xref: /web-php/manual/add-note.php (revision c093fb53) 
1<?php
2$ip_spam_lookup_url = 'http://www.dnsbl.info/dnsbl-database-check.php?IP=';
3
4$_SERVER['BASE_PAGE'] = 'manual/add-note.php';
5include_once __DIR__ . '/../include/prepend.inc';
6include_once __DIR__ . '/../include/posttohost.inc';
7include_once __DIR__ . '/../include/shared-manual.inc';
8include __DIR__ . '/spam_challenge.php';
9
10use phpweb\UserNotes\UserNote;
11
12site_header("Add Manual Note", ['css' => 'add-note.css']);
13
14// Copy over "sect" and "redirect" from GET to POST
15if (empty($_POST['sect']) && isset($_GET['sect'])) {
16    $_POST['sect'] = $_GET['sect'];
17}
18if (empty($_POST['redirect']) && isset($_GET['redirect'])) {
19    $_POST['redirect'] = $_GET['redirect'];
20}
21
22// Decide on whether all vars are present for processing
23$process = true;
24$needed_vars = ['note', 'user', 'sect', 'redirect', 'action', 'func', 'arga', 'argb', 'answer'];
25foreach ($needed_vars as $varname) {
26    if (empty($_POST[$varname])) {
27        $process = false;
28        break;
29    }
30}
31
32// We have a submitted form to process
33if ($process) {
34
35    // Clean off leading and trailing whitespace
36    $user = trim($_POST['user']);
37    $note = trim($_POST['note']);
38
39    // Convert all line-endings to unix format,
40    // and don't allow out-of-control blank lines
41    $note = str_replace(["\r\n", "\r"], "\n", $note);
42    $note = preg_replace("/\n{2,}/", "\n\n", $note);
43
44    // Don't pass through example username
45    if ($user === "user@example.com") {
46        $user = "Anonymous";
47    }
48
49    // We don't know of any error now
50    $error = false;
51
52    // No note specified
53    if (strlen($note) == 0) {
54        $error = "You have not specified the note text.";
55    }
56
57    // SPAM challenge failed
58    elseif (!test_answer($_POST['func'], $_POST['arga'], $_POST['argb'], $_POST['answer'])) {
59        $error = 'SPAM challenge failed.';
60    }
61
62    // The user name contains a malicious character
63    elseif (stristr($user, "|")) {
64        $error = "You have included bad characters within your username. We appreciate you may want to obfuscate your email further, but we have a system in place to do this for you.";
65    }
66
67    // Check if the note is too long
68    elseif (strlen($note) >= 4096) {
69        $error = "Your note is too long. You'll have to make it shorter before you can post it. Keep in mind that this is not the place for long code examples!";
70    }
71
72    // Check if the note is not too short
73    elseif (strlen($note) < 32) {
74        $error = "Your note is too short. Trying to test the notes system? Save us the trouble of deleting your test, and don't. It works.";
75    }
76
77    // Check if any line is too long
78    else {
79
80        // Split the note by whitespace, and check length
81        foreach (preg_split("/\\s+/", $note) as $chunk) {
82            if (strlen($chunk) > 120) {
83                $error = "Your note contains a bit of text that will result in a line that is too long, even after using wordwrap().";
84                break;
85            }
86        }
87    }
88
89    // No error was found, and the submit action is required
90    if (!$error && strtolower($_POST['action']) !== "preview") {
91
92        $redirip = $_SERVER['HTTP_X_FORWARDED_FOR'] ??
