Sophia/better-yourls-blacklist-domains
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Bump version in plugin.php and remove tabs that someone put there by sleeping on the keyboard, I guess. whoops

Browse Source
This commit is contained in:
Maingron
2025-09-13 02:35:18 +02:00
parent 7235f4d8bc
commit 764b858de6
1 changed files with 139 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

276
plugin.php
View File

@@ -1,158 +1,158 @@
<?php <?php
/* /*
Plugin Name: Better Yourls BlackList Domains Plugin Name: Better Yourls BlackList Domains
Plugin URI: https://git.oldgate.org/Sophia/better-yourls-blacklist-domains Plugin URI: https://git.oldgate.org/Sophia/better-yourls-blacklist-domains
Description: Plugin which disallows blacklisted domains and bans the submitter's IP address. GPL v3 Description: Plugin which disallows blacklisted domains and bans the submitter's IP address. GPL v3
Version: 0.06 Version: 0.07
Author: Sophia Atkinson Author: Sophia Atkinson
Author URI: https://sophia.wtf Author URI: https://sophia.wtf
Original Author: apelly Original Author: apelly
Original Author URI: http://len.io Original Author URI: http://len.io
*/ */
// No direct access // No direct access
if( !defined( 'YOURLS_ABSPATH' ) ) die(); if( !defined( 'YOURLS_ABSPATH' ) ) die();
// Hook the custom function into the 'shunt_add_new_link' event // Hook the custom function into the 'shunt_add_new_link' event
yourls_add_filter( 'shunt_add_new_link', 'better_blacklist_domain_check' ); yourls_add_filter( 'shunt_add_new_link', 'better_blacklist_domain_check' );
// Hook the admin page into the 'plugins_loaded' event // Hook the admin page into the 'plugins_loaded' event
yourls_add_action( 'plugins_loaded', 'better_blacklist_add_admin_page' ); yourls_add_action( 'plugins_loaded', 'better_blacklist_add_admin_page' );
// Function to check if a domain is blacklisted // Function to check if a domain is blacklisted
function better_blacklist_domain_check( $shunt, $url ) { function better_blacklist_domain_check( $shunt, $url ) {
// Parse the URL and extract the host // Parse the URL and extract the host
$parsed_url = parse_url( $url ); $parsed_url = parse_url( $url );
// If parsing fails or host is empty, deny the URL // If parsing fails or host is empty, deny the URL
if (empty($parsed_url['host'])) { if (empty($parsed_url['host'])) {
return blacklist_fail_response(); return blacklist_fail_response();
} }
$domain = $parsed_url['host']; $domain = $parsed_url['host'];
// Block if using blacklisted protocols // Block if using blacklisted protocols
if ( isset($parsed_url['scheme']) && in_array( $parsed_url['scheme'], ['http', 'https'], true ) ) { if ( isset($parsed_url['scheme']) && in_array( $parsed_url['scheme'], ['http', 'https'], true ) ) {
// Instead of blocking here, we return the original shunt // Instead of blocking here, we return the original shunt
// to avoid blocking all URLs with blacklisted protocols // to avoid blocking all URLs with blacklisted protocols
} }
// Retrieve blacklisted domains from options // Retrieve blacklisted domains from options
$blacklisted_domains = yourls_get_option( 'better_blacklist_domain_list' ); $blacklisted_domains = yourls_get_option( 'better_blacklist_domain_list' );
// If there's a blacklist, check the domain // If there's a blacklist, check the domain
if ( $blacklisted_domains ) { if ( $blacklisted_domains ) {
$blacklisted_domains = unserialize( $blacklisted_domains ); $blacklisted_domains = unserialize( $blacklisted_domains );
foreach ( $blacklisted_domains as $blacklisted_domain ) { foreach ( $blacklisted_domains as $blacklisted_domain ) {
// Check if the entry starts with '/', then consider regex handling // Check if the entry starts with '/', then consider regex handling
if (strpos($blacklisted_domain, '/') === 0) { if (strpos($blacklisted_domain, '/') === 0) {
if (@preg_match($blacklisted_domain, $domain)) { if (@preg_match($blacklisted_domain, $domain)) {
return blacklist_fail_response(); return blacklist_fail_response();
} }
} else { } else {
// Otherwise treat as plain domain (old behavior) // Otherwise treat as plain domain (old behavior)
$pattern = '/(?:^|\.)' . preg_quote( $blacklisted_domain, '/' ) . '$/i'; $pattern = '/(?:^|\.)' . preg_quote( $blacklisted_domain, '/' ) . '$/i';
if ( preg_match( $pattern, $domain ) ) { if ( preg_match( $pattern, $domain ) ) {
return blacklist_fail_response(); return blacklist_fail_response();
}
} }
} }
} }
// No match, allow the URL
return $shunt;
} }
// Return failure response for blacklisted URLs // No match, allow the URL
function blacklist_fail_response() { return $shunt;
return array( }
'status' => 'fail',
'code' => 'error:url', // Return failure response for blacklisted URLs
'message' => 'This domain is blacklisted', function blacklist_fail_response() {
'errorCode' => '403', return array(
); 'status' => 'fail',
'code' => 'error:url',
'message' => 'This domain is blacklisted',
'errorCode' => '403',
);
}
// Add admin page to handle blacklist management
function better_blacklist_add_admin_page() {
yourls_register_plugin_page( 'better_blacklist_domain', 'Blacklist Domains', 'better_blacklist_admin_page' );
}
// Display the blacklist admin page
function better_blacklist_admin_page() {
if ( $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'blacklist_domain' ) {
