Index: wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-review-tools.php
===================================================================
--- wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-review-tools.php	(revision 4599)
+++ wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-review-tools.php	(working copy)
@@ -1,6 +1,8 @@
 <?php
 namespace WordPressdotorg\Plugin_Directory\Admin\Metabox;
 
+use WordPressdotorg\Plugin_Directory\Tools;
+
 /**
  * The Plugin Review metabox.
  *
@@ -7,8 +9,17 @@
  * @package WordPressdotorg\Plugin_Directory\Admin\Metabox
  */
 class Review_Tools {
-	static function display() {
+
+	static function display() {		
 		$post = get_post();
+		$author = get_user_by( 'id', $post->post_author );
+		$slug = $post->post_name;
+		$author_plugins = get_posts( array(
+			'author'       => $author->ID,
+			'post_type'    => 'plugin',
+			'post__not_in' => array( $post->ID ),
+		) );
+		$author_commit  = Tools::get_users_write_access_plugins( $author );
 
 		foreach ( get_attached_media( 'application/zip', $post ) as $zip_file ) {
 			$zip_url = wp_get_attachment_url( $zip_file->ID );
@@ -17,13 +28,131 @@
 				sprintf( '<a href="%s">%s</a>', esc_url( $zip_url ), esc_html( $zip_url ) )
 			);
 		}
+		
+		if ( $post->post_status == 'draft' || $post->post_status == 'pending' ) {
+			
+			$flagged = array(
+				'low' => array (),
+				'med' => array (),
+				'high' => array (),
+			);
+						
+			echo "<p><strong>Flagged!</strong>";
+		
+			$reserved_slugs = array (
+				// Commonly abused/misused terms
+				'wordpress', 'woocommerce', 'google', 'youtube', 'twitter', 'facebook', 'yoast', 'jetpack',
+			);
 
-		echo "<ul>
-			<li><a href='https://plugins.trac.wordpress.org/log/{$post->post_name}/'>" . __( 'Development Log', 'wporg-plugins' ) . "</a></li>
-			<li><a href='https://plugins.svn.wordpress.org/{$post->post_name}/'>" . __( 'Subversion Repository', 'wporg-plugins' ) . "</a></li>
-			<li><a href='https://plugins.trac.wordpress.org/browser/{$post->post_name}/'>" . __( 'Browse in Trac', 'wporg-plugins' ) . '</a></li>
-		</ul>';
+			$restricted_slugs = array (
+				// High-value plugin genres due to their popularity, often abused by spammers
+				'gallery', 'lightbox', 'sitemap', 'bookmark', 'social', 'cookie', 'slide', 'seo',
+				// Plugins we generally don't allow
+				'autoblog', 'auto-blog', 'booking', 'plugin', 'spinning', 'framework',
+			);
+		
+			// String length checks
+			if ( strlen($slug) < '5' ) array_push( $flagged['med'], __( 'slug is less than 5 characters', 'wporg-plugins' ) );
+			if ( strlen($slug) > '50' ) array_push( $flagged['med'], __( 'slug is more than 50 characters', 'wporg-plugins' ) );
+			
+			// Check if any term in the restricted/reserved is in the plugin slug
+			$slug_string = str_replace('-', ' ', $slug );
+			$slug_restricted = $slug_reserved = array() ;
+			foreach ( $restricted_slugs as $badslug ) {
+				if ( stristr($slug_string, $badslug ) !== FALSE ) array_push( $slug_restricted, $badslug );
+			}
+			foreach ( $reserved_slugs as $badslug ) {
+				if ( stristr($slug_string, $badslug ) !== FALSE ) array_push( $slug_reserved , $badslug );
+			}
+			if ( !empty( $slug_restricted ) ) 
+				array_push( $flagged['med'], __( 'plugin slug contains restricted term(s): ', 'wporg-plugins' ) . implode( ', ', $slug_restricted ) );
+			if ( !empty( $slug_reserved ) ) 
+				array_push( $flagged['high'], __( 'plugin slug contains reserved term(s): ', 'wporg-plugins' ) . implode( ', ', $slug_reserved ) );
+			
+			// Check slug usage
+			$plugin_api_usage = '1000'; // this is a placeholder until we figure out how to do this.
+			if ( $plugin_api_usage >= '5000' ) {
+				array_push( $flagged['high'], __( 'slug used by more than 5000 users', 'wporg-plugins' ) );
+			} elseif ( $plugin_api_usage >= '1000' ) {
+				array_push( $flagged['med'], __( 'slug used by 1000-5000 users', 'wporg-plugins' ) );
+			} elseif ( $plugin_api_usage >= '500' ) {
+				array_push( $flagged['low'], __( 'slug used by 500-1000 users', 'wporg-plugins' ) );
+			}
 
