Ticket #198: earle-banned-wordlist.patch

templates/banned_content.tt

@@ +1 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+  <title>Edit Forbidden</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+</head>
+<body>
+<h1>Edit Forbidden</h1>
+<p>
+Sorry. Somewhere in the edit you just tried to make, there was a word or phrase
+that the site's administrator has chosen to prohibit. Please contact the site
+administrator at <a href="mailto:[% contact_email %]">[% contact_email %]</a>
+with the <strong>complete</strong> text of your edit (including both the main 
+content and any optional details you entered) for assistance.
+</p>
+</body>
+</html>
+ No newline at end of file

lib/OpenGuides/Config.pm

@@ -20 +20 @@
    centre_lat default_gmaps_zoom default_gmaps_search_zoom force_wgs84
    licence_name licence_url licence_info_url moderation_requires_password
    enable_node_image enable_common_categories enable_common_locales
+   banned_content
 );
 my @questions = map { $_ . "__qu" } @variables;
 OpenGuides::Config->mk_accessors( @variables );
@@ -180 +181 @@
         google_analytics_key => "Do you have a Google Analytics key to use with this guide? If you enter it here, then Google Analytics functionality will be automatically enabled.",
         licence_name => "What licence will you use for the guide?",
         licence_url => "What is the URL to your licence?",
-        licence_info_url => "What is the URL to your local page about your licensing policy?"
+        licence_info_url => "What is the URL to your local page about your licensing policy?",
+        banned_content => "What words or phrases are forbidden in edits? Space-separated list, use _ to represent a space in a phrase.",
     );
 
     foreach my $var ( keys %questions ) {
@@ -301 +303 @@
 
 =item * licence_info_url
 
+=item * banned_content
+
 =back
 
 =head1 AUTHOR

lib/OpenGuides.pm

@@ -1175 +1175 @@
         cgi_obj => $q
     );
 
+    foreach my $var ( qw( summary username comment edit_type ) ) {
+        $new_metadata{$var} = $q->param($var) || "";
+    }
+
+    $new_metadata{host} = $ENV{REMOTE_ADDR};
+ 
     delete $new_metadata{website} if $new_metadata{website} eq 'http://';
 
     $new_metadata{opening_hours_text} = $q->param("hours_text") || "";
@@ -1186 +1192 @@
     $new_metadata{longitude} = delete $new_metadata{longitude_unmunged}
         if $new_metadata{longitude_unmunged};
 
+    # Here we examine content and metadata for banned strings.
+    my $banned_content = $self->banned_content;
+    
+    foreach my $banned_string (keys %$banned_content) {
+        return $self->_banned_content_abort({
+            node          => $node,
+            where         => 'content',
+            string        => $banned_string,
+            host          => $new_metadata{host},
+            return_output => $return_output,
+        }) if $content =~ /$banned_string/im;
+    }
+    
+    while ( my ($md_type, $md_val) = each %new_metadata ) {
+        foreach my $banned_string (keys %$banned_content) {
+            return $self->_banned_content_abort({
+                node          => $node,
+                where         => $md_type,
+                string        => $banned_string,
+                host          => $new_metadata{host},
+                return_output => $return_output,
+            }) if $md_val =~ /$banned_string/im;
+        }
+    }
+
     # Check to make sure all the indexable nodes are created
     # Skip this for nodes needing moderation - this occurs for them once
     #  they've been moderated
@@ -1196 +1227 @@
         );
     }
     
-    foreach my $var ( qw( summary username comment edit_type ) ) {
-        $new_metadata{$var} = $q->param($var) || "";
-    }
-    $new_metadata{host} = $ENV{REMOTE_ADDR};
-
     # Wiki::Toolkit::Plugin::RSS::ModWiki wants "major_change" to be set.
     $new_metadata{major_change} = ( $new_metadata{edit_type} eq "Normal edit" )
                                     ? 1
@@ -1905 +1931 @@
     return $cookie_data{$pref_name};
 }
 
+# Retrieve banned strings from config and convert them to unmunged form.
+sub banned_content {
+    my $self = shift;
+    
+    my $banned_content;
+    
+    # Strings have underscores as spaces due to Config::Tiny limitations.
+    foreach (split(' ', $self->config->banned_content)) {
+        $_ =~ s/_/ /g;
+        $banned_content->{$_} = 1;
+    }
+    
+    $banned_content;
+}
 
+# Kill an edit if we detect banned content.
+sub _banned_content_abort {
+    my ($self, $args) = @_;
+
+    # Don't tell the editor what was banned; ask them to get in touch. Best not
+    # to give spammers any ideas about how our spam detection works.
+    my $output = $self->process_template(
+        template => 'banned_content.tt',
+    );
+
+    # Put something in the logs.    
+    warn "Edit aborted, banned content detected.\nHost: $args->{host}; node: $args->{node}; where: $args->{where}; string: $args->{string}.";
+
+    return $output if $args->{return_output};
+    print $output;
+}
+
 =head1 BUGS AND CAVEATS
 
 UTF8 data are currently not handled correctly throughout.