1<?php 2$ip_spam_lookup_url = 'http://www.dnsbl.info/dnsbl-database-check.php?IP='; 3 4$_SERVER['BASE_PAGE'] = 'manual/add-note.php'; 5include_once __DIR__ . '/../include/prepend.inc'; 6include_once __DIR__ . '/../include/posttohost.inc'; 7include_once __DIR__ . '/../include/shared-manual.inc'; 8include __DIR__ . '/spam_challenge.php'; 9 10use phpweb\UserNotes\UserNote; 11 12site_header("Add Manual Note", ['css' => 'add-note.css']); 13 14// Copy over "sect" and "redirect" from GET to POST 15if (empty($_POST['sect']) && isset($_GET['sect'])) { 16 $_POST['sect'] = $_GET['sect']; 17} 18if (empty($_POST['redirect']) && isset($_GET['redirect'])) { 19 $_POST['redirect'] = $_GET['redirect']; 20} 21 22// Decide on whether all vars are present for processing 23$process = true; 24$needed_vars = ['note', 'user', 'sect', 'redirect', 'action', 'func', 'arga', 'argb', 'answer']; 25foreach ($needed_vars as $varname) { 26 if (empty($_POST[$varname])) { 27 $process = false; 28 break; 29 } 30} 31 32// We have a submitted form to process 33if ($process) { 34 35 // Clean off leading and trailing whitespace 36 $user = trim($_POST['user']); 37 $note = trim($_POST['note']); 38 39 // Convert all line-endings to unix format, 40 // and don't allow out-of-control blank lines 41 $note = str_replace(["\r\n", "\r"], "\n", $note); 42 $note = preg_replace("/\n{2,}/", "\n\n", $note); 43 44 // Don't pass through example username 45 if ($user === "user@example.com") { 46 $user = "Anonymous"; 47 } 48 49 // We don't know of any error now 50 $error = false; 51 52 // No note specified 53 if (strlen($note) == 0) { 54 $error = "You have not specified the note text."; 55 } 56 57 // SPAM challenge failed 58 elseif (!test_answer($_POST['func'], $_POST['arga'], $_POST['argb'], $_POST['answer'])) { 59 $error = 'SPAM challenge failed.'; 60 } 61 62 // The user name contains a malicious character 63 elseif (stristr($user, "|")) { 64 $error = "You have included bad characters within your username. We appreciate you may want to obfuscate your email further, but we have a system in place to do this for you."; 65 } 66 67 // Check if the note is too long 68 elseif (strlen($note) >= 4096) { 69 $error = "Your note is too long. You'll have to make it shorter before you can post it. Keep in mind that this is not the place for long code examples!"; 70 } 71 72 // Check if the note is not too short 73 elseif (strlen($note) < 32) { 74 $error = "Your note is too short. Trying to test the notes system? Save us the trouble of deleting your test, and don't. It works."; 75 } 76 77 // Check if any line is too long 78 else { 79 80 // Split the note by whitespace, and check length 81 foreach (preg_split("/\\s+/", $note) as $chunk) { 82 if (strlen($chunk) > 120) { 83 $error = "Your note contains a bit of text that will result in a line that is too long, even after using wordwrap()."; 84 break; 85 } 86 } 87 } 88 89 // No error was found, and the submit action is required 90 if (!$error && strtolower($_POST['action']) !== "preview") { 91 92 $redirip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? 93 ($_SERVER['HTTP_VIA'] ?? ''); 94 95 // Post the variables to the central user note script 96 $result = posttohost( 97 "https://main.php.net/entry/user-note.php", 98 [ 99 'user' => $user, 100 'note' => $note, 101 'sect' => $_POST['sect'], 102 'ip' => $_SERVER['REMOTE_ADDR'], 103 'redirip' => $redirip, 104 ], 105 ); 106 107 // If there is any non-header result, then it is an error 108 if ($result) { 109 if (strpos($result, '[TOO MANY NOTES]') !== false) { 110 echo "<p class=\"formerror\">As a security precaution, we only allow a certain number of notes to be submitted per minute. At this time, this number has been exceeded. Please re-submit your note in about a minute.