Sophia/better-yourls-blacklist-domains
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: Sophia:0.06
Branches Tags
Sophia:master Maingron:master
Sophia:0.07 Sophia:0.06 Maingron:0.06
...
compare: Maingron:7ea141cc239420ec5832319faaf80b80f5ce501f
Branches Tags
Maingron:master Sophia:master
Maingron:0.06 Sophia:0.07 Sophia:0.06

4 Commits
0.06 ... 7ea141cc23

Author SHA1 Message Date
Maingron
7ea141cc23 Update Readme 2025-09-13 02:24:06 +02:00
Maingron
fa220e0470 Add regex docs to plugin.php page 2025-09-13 02:22:31 +02:00
Maingron
bd050d27c4 Add possible regex handling 2025-09-13 02:11:39 +02:00
Sophia Atkinson
5247655a50 fix tested version 2024-10-11 21:43:06 -07:00
2 changed files with 143 additions and 113 deletions
Expand all files Collapse all files

5
README.md
View File

@@ -6,9 +6,9 @@ Plugin for Yourls that disallows blacklisted domains. Further, if YourlsBlacklis
This plugin is intended to be used with YOURLS (cf. <https://yourls.org>) This plugin is intended to be used with YOURLS (cf. <https://yourls.org>)
It has been tested on YOURLS v1.5.1 and YourlsBlacklistIPs v1.3 It has been tested on YOURLS v1.9.2 and YourlsBlacklistIPs v1.3
Current version is 0.04 Current version is 0.07
**INSTALL :** **INSTALL :**
@@ -41,6 +41,7 @@ Also thanks to [LudoBoggio](https://github.com/LudoBoggio) for the [YourlsBlackl
--------- ---------
v0.07 Maingron added regex support
v0.06 Alphabetize the blacklist v0.06 Alphabetize the blacklist
v0.05 Fix all links being blocked v0.05 Fix all links being blocked
v0.04 Fix https and not both https and http blocking v0.04 Fix https and not both https and http blocking