93                   ($_SERVER['HTTP_VIA'] ?? '');
94
95        // Post the variables to the central user note script
96        $result = posttohost(
97            "https://main.php.net/entry/user-note.php",
98            [
99                'user' => $user,
100                'note' => $note,
101                'sect' => $_POST['sect'],
102                'ip' => $_SERVER['REMOTE_ADDR'],
103                'redirip' => $redirip,
104            ],
105        );
106
107        // If there is any non-header result, then it is an error
108        if ($result) {
109            if (strpos($result, '[TOO MANY NOTES]') !== false) {
110                echo "<p class=\"formerror\">As a security precaution, we only allow a certain number of notes to be submitted per minute. At this time, this number has been exceeded. Please re-submit your note in about a minute.</p>";
111            } elseif (($pos = strpos($result, '[SPAMMER]')) !== false) {
112                $ip = trim(substr($result, $pos + 9));
113                $spam_url = $ip_spam_lookup_url . $ip;
114                echo '<p class="formerror">Your IP is listed in one of the spammers lists we use, which aren\'t controlled by us. More information is available at <a href="' . $spam_url . '">' . $spam_url . '</a>.</p>';
115            } elseif (strpos($result, '[SPAM WORD]') !== false) {
116                echo '<p class="formerror">Your note contains a prohibited (usually SPAM) word. Please remove it and try again.</p>';
117            } elseif (strpos($result, '[CLOSED]') !== false) {
118                echo '<p class="formerror">Due to some technical problems this service isn\'t currently working. Please try again later. Sorry for any inconvenience.</p>';
119            } else {
120                echo "<!-- $result -->";
121                echo "<p class=\"formerror\">There was an internal error processing your submission. Please try to submit again later.</p>";
122            }
123        }
124
125        // There was no error returned
126        else {
127            echo '<p>Your submission was successful -- thanks for contributing! Note ',
128                 'that it will not show up for up to a few hours, ',
129                 'but it will eventually find its way.</p>';
130        }
131
132        // Print out common footer, and end page
133        site_footer();
134        exit();
135    }
136
137    // There was an error, or a preview is needed
138    // If there was an error, print out
139    if ($error) { echo "<p class=\"formerror\">$error</p>\n"; }
140
141    // Print out preview of note
142    echo '<p>This is what your entry will look like, roughly:</p>';
143    echo '<div id="usernotes">';
144    manual_note_display(new UserNote('', '', '', time(), $user, $note));
145    echo '</div><br><br>';
146}
147
148// Any needed variable was missing => display instructions
149else {
150?>
151
152<section id="add-note-usernotes" class="clearfix">
153  <h1>Adding a note to the manual</h1>
154  <div class="note_description">
155    <ul>
156      <li>
157        Please read <a href="#whatnottoenter">What not to enter</a>
158        we have many comments to moderate and there is an overwhelming number of
159        users ignoring this important section.
160      </li>
161      <li>
162        <em>Good notes rise to the top</em> as they are voted up; this makes
163        them easier to find.
164      </li>
165      <li>
166        <em>Poor notes fall to the bottom and are faded out</em> to discourage
167        their use; after certain threshold they are removed.
168      </li>
169      <li>Any form of spam is removed immediately.</li>
170    </ul>
171  </div>
172  <div class="note_example">
173    <div class="shadow"></div>
174    <div id="usernotes">
175      <h3 class="title">User Contributed Notes <span class="count">3 notes</span></h3>
176      <div class="note bad">
177        <div class="votes">
178          <div>
179            <a class="usernotes-voteu" title="Vote up!">up</a>
180          </div>
181        <div>
182          <a class="usernotes-voted" title="Vote down!">down</a>
183        </div>
184        <div class="tally">3</div>
185      </div>
186      <a class="name"><strong class="user"><em>Anonymous</em></strong></a>
187      <a class="genanchor" href="#"> ¶</a>
188      <div class="date">