</p>"; 111 } elseif (($pos = strpos($result, '[SPAMMER]')) !== false) { 112 $ip = trim(substr($result, $pos + 9)); 113 $spam_url = $ip_spam_lookup_url . $ip; 114 echo '<p class="formerror">Your IP is listed in one of the spammers lists we use, which aren\'t controlled by us. More information is available at <a href="' . $spam_url . '">' . $spam_url . '</a>.</p>'; 115 } elseif (strpos($result, '[SPAM WORD]') !== false) { 116 echo '<p class="formerror">Your note contains a prohibited (usually SPAM) word. Please remove it and try again.</p>'; 117 } elseif (strpos($result, '[CLOSED]') !== false) { 118 echo '<p class="formerror">Due to some technical problems this service isn\'t currently working. Please try again later. Sorry for any inconvenience.</p>'; 119 } else { 120 echo "<!-- $result -->"; 121 echo "<p class=\"formerror\">There was an internal error processing your submission. Please try to submit again later.</p>"; 122 } 123 } 124 125 // There was no error returned 126 else { 127 echo '<p>Your submission was successful -- thanks for contributing! Note ', 128 'that it will not show up for up to a few hours, ', 129 'but it will eventually find its way.</p>'; 130 } 131 132 // Print out common footer, and end page 133 site_footer(); 134 exit(); 135 } 136 137 // There was an error, or a preview is needed 138 // If there was an error, print out 139 if ($error) { echo "<p class=\"formerror\">$error</p>\n"; } 140 141 // Print out preview of note 142 echo '<p>This is what your entry will look like, roughly:</p>'; 143 echo '<div id="usernotes">'; 144 manual_note_display(new UserNote('', '', '', time(), $user, $note)); 145 echo '</div><br><br>'; 146} 147 148// Any needed variable was missing => display instructions 149else { 150?> 151 152<section id="add-note-usernotes" class="clearfix"> 153 <h1>Adding a note to the manual</h1> 154 <div class="note_description"> 155 <ul> 156 <li> 157 Please read <a href="#whatnottoenter">What not to enter</a> 158 we have many comments to moderate and there is an overwhelming number of 159 users ignoring this important section. 160 </li> 161 <li> 162 <em>Good notes rise to the top</em> as they are voted up; this makes 163 them easier to find. 164 </li> 165 <li> 166 <em>Poor notes fall to the bottom and are faded out</em> to discourage 167 their use; after certain threshold they are removed. 168 </li> 169 <li>Any form of spam is removed immediately.</li> 170 </ul> 171 </div> 172 <div class="note_example"> 173 <div class="shadow"></div> 174 <div id="usernotes"> 175 <h3 class="title">User Contributed Notes <span class="count">3 notes</span></h3> 176 <div class="note bad"> 177 <div class="votes"> 178 <div> 179 <a class="usernotes-voteu" title="Vote up!">up</a> 180 </div> 181 <div> 182 <a class="usernotes-voted" title="Vote down!">down</a> 183 </div> 184 <div class="tally">3</div> 185 </div> 186 <a class="name"><strong class="user"><em>Anonymous</em></strong></a> 187 <a class="genanchor" href="#"> ¶</a> 188 <div class="date"> 189 <strong>1 year ago</strong> 190 </div> 191 <div class="text"> 192 <div class="phpcode"> 193 <code><span class="html">eval() is the best for all sorts of things</span></code> 194 </div> 195 </div> 196 </div> 197 198<div class="note good"> 199 <div class="votes"> 200 <div> 201 <a class="usernotes-voteu" title="Vote up!">up</a> 202 </div> 203 <div> 204 <a class="usernotes-voted" title="Vote down!">down</a> 205 </div> 206 <div title="" class="tally"> 207 1 208 </div> 209 </div> 210 <a class="name"><strong class="user"><em>rasmus () lerdorf ! com</em></strong></a> 211 <a class="genanchor" href="#"> ¶</a> 212 <div class="date"> 213 <strong> 214 2 days ago 215 </strong> 216 </div> 217 <div class="text"> 218 <div class="phpcode"> 219 <code><span class="html">If eval() is the answer, you're almost certainly asking the wrong question.