251
plugin.php
View File

@@ -1,129 +1,158 @@
<?php <?php
/* /*
Plugin Name: Better Yourls BlackList Domains Plugin Name: Better Yourls BlackList Domains
Plugin URI: https://git.oldgate.org/Sophia/better-yourls-blacklist-domains Plugin URI: https://git.oldgate.org/Sophia/better-yourls-blacklist-domains
Description: Plugin which disallows blacklisted domains and bans the submitter's IP address. GPL v3 Description: Plugin which disallows blacklisted domains and bans the submitter's IP address. GPL v3
Version: 0.06 Version: 0.06
Author: Sophia Atkinson Author: Sophia Atkinson
Author URI: https://sophia.wtf Author URI: https://sophia.wtf
Original Author: apelly Original Author: apelly
Original Author URI: http://len.io Original Author URI: http://len.io
*/ */
// No direct access // No direct access
if( !defined( 'YOURLS_ABSPATH' ) ) die(); if( !defined( 'YOURLS_ABSPATH' ) ) die();
// Hook the custom function into the 'shunt_add_new_link' event // Hook the custom function into the 'shunt_add_new_link' event
yourls_add_filter( 'shunt_add_new_link', 'better_blacklist_domain_check' ); yourls_add_filter( 'shunt_add_new_link', 'better_blacklist_domain_check' );
// Hook the admin page into the 'plugins_loaded' event // Hook the admin page into the 'plugins_loaded' event
yourls_add_action( 'plugins_loaded', 'better_blacklist_add_admin_page' ); yourls_add_action( 'plugins_loaded', 'better_blacklist_add_admin_page' );
// Function to check if a domain is blacklisted // Function to check if a domain is blacklisted
function better_blacklist_domain_check( $shunt, $url ) { function better_blacklist_domain_check( $shunt, $url ) {
// Parse the URL and extract the host // Parse the URL and extract the host
$parsed_url = parse_url( $url ); $parsed_url = parse_url( $url );
// If parsing fails or host is empty, deny the URL // If parsing fails or host is empty, deny the URL
if (empty($parsed_url['host'])) { if (empty($parsed_url['host'])) {
return blacklist_fail_response(); return blacklist_fail_response();
} }
$domain = $parsed_url['host']; $domain = $parsed_url['host'];
// Block if using blacklisted protocols // Block if using blacklisted protocols
if ( isset($parsed_url['scheme']) && in_array( $parsed_url['scheme'], ['http', 'https'], true ) ) { if ( isset($parsed_url['scheme']) && in_array( $parsed_url['scheme'], ['http', 'https'], true ) ) {
// Instead of blocking here, we return the original shunt // Instead of blocking here, we return the original shunt
// to avoid blocking all URLs with blacklisted protocols // to avoid blocking all URLs with blacklisted protocols
} }
// Retrieve blacklisted domains from options // Retrieve blacklisted domains from options
$blacklisted_domains = yourls_get_option( 'better_blacklist_domain_list' ); $blacklisted_domains = yourls_get_option( 'better_blacklist_domain_list' );
// If there's a blacklist, check the domain // If there's a blacklist, check the domain
if ( $blacklisted_domains ) { if ( $blacklisted_domains ) {
$blacklisted_domains = unserialize( $blacklisted_domains ); $blacklisted_domains = unserialize( $blacklisted_domains );
foreach ( $blacklisted_domains as $blacklisted_domain ) { foreach ( $blacklisted_domains as $blacklisted_domain ) {
// Use a regex to match the domain or subdomain // Check if the entry starts with '/', then consider regex handling
$pattern = '/(?:^|\.)' . preg_quote( $blacklisted_domain, '/' ) . '$/i'; if (strpos($blacklisted_domain, '/') === 0) {
if ( preg_match( $pattern, $domain ) ) { if (@preg_match($blacklisted_domain, $domain)) {
return blacklist_fail_response(); return blacklist_fail_response();
}
} else {
// Otherwise treat as plain domain (old behavior)
$pattern = '/(?:^|\.)' . preg_quote( $blacklisted_domain, '/' ) . '$/i';
if ( preg_match( $pattern, $domain ) ) {
return blacklist_fail_response();
}
}
} }
} }
// No match, allow the URL
return $shunt;
} }
// No match, allow the URL // Return failure response for blacklisted URLs
return $shunt; function blacklist_fail_response() {
} return array(
'status' => 'fail',
// Return failure response for blacklisted URLs 'code' => 'error:url',
function blacklist_fail_response() { 'message' => 'This domain is blacklisted',
return array( 'errorCode' => '403',
'status' => 'fail', );
'code' => 'error:url',
'message' => 'This domain is blacklisted',
'errorCode' => '403',
);
}
// Add admin page to handle blacklist management
function better_blacklist_add_admin_page() {
yourls_register_plugin_page( 'better_blacklist_domain', 'Blacklist Domains', 'better_blacklist_admin_page' );
}
// Display the blacklist admin page
function better_blacklist_admin_page() {
