Fixed Broken Shit

2022-10-30 14:32:20 -07:00
parent 7335796263
commit 4dabf5a6bf
635 changed files with 74885 additions and 17688 deletions
--- a/user/plugins/google-safe-browsing/includes/admin-page.php
+++ b/user/plugins/google-safe-browsing/includes/admin-page.php
@ -0,0 +1,60 @@
+<?php
+/**
+ * Google Safe Browsing Lookup admin page
+ *
+ */
+
+// Display admin page
+function ozh_yourls_gsb_display_page() {
+
+	// Check if a form was submitted
+	if( isset( $_POST['ozh_yourls_gsb'] ) ) {
+		// Check nonce
+		yourls_verify_nonce( 'gsb_page' );
+		
+		// Process form
+		ozh_yourls_gsb_update_option();
+	}
+
+	// Get value from database
+	$ozh_yourls_gsb = yourls_get_option( 'ozh_yourls_gsb' );
+	
+	// Create nonce
+	$nonce = yourls_create_nonce( 'gsb_page' );
+
+	echo <<<HTML
+		<h2>Google Safe Browsing API Key</h2>
+
+		<p>Google requires you to have a <strong>Google account</strong> and a Safe Browsing <strong>API key</strong>
+        to use their <a href="https://developers.google.com/safe-browsing/lookup_guide">Safe Browsing Lookup Service</a>.</p>
+        <p>Get your API key here: <a href="https://developers.google.com/safe-browsing/key_signup">https://developers.google.com/safe-browsing/key_signup</a></p>
+
+        <h3>Disclaimer from Google</h3>
+        <p>Google works to provide the most accurate and up-to-date phishing and malware information. However, it cannot
+        guarantee that its information is comprehensive and error-free: some risky sites may not be identified, and some safe
+        sites may be identified in error.</p>
+
+        <h3>Configure the plugin</h3>
+		<form method="post">
+		<input type="hidden" name="nonce" value="$nonce" />
+		<p><label for="ozh_yourls_gsb">API Key</label> <input type="text" id="ozh_yourls_gsb" name="ozh_yourls_gsb" value="$ozh_yourls_gsb" size="70" /></p>
+		<p><input type="submit" value="Update value" /></p>
+		</form>
+HTML;
+}
+
+// Update option in database
+function ozh_yourls_gsb_update_option() {
+	$in = $_POST['ozh_yourls_gsb'];
+	
+	if( $in ) {
+		// Validate ozh_yourls_gsb: alpha & digits
+		$in = preg_replace( '/[^a-zA-Z0-9-_]/', '', $in );
+		
+		// Update value in database
+		yourls_update_option( 'ozh_yourls_gsb', $in );
+        
+        yourls_redirect( yourls_admin_url( 'plugins.php?page=ozh_yourls_gsb' ) );
+	}
+}
+
--- a/user/plugins/google-safe-browsing/includes/class-gsb.php
+++ b/user/plugins/google-safe-browsing/includes/class-gsb.php
@ -0,0 +1,106 @@
+<?php
+/**
+ * Google Safe Browsing Lookup client for YOURLS
+ *
+ */
+
+class ozh_yourls_GSB {
+    
+    const PROTOCOL_VER = '4.0';
+    const CLIENT       = 'yourls-plugin-gsb';
+    const APP_VER      = '1.0';
+    
+    private $url       = '';
+    private $api_key   = false;
+
+    /**
+     * Constructor : checks that plugin is properly configured
+     *
+     */
+    public function __construct( $api_key ) {
+        $this->api_key = $api_key;
+    }
+
+    /**
+     * Check if a URL is blacklisted against GSB Lookup API
+     *
+     * The function returns an array of a boolean and a string.
+     * The boolean indicates whether $this->url is blacklisted (true) or not blacklisted (false)
+     * The string gives diagnosis details: reason of blacklisting, null if clear, or an error message if applicable
+     *
+     * @return array array of boolean ( is blacklisted, description ) 
+     */
+    public function is_blacklisted( $url ) {
+        if( !$this->api_key ) {
+            return false;
+        }
+    
+        $this->url = urlencode( yourls_sanitize_url( $url ) );
+        if( !$this->url ) {
+            return false;
+        }
+        
+        $request = $this->request();
+        
+        switch( $request->status_code ) {
+            case 200:
+                $response = json_decode($request->body);
+                $blacklisted = true;
+                if (!isset($response->matches))
+                    $blacklisted = false;
+                return array($blacklisted, ($blacklisted ? $response->matches[0]->threatType : null));
+        
+            case 400:
+                return array( false, 'Could not check Google Safe Browsing: Bad Request' );
+        
+            case 403:
+                return array( false, 'Could not check Google Safe Browsing: API key not authorized' );
+        
+            case 503:
+                return array( false, 'Could not check Google Safe Browsing: service unavailable' );
+        
+        }
+    }
+    
+    /**
+     * HTTP request wrapper
+     *
+     * @return Request request object
+     */
+    private function request() {
+        $api_url = sprintf( 'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=%s',
+            $this->api_key
+        );
+
+        // Request headers
+        $headers = array(
+            'Content-Type' => 'application/json'
+        );
+
+        // Request data
+        $data = array(
+            'client' => array(
+                'clientId' => self::CLIENT,
+                'clientVersion' => self::APP_VER
+            ),
+            'threatInfo' => array(
+                'threatTypes' => array('MALWARE', 'SOCIAL_ENGINEERING', 'POTENTIALLY_HARMFUL_APPLICATION', 'UNWANTED_SOFTWARE'),
+                'platformTypes' => array('ANY_PLATFORM'),
+                'threatEntryTypes' => array('URL'),
+                'threatEntries' => array(
+                    array(
+                        'url' => $this->url
+                    )
+                )
+            )
+        );
+        
+        // Request options ?
