Changeset 1058
- Timestamp:
- 12/22/2014 12:03:06 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/style/trac/trac-security.js
r634 r1058 1 /* global wp */ 2 window.wp = window.wp || {}; 3 1 4 (function($) { 2 var badwords, intersect; 3 badwords = [ 4 'sql', 'trojan', 'rce', 'permissions', 'exploit', 'exploits', 'csrf', 'xss', 'sqli', 5 'scripting', 'vulnerability', 'vulnerabilities', 'capability', 'capabilities', 'intrusion', 6 'intrusions', 'cve', 'disclosure', 'hash', 'security', 'leakage', 'privilege', 'privileges', 7 'escape', 'unescape', 'escaped', 'unescaped', 'escapes', 'escaping', 'unescaping', 'esc_', 8 'sanitize', 'unsanitize', 'sanitizes', 'unsanitizes', 'sanitized', 'unsanitized', 'sanitization', 9 'valid', 'invalid', 'validate', 'validates', 'validation', 10 'compromise', 'escalation', 'injection', 'forgery', 'password', 'passwords' 11 ]; 5 var propertyform = $( '#propertyform' ), 6 submit = propertyform.find( 'input[type="submit"]' ); 12 7 13 intersect = function(a, b) { 14 return $.grep(a, function(i) { 15 return $.inArray(i, b) > -1; 16 }); 8 if ( $( document.body ).hasClass( 'security' ) ) { 9 return; 10 } 11 12 wp.trac_security = { 13 badwords : [ 14 'sql', 'trojan', 'rce', 'permissions', 'exploit', 'exploits', 'csrf', 'xss', 'sqli', 15 'scripting', 'vulnerability', 'vulnerabilities', 'capability', 'capabilities', 'intrusion', 16 'intrusions', 'cve', 'disclosure', 'hash', 'security', 'leakage', 'privilege', 'privileges', 17 'escape', 'unescape', 'escaped', 'unescaped', 'escapes', 'escaping', 'unescaping', 'esc_', 18 'sanitize', 'unsanitize', 'sanitizes', 'unsanitizes', 'sanitized', 'unsanitized', 'sanitization', 19 'valid', 'invalid', 'validate', 'validates', 'validation', 20 'compromise', 'escalation', 'injection', 'forgery', 'password', 'passwords', 21 ], 22 23 intersect : function(a, b) { 24 return $.grep(a, function(i) { 25 return $.inArray(i, b) > -1; 26 }); 27 }, 28 29 has_overlap : function(str, arr){ 30 var words = str.toLowerCase().replace(/[^a-z|\s]/g, '').split(' '), 31 overlap = this.intersect( words, arr); 32 33 return ( overlap.length !== 0 ); 34 } 17 35 }; 18 36 19 $(document).ready( function() { 20 var propertyform = $( '#propertyform' ), 21 submit = propertyform.find( 'input[type="submit"]' ); 22 $( '#field-summary, #field-description' ).on( 'keyup', function() { 23 var words, overlap; 24 words = $(this).val().toLowerCase().split( /[^a-z]/ ); 25 overlap = intersect( badwords, words ); 26 27 if ( overlap.length === 0 ) { 28 submit.prop( 'disabled', false ); 29 $( '#security-question' ).hide(); 30 return; 31 } 37 function show_box() { 38 // We have a potential problem here 39 submit.prop( 'disabled', true ); 40 if ( $( '#security-question' ).length !== 0 ) { 41 // We've already created the checkbox 42 $( '#security-question' ).show(); 43 } else { 44 // We need to add the checkbox 45 $( '.buttons' ).before( '<p id="security-question"><label><input type="checkbox" name="sec_question" />' + 46 ' I am <strong>not</strong> reporting a security issue</label>' + 47 ' — <a href="http://make.wordpress.org/core/handbook/reporting-security-vulnerabilities/">report security issues to security@wordpress.org</a></p>' ); 48 } 32 49 33 // We have a potential problem here34 submit.prop( 'disabled', true ); 35 if ( $( '#security-question' ).length !== 0 ){36 // We've already created the checkbox37 $( '#security-question' ).show();38 } else {39 // We need to add the checkbox 40 $( '.buttons' ).before( '<p id="security-question"><label><input type="checkbox" name="sec_question" />' +41 ' I am <strong>not</strong> reporting a security issue</label>' +42 ' — <a href="http://make.wordpress.org/core/handbook/reporting-security-vulnerabilities/">report security issues to security@wordpress.org</a></p>' );43 }44 });45 propertyform.on( 'change', '#security-question input', function(){46 submit.prop( 'disabled', ! $(this).is( ':checked' ));47 } );50 } 51 52 function hide_box() { 53 $( 'input[name="submit"]' ).prop( 'disabled', false ); 54 $( '#sec_question' ).hide(); 55 } 56 57 jQuery( '#field-summary, #field-description, #field-keywords' ).on( 'keyup', function() { 58 var entry = $(this).val(); 59 60 if ( wp.trac_security.has_overlap( entry, wp.trac_security.badwords ) ) { 61 show_box(); 62 } else { 63 hide_box(); 64 } 48 65 }); 49 })(jQuery);50 66 67 propertyform.on( 'change', '#security-question input', function() { 68 submit.prop( 'disabled', ! $(this).is( ':checked' ) ); 69 }); 70 }(jQuery));
Note: See TracChangeset
for help on using the changeset viewer.