public void TestGetDomainFromUri() { Uri testUri = new Uri("http://www.youtube.com"); string result = UrlUtility.GetDomainFromUri(testUri.ToString()); Assert.AreEqual("youtube.com", result, "Unable to extract domain from given Uri."); }
public ActionResult Submit([Bind(Include = "Id,Votes,Name,Date,Type,Linkdescription,Title,Rank,MessageContent,Subverse")] Message message) { // abort if model state is invalid if (!ModelState.IsValid) { return(View()); } // save temp values for the view in case submission fails ViewBag.selectedSubverse = message.Subverse; ViewBag.message = message.MessageContent; ViewBag.title = message.Title; ViewBag.linkDescription = message.Linkdescription; // check if user is banned if (Utils.User.IsUserGloballyBanned(message.Name) || Utils.User.IsUserBannedFromSubverse(User.Identity.Name, message.Subverse)) { ViewBag.SelectedSubverse = message.Subverse; return(View("~/Views/Home/Comments.cshtml", message)); } // check if user has reached hourly posting quota for target subverse if (Utils.User.UserHourlyPostingQuotaForSubUsed(User.Identity.Name, message.Subverse)) { ModelState.AddModelError("", "You have reached your hourly submission quota for this subverse."); return(View()); } // check if user has reached daily posting quota for target subverse if (Utils.User.UserDailyPostingQuotaForSubUsed(User.Identity.Name, message.Subverse)) { ModelState.AddModelError("", "You have reached your daily submission quota for this subverse."); return(View()); } // verify recaptcha if user has less than 25 CCP var userCcp = Karma.CommentKarma(User.Identity.Name); if (userCcp < 25) { string encodedResponse = Request.Form["g-Recaptcha-Response"]; bool isCaptchaCodeValid = (ReCaptchaUtility.Validate(encodedResponse) == "True" ? true : false); if (!isCaptchaCodeValid) { ModelState.AddModelError("", "Incorrect recaptcha answer."); // TODO // SET PREVENT SPAM DELAY TO 0 return(View()); } } // if user CCP or SCP is less than -50, allow only X submissions per 24 hours var userScp = Karma.LinkKarma(User.Identity.Name); if (userCcp <= -50 || userScp <= -50) { var quotaUsed = Utils.User.UserDailyPostingQuotaForNegativeScoreUsed(User.Identity.Name); if (quotaUsed) { ModelState.AddModelError("", "You have reached your daily submission quota. Your current quota is " + Convert.ToInt32(ConfigurationManager.AppSettings["dailyPostingQuotaForNegativeScore"]) + " submission(s) per 24 hours."); return(View()); } } // abort if model state is invalid if (!ModelState.IsValid) { return(View("Submit")); } // check if subverse exists var targetSubverse = _db.Subverses.Find(message.Subverse.Trim()); if (targetSubverse == null || message.Subverse.Equals("all", StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(string.Empty, "Sorry, The subverse you are trying to post to does not exist."); return(View("Submit")); } // check if subverse has "authorized_submitters_only" set and dissalow submission if user is not allowed submitter if (targetSubverse.authorized_submitters_only) { if (!Utils.User.IsUserSubverseModerator(User.Identity.Name, targetSubverse.name)) { // user is not a moderator, check if user is an administrator if (!Utils.User.IsUserSubverseAdmin(User.Identity.Name, targetSubverse.name)) { ModelState.AddModelError("", "You are not authorized to submit links or start discussions in this subverse. Please contact subverse moderators for authorization."); return(View("Submit")); } } } // everything was okay, process incoming submission // submission is a link post // generate a thumbnail if submission is a direct link to image or video if (message.Type == 2 && message.MessageContent != null && message.Linkdescription != null) { // strip unicode if title contains unicode if (Submissions.ContainsUnicode(message.Linkdescription)) { message.Linkdescription = Submissions.StripUnicode(message.Linkdescription); } // abort if title less than 10 characters if (message.Linkdescription.Length < 10) { ModelState.AddModelError(string.Empty, "Sorry, the title may not be less than 10 characters."); return(View("Submit")); } var domain = UrlUtility.GetDomainFromUri(message.MessageContent); // check if target subvere allows submissions from globally banned hostnames if (!targetSubverse.exclude_sitewide_bans) { // check if hostname is banned before accepting submission if (BanningUtility.IsHostnameBanned(domain)) { ModelState.AddModelError(string.Empty, "Sorry, the hostname you are trying to submit is banned."); return(View("Submit")); } } // check if same link was submitted before and deny submission var existingSubmission = _db.Messages.FirstOrDefault(s => s.MessageContent.Equals(message.MessageContent, StringComparison.OrdinalIgnoreCase) && s.Subverse.Equals(message.Subverse, StringComparison.OrdinalIgnoreCase)); // submission is a repost, discard it and inform the user if (existingSubmission != null) { ModelState.AddModelError(string.Empty, "Sorry, this link has already been submitted by someone else."); // todo: offer the option to repost after informing the user about it return(RedirectToRoute( "SubverseComments", new { controller = "Comment", action = "Comments", id = existingSubmission.Id, subversetoshow = existingSubmission.Subverse } )); } // check if user has reached