Components/Email/default.tpl

@@ -3,7 +3,7 @@
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
       <title></title>
       <style>
-        p { 
+        p, li { 
           font-family: Roboto,Arial,sans-serif;
           font-size: 18px;
           line-height: 1.5;

Controllers/api/v2/pro/content.php

@@ -43,9 +43,12 @@ class content implements Interfaces\Api
         }
 
         $type = '';
+        $algorithm = strtolower($_GET['algorithm'] ?? 'top');
+
         switch ($pages[1]) {
             case 'activities':
                 $type = 'activity';
+                $algorithm = 'latest';
                 break;
             case 'images':
                 $type = 'object:image';
@@ -127,7 +130,7 @@ class content implements Interfaces\Api
             'custom_type' => null,
             'limit' => $limit,
             'type' => $type,
-            'algorithm' => 'top',
+            'algorithm' => $algorithm,
             'period' => '7d',
             'sync' => $sync,
             'from_timestamp' => $fromTimestamp,
@@ -159,7 +162,7 @@ class content implements Interfaces\Api
         try {
             $result = $this->getData($entities, $opts, $asActivities, $sync);
 
-            if ($result->count() <= static::MIN_COUNT) {
+            if ($opts['algorithm'] !== 'latest' && $result->count() <= static::MIN_COUNT) {
                 $opts['algorithm'] = 'latest';
                 $result = $this->getData($entities, $opts, $asActivities, $sync);
             }

Controllers/api/v2/wire.php

@@ -61,6 +61,12 @@ class wire implements Interfaces\Api
         $recurring = isset($_POST['recurring']) ? $_POST['recurring'] : false;
         $recurringInterval = $_POST['recurring_interval'] ?? 'once';
 
+        if ($recurring && $recurringInterval === 'once') {
+            $recurringInterval = 'monthly';
+            // Client side bug we need to track down, so lets log in Sentry
+            \Sentry\captureMessage("Recurring Subscription was created with 'once' interval");
+        }
+
         if (!$amount) {
             return Factory::response(['status' => 'error', 'message' => 'you must send an amount']);
         }

Core/Email/Campaigns/Templates/pro-launch.md.tpl

+Our team has been heads down in the lab developing open source technology that is changing the world. As always, our goal is to provide you with a platform that enables the free exchange of ideas, protects your digital rights and fairly compensates you for your contributions to the network. 
+
+Introducing Minds Pro (beta), a new revenue model for content creators.
+- Get paid for your traffic and referrals
+- Launch your own website
+- Receive multi-currency tips and subscription payments from fans
+- Supports video, images, blogs and more
+
+| |
+|:--:|
+| [![Upgrade to Pro](https://cdn-assets.minds.com/emails/upgrade-to-pro.png){=150x}](https://www.minds.com/pro?__e_ct_guid=<?= $vars['guid']?>&campaign=<?= $vars['campaign']?>&topic=<?= $vars['topic'] ?>&validator=<?= $vars['validator'] ?>) |
+| |
+
+Thank you for your support!

Core/Router.php

@@ -7,15 +7,52 @@
 namespace Minds\Core;
 
 use Minds\Core\Di\Di;
+use Minds\Core\Features\Manager as Features;
 use Minds\Core\Router\Dispatcher;
 use Minds\Core\Router\Middleware\Kernel;
+use Minds\Core\Router\PrePsr7\Fallback;
 use Zend\Diactoros\ServerRequestFactory;
 use Zend\Diactoros\Uri;
 
 class Router
 {
-    public function route($uri = null, $method = null, $host = null)
+    /** @var Dispatcher */
+    protected $dispatcher;
+
+    /** @var Features */
+    protected $features;
+
+    /** @var Fallback */
+    protected $fallback;
+
+    /**
+     * Router constructor.
+     * @param Dispatcher $dispatcher
+     * @param Features $features
+     * @param Fallback $fallback
+     */
+    public function __construct(
+        $dispatcher = null,
+        $features = null,
+        $fallback = null
+    ) {
+        $this->dispatcher = $dispatcher ?: Di::_()->get('Router');
+        $this->features = $features ?: Di::_()->get('Features');
+        $this->fallback = $fallback ?: new Fallback();
+    }
+
+    /**
+     * @param string|null $uri
+     * @param string|null $method
+     * @param string|null $host
+     */
+    public function route(string $uri = null, string $method = null, string $host = null): void
     {
+        if (!$this->features->has('psr7-router')) {
+            $this->fallback->route();
+            return;
+        }
+
         if (!$uri) {
             $uri = strtok($_SERVER['REDIRECT_ORIG_URI'] ?? $_SERVER['REQUEST_URI'], '?');
         }
@@ -28,9 +65,6 @@ class Router
             $host = $_SERVER['HTTP_HOST'];
         }
 