</span></code> 220 </div> 221 </div> 222</div> 223 224<div class="note spam"> 225 <div class="votes"> 226 <div> 227 <a class="usernotes-voteu" title="Vote up!">up</a> 228 </div> 229 <div> 230 <a class="usernotes-voted" title="Vote down!">down</a> 231 </div> 232 <div title="" class="tally"> 233 0 234 </div> 235 </div> 236 <a class="name"><strong class="user"><em>spam () spam ! spam</em></strong></a> 237 <a class="genanchor" href="#"> ¶</a> 238 <div class="date"> 239 <strong> 240 1 hour ago 241 </strong> 242 </div> 243 <div class="text"> 244 <div class="phpcode"> 245 <code><span class="html">egg bacon sausage spam spam baked beans</span></code> 246 </div> 247 </div> 248</div> 249 250</div> 251 252</div> 253</section> 254 255 256<section id="whatnottoenter" class='clearfix'> 257<h3>Thou shall not enter! <small>(No, really, don't)</small></h3> 258<div class='columns'> 259<ul> 260 <li><strong>Bug reports & Missing documentation</strong> 261 Instead <a href="http://bugs.php.net/report.php?bug_type=Documentation+problem<?php echo isset($_POST['sect']) ? '&manpage=' . clean($_POST['sect']) : ''; ?>">report a bug</a> 262 for this manual page to the bug database. 263 </li> 264 <li><strong>Support questions or request for help</strong> See the <a href="/support.php">support page</a> for available options. In other words, do not ask questions within the user notes.</li> 265 <li><strong>References to other notes or authors</strong> This is not a forum; we do not encourage nor permit discussions here. Further, if a note is referenced directly and is later removed or modified it causes confusion. 266 </li> 267 <li><strong>Code collaboration or improvements</strong> This is not to suggest that your code snippet is bad; this is simply not the place to show it off. You should publish elsewhere (perhaps on your blog).</li> 268 <li><strong>Links to your website, blog, code, or a third-party website</strong> On occasion we permit the posting of websites such as faqs.org or the MySQL manual, but links to other sites will be removed, no matter how well-intended.</li> 269 <li><strong>Complaints that your notes keep getting deleted</strong> Most likely you didn't bother to read this page and you violated one of these rules.</li> 270 <li><strong>Notes in languages other than English</strong> 不 gach duine понимает el lenguaje जिसमें Sie sprechen.</li> 271 <li><strong>Your disdain for PHP and/or its maintainers</strong> Go learn FORTRAN instead.</li> 272</ul> 273</div> 274<p>User notes may be edited or deleted for any reason, whether in the list above or not!</p> 275</section> 276 277 278<div id="email_and_formatting" class="clearfix"> 279 <section> 280 <h3>Email address conversion</h3> 281 <p> 282 We have a simple conversion in place to convert the @ signs and dots in your 283 address. You may still want to include a part in the email address 284 that is understandable only by humans as our conversion can be performed in 285 the opposite direction. You may submit your email address as 286 <code>user@NOSPAM.example.com</code> for example (which will be displayed 287 as <code>user at NOSPAM dot example dot com</code>. If we remove your note we can 288 only send an email if you use your real email address. 289 </p> 290 </section> 291 <section> 292 <h3>Formatting</h3> 293 <p> 294 Note that HTML tags are not allowed in the posts, but the note formatting 295 is preserved. URLs will be turned into clickable links, PHP code blocks 296 enclosed in the PHP tags <?php and ?> will 297 be source highlighted automatically. So always enclose PHP snippets in 298 these tags. <em>Double-check that your note appears 299 as you want during the preview; that's why it is there!