wordblock enhancement

The default wordblock.conf provided by the guys at chonqed.org matches agaist
URLS beginning with http. But DokuWiki also links simple www.example.com links.
Spammers used this method to place blacklisted URLs in the Wiki.

This patch constructs full URLs from these shortcut-URLs before applying the
blacklist regexp.

The patch also fixes a problem with the toolbar not appearing when the blacklist
hit and denied saving.

darcs-hash:20060926192420-7ad00-519df90a5953b690428bfa0928de37b3053031b0.gz

2 files changed, 5 insertions, 2 deletions

diff --git a/inc/common.php b/inc/common.php
index c2a6903ab..f42ddb1e5 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -412,6 +412,9 @@ function checkwordblock(){
 
   if(!$conf['usewordblock']) return false;
 
+  // we prepare the text a tiny bit to prevent spammers circumventing URL checks
+  $text = preg_replace('!(\b)(www\.[\w.:?\-;,]+?\.[\w.:?\-;,]+?[\w/\#~:.?+=&%@\!\-.:?\-;,]+?)([.:?\-;,]*[^\w/\#~:.?+=&%@\!\-.:?\-;,])!i','\1http://\2 \2\3',$TEXT);
+
   $wordblocks = getWordblocks();
   //how many lines to read at once (to work around some PCRE limits)
   if(version_compare(phpversion(),'4.3.0','<')){
@@ -433,7 +436,7 @@ function checkwordblock(){
       if(empty($block)) continue;
       $re[]  = $block;
     }
-    if(preg_match('#('.join('|',$re).')#si',$TEXT, $match=array())) {
+    if(preg_match('#('.join('|',$re).')#si',$text, $match=array())) {
       return true;
     }
   }
diff --git a/inc/template.php b/inc/template.php
index bcfbff8ea..850580773 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -237,7 +237,7 @@ function tpl_metaheaders($alt=true){
                           'href'=>DOKU_BASE.'lib/exe/css.php?print=1');
 
   // load javascript
-  $js_edit  = ($ACT=='edit' || $ACT=='preview' || $ACT=='recover') ? 1 : 0;
+  $js_edit  = ($ACT=='edit' || $ACT=='preview' || $ACT=='recover' || $ACT=='wordblock' ) ? 1 : 0;
   $js_write = ($INFO['writable']) ? 1 : 0;
   if(defined('DOKU_MEDIAMANAGER')){
     $js_edit  = 1;