if ( $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'blacklist_domain' ) {
better_blacklist_process_form();
} else {
better_blacklist_display_form();
}
}
// Display the form to update the blacklist
function better_blacklist_display_form() {
$nonce = yourls_create_nonce( 'blacklist_domain' );
$blacklist_domains = yourls_get_option( 'better_blacklist_domain_list', 'Enter domain addresses here, one per line' );
if ( $blacklist_domains !== 'Enter domain addresses here, one per line' ) {
$blacklist_domains = implode( "\r\n", unserialize( $blacklist_domains ) );
} }
echo <<<HTML // Add admin page to handle blacklist management
<h2>Blacklist Domains</h2> function better_blacklist_add_admin_page() {
<form method="post"> yourls_register_plugin_page( 'better_blacklist_domain', 'Blacklist Domains', 'better_blacklist_admin_page' );
<input type="hidden" name="action" value="blacklist_domain" /> }
<input type="hidden" name="nonce" value="$nonce" />
<p>Enter domains to blacklist (one per line):</p>
<textarea class="blacklist-domains" cols="60" rows="15" name="blacklist_form">$blacklist_domains</textarea>
<p><input type="submit" value="Save" /></p>
</form>
HTML;
}
// Process the blacklist form submission // Display the blacklist admin page
function better_blacklist_process_form() { function better_blacklist_admin_page() {
// Verify nonce for security if ( $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'blacklist_domain' ) {
yourls_verify_nonce( 'blacklist_domain' ); better_blacklist_process_form();
} else {
// Sanitize and process the form input better_blacklist_display_form();
$blacklist_form = array_filter( array_map( 'trim', explode( "\r\n", $_POST['blacklist_form'] ) ) ); }
}
// Alphabetize the blacklist
sort($blacklist_form, SORT_STRING | SORT_FLAG_CASE); // Display the form to update the blacklist
function better_blacklist_display_form() {
// Update the option with serialized data $nonce = yourls_create_nonce( 'blacklist_domain' );
yourls_update_option( 'better_blacklist_domain_list', serialize( $blacklist_form ) ); $blacklist_domains = yourls_get_option( 'better_blacklist_domain_list', 'Enter domain addresses here, one per line' );
echo "<p>Blacklist updated!</p>"; if ( $blacklist_domains !== 'Enter domain addresses here, one per line' ) {
if ( empty( $blacklist_form ) ) { $blacklist_domains = implode( "\r\n", unserialize( $blacklist_domains ) );
echo "<p>The blacklist is currently empty.</p>"; }
} else {
echo "<p>Current blacklisted domains:</p><ul>"; echo <<<HTML
foreach ( $blacklist_form as $domain ) { <h2>Blacklist Domains</h2>
echo "<li>" . htmlspecialchars($domain, ENT_QUOTES) . "</li>"; <form method="post">
<input type="hidden" name="action" value="blacklist_domain" />
<input type="hidden" name="nonce" value="$nonce" />
<p>Enter domains to blacklist (one per line):</p>
<details>
<summary>Advanced Usage (Regex)</summary>
<div>
<p>
You can use regular expressions (Regex) to define more complex patterns for blacklisting domains.<br>
To use Regex, enter your pattern between slashes (/).<br>
For example, to block all subdomains of example.com, you could enter <code>/\.example\.com$/i</code>.<br>
The <kbd>i</kbd> flag at the end makes the match case-insensitive. Usually you want to use this flag.
</p>
<p>
<b>Further examples:</b><br>
<code>/.*\.xxx$/i</code> - Blocks all domains ending with .xxx<br>
<br>
Be cautious when using Regex, as incorrect patterns can lead to unintended blocking of domains.<br>
Always test your Regex patterns to ensure they work as expected.
</p>
</div>
</details><br>
<textarea class="blacklist-domains" cols="60" rows="15" name="blacklist_form" placeholder="Example: block.example.com">$blacklist_domains</textarea>
<p><input type="submit" value="Save" /></p>
</form>
HTML;
}
// Process the blacklist form submission
function better_blacklist_process_form() {
// Verify nonce for security
yourls_verify_nonce( 'blacklist_domain' );
// Sanitize and process the form input
$blacklist_form = array_filter( array_map( 'trim', explode( "\r\n", $_POST['blacklist_form'] ) ) );
// Alphabetize the blacklist
sort($blacklist_form, SORT_STRING | SORT_FLAG_CASE);
// Update the option with serialized data
yourls_update_option( 'better_blacklist_domain_list', serialize( $blacklist_form ) );
echo "<p>Blacklist updated!</p>";
if ( empty( $blacklist_form ) ) {
echo "<p>The blacklist is currently empty.</p>";
} else {
echo "<p>Current blacklisted domains:</p><ul>";
foreach ( $blacklist_form as $domain ) {
echo "<li>" . htmlspecialchars($domain, ENT_QUOTES) . "</li>";
}
echo "</ul>";
} }
echo "</ul>";
} }
}