OSDN Git Service

(root) / pukiwiki / pukiwiki_sandbox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d2f0a9)
Domain exposure (%20site:) hack
authorhenoheno <henoheno>
Mon, 20 Aug 2007 14:50:31 +0000 (23:50 +0900)
committerhenoheno <henoheno>
Mon, 20 Aug 2007 14:50:31 +0000 (23:50 +0900)
spam/SpamPickupTest.php patch | blob | history
spam/spam_pickup.php patch | blob | history

diff --git a/spam/SpamPickupTest.php b/spam/SpamPickupTest.php
index 77890c4..df80d22 100644 (file)
--- a/spam/SpamPickupTest.php
+++ b/spam/SpamPickupTest.php
@@ -1,5 +1,5 @@
 <?php
-// $Id: SpamPickupTest.php,v 1.3 2007/08/20 14:37:23 henoheno Exp $
+// $Id: SpamPickupTest.php,v 1.4 2007/08/20 14:50:31 henoheno Exp $
 // Copyright (C) 2007 heno
 //
 // Design test case for spam.php (called from runner.php)
@@ -360,6 +360,18 @@ EOF;
                $results = spam_uri_pickup($test_string);
                $this->assertEquals('victim.example.org', $results[0]['host']);
                $this->assertEquals('nasty.example.org',  $results[1]['host']);
+
+               // Domain exposure (site:)
+               $test_string = ' http://search.example.org/?q=%20site:nasty.example.org ';
+               $results = spam_uri_pickup($test_string);
+               $this->assertEquals('nasty.example.org', $results[0]['host']);
+               $this->assertEquals('search.example.org',  $results[1]['host']);
+               
+               // Domain exposure (%20site:)
+               $test_string = ' http://search2.example.org/?q=%20site:nasty2.example.org ';
+               $results = spam_uri_pickup($test_string);
+               $this->assertEquals('nasty2.example.org', $results[0]['host']);
+               $this->assertEquals('search2.example.org',  $results[1]['host']);
        }
 }
 
diff --git a/spam/spam_pickup.php b/spam/spam_pickup.php
index fd68576..bb306d2 100644 (file)
--- a/spam/spam_pickup.php
+++ b/spam/spam_pickup.php
@@ -1,5 +1,5 @@
 <?php
-// $Id: spam_pickup.php,v 1.55 2007/08/20 14:37:23 henoheno Exp $
+// $Id: spam_pickup.php,v 1.56 2007/08/20 14:50:31 henoheno Exp $
 // Copyright (C) 2006-2007 PukiWiki Developers Team
 // License: GPL v2 or (at your option) any later version
 //
@@ -724,7 +724,7 @@ function spam_uri_pickup_preprocess($string = '', $method = array())
                        ')' .
                        '/' .
                        '([a-z0-9?=&.%_/\'\\\+-]+)' .                           // 3:path/?query=foo+bar+
-                       '\bsite:([a-z0-9.%_-]+\.[a-z0-9.%_-]+)' .       // 4:site:nasty.example.com
+                       '(?:\b|%20)site:([a-z0-9.%_-]+\.[a-z0-9.%_-]+)' .       // 4:site:nasty.example.com
                        '()' .                                                                          // 5:Preserve or remove?
                        '#i',
                ),
About OSDN
Find Software
Develop Software
Help