daily crossposting quota if (Utils.User.DailyCrossPostingQuotaUsed(User.Identity.Name, message.MessageContent)) { ModelState.AddModelError("", "You have reached your daily crossposting quota for this URL."); return(View()); } // check if target subverse has thumbnails setting enabled before generating a thumbnail if (targetSubverse.enable_thumbnails) { // try to generate and assign a thumbnail to submission model message.Thumbnail = ThumbGenerator.ThumbnailFromSubmissionModel(message); } // flag the submission as anonymized if it was submitted to a subverse with active anonymized_mode if (targetSubverse.anonymized_mode) { message.Anonymized = true; } else { message.Name = User.Identity.Name; } // accept submission and save it to the database message.Subverse = targetSubverse.name; // grab server timestamp and modify submission timestamp to have posting time instead of "started writing submission" time message.Date = DateTime.Now; message.Likes = 1; _db.Messages.Add(message); // update last submission received date for target subverse targetSubverse.last_submission_received = DateTime.Now; _db.SaveChanges(); } else if (message.Type == 1 && message.Title != null) { // submission is a self post // strip unicode if message contains unicode if (Submissions.ContainsUnicode(message.Title)) { message.Title = Submissions.StripUnicode(message.Title); } // abort if title less than 10 characters if (message.Title.Length < 10) { ModelState.AddModelError(string.Empty, "Sorry, the the message title may not be less than 10 characters."); return(View("Submit")); } // accept submission and save it to the database // trim trailing blanks from subverse name if a user mistakenly types them message.Subverse = targetSubverse.name; // flag the submission as anonymized if it was submitted to a subverse with active anonymized_mode if (targetSubverse.anonymized_mode) { message.Anonymized = true; } else { message.Name = User.Identity.Name; } // grab server timestamp and modify submission timestamp to have posting time instead of "started writing submission" time message.Date = DateTime.Now; message.Likes = 1; _db.Messages.Add(message); // update last submission received date for target subverse targetSubverse.last_submission_received = DateTime.Now; if (ContentProcessor.Instance.HasStage(ProcessingStage.InboundPreSave)) { message.MessageContent = ContentProcessor.Instance.Process(message.MessageContent, ProcessingStage.InboundPreSave, message); } _db.SaveChanges(); if (ContentProcessor.Instance.HasStage(ProcessingStage.InboundPostSave)) { ContentProcessor.Instance.Process(message.MessageContent, ProcessingStage.InboundPostSave, message); } } return(RedirectToRoute( "SubverseComments", new { controller = "Comment", action = "Comments", id = message.Id, subversetoshow = message.Subverse } )); }
public async Task <ActionResult> Submit([Bind(Include = "Id,Votes,Name,Date,Type,Linkdescription,Title,Rank,MessageContent,Subverse")] Message message) { // check if user is banned if (Utils.User.IsUserBanned(message.Name)) { ViewBag.SelectedSubverse = message.Subverse; return(View("~/Views/Home/Comments.cshtml", message)); } // verify recaptcha if user has less than 25 CCP if (Karma.CommentKarma(User.Identity.Name) < 25) { const string captchaMessage = ""; var isCaptchaCodeValid = ReCaptchaUtility.GetCaptchaResponse(captchaMessage, Request); if (!isCaptchaCodeValid) { ModelState.AddModelError("", "Incorrect recaptcha answer."); return(View()); } } if (!ModelState.IsValid) { return(View()); } // check if subverse exists var targetSubverse = _db.Subverses.Find(message.Subverse.Trim()); if (targetSubverse != null && !message.Subverse.Equals("all", StringComparison.OrdinalIgnoreCase)) { // check if subverse has "authorized_submitters_only" set and dissalow submission if user is not allowed submitter if (targetSubverse.authorized_submitters_only) { if (!Utils.User.IsUserSubverseModerator(User.Identity.Name, targetSubverse.name)) { // user is not a moderator, check if user is an administrator if (!Utils.User.IsUserSubverseAdmin(User.Identity.Name, targetSubverse.name)) { ModelState.AddModelError("", "You are not authorized to submit links or start discussions in this subverse. Please contact subverse moderators for authorization."); return(View()); } } } // submission is a link post // generate a thumbnail if submission is a direct link to image or video if (message.Type == 2 && message.MessageContent != null && message.Linkdescription != null) { var domain = UrlUtility.GetDomainFromUri(message.MessageContent); // check if hostname is banned before accepting submission if (BanningUtility.IsHostnameBanned(domain)) { ModelState.AddModelError(string.Empty, "Sorry, the hostname you are trying to submit is banned."); return(View()); } // check if same link was submitted before and deny submission var existingSubmission = _db.Messages.FirstOrDefault(s => s.MessageContent.Equals(message.MessageContent, StringComparison.OrdinalIgnoreCase) && s.Subverse == message.Subverse); // submission is a repost, discard it and inform the user if (existingSubmission != null) { ModelState.AddModelError(string.Empty, "Sorry, this link has already been submitted by someone else."); // todo: offer the option to repost