Filter Bad Words from User's Filename, Title, etc.This mod. will filter bad words from the user input when they upload files. Bad words are replaced with an underscore. The code snip is borrowed from db_input.php, Coppermine's bad word list in the language file is also used, as is the case with bad word filtering for comments. This is for HTTP uploads, when the users uploads from their own computer. It has not been tested yet with url/uri uploads.
Modify file upload.phpSections
- File name filtering
- Text input - Title, Caption, etc filtering
In file upload.php find this:[/list]$picture_name = replace_forbidden($_FILES['file_upload_array']['name'][$counter]);
Add below it this:// Filter input for bad words. Replace with underscore
if ($CONFIG['filter_bad_words']) {
$ercp = array();
foreach($lang_bad_words as $word) {
$ercp[] = '/' . ($word[0] == '*' ? '': '\b') . str_replace('*', '', $word) . ($word[(strlen($word)-1)] ==
'*' ? '': '\b') . '/i';
}
$picture_name = preg_replace($ercp, '_', $picture_name);
}
//
In file upload.php find: $title = addslashes($_POST['title']);
Add below it this:// Filter input for bad words. Replace with underscore
if ($CONFIG['filter_bad_words']) {
$ercp = array();
foreach($lang_bad_words as $word) {
$ercp[] = '/' . ($word[0] == '*' ? '': '\b') . str_replace('*', '', $word) . ($word[(strlen($word)-1)] ==
'*' ? '': '\b') . '/i';
}
$title = preg_replace($ercp, '_', $title);
}
//
For each additional field that you want filitered.
In file upload.php $caption = addslashes($_POST['caption']);
$keywords = addslashes($_POST['keywords']);
$user1 = addslashes($_POST['user1']);
$user2 = addslashes($_POST['user2']);
$user3 = addslashes($_POST['user3']);
$user4 = addslashes($_POST['user4']);
Select the field names $caption - $keywords - $user1 - $user2 - $user2 - $user4 -
Insert filter code as shown above - Replace $VARIABLE with the field you want filtered $VARIABLE = preg_replace($ercp, '_', $VARIABLE);
The mod. was hastily applied to my user's gallery after I found a .jpg named "f _off" in one of their albums. After a gentle reminder to the artist I realized that this would not be the first time and that maybe a mod. would be less painful than a battle over perceived freedoms of expression.
There might be more efficient ways to apply/code this, the author is an amateur and was rushing to apply a working mod.. Comments and change suggestions are very welcome.
And yes, there are more places that users can be "creative" with their wording, but I wanted for visitors to not turn away when seeing the title of a file.