut' => TRUE, // Utah
- 'va' => TRUE, // Virginia
- 'vi' => TRUE, // Virgin Islands
- 'vt' => TRUE, // Vermont
- 'wa' => TRUE, // Washington
- 'wi' => TRUE, // Wisconsin
- 'wv' => TRUE, // West Virginia
- 'wy' => TRUE, // Wyoming
- ),
- );
-
- if (is_ip($fqdn) || ! is_string($fqdn)) return $fqdn;
+ if (! isset($domain)) {
+ $domain = array();
+ if (file_exists(DOMAIN_INI_FILE)) {
+ include(DOMAIN_INI_FILE); // Set
+ }
+ }
$result = array();
$dcursor = & $domain;
$array = array_reverse(explode('.', $fqdn));
$i = 0;
while(TRUE) {
+ if (! isset($array[$i])) break;
$acursor = $array[$i];
if (is_array($dcursor) && isset($dcursor[$acursor])) {
$result[] = & $array[$i];
function spam_dispose()
{
get_blocklist(NULL);
+ whois_responsibility(NULL);
}
// Common bahavior for blocking