after informing the user about it return(RedirectToRoute( "SubverseComments", new { controller = "Comment", action = "Comments", id = existingSubmission.Id, subversetoshow = existingSubmission.Subverse } )); } // check if target subverse has thumbnails setting enabled before generating a thumbnail if (targetSubverse.enable_thumbnails) { // try to generate and assign a thumbnail to submission model message.Thumbnail = ThumbGenerator.ThumbnailFromSubmissionModel(message); } // flag the submission as anonymized if it was submitted to a subverse with active anonymized_mode if (targetSubverse.anonymized_mode) { message.Anonymized = true; } else { message.Name = User.Identity.Name; } // accept submission and save it to the database message.Subverse = targetSubverse.name; // grab server timestamp and modify submission timestamp to have posting time instead of "started writing submission" time message.Date = DateTime.Now; message.Likes = 1; _db.Messages.Add(message); // update last submission received date for target subverse targetSubverse.last_submission_received = DateTime.Now; await _db.SaveChangesAsync(); } else if (message.Type == 1 && message.Title != null) { // submission is a self post // accept submission and save it to the database // trim trailing blanks from subverse name if a user mistakenly types them message.Subverse = targetSubverse.name; // flag the submission as anonymized if it was submitted to a subverse with active anonymized_mode if (targetSubverse.anonymized_mode) { message.Anonymized = true; } else { message.Name = User.Identity.Name; } // grab server timestamp and modify submission timestamp to have posting time instead of "started writing submission" time message.Date = DateTime.Now; message.Likes = 1; _db.Messages.Add(message); // update last submission received date for target subverse targetSubverse.last_submission_received = DateTime.Now; if (ContentProcessor.Instance.HasStage(ProcessingStage.InboundPreSave)) { message.MessageContent = ContentProcessor.Instance.Process(message.MessageContent, ProcessingStage.InboundPreSave, message); } await _db.SaveChangesAsync(); if (ContentProcessor.Instance.HasStage(ProcessingStage.InboundPostSave)) { ContentProcessor.Instance.Process(message.MessageContent, ProcessingStage.InboundPostSave, message); } } return(RedirectToRoute( "SubverseComments", new { controller = "Comment", action = "Comments", id = message.Id, subversetoshow = message.Subverse } )); } ModelState.AddModelError(string.Empty, "Sorry, The subverse you are trying to post to does not exist."); return(View()); }
protected override RuleOutcome EvaluateRule(VoatRuleContext context) { UserSubmission userSubmission = context.PropertyBag.UserSubmission; if (userSubmission == null) { return(CreateOutcome(RuleResult.Denied, "The submission must not be null")); } if (String.IsNullOrEmpty(userSubmission.Subverse)) { return(CreateOutcome(RuleResult.Denied, "A subverse must be provided")); } switch (userSubmission.Type) { case SubmissionType.Link: if (String.IsNullOrEmpty(userSubmission.Url)) { return(CreateOutcome(RuleResult.Denied, "A link submission must include a url")); } // make sure the input URI is valid if (!UrlUtility.IsUriValid(userSubmission.Url)) { return(CreateOutcome(RuleResult.Denied, "The url you are trying to submit is invalid")); } //Ensure user isn't submitting links as titles var linkDomain = UrlUtility.GetDomainFromUri(userSubmission.Url); if (userSubmission.Title.Equals(userSubmission.Url, StringComparison.InvariantCultureIgnoreCase) || userSubmission.Title.Contains(linkDomain)) { return(CreateOutcome(RuleResult.Denied, "Submission title may not be the same as the URL you are trying to submit. Why would you even think about doing this?! Why?")); } break; case SubmissionType.Text: break; } if (String.IsNullOrEmpty(userSubmission.Title)) { return(CreateOutcome(RuleResult.Denied, "A text submission must include a title")); } if (!VoatSettings.Instance.AllowUnicodeInTitles && userSubmission.Title.ContainsUnicode()) { return(CreateOutcome(RuleResult.Denied, "Submission title can not contain Unicode or unprintable characters")); } int minTitleLength = VoatSettings.Instance.MinimumTitleLength; int maxTitleLength = VoatSettings.Instance.MaximumTitleLength; if (userSubmission.Title.Length < minTitleLength || userSubmission.Title.Length > maxTitleLength) { return(CreateOutcome(RuleResult.Denied, $"A title must be between {minTitleLength} and {maxTitleLength} characters")); } // make sure the title isn't a url if (UrlUtility.IsUriValid(userSubmission.Title)) { return(CreateOutcome(RuleResult.Denied, "Submission title is a url? Why would you even think about doing this?! Why?")); } //if context.Subverse is null this means that it can't be found/doesn't exist if (context.Subverse == null || userSubmission.Subverse.IsEqual("all")) //<-- the all subverse actually exists? HA! (Putts: leaving this code in because it's rad) { return(CreateOutcome(RuleResult.Denied, "Subverse does not exist")); } //if (context.Subverse.IsAdminDisabled.HasValue && context.Subverse.IsAdminDisabled.Value) //{ // return CreateOutcome(RuleResult.Denied, "Submissions to disabled subverses are not allowed"); //} return(base.EvaluateRule(context)); }