+        $options = array(
+        );
+        
+        return yourls_http_post( $api_url, $headers, json_encode($data), $options );
+        
+    }
+
+}
--- a/user/plugins/google-safe-browsing/plugin.php
+++ b/user/plugins/google-safe-browsing/plugin.php
@ -0,0 +1,112 @@
+<?php
+/*
+Plugin Name: Google Safe Browsing
+Plugin URI: https://github.com/yourls/google-safe-browsing/
+Description: Check new links against Google's Safe Browsing service
+Version: 1.1
+Author: Ozh
+Author URI: http://ozh.org/
+*/
+
+
+// No direct call
+if( !defined( 'YOURLS_ABSPATH' ) ) die();
+
+yourls_add_filter( 'shunt_add_new_link', 'ozh_yourls_gsb_check_add' );
+
+/**
+ * Check for spam when someone adds a new link
+ *
+ * The filter used here is 'shunt_add_new_link', which passes in false as first argument. See
+ * https://github.com/YOURLS/YOURLS/blob/1.7/includes/functions.php#L192-L194
+ *
+ * @param bool $false bool false is passed in by the filter 'shunt_add_new_link'
+ * @param string $url URL to check, as passed in by the filter
+ * @return mixed false if nothing to do, anything else will interrupt the flow of events
+ */
+function ozh_yourls_gsb_check_add( $false, $url ) {
+    
+    list( $blacklisted, $desc ) = ozh_yourls_gsb_is_blacklisted( $url );
+    
+    // If blacklisted, halt here
+	if ( $blacklisted ) {
+		return array(
+			'status' => 'fail',
+			'code'   => 'error:' . $desc,
+			'message' => 'This domain is blacklisted by Google Safe Browsing because of ' . $desc . ' suspicion. <a href="http://code.google.com/apis/safebrowsing/safebrowsing_faq.html#whyAdvisory" target="_blank">Read more</a>.',
+			'errorCode' => '403',
+		);
+	}
+    
+    // If not blacklisted but still unsure (error message), we should warn the user
+    if( $desc ) {
+        define( 'OZH_YOURLS_GSB_EXTRA_INFO', $desc );
+        yourls_add_filter( 'add_new_link', 'ozh_yourls_gsb_extra_info' );
+    }
+	
+	// All clear, don't interrupt the normal flow of events
+	return $false;
+}
+
+yourls_add_action( 'plugins_loaded', 'ozh_yourls_gsb_add_page' );
+
+/**
+ * Register our plugin admin page
+ */
+function ozh_yourls_gsb_add_page() {
+	yourls_register_plugin_page( 'ozh_yourls_gsb', 'Google Safe Browsing', 'ozh_yourls_gsb_admin_page' );
+    
+    if( ! yourls_get_option( 'ozh_yourls_gsb' ) ) {
+        ozh_yourls_gsb_please_configure();
+    }
+}
+
+/**
+ * Add extra information to the notification when a link has been added
+ *
+ * @param array Array passed in by filter 'add_new_link'
+ * @return array
+ */
+function ozh_yourls_gsb_extra_info( $return ) {
+    $return['message'] .= '<br/>(' . OZH_YOURLS_GSB_EXTRA_INFO . ')';
+    $return['status']  = 'error';
+    return $return;
+}
+
+/**
+ * Check if a URL is blacklisted by Google Safe Browsing
+ *
+ * @param string $url URL to check
+ * @return array array( (boolean)is_blacklisted, (string)description )
+ */
+function ozh_yourls_gsb_is_blacklisted( $url ) {
+    include_once dirname( __FILE__ ) . '/includes/class-gsb.php';
+    
+    $api_key = yourls_get_option( 'ozh_yourls_gsb' );
+    if( !$api_key ) {
+        ozh_yourls_gsb_please_configure();
+        return false;
+    }
+    
+    $gsb = new ozh_yourls_GSB( $api_key );
+    
+    return $gsb->is_blacklisted( $url );
+}
+
+/**
+ * Display the admin page
+ *
+ */
+function ozh_yourls_gsb_admin_page() {
+    include_once dirname( __FILE__ ) . '/includes/admin-page.php';
+    ozh_yourls_gsb_display_page();
+}
+
+/**
+ * Nag user about missing configuration
+ *
+ */
+function ozh_yourls_gsb_please_configure() {
+    yourls_add_notice( 'Plugin <strong>Google Safe Browsing</strong> is not configured' );
+}
+
--- a/user/plugins/google-safe-browsing/readme.md
+++ b/user/plugins/google-safe-browsing/readme.md
@ -0,0 +1,22 @@
+Plugin for YOURLS 1.7+: Google Safe Browsing
+
+# What for
+
+Check every new URL against Google's Safe Browsing Lookup service, reject those who are identified as malware or phishing
+
+# How to
+
+* In `/user/plugins`, create a new folder named `google-safe-browsing`
+* Drop these files in that directory
+* Go to the Plugins administration page and activate the plugin 
+* Follow on-screen instructions
+* Have fun
+
+# Disclaimer
+
+Using this plugin requires you to understand Google's Safe Browsing TOS. In short:
+* you need a Google account
+* you are limited to a certain amount of queries per day (10,000 as of writing this)
+* you must understand that the service is not perfect.
+
+[Read more](https://developers.google.com/safe-browsing/lookup_guide#AcceptableUsage)