XF 2.2 Disallow external urls, if not written at least X posts

[Idhae]

Hey togther,

i have a problem with that named extension in the title.
I coded an extended \XF\Service\Message\Preparer -> public function checkValidity, where i check $message for external urls.
I use the getLinkClassTarget function from XF\Template\Templater\Formatter.

It works with that URLS:

[URL]https://www.externalUrl.com[/URL]

[URL="https://www.externalUrl.com"]https://www.externalUrl.com[/URL]

[URL='https://www.externalUrl.com']https://www.externalUrl.com[/URL]

[URL='https://www.externalUrl.com']EXTERNAL-URL[/URL]


https://www.externalUrl.com

www.externalUrl.com


[URL unfurl="true"]https://www.externalUrl.com[/URL]

BUT if i place a URL Tag like this:

[URL unfurl="true"]www.externalUrl.com[/URL]

whitout https://, the getLinkClassTarget function runs a second time and it becomes internalLink, because
$urlInfo['host'] is empty and $isInteral becomes true.

Someone have any ideas how i can fix that?
Why getLinkClassTarget runs a second time, a var_dump show me that at first run it is correct externalLink?


greetings idhae

 

[Chris D]

I know this doesn't answer your question but this is more-or-less what Spam phrases were designed for; blocking content containing certain text if the user hasn't written at least X posts.

Some examples that we use here (some may be redundant/superfluous):

/^\[url.*\[\/url\]$/si
/^http\S+$/si
/^https?:\/\/\S+\n/si
/^[a-z0-9-]+\.(com|net|org)\/\S+\n/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url\]\2\[/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url=("|')?\2("|')?\]/si

 

[Idhae]

Thank you, I will look at this.

 

[Idhae]

Thank you, I will look at this.

Useless for our purposes.


No idea why this happens?

BUT if i place a URL Tag like this:

[URL unfurl="true"]www.externalUrl.com[/URL]

whitout https://, the getLinkClassTarget function runs a second time and it becomes internalLink, because
$urlInfo['host'] is empty and $isInteral becomes true.

Someone have any ideas how i can fix that?
Why getLinkClassTarget runs a second time, a var_dump show me that at first run it is correct externalLink?

 

[Idhae]

So no ideas?!
Me checking now for no http:// in unfurl Url tags and then set it by my own and now it works.

 

[Xon]

My add-on Signup abuse detection and blocking actually implements a URL/domain spam checker provider. With an allow/deny/moderate list of domains and default action configurable.

The add-on hooks into the spam-check process which XenForo natively invokes for users with posts less than the "Maximum messages to check for spam".

It inspects [url]/[img]/[email] links, as well as bare links, as well as tries to reverse [media] bb-code into a site. It is more effective to allow/block domains than individual URLs, as this allows skipping a given domain (ie internal site links and also explicitly allowed external sites).

The regex used is probably more complex than it needs to be, but works reasonably reliably;

/(?:(?:(?:http|https):\/\/)|(?:\[(?:url|img|bimg|email)\s*=\s*(?:\'|"|)\s*))((?:[@+:\w.-]*)\.(?:[\w]*))/ui

It does other steps, including postprocessing of the matched URLs/email addresses/media sites.

whitout https://, the getLinkClassTarget function runs a second time and it becomes internalLink, because
$urlInfo['host'] is empty and $isInteral becomes true.

Someone have any ideas how i can fix that?
Why getLinkClassTarget runs a second time, a var_dump show me that at first run it is correct externalLink?

getLinkClassTarget isn't really the best place for detecting if a URL is being used, as there are other places beyond just the url bb-code which can result in an external link.

 

[Idhae]

My add-on Signup abuse detection and blocking actually implements a URL/domain spam checker provider. With an allow/deny/moderate list of domains and default action configurable.

The add-on hooks into the spam-check process which XenForo natively invokes for users with posts less than the "Maximum messages to check for spam".

It inspects [url]/[img]/[email] links, as well as bare links, as well as tries to reverse [media] bb-code into a site. It is more effective to allow/block domains than individual URLs, as this allows skipping a given domain (ie internal site links and also explicitly allowed external sites).

The regex used is probably more complex than it needs to be, but works reasonably reliably;

/(?:(?:(?:http|https):\/\/)|(?:\[(?:url|img|bimg|email)\s*=\s*(?:\'|"|)\s*))((?:[@+:\w.-]*)\.(?:[\w]*))/ui

It does other steps, including postprocessing of the matched URLs/email addresses/media sites.


getLinkClassTarget isn't really the best place for detecting if a URL is being used, as there are other places beyond just the url bb-code which can result in an external link.

We have your add-on, but I don't see any way to achieve our goal.

We just want to prevent users who have less than X posts from being able to post an external link.
internal links are allowed.
getLinkClassTarget Im using to check if the domain is external or internal.

 

[Xon]

It requires 3 settings;

• "Maximum messages to check for spam" Set this the the post number so the spam checked checks things
• "Link Spam checker: Default action" as reject/moderate for the default action.
• "Link Spam checker: Accept" add your website's domain (aka example.com) to allow links to the domain to be allowed.

 

[Idhae]

It requires 3 settings;

• "Maximum messages to check for spam" Set this the the post number so the spam checked checks things
• "Link Spam checker: Default action" as reject/moderate for the default action.
• "Link Spam checker: Accept" add your website's domain (aka example.com) to allow links to the domain to be allowed.

Thanks, for that.

But I talked yesterday with a friend about that and he has another solution, that code looks good.
The solution is now to render $message in the extended \XF\Service\Message\Preparer -> public function checkValidity and then check with strpos if the class 'link--external' is in the rendered $message.