$v) { ++$num_get_args; } if ( $num_get_args !== 2 ){ # they are trying to GET on a POST request naughty("638709cc1d7f107c024eb2a663675e8c"); } if ( empty($_GET["key"]) or empty($_GET["action"]) ) { naughty("991ce46448d64b90bc8a837b58b7ad20"); } if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) { naughty("c9e5ea8d870dda8db08bc570cbed7f84"); } if ( !empty($_GET["key"]) and isset( $_GET['key'] ) and strlen( $_GET['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and ctype_xdigit( $_GET['key'] ) ) { $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ); } else { naughty("868d9cc49b2f1e4a9319a8e8755d6189"); } if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) { naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df "); } else { $action = $_GET["action"]; } $comment_directory = "/home/hpr/comments"; if ( ! file_exists( $comment_directory ) ) { # Looks like the comments directory has not been created naughty("0fdffa1dbe94e0730cef457be93ebf40"); } $files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" ); if (count($files) === 0) { naughty("3efef2971727905064855d7866cb0059"); } else { $file = $files[0]; } list($begin, $file_ip, $end) = explode('_', $file); if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) { naughty("70ebe39c92b393c288e41a4d3128b5da"); } if ( $action === 'block' ) { file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX ); } unlink( "${file}" ); http_response_code(200); // exit; ?>