-        /** @var Dispatcher $dispatcher */
-        $dispatcher = Di::_()->get('Router');
-
         $request = ServerRequestFactory::fromGlobals()
             ->withMethod($method)
             ->withUri(
@@ -38,7 +72,7 @@ class Router
                     ->withHost($host)
             ); // TODO: Ensure it works with reverse proxy
 
-        $response = $dispatcher
+        $response = $this->dispatcher
             ->pipe(new Kernel\ContentNegotiationMiddleware())
             ->pipe(new Kernel\ErrorHandlerMiddleware())
             ->pipe(

Core/Router/Dispatcher.php

@@ -14,6 +14,19 @@ use Psr\Http\Server\RequestHandlerInterface;
 
 class Dispatcher implements RequestHandlerInterface
 {
+    /** @var MiddlewareInterface */
+    protected $emptyResponseMiddleware;
+
+    /**
+     * Dispatcher constructor.
+     * @param MiddlewareInterface $emptyResponseMiddleware
+     */
+    public function __construct(
+        $emptyResponseMiddleware = null
+    ) {
+        $this->emptyResponseMiddleware = $emptyResponseMiddleware ?: new EmptyResponseMiddleware();
+    }
+
     /** @var MiddlewareInterface[] */
     protected $middleware = [];
 
@@ -37,7 +50,7 @@ class Dispatcher implements RequestHandlerInterface
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
         if (count($this->middleware) === 0) {
-            return (new EmptyResponseMiddleware())->process($request, $this);
+            return $this->emptyResponseMiddleware->process($request, $this);
         }
 
         $middleware = array_shift($this->middleware);

Core/Router/Middleware/Kernel/SessionMiddleware.php

@@ -28,8 +28,7 @@ class SessionMiddleware implements MiddlewareInterface
      */
     public function __construct(
         $session = null
-    )
-    {
+    ) {
         $this->session = $session ?: Di::_()->get('Sessions\Manager');
     }
 

Core/Router/PrePsr7/Fallback.php

@@ -105,4 +105,12 @@ class Fallback
 
         return new HtmlResponse($html, 200);
     }
+
+    /**
+     * Complete routing fallback
+     */
+    public function route()
+    {
+        (new Router())->route();
+    }
 }

Core/Router/RegistryEntry.php

@@ -89,6 +89,7 @@ class RegistryEntry
      */
     public function matches(string $route): bool
     {
+        $route = trim($route, '/');
         $pattern = sprintf("#^%s$#i", strtr(preg_quote($this->getWildcardRoute(), '#'), ['\*' => '[^/]+']));
         return (bool) preg_match($pattern, $route);
     }

Core/Security/Events.php

@@ -6,14 +6,21 @@ use Minds\Core\Di\Di;
 use Minds\Core\Events\Dispatcher;
 use Minds\Core\Security\TwoFactor;
 use Minds\Exceptions;
+use Minds\Helpers\Text;
+use Minds\Core\Security\Spam;
 
 class Events
 {
+    /** @var SMS $sms */
     protected $sms;
 
-    public function __construct()
+    /** @var Spam */
+    protected $spam;
+
+    public function __construct($spam = null)
     {
         $this->sms = Di::_()->get('SMS');
+        $this->spam = $spam ?? new Spam();
     }
 
     public function register()
@@ -23,322 +30,17 @@ class Events
         Dispatcher::register('update', 'elgg/event/object', [$this, 'onCreateHook']);
     }
 