better_blacklist_process_form();
} else {
better_blacklist_display_form();
}
}
// Display the form to update the blacklist
function better_blacklist_display_form() {
$nonce = yourls_create_nonce( 'blacklist_domain' );
$blacklist_domains = yourls_get_option( 'better_blacklist_domain_list', 'Enter domain addresses here, one per line' );
if ( $blacklist_domains !== 'Enter domain addresses here, one per line' ) {
$blacklist_domains = implode( "\r\n", unserialize( $blacklist_domains ) );
} }
// Add admin page to handle blacklist management echo <<<HTML
function better_blacklist_add_admin_page() { <h2>Blacklist Domains</h2>
yourls_register_plugin_page( 'better_blacklist_domain', 'Blacklist Domains', 'better_blacklist_admin_page' ); <form method="post">
} <input type="hidden" name="action" value="blacklist_domain" />
<input type="hidden" name="nonce" value="$nonce" />
<p>Enter domains to blacklist (one per line):</p>
// Display the blacklist admin page <details>
function better_blacklist_admin_page() { <summary>Advanced Usage (Regex)</summary>
if ( $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'blacklist_domain' ) { <div>
better_blacklist_process_form(); <p>
} else { You can use regular expressions (Regex) to define more complex patterns for blacklisting domains.<br>
better_blacklist_display_form(); To use Regex, enter your pattern between slashes (/).<br>
}
} For example, to block all subdomains of example.com, you could enter <code>/\.example\.com$/i</code>.<br>
The <kbd>i</kbd> flag at the end makes the match case-insensitive. Usually you want to use this flag.
// Display the form to update the blacklist </p>
function better_blacklist_display_form() {
$nonce = yourls_create_nonce( 'blacklist_domain' ); <p>
$blacklist_domains = yourls_get_option( 'better_blacklist_domain_list', 'Enter domain addresses here, one per line' ); <b>Further examples:</b><br>
<code>/.*\.xxx$/i</code> - Blocks all domains ending with .xxx<br>
if ( $blacklist_domains !== 'Enter domain addresses here, one per line' ) { <br>
$blacklist_domains = implode( "\r\n", unserialize( $blacklist_domains ) );
} Be cautious when using Regex, as incorrect patterns can lead to unintended blocking of domains.<br>
Always test your Regex patterns to ensure they work as expected.
echo <<<HTML </p>
<h2>Blacklist Domains</h2> </div>
<form method="post"> </details><br>
<input type="hidden" name="action" value="blacklist_domain" /> <textarea class="blacklist-domains" cols="60" rows="15" name="blacklist_form" placeholder="Example: block.example.com">$blacklist_domains</textarea>
<input type="hidden" name="nonce" value="$nonce" /> <p><input type="submit" value="Save" /></p>
<p>Enter domains to blacklist (one per line):</p> </form>
HTML;
<details> }
<summary>Advanced Usage (Regex)</summary>
<div> // Process the blacklist form submission
<p> function better_blacklist_process_form() {
You can use regular expressions (Regex) to define more complex patterns for blacklisting domains.<br> // Verify nonce for security
To use Regex, enter your pattern between slashes (/).<br> yourls_verify_nonce( 'blacklist_domain' );
For example, to block all subdomains of example.com, you could enter <code>/\.example\.com$/i</code>.<br> // Sanitize and process the form input
The <kbd>i</kbd> flag at the end makes the match case-insensitive. Usually you want to use this flag. $blacklist_form = array_filter( array_map( 'trim', explode( "\r\n", $_POST['blacklist_form'] ) ) );
</p>
// Alphabetize the blacklist
<p> sort($blacklist_form, SORT_STRING | SORT_FLAG_CASE);
<b>Further examples:</b><br>
<code>/.*\.xxx$/i</code> - Blocks all domains ending with .xxx<br> // Update the option with serialized data
<br> yourls_update_option( 'better_blacklist_domain_list', serialize( $blacklist_form ) );
Be cautious when using Regex, as incorrect patterns can lead to unintended blocking of domains.<br> echo "<p>Blacklist updated!</p>";
Always test your Regex patterns to ensure they work as expected. if ( empty( $blacklist_form ) ) {
</p> echo "<p>The blacklist is currently empty.</p>";
</div> } else {
</details><br> echo "<p>Current blacklisted domains:</p><ul>";
<textarea class="blacklist-domains" cols="60" rows="15" name="blacklist_form" placeholder="Example: block.example.com">$blacklist_domains</textarea> foreach ( $blacklist_form as $domain ) {
<p><input type="submit" value="Save" /></p> echo "<li>" . htmlspecialchars($domain, ENT_QUOTES) . "</li>";
</form>
HTML;
}
// Process the blacklist form submission
function better_blacklist_process_form() {
// Verify nonce for security
yourls_verify_nonce( 'blacklist_domain' );
// Sanitize and process the form input
$blacklist_form = array_filter( array_map( 'trim', explode( "\r\n", $_POST['blacklist_form'] ) ) );
// Alphabetize the blacklist
sort($blacklist_form, SORT_STRING | SORT_FLAG_CASE);
// Update the option with serialized data
yourls_update_option( 'better_blacklist_domain_list', serialize( $blacklist_form ) );
echo "<p>Blacklist updated!</p>";
if ( empty( $blacklist_form ) ) {
echo "<p>The blacklist is currently empty.</p>";
} else {
echo "<p>Current blacklisted domains:</p><ul>";
foreach ( $blacklist_form as $domain ) {
echo "<li>" . htmlspecialchars($domain, ENT_QUOTES) . "</li>";
}
echo "</ul>";
} }
echo "</ul>";
} }
}