189        <strong>1 year ago</strong>
190      </div>
191      <div class="text">
192        <div class="phpcode">
193          <code><span class="html">eval() is the best for all sorts of things</span></code>
194        </div>
195      </div>
196    </div>
197
198<div class="note good">
199  <div class="votes">
200    <div>
201      <a class="usernotes-voteu" title="Vote up!">up</a>
202    </div>
203    <div>
204      <a class="usernotes-voted" title="Vote down!">down</a>
205    </div>
206    <div title="" class="tally">
207      1
208    </div>
209  </div>
210  <a class="name"><strong class="user"><em>rasmus () lerdorf ! com</em></strong></a>
211  <a class="genanchor" href="#"> ¶</a>
212  <div class="date">
213    <strong>
214      2 days ago
215    </strong>
216  </div>
217  <div class="text">
218    <div class="phpcode">
219      <code><span class="html">If eval() is the answer, you're almost certainly asking the wrong question.</span></code>
220    </div>
221  </div>
222</div>
223
224<div class="note spam">
225  <div class="votes">
226    <div>
227      <a class="usernotes-voteu" title="Vote up!">up</a>
228    </div>
229    <div>
230      <a class="usernotes-voted" title="Vote down!">down</a>
231    </div>
232    <div title="" class="tally">
233      0
234    </div>
235  </div>
236  <a class="name"><strong class="user"><em>spam () spam ! spam</em></strong></a>
237  <a class="genanchor" href="#"> ¶</a>
238  <div class="date">
239    <strong>
240      1 hour ago
241    </strong>
242  </div>
243  <div class="text">
244    <div class="phpcode">
245      <code><span class="html">egg bacon sausage spam spam baked beans</span></code>
246    </div>
247  </div>
248</div>
249
250</div>
251
252</div>
253</section>
254
255
256<section id="whatnottoenter" class='clearfix'>
257<h3>Thou shall not enter! <small>(No, really, don't)</small></h3>
258<div class='columns'>
259<ul>
260  <li><strong>Bug reports &amp; Missing documentation</strong>
261    Instead <a href="http://bugs.php.net/report.php?bug_type=Documentation+problem<?php echo isset($_POST['sect']) ? '&amp;manpage=' . clean($_POST['sect']) : ''; ?>">report a bug</a>
262  for this manual page to the bug database.
263  </li>
264  <li><strong>Support questions or request for help</strong> See the <a href="/support.php">support page</a> for available options. In other words, do not ask questions within the user notes.</li>
265  <li><strong>References to other notes or authors</strong>  This is not a forum; we do not encourage nor permit discussions here.  Further, if a note is referenced directly and is later removed or modified it causes confusion.
266  </li>
267  <li><strong>Code collaboration or improvements</strong> This is not to suggest that your code snippet is bad; this is simply not the place to show it off.  You should publish elsewhere (perhaps on your blog).</li>
268  <li><strong>Links to your website, blog, code, or a third-party website</strong> On occasion we permit the posting of websites such as faqs.org or the MySQL manual, but links to other sites will be removed, no matter how well-intended.</li>
269  <li><strong>Complaints that your notes keep getting deleted</strong> Most likely you didn't bother to read this page and you violated one of these rules.</li>
270  <li><strong>Notes in languages other than English</strong> 不 gach duine понимает el lenguaje जिसमें Sie sprechen.</li>
271  <li><strong>Your disdain for PHP and/or its maintainers</strong> Go learn FORTRAN instead.</li>
272</ul>
273</div>
274<p>User notes may be edited or deleted for any reason, whether in the list above or not!</p>
275</section>
276
277
278<div id="email_and_formatting" class="clearfix">
279  <section>
280    <h3>Email address conversion</h3>
281    <p>
282      We have a simple conversion in place to convert the @ signs and dots in your
283      address. You may still want to include a part in the email address
284      that is understandable only by humans as our conversion can be performed in
285      the opposite direction. You may submit your email address as
286      <code>user@NOSPAM.example.com</code> for example (which will be displayed
287      as <code>user at NOSPAM dot example dot com</code>. If we remove your note we can
288      only send an email if you use your real email address.