-    protected function strposa($haystack, $needles, $offset = 0)
-    {
-        if (!is_array($needles)) {
-            $needles = [$needles];
-        }
-        foreach ($needles as $query) {
-            if (strpos($haystack, $query, $offset) !== false) {
-                return true;
-            } // stop on first true result
-        }
-        return false;
-    }
-
-    protected function prohibitedDomains()
-    {
-        return [
-            //shorts
-            //	't.co', 'goo.gl', 'ow.ly', 'bitly.com', 'bit.ly','tinyurl.com','bit.do','go2.do',
-            //	'adf.ly', 'adcrun.ch', 'zpag.es','ity.im', 'q.gs', 'lnk.co', 'is.gd',
-            //full
-            'movieblog.tumblr.com',
-            'moviehdstream.wordpress.com',
-            'moviehq.tumblr.com',
-            'moviehq.webs.com',
-            'moviehq.wordpress.com',
-            'movieo.wordpress.com',
-            'movieonline.tumblr.com',
-            'movieonline.webs.com',
-            'movieonline.wordpress.com',
-            'movieonlinehd.tumblr.com',
-            'movieonlinehd.webs.com',
-            'movieonlinehd.wordpress.com',
-            'movies.tumblr.com',
-            'moviesf.tumblr.com',
-            'moviesgodetia.com',
-            'movieslinks4u',
-            'moviesmount.com',
-            'moviesmonster.biz',
-            'moviesondesktop',
-            'moviesonlinefree.biz',
-            'moviestream.wordpress.com',
-            'movieontop.com',
-            'afllivestreaming.com.au',
-            'londonolympiccorner',
-            'nrllivestreaming.com.au',
-            '24x7livestreamtvchannels.com',
-            'www.edogo.us',
-            'all4health.in',
-            'watches4a.co.uk',
-            'es.jennyjoseph.com',
-            'allsportslive24x7.blogspot.com',
-            'boxing-tv-2014-live-stream.blogspot.com',
-            'amarblogdalima.blogspot.com',
-            'www.officialtvstream.com.es',
-            'topsalor.com',
-            'busybo.org',
-            'www.nowvideo.sx',
-            '180upload.com',
-            'allmyvideos.net',
-            'busybo.org',
-            'hdmovieshouse.biz',
-            'sportblog.info',
-            'psport.space',
-            'discus.space',
-            'euro2016.it.ua',
-            'neymar.space',
-            'espnstream.space',
-            '2016.vn.u',
-            'blogstream.space',
-            'liveextratime.xyz',
-            'thebestlive.xyz',
-            'streamoffside.xyz',
-            'sportmaster2014.page.tl',
-            'bloggersdelight.dk',
-            'watchsportslive.space',
-            'freeforward.xyz',
-            'live4sports.xyz',
-            'streamfun.xyz',
-            'angelfire.com',
-            'streamtime.xyz',
-            'futebol2star.com',
-            'live2sport.com',
-            'newssports.space',
-            'onlineolympics.xyz',
-            'liveolympics.xyz',
-            'streamontv.xyz',
-            'londonschedule.com',
-            'onlineolympics.space',
-            'sportwinning.xyz',
-            'streamworld.xyz',
-            'streamtop.xyz',
-            'livechampion.xyz',
-            'playstreams.xyz',
-            'live4sport.xyz',
-            'streampage.xyz',
-            'calendarsport.space',
-            'fsport.space',
-            'euro2016.od.ua',
-            'streambig.xyz',
-            'sportprediction.xyz',
-            'streamwork.xyz',
-            'r041.donnael.com',
-            '2016.lt.ua',
-            'vipleague.se',
-            'liveonline.company',
-            'liveolympics.space',
-            'seoandvideomarketing.com.au',
-            'vipbox.sx',
-            'germanypolandlivestream.club',
-            'sportgoal.xyz',
-            'ggdbsale.com',
-            'gorillasteroids.eu',
-            'watchlivesports.space',
-            'penaltyshootout.xyz',
-            'streamgroup.xyz',
-            'streamnew.xyz',
-            'cottonsport.space',
-            'gosport.space',
-            'streambest.xyz',
-            'penaltyspot.xyz',
-            'streamthe.xyz',
-            'liveevents.name',
-            'londonblog.work',
-            'testcollections.com',
-            'alfagy.com',
-            'teravide1974.full-design.com',
-            'selfnarhasbllaq1980-blog.logdown.com',
-            'neipononchoi1984.suomiblog.com',
-            'gemttranlonthe1985.blogzet.com',
-            'pitchero.com',
-            'blogolize.com',
-            'lisbopholsven1974.thezenweb.com',
-            'blogocial.com',
-            'tinyblogging.com',
-            'share.pho.to',
-            'community.vietfun.com',
-            'ockuderla1985.full-design.com',
-            'unmosimla1978.total-blog.com',
-            'gemttranlonthe1985.blogzet.com',
-            'rapptubizboe1978.blogminds.com',
-            'descduclighgon1973.full-design.com',
-            'ricphosati1972.full-design.com',
-            'fuddbluslanmaa1975.blogdigy.com',
-            'smarforcute1976.blogdigy.com',
-            'xn--90aizihgi.xn--p1ai',
-            'tinyurl.com',
-            'bit.ly',
-            'bit.do',
-            '123football.space',
-            'bitly.com',
-            'j.mp',
-            'livestreaming.one',
