elt_controller.rb in parlement-0.10

- old
+ new

@@ -64,14 +64,17 @@
 
 	def create
 		@elt = Elt.new(params[:elt])
 		@elt.person = @session[:person]
 
-		if @elt.subject.match(/([<>\/]|href)/) then
-			logger.error "SPAM! '#{@elt.subject}'"
+		if @elt.subject =~ /([<>\/]|href)/ \
+			 or @elt.body =~ /(.*([<>\/]|href).*){3}/ \
+			 or @elt.body =~ /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i \
+			 or @elt.body =~ /([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,}.*){3}/i
+			logger.error red { underline { "SPAM! '#{@elt.subject}'" } }
 			logger.error "SPAM! '#{@elt.body}'"
-			flash[:error] = 'Sorry, to fight spam "<" ">" or "href" are forbidden in the subject!'
+			flash[:error] = 'Sorry, to fight spam "<" ">" or "href" are forbidden in the subject, and there can not be more than 3 links in the body, you also can\'t input one simple email or more than 3 emails!'
 			headers["Status"] = "404 Post considered as spam"
 			render :controller => 'elt', :action => 'new', :status => 404
 		elsif params[:submit] == "preview" or (@elt.publish and @elt.parent.add_child(@elt)) then
 			#headers["Status"] = "201 Created"
 			render :partial => '/elt/elt', :locals => { :elt => @elt, :eltTop => false }
@@ -87,9 +90,17 @@
 		render :inline => "<pre><%= @mail.file %></pre>", :layout => 'top'
 	end
 
 	def vote
 		@elt = Elt.find params[:id]
+		unless params[:choice][:value] =~ /^\s*(-1|0|\+1)(\s|$)/ then
+			logger.error red { underline { "SPAM! through the vote" } }
+			logger.error params[:choice][:value]
+			flash[:error] = 'Sorry, you can only vote here!'
+			render :partial => '/elt/choice', :locals => { :elt => @elt }
+			return
+		end
+
 		vote = @elt.children.build
 		vote.person = session[:person]
 		vote.subject = @elt.subject
 		vote.subject = 'Re: '+vote.subject if vote.subject and !vote.subject.include? 'Re: '
 		vote.body = params[:choice][:value]