| 2 | | var badwords, intersect; |
| 3 | | badwords = [ |
| 4 | | |
| 5 | | |
| 6 | | |
| 7 | | |
| 8 | | ]; |
| | 5 | wp.trac_security = { |
| | 6 | badwords : [ |
| | 7 | 'sql', 'trojan', 'rce', 'permissions', 'exploit', 'exploits', 'csrf', 'xss', 'sqli', |
| | 8 | 'scripting', 'vulnerability', 'vulnerabilities', 'capability', 'capabilities', 'intrusion', |
| | 9 | 'intrusions', 'cve', 'disclosure', 'hash', 'security', 'leakage', 'privilege', 'privileges', |
| | 10 | 'compromise', 'escalation', 'injection', 'forgery', 'password', 'passwords' |
| | 11 | ], |
| 10 | | intersect = function(a, b) { |
| 11 | | return $.grep(a, function(i) { |
| 12 | | return $.inArray(i, b) > -1; |
| 13 | | }); |
| | 13 | intersect : function(a, b) { |
| | 14 | return $.grep(a, function(i) { |
| | 15 | return $.inArray(i, b) > -1; |
| | 16 | }); |
| | 17 | }, |
| | 18 | |
| | 19 | has_overlap : function(str, arr){ |
| | 20 | var words = str.toLowerCase().replace(/[^a-z|\s]/g, '').split(' '), |
| | 21 | overlap = this.intersect( words, arr); |
| | 22 | |
| | 23 | return ( overlap.length !== 0 ); |
| | 24 | } |
| 16 | | $(document).ready( function() { |
| 17 | | var submit = $( 'input[type="submit"]' ); |
| 18 | | $( '#field-summary, #field-description' ).on( 'keyup', function() { |
| 19 | | var words, overlap; |
| 20 | | words = $(this).val().toLowerCase().split( /[^a-z]/ ); |
| 21 | | overlap = intersect( badwords, words ); |
| 22 | | |
| 23 | | if ( overlap.length === 0 ) { |
| 24 | | submit.prop( 'disabled', false ); |
| 25 | | $( '#security-question' ).hide(); |
| 26 | | return; |
| 27 | | } |
| | 27 | function show_box(){ |
| | 28 | // We have a potential problem here |
| | 29 | $('input[name="submit"]').prop('disabled', true); |
| | 30 | if ( $('#sec_question').length !== 0){ |
| | 31 | // We've already created the checkbox |
| | 32 | $('#sec_question').show(); |
| | 33 | } else { |
| | 34 | // We need to add the checkbox |
| | 35 | $('.buttons').before('<p id="sec_question"><label><input type="checkbox" name="sec_question" id="idontcare" />' + |
| | 36 | ' I am not reporting a security issue</label></p>'); |
| | 37 | } |
| | 38 | } |
| 29 | | // We have a potential problem here |
| 30 | | submit.prop( 'disabled', true ); |
| 31 | | if ( $( '#security-question' ).length !== 0 ){ |
| 32 | | // We've already created the checkbox |
| 33 | | $( '#security-question' ).show(); |
| 34 | | } else { |
| 35 | | // We need to add the checkbox |
| 36 | | $( '.buttons' ).before( '<p id="security-question"><label><input type="checkbox" name="sec_question" />' + |
| 37 | | ' I am <strong>not</strong> reporting a security issue</label>' + |
| 38 | | ' — <a href="http://make.wordpress.org/core/handbook/reporting-security-vulnerabilities/">report security issues to security@wordpress.org</a></p>' ); |
| 39 | | } |
| 40 | | }); |
| 41 | | $( '#propertyform' ).on( 'change', '#security-question input', function() { |
| 42 | | submit.prop( 'disabled', ! $(this).is( ':checked' ) ); |
| 43 | | }); |
| | 40 | function hide_box(){ |
| | 41 | $('input[name="submit"]').prop('disabled', false); |
| | 42 | $('#sec_question').hide(); |
| | 43 | } |
| | 44 | |
| | 45 | jQuery('#field-summary, #field-description, #field-keywords').on('keyup', function(){ |
| | 46 | var entry = $(this).val(); |
| | 47 | |
| | 48 | if ( wp.trac_security.has_overlap( entry, wp.trac_security.badwords ) ) { |
| | 49 | show_box(); |
| | 50 | } else { |
| | 51 | hide_box(); |
| | 52 | } |