Censored Words easily bypassed

Started by incith, February 24, 2006, 07:17:36 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

incith

February 24, 2006, 07:17:36 AM
Adding bbc code into a word, for example, Wo[b][/b]rd, and Word would be allowed into the forum post even if it's in the censored words list.  This also allows for blank posts, with just a bbc code or two.

URPG

#1
February 24, 2006, 07:36:40 AM
Guess the the Pharser should first do the Tags, then look for the words and post length, not the other way round...

RyanJones

#2
February 24, 2006, 12:16:32 PM
Quote from: URPG on February 24, 2006, 07:36:40 AM
Guess the the Pharser should first do the Tags, then look for the words and post length, not the other way round...

Why not jut strip empty tag sets? The problem would also come if someone used them in part of the word...

Striping them would be hard but you could just stop the posting process if one is found. Create a temp copy of the post variable and then strip the tags in it and check for censor maches if it does create and error and stop the posting process, otherwise allow it to continue.

Cheers,

Ryan Jones
RyanJ (Ryan Jones)

Support Web Standards!

Currently working On: Additions to the Karma system.

URPG

#3
February 24, 2006, 12:57:58 PM
I don't know how it's done, but vBulletin does stop you from posting things like that. It does not count things inside tags for the minimum word requirement.

RyanJones

#4
February 24, 2006, 01:20:58 PM Last Edit: February 24, 2006, 01:24:19 PM by RyanJones
How about this as a start for my idea...


  function RequireCensor($InputStr)
  {
    global $modSettings;

    $TempVar1 preg_replace('~\[(.+?)\](.+?)\[\/(.+?)\]~is''$2'$InputStr);
    $TempVar2 preg_replace('~\[(.+?)\](.+?)\[\/(.+?)\]~is''$2'$InputStr);

    $BannedWords str_replace("\r\n"'|'$modSettings['censor_vulgar']);
    $TempVar2     preg_replace('~(' $BannedWords ')~si''*'$TempVar2);

    if ($TempVar1 == $TempVar2)
      return false;
    else
      return true;
  }


like I said before, it makes a copy of the string, strips tags, replaces bad words and then compares the strings... it can probably be improved but it whould work as a stating point :)

Cheers,

Ryan Jones
RyanJ (Ryan Jones)

Support Web Standards!

Currently working On: Additions to the Karma system.

URPG

#5
February 24, 2006, 10:30:19 PM
Don't know about the exact syntax, i only code other languages, but it sounds valid. Just cut out all tags (and blanks too?) and check for forbidden strings.

RyanJones

#6
February 25, 2006, 05:43:53 AM
Quote from: URPG on February 24, 2006, 10:30:19 PM
Don't know about the exact syntax, i only code other languages, but it sounds valid. Just cut out all tags (and blanks too?) and check for forbidden strings.

Thats the only way I can see it being done. Remoing the tags from just the censored wordscould be almost impossible :(

Maybe the dev team can come up with an idea :)

Cheers,

Ryan Jones
RyanJ (Ryan Jones)

Support Web Standards!

Currently working On: Additions to the Karma system.

SleePy

#7
February 25, 2006, 02:41:14 PM
i tested this and it is true. it does do this... wow blank posts. glad nobody on our forums figured it out yet.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!
Print
Go Up Pages1
User actions
Advertisement: