From 5be90cee4d265a014c31a18aaef8894f5d7eef3c Mon Sep 17 00:00:00 2001
From: Helen Chong <119173961+helenclx@users.noreply.github.com>
Date: Mon, 3 Mar 2025 09:45:21 +0800
Subject: [PATCH] Check https:// for potential spam

---
 contact.php | 6 +++++-
 join.php    | 5 ++++-
 update.php  | 5 ++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/contact.php b/contact.php
index c722d55..91fa3a9 100644
--- a/contact.php
+++ b/contact.php
@@ -24,7 +24,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 		)
 			$points += 2;
 
-	if (strpos($_POST['comments'], "http://") !== false || strpos($_POST['comments'], "www.") !== false)
+	if (
+		strpos($_POST['comments'], "https://") !== false ||
+		strpos($_POST['comments'], "http://") !== false ||
+		strpos($_POST['comments'], "www.") !== false
+	)
 		$points += 2;
 	if (isset($_POST['nojs']))
 		$points += 1;
diff --git a/join.php b/join.php
index 87c7992..322ccb6 100644
--- a/join.php
+++ b/join.php
@@ -34,7 +34,10 @@ if (isset($_POST['submit'])) {
 	if (isBot() !== false)
 		$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'] . "\r\n";
 
-	if (substr_count($_POST['comments'], 'http://') > 1)
+	if (
+		substr_count($_POST['comments'], 'https://') > 1 ||
+		substr_count($_POST['comments'], 'http://') > 1
+	)
 		$error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n";
 
 	$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
diff --git a/update.php b/update.php
index 45a6a18..97fbab0 100644
--- a/update.php
+++ b/update.php
@@ -40,7 +40,10 @@ if (isset($_POST['submit'])) {
 	if (isBot() !== false)
 		$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'] . "\r\n";
 
-	if (substr_count($_POST['comments'], 'http://') > 1)
+	if (
+		substr_count($_POST['comments'], 'https://') > 1 ||
+		substr_count($_POST['comments'], 'http://') > 1
+	)
 		$error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n";
 
 	$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";