-            'livestreaming.life',
-            'forbest.pw',
-            'olizev.tdska2ll.ru',
-            'tdska2ll.ru',
-            'tdska1ll.ru',
-            'tdska3ll.ru',
-            'tdska4ll.ru',
-            'ihmail.ru',
-            'tdska5ll.ru',
-            'tdska6ll.ru',
-            'll.ru',
-            'shorl.com',
-            'scorestream.space',
-            'bestsplayer.xyz',
-            'worldwideevents.space',
-            'worldseries.space',
-            'best247chemist.net',
-            '9tn.ru',
-            'futbolkin2013.ru',
-            'playnowstore.com',
-            'qr-url.tk',
-            'watchonlinerugby.net',
-            'esecuritys.com',
-            'rufile.no-ip.ca',
-            'imzonline.com',
-            'femeedia.com',
-            'mediomatic.com',
-            'savemoneyeasily.com',
-            'option1pro.com',
-            'perron07.nl',
-            'movieonrails.com',
-            'topmoviestoday.com',
-            'playnowstore.com',
-            'g-files.biz',
-            'dawnloadonline.com',
-            'thedirsite.com',
-            'siteslocate.com',
-            'mydrugdir.com',
-            'find24hs.com',
-            'veeble.org',
-            'movieonrails.com',
-            'bestmoviehd.net',
-            'putmovies.info',
-            'awarefinance.com',
-            'shurll.com',
-            'acceptsearch.com',
-            'signforcover.com',
-            'raisengine.com',
-            'rocketcarrental.com',
-            'godsearchs.com',
-            'listenhanced.com',
-            'find24hs.com',
-            'findinform.com',
-            'sitesworlds.com',
-            'rocketcarrental.com',
-            'thedirsite.com',
-            'getboook.com',
-            'pokerarena88.com',
-            'aquamelia.com',
-            'beautyskintalks.com',
-            'getmooovie.com',
-            'getdriversss.com',
-            'getsoooft.com',
-            'getgamesss.com',
-            'abrts.pro',
-            'leadbit.biz',
-            'efght.pro',
-            'qyresearcheurope.com',
-            'plusfreemaxfr.com',
-            'getappmac.com',
-            'getharlemhealthy.org',
-            'goo.gl',
-            'getmooovie.com',
-            'marketreportscenter.com',
-            'getsooft.com',
-            'myowndom.ru',
-            'print-mgn.ru',
-            'wiki-data.ru',
-            'velobog.ru',
-            'mobisony.ru',
-            'dzeroki.ru',
-            'slimkor.ru',
-            'kak-brosit-kyrit.ru',
-            'jinyurl.com',
-            'urlin.us',
-            'capillus.com',
-            'siteprofissional.com',
-            'mitersawjudge.com',
-            'mohajreen-jeeda.com',
-            'jobberies.com',
-            'bestfilms.site',
-            'baystudios.ch',
-            'elvenarhack.bid',
-            'essencephskincare.com',
-            'blog2learn.com',
-            'superrugbyonline.net',
-            'superrugby18.livejournal.com',
-            'expertairco.com',
-            'draesthetica.co.uk',
-            'sphere.social',
-            'saveabookmarks.xyz',
-            '/t.co',
-            'samuelsconstruction.build',
-            'pmwares.com',
-            'watchesofwales.co.uk',
-            //'.ru',
-            'zotero.org',
-            'speakerdeck.com',
-            'freesiteslike.com',
-            'pusha.se',
-            'vrootdownload.org',
-            'rubberwebshop.nl',
-            'restaurerlecorps.info',
-            'discretthemes.info',
-            'bride-forever.com',
-            'simplesmetamorphoses.info',
-            'mp3gain.com',
-            'mp4gain.com',
-            'ttlink.com',
-            'onepost.cf',
-            'getmefunds.com',
-            'vikinail.pl',
-            'typesofbeauty.info',
-            'joie6portia93.bloglove.cc',
-            'htgtea.com',
-            'tblogz.com',
-            'liveinternet.ru',
-            '.diowebhost.com',
-            '/yoursite.com',
-            'reworkedgames.eu',
-            'mp3gain.sourceforge.net',
-            'pages10.com',
-            'nudegirIs.info',
-            'aidagirls.com',
-            'alsoloves.com',
-            'hotswishes.com',
-            'instaphoto.club',
-            'intimspace.com',
-            'pornopoisk.info',
-            'localmodels.online',
-            'kaikki-mallit.com',
-            'hotswishes.com',
-        ];
-    }
-
     public function onCreateHook($hook, $type, $params, $return = null)
     {
         $object = $params;
-        if ($this->strposa($object->description, $this->prohibitedDomains()) ||
-            $this->strposa($object->briefdescription, $this->prohibitedDomains()) ||
-            $this->strposa($object->message, $this->prohibitedDomains()) ||
-            $this->strposa($object->title, $this->prohibitedDomains())
-        ) {
-            throw new \Exception('Sorry, your post contains a reference to a domain name linked to spam. You can not use short urls (eg. bit.ly). Please remove it and try again');
+
+        if ($this->spam->check($object)) {
             if (PHP_SAPI != 'cli') {
                 forward(REFERRER);
             }
             return false;
         }
 