+			// User account was registered less than 2 weeks ago (but longer than 3 days) (user is still fairly new)
+			$twoweeksago  = time() - (2 * 7 * 24 * 60 * 60);
+			$threedaysago = time() - (3 * 1 * 24 * 60 * 60);
+			if ( strtotime($author->user_registered) > $twoweeksago && strtotime($author->user_registered) < $threedaysago )  array_push( $flagged['low'], __( 'account registered less than 2 weeks ago', 'wporg-plugins' ) );
+			if ( strtotime($author->user_registered) > $threedaysago ) array_push( $flagged['low'], __( 'account registered less than 3 days ago', 'wporg-plugins' ) );
+
+			// Username ends in numbers
+			if ( is_numeric(substr($author->user_login, -1, 1) ) ) array_push( $flagged['low'], __( 'username ends in numbers', 'wporg-plugins' ) );
+			
+			// User has no URL
+			if ( empty( $author->user_url ) ) array_push( $flagged['low'], __( 'account has no URL', 'wporg-plugins' ) );
+			
+			// URL matches the weird list
+			$weird_urls = array (
+				'blogger', 'blogspot', 'example.com', 'weebly', 'squarespace', 'medium.com', 'yahoo.com',
+				'mail.com', 'example.org',
+			);
+			foreach ( $weird_urls as $url ) {
+				if ( stripos( $author->user_url , $url ) !== false ) 
+					array_push( $flagged['med'], __( 'account URL contains ', 'wporg-plugins' ) . $url );
+				if ( stripos( $author->user_email , $url ) !== false ) 
+					array_push( $flagged['med'], __( 'account email contains ', 'wporg-plugins' ) . $url );
+			}
+		
+			// Reserved slugs are also often abused domain names (trademark law sucks)
+			foreach ( $reserved_slugs as $url ) {
+				if ( stripos( $author->user_url , $url ) !== false ) 
+					array_push( $flagged['high'], __( 'account URL contains ', 'wporg-plugins' ) . $url );
+				if ( stripos( $author->user_email , $url ) !== false )
+					array_push( $flagged['med'], __( 'account email contains ', 'wporg-plugins' ) . $url );
+			}
+
+			// User Behavior
+			// If FORUM ROLE is blocked
+			if ( defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) {
+				$user = new \WP_User( $post->post_author, '', WPORG_SUPPORT_FORUMS_BLOGID );
+				if ( ! empty( $user->allcaps['bbp_blocked'] ) ) 
+					array_push( $flagged['high'], __( 'user is blocked', 'wporg-plugins' ) );	
+			}
+			
+			// No plugins
+			if ( empty( $author_commit ) && empty( $author_plugins ) ) 
+				array_push( $flagged['low'], __( 'user has no plugins', 'wporg-plugins' ) );
+
+			// Echo flag results (everyone pretty much has at least one)
+			echo "<ul class=\"plugin-flagged\">";
+			$noflag = 0;
+			foreach ( $flagged as $flag => $reasons ) {
+				if (count($reasons) > '0') {
+					$allreasons = array();
+					echo "<li class=\"plugin-flagged-".$flag."\"><strong>".strtoupper($flag)." (".count($reasons)."):</strong> ";
+					foreach( $reasons as $reason) {
+						$allreasons[] = $reason;
+					}
+					echo implode( '; ', $allreasons ) . "</li>";
+				} else {
+					$noflag++;
+				}
+			}
+			
+			if ($noflag == '3' ) {
+				?><li><?php _e( 'Nothing flagged! You found Matt!', 'wporg-plugins' ); ?></li><?php
+			}
+			
+			echo "</ul>";
+
+		} else {
+			echo "<ul>
+				<li><a href='https://plugins.trac.wordpress.org/log/{$post->post_name}/'>" . __( 'Development Log', 'wporg-plugins' ) . "</a></li>
+				<li><a href='https://plugins.svn.wordpress.org/{$post->post_name}/'>" . __( 'Subversion Repository', 'wporg-plugins' ) . "</a></li>
+				<li><a href='https://plugins.trac.wordpress.org/browser/{$post->post_name}/'>" . __( 'Browse in Trac', 'wporg-plugins' ) . '</a></li>
+			</ul>';	
+		}
+
 		add_filter( 'wp_comment_reply', function( $string ) use ( $post ) {
 			$author = get_user_by( 'id', $post->post_author );
 			?>
@@ -35,7 +164,8 @@
 			</form>
 			<?php
 			return $string;
-		} );
+		} 
+		);
 	}
-}
 
+}
\ No newline at end of file