289    </p>
290  </section>
291  <section>
292    <h3>Formatting</h3>
293    <p>
294      Note that HTML tags are not allowed in the posts, but the note formatting
295      is preserved. URLs will be turned into clickable links, PHP code blocks
296      enclosed in the PHP tags &lt;?php and ?&gt; will
297      be source highlighted automatically. So always enclose PHP snippets in
298      these tags. <em>Double-check that your note appears
299      as you want during the preview; that's why it is there!</em>
300    </p>
301  </section>
302</div>
303
304<div class="row-fluid clearfix">
305<div class="span12">
306<h3>Additional information</h3>
307<p>
308 Please note that periodically the developers go through the notes and
309 may incorporate information from them into the documentation. This means
310 that any note submitted here becomes the property of the PHP Documentation
311 Group and will be available under the <a href="/license/index.php#doc-lic">same license</a> as the documentation.
312</p>
313<p>
314 Your IP Address will be logged with the submitted note and made public on the
315 PHP manual user notes mailing list. The IP address is logged as part of the
316 notes moderation process, and won't be shown within the PHP manual itself.
317</p>
318<p>It may take up to an hour for your note to appear in the documentation.</p>
319<p>
320 The SPAM challenge requires numbers to written out in English, so, an appropriate
321 answer may be <em>nine</em> but not <em>9</em>.
322</p>
323</div>
324</div>
325
326<?php
327}
328
329// If the user name was not specified, provide a default
330if (empty($_POST['user'])) { $_POST['user'] = "user@example.com"; }
331
332// There is no section to add note to
333if (!isset($_POST['sect'], $_POST['redirect'])) {
334    echo '<p class="formerror">To add a note, you must click on the "Add Note" button (the plus sign)  ',
335         'on the bottom of a manual page so we know where to add the note!</p>';
336}
337
338// Everything is in place, so we can display the form
339else {?>
340<form method="post" action="/manual/add-note.php">
341 <p>
342  <input type="hidden" name="sect" value="<?php echo clean($_POST['sect']); ?>">
343  <input type="hidden" name="redirect" value="<?php echo clean($_POST['redirect']); ?>">
344 </p>
345 <table border="0" cellpadding="3" class="standard">
346  <tr>
347   <td colspan="2">
348    <b>
349     <a href="/support.php">Click here to go to the support pages.</a><br>
350     <a href="http://bugs.php.net/report.php?bug_type=Documentation+problem&amp;manpage=<?php echo clean($_POST['sect']); ?>">Click here to submit a bug report.</a><br>
351     <a href="http://bugs.php.net/report.php?bug_type=Documentation+problem&amp;manpage=<?php echo clean($_POST['sect']); ?>">Click here to request a feature.</a><br>
352     (Again, please note, if you ask a question, report a bug, or request a feature,
353     your note <i>will be deleted</i>.)
354    </b>
355   </td>
356  </tr>
357  <tr>
358   <th class="subr"><label for="form-user">Your email address (or name)</label>:</th>
359   <td><input id="form-user" type="text" name="user" size="60" maxlength="40" required value="<?php echo clean($_POST['user']); ?>"></td>
360  </tr>
361  <tr>
362   <th class="subr"><label for="form-note">Your notes</label>:</th>
363   <td><textarea id="form-note" name="note" rows="20" cols="60" wrap="virtual" required maxlength="4095" minlength="32"><?php if (isset($_POST['note'])) { echo clean($_POST['note']); } ?></textarea>
364   <br>
365  </td>
366  </tr>
367  <tr>
368   <th class="subr"><label for="form-answer">Answer to this simple question (SPAM challenge)</label>:<br>
369   <?php $c = gen_challenge(); echo $c[3]; ?>?</th>
370   <td><input id="form-answer" type="text" name="answer" size="60" maxlength="10" required> (Example: nine)</td>
371  </tr>
372  <tr>
373   <th colspan="2">
374    <input type="hidden" name="func" value="<?php echo $c[0]; ?>">
375    <input type="hidden" name="arga" value="<?php echo $c[1]; ?>">
376    <input type="hidden" name="argb" value="<?php echo $c[2]; ?>">
377    <input type="submit" name="action" value="Preview">
378    <input type="submit" name="action" value="Add Note">
379   </th>
380  </tr>
381 </table>
382</form>
383<?php
384}
385
386// Print out common footer
387site_footer();
388?>
389