-        if ($type == 'group' && $this->strposa($object->getBriefDescription(), $this->prohibitedDomains())) {
-            return false;
-        }
-
         return true;
     }
 

Core/Security/ProhibitedDomains.php

+<?php
+
+namespace Minds\Core\Security;
+
+/**
+ * Domains listed here has been blacklisted due to spam.
+ * Short urls are also not allowed due to security issues.
+ */
+class ProhibitedDomains
+{
+    /** @var array */
+    const DOMAINS = [
+        'movieblog.tumblr.com',
+        'moviehdstream.wordpress.com',
+        'moviehq.tumblr.com',
+        'moviehq.webs.com',
+        'moviehq.wordpress.com',
+        'movieo.wordpress.com',
+        'movieonline.tumblr.com',
+        'movieonline.webs.com',
+        'movieonline.wordpress.com',
+        'movieonlinehd.tumblr.com',
+        'movieonlinehd.webs.com',
+        'movieonlinehd.wordpress.com',
+        'movies.tumblr.com',
+        'moviesf.tumblr.com',
+        'moviesgodetia.com',
+        'movieslinks4u',
+        'moviesmount.com',
+        'moviesmonster.biz',
+        'moviesondesktop',
+        'moviesonlinefree.biz',
+        'moviestream.wordpress.com',
+        'movieontop.com',
+        'afllivestreaming.com.au',
+        'londonolympiccorner',
+        'nrllivestreaming.com.au',
+        '24x7livestreamtvchannels.com',
+        'www.edogo.us',
+        'all4health.in',
+        'watches4a.co.uk',
+        'es.jennyjoseph.com',
+        'allsportslive24x7.blogspot.com',
+        'boxing-tv-2014-live-stream.blogspot.com',
+        'amarblogdalima.blogspot.com',
+        'www.officialtvstream.com.es',
+        'topsalor.com',
+        'busybo.org',
+        'www.nowvideo.sx',
+        '180upload.com',
+        'allmyvideos.net',
+        'busybo.org',
+        'hdmovieshouse.biz',
+        'sportblog.info',
+        'psport.space',
+        'discus.space',
+        'euro2016.it.ua',
+        'neymar.space',
+        'espnstream.space',
+        '2016.vn.u',
+        'blogstream.space',
+        'liveextratime.xyz',
+        'thebestlive.xyz',
+        'streamoffside.xyz',
+        'sportmaster2014.page.tl',
+        'bloggersdelight.dk',
+        'watchsportslive.space',
+        'freeforward.xyz',
+        'live4sports.xyz',
+        'streamfun.xyz',
+        'angelfire.com',
+        'streamtime.xyz',
+        'futebol2star.com',
+        'live2sport.com',
+        'newssports.space',
+        'onlineolympics.xyz',
+        'liveolympics.xyz',
+        'streamontv.xyz',
+        'londonschedule.com',
+        'onlineolympics.space',
+        'sportwinning.xyz',
+        'streamworld.xyz',
+        'streamtop.xyz',
+        'livechampion.xyz',
+        'playstreams.xyz',
+        'live4sport.xyz',
+        'streampage.xyz',
+        'calendarsport.space',
+        'fsport.space',
+        'euro2016.od.ua',
+        'streambig.xyz',
+        'sportprediction.xyz',
+        'streamwork.xyz',
+        'r041.donnael.com',
+        '2016.lt.ua',
+        'vipleague.se',
+        'liveonline.company',
+        'liveolympics.space',
+        'seoandvideomarketing.com.au',
+        'vipbox.sx',
+        'germanypolandlivestream.club',
+        'sportgoal.xyz',
+        'ggdbsale.com',
+        'gorillasteroids.eu',
+        'watchlivesports.space',
+        'penaltyshootout.xyz',
+        'streamgroup.xyz',
+        'streamnew.xyz',
+        'cottonsport.space',
+        'gosport.space',
+        'streambest.xyz',
+        'penaltyspot.xyz',
+        'streamthe.xyz',
+        'liveevents.name',
+        'londonblog.work',
+        'testