How to disable links in comments How to disable links in comments
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

How to disable links in comments

Started by mauroed79, July 11, 2010, 03:29:12 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mauroed79

Hi guys,
I have been using Coppermine for more than a year and it's fantastic. Anyway, recently I have been getting a huge amount of spam I couldn't get rid of with the CAPTCHA plugin either. Since I wouldn't like to disable the comment possibility for unregistered users, I was wondering if there's a way (a plugin or some code editing) to disable the posting of URLs in comments. I also use Cutenews and it has a hack that allows to disable linking in comments. Maybe in Coppermine there's a chance to do the same. I couldn't find anything searching the forum.
Thanks for replying,
Mauro

My gallery:
http://stefanstennis.free.fr/gallery/

Joe Carver

There are ways to accomplish what you want. However you will first need to upgrade your old version of Coppermine.

<!--Coppermine Photo Gallery 1.4.20 (stable)-->

Check the links at the top of this page for Documentation and Download and return when you have finished upgrading.

mauroed79

Hi Joe,
I don't understand where the archive file for the upgrade is.
Could you send me a link? Thanks ;-)

phill104

See the download link at the top ;D

http://sourceforge.net/projects/coppermine/files/Coppermine/1.4.27%20%28stable%29/cpg1.4.27.zip/download

I do recommend you upgrade to the all new 1.5.x line as the older 1.4.x line has now been superceeded.
It is a mistake to think you can solve any major problems just with potatoes.

mauroed79

Ok, I upgraded to version 1.4.27. Can you suggest the steps to disable linking in comments?
Thanks  ;)

phill104

You've already applied it  ;D - http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#bbcode

As you can see, we disabled the feature for security reasons in 1.4.21 so your upgrade has done exactly what you want. You'll just need to review all the old comments and you are sorted.

Not sure what is wrong with capcha or askimet though. If you just set it so guests have to input the code then your spam will drastically reduce. The capcha system is built into 1.5.x when you upgrade to that and is very versatile.
It is a mistake to think you can solve any major problems just with potatoes.

mauroed79

Hi Philip,
even though I upgraded to 1.4.27 it seems it's still possible to add links in the comments of my gallery. Check yourself at http://stefanstennis.free.fr/gallery/ Did I miss something?

Joe Carver

#7
I am surprised that you get much spam through your Captcha. You can also try reCaptcha as well.

Coppermine  1.4.x and 1.5.x apply a function named "make_clickable" to the comment message body. The function looks for string values like http and www and then add the html (<a href....>) to make the text into a clickable link.

I have used two different ways of disabling this function. They both work well enough.

Method 1 will get just brief mention.  You can add the strings 'www' and 'http' to the array "$lang_bad_words" in the file /lang/your_lang.php (with * wildcard might help too). But that limits the fix to only one language and you will need to make the mod to your next cpg upgrade.

The better way is through theming. You can apply the change to your custom theme so it will stick though 1.4.x  upgrades. When you upgrade to 1.5.x you will need to again apply the change.

Open/edit  file    themes/sample/sample.php  and  copy this section into your custom theme.php above the ?> at the end. Copy and paste the whole function. It is a little more than 100 lines.

// Displays comments for a specific picture
function theme_html_comments($pid)
{
code - code - code
code - code - code
code - code - code
code - code - code
   return $html;
}


Find this in your newly copied section:
           $comment_body = make_clickable($row['msg_body']);
Change to:
           $comment_body = $row['msg_body'];

Find:
           $comment_body = process_smilies(make_clickable($row['msg_body']));
Change to:
           $comment_body = process_smilies$row['msg_body']);


Save, upload and your are done. Remember to make backups first.





mauroed79

Sorry, but neither of the two methods works as I would like it to. The bad word filter puts '(...)' in the place of 'http' or 'www', but doesn't prevent the spammer from posting his comment. The second method really doesn't give me any change... I guess I should disallow comment for unregistered users. that's the only solution...

Joe Carver

Quote from: mauroed79 on July 11, 2010, 11:35:25 PM
.... but doesn't prevent the spammer from posting his comment. The second method really doesn't give me any change... ..
The second method will remove the active link as you asked in your first post.
Quote from: mauroed79 on July 11, 2010, 03:29:12 PM
........ to the posting of URLs in comments.

At the moment you are not using any Captcha, or reCaptcha or have you looked into cpg1.5.x which has Askimet anti-spam built in.
If you allow comments then you are open to spam, with or without any and all of the above solutions. It's all a matter how much you can tolerate and how difficult you make it for automated spammers.
I'm done here.

mauroed79

Maybe I didn't make myself clear. I was looking for something that wouldn't allow the comment to be posted whenever there is a link in it  ???

phill104

The current method employed by 1.4.27 is to disable the links. If you want to prevent any links then you will have to code it yourself or employ someone to do it for you.

I still believe the capcha method to be the best option. Disable it for regular users and enable it for guests.
It is a mistake to think you can solve any major problems just with potatoes.

mauroed79

Hi Phill,
it looks like I found a good solution in http://www.daniweb.com/forums/thread183094.html. Can you tell me which is the file that processes the comment form, where I should put that bit of code in?
Thanks for your help  ;)

Joachim Müller

The suggestion made in that other thread (performing a regex check against the term "www" and dropping the comment if true, otherwise allowing the comment) is the most silliest suggestion that I have ever come across in many years. It is totally nonsensical, as it will allow http://example.com/this-could-be-a-spam-link/ and disallow an innoncent text like "I enjoy surfing the www". Performing a check against the protocol "http://" is silly as well - as a spam link can be forged otherwise. Forget those suggestions, they are silly and won't help you at all, as you'd need to be a coder to apply it. If you were a coder, you wouldn't have to ask where to apply it. Use one of the existing methods to fight spam using Captcha (or reCaptcha as Joe already suggested) or Akismet (search the board for those terms) or (even better) upgrade to cpg1.5.x, as that version has got anti-spam mechanisms out of the box (Phill already told you so). I'm pretty sure that new comments are not being processed by make_clickable in recent versions, so I can't see the point. If you think that applying code changes to the core is a better solution, go ahead and do that, but then don't ask for our opinion in the first place. The question where the code that you need to change resides at shows that you don't have the skills to perform the needed changes anyway. If you are a coder, take a look at make_clickable and turn the processing of comments off in this aspect.