From be0053c827adc9b74686cda6ff864da87628dbdf Mon Sep 17 00:00:00 2001
From: 0chan <0chan@disroot.org>
Date: Thu, 9 Feb 2023 18:26:36 +0600
Subject: [PATCH] Security features

---
 board.php   | 12 ++++++++++--
 captcha.php | 29 ++++++++++++++++-------------
 config.php  |  5 ++++-
 3 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/board.php b/board.php
index 967883a..9c01b27 100644
--- a/board.php
+++ b/board.php
@@ -379,6 +379,13 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
 		} else {
 			$post['country'] = 'xx';
 		}
+        if (I0_DISABLE_BAD_PROXY_POSTING && $post['country'] == 'xx') {
+            exitWithErrorPage(_gettext('Posting in forbidden for this ip'));
+        }
+
+        if (I0_DISABLE_TOR_POSTING && $post['country'] == 't1') {
+            exitWithErrorPage(_gettext('Posting in forbidden for this ip'));
+        }
 		$post['board'] = $board_class->board['name'];
 		$post['name'] = mb_substr($name, 0, KU_MAXNAMELENGTH);
 		$post['name_save'] = true;
@@ -497,6 +504,7 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
 		if ($thread_replyto != '0') { // If it's a reply...
 			$page_to = $board_class->GetPageNumber($thread_replyto)['page'];
 			if (
+                !I0_SAGE_DISABLED
 				isset($_POST['em'])
 				&&
 				(
@@ -553,7 +561,7 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
 		// $timer->mark('15_regenerated');
 
 		// Regenerate overboard if it makes sense
-		if ($need_overboard) {
+		if ($need_overboard && I0_OVERBOARD_ENABLED) {
 			RegenerateOverboard($board_class->board['boardlist']);
 			// $timer->mark('16_regen_overboard');
 		}
@@ -936,7 +944,7 @@ elseif (
 		}
 	}
 	// Regenerate overboard if it makes sense
-	if ($need_overboard) {
+	if ($need_overboard && I0_OVERBOARD_ENABLED && isset($over_boardlist)) {
 		RegenerateOverboard($over_boardlist);
 	}
 	
diff --git a/captcha.php b/captcha.php
index 2df8549..7427d43 100644
--- a/captcha.php
+++ b/captcha.php
@@ -148,20 +148,23 @@ function opsmaz($img,$ncolor){
 		}
 	return $img2;
 }
-
-if (isset($_GET['lang']) && in_array($_GET['lang'], $langs))
-	$captchalang = $_GET['lang'];
-elseif (isset($_COOKIE['captchalang']) && in_array($_COOKIE['captchalang'], $langs)) {
-	$captchalang = $_COOKIE['captchalang'];
-}
-else 
+if (I0_FORCE_CAPTCHA_LANG === false) {
+	if (isset($_GET['lang']) && in_array($_GET['lang'], $langs))
+		$captchalang = $_GET['lang'];
+	elseif (isset($_COOKIE['captchalang']) && in_array($_COOKIE['captchalang'], $langs)) {
+		$captchalang = $_COOKIE['captchalang'];
+	}
+	else
+		$captchalang = KU_CAPTCHALANG;
+	if (isset($_GET['switch'])) {
+		$current_lang = array_search($captchalang, $langs) + 1;
+		if ($current_lang >= count($langs))
+			$current_lang = 0;
+		$captchalang = $langs[$current_lang];
+		setcookie('captchalang', $captchalang, time() + 31556926, '/'/*, KU_DOMAIN*/);
+	}
+} else {
 	$captchalang = KU_CAPTCHALANG;
-if (isset($_GET['switch'])) {
-	$current_lang = array_search($captchalang, $langs) + 1;
-	if ($current_lang >= count($langs))
-		$current_lang = 0;
-	$captchalang = $langs[$current_lang];
-	setcookie('captchalang', $captchalang, time() + 31556926, '/'/*, KU_DOMAIN*/);
 }
 
 // Generate the word
diff --git a/config.php b/config.php
index 06bfd99..e3a534b 100644
--- a/config.php
+++ b/config.php
@@ -89,6 +89,7 @@ if (!$cache_loaded) {
 		$cf['KU_CAPTCHALANG'] = 'num'; // Default captcha language to be used if no captchalang cookie is present. Supported values: ru, en, num (numeric)
 		$cf['KU_CAPTCHALIFE'] = 150; // Captcha time-to-live in seconds
 		$cf['KU_CAPTCHALENGTH'] = rand(4, 7); // Captcha length in letters, rand(a, b) can be used to create random length from a to b.
+		$cf['I0_FORCE_CAPTCHA_LANG'] = false; // Prevent users from changing captcha lang
 
 
 	// ---------------------------------- Userboards (aka 2.0) ----------------------------------
@@ -117,7 +118,9 @@ if (!$cache_loaded) {
 		$cf['I0_ERASE_DELETED'] = false; // Whether or not the contents of posts deleted by user should be erased
 		$cf['I0_MAX_ACCESS_ATTEMPTS'] = 3; // How many attempts at deleting a post are allowed before it gets locked with catpcha
 		$cf['I0_FULL_ANONYMITY_MODE'] = false; // In full anonymity mode, no information about user will be stored in the posts table. Bans will not work.
-
+		$cf['I0_SAGE_DISABLED'] = false; // Disable sage function if you don't want anyone to abuse CSAM necroposting
+		$cf['I0_DISABLE_BAD_PROXY_POSTING'] = false; // If CF can't get user's GeoIP - then the proxy is marked as bad (xx country)
+		$cf['I0_DISABLE_TOR_POSTING'] = false; // Disable posting with T1 country detected by CF
 
 	// --------------------------------------- CSS styles ---------------------------------------
 		$cf['KU_STYLES'] = 'modern:newdark:photon'; // Styles which are available to be used for the boards, separated by colons, in lower 	case.  These will be displayed next to [Home] [Manage] if KU_STYLESWIKUHER is set to true