</em> 300 </p> 301 </section> 302</div> 303 304<div class="row-fluid clearfix"> 305<div class="span12"> 306<h3>Additional information</h3> 307<p> 308 Please note that periodically the developers go through the notes and 309 may incorporate information from them into the documentation. This means 310 that any note submitted here becomes the property of the PHP Documentation 311 Group and will be available under the <a href="/license/index.php#doc-lic">same license</a> as the documentation. 312</p> 313<p> 314 Your IP Address will be logged with the submitted note and made public on the 315 PHP manual user notes mailing list. The IP address is logged as part of the 316 notes moderation process, and won't be shown within the PHP manual itself. 317</p> 318<p>It may take up to an hour for your note to appear in the documentation.</p> 319<p> 320 The SPAM challenge requires numbers to written out in English, so, an appropriate 321 answer may be <em>nine</em> but not <em>9</em>. 322</p> 323</div> 324</div> 325 326<?php 327} 328 329// If the user name was not specified, provide a default 330if (empty($_POST['user'])) { $_POST['user'] = "user@example.com"; } 331 332// There is no section to add note to 333if (!isset($_POST['sect'], $_POST['redirect'])) { 334 echo '<p class="formerror">To add a note, you must click on the "Add Note" button (the plus sign) ', 335 'on the bottom of a manual page so we know where to add the note!</p>'; 336} 337 338// Everything is in place, so we can display the form 339else {?> 340<form method="post" action="/manual/add-note.php"> 341 <p> 342 <input type="hidden" name="sect" value="<?php echo clean($_POST['sect']); ?>"> 343 <input type="hidden" name="redirect" value="<?php echo clean($_POST['redirect']); ?>"> 344 </p> 345 <table border="0" cellpadding="3" class="standard"> 346 <tr> 347 <td colspan="2"> 348 <b> 349 <a href="/support.php">Click here to go to the support pages.</a><br> 350 <a href="http://bugs.php.net/report.php?bug_type=Documentation+problem&manpage=<?php echo clean($_POST['sect']); ?>">Click here to submit a bug report.</a><br> 351 <a href="http://bugs.php.net/report.php?bug_type=Documentation+problem&manpage=<?php echo clean($_POST['sect']); ?>">Click here to request a feature.</a><br> 352 (Again, please note, if you ask a question, report a bug, or request a feature, 353 your note <i>will be deleted</i>.) 354 </b> 355 </td> 356 </tr> 357 <tr> 358 <th class="subr"><label for="form-user">Your email address (or name)</label>:</th> 359 <td><input id="form-user" type="text" name="user" size="60" maxlength="40" required value="<?php echo clean($_POST['user']); ?>"></td> 360 </tr> 361 <tr> 362 <th class="subr"><label for="form-note">Your notes</label>:</th> 363 <td><textarea id="form-note" name="note" rows="20" cols="60" wrap="virtual" required maxlength="4095" minlength="32"><?php if (isset($_POST['note'])) { echo clean($_POST['note']); } ?></textarea> 364 <br> 365 </td> 366 </tr> 367 <tr> 368 <th class="subr"><label for="form-answer">Answer to this simple question (SPAM challenge)</label>:<br> 369 <?php $c = gen_challenge(); echo $c[3]; ?>?</th> 370 <td><input id="form-answer" type="text" name="answer" size="60" maxlength="10" required> (Example: nine)</td> 371 </tr> 372 <tr> 373 <th colspan="2"> 374 <input type="hidden" name="func" value="<?php echo $c[0]; ?>"> 375 <input type="hidden" name="arga" value="<?php echo $c[1]; ?>"> 376 <input type="hidden" name="argb" value="<?php echo $c[2]; ?>"> 377 <input type="submit" name="action" value="Preview"> 378 <input type="submit" name="action" value="Add Note"> 379 </th> 380 </tr> 381 </table> 382</form> 383<?php 384} 385 386// Print out common footer 387site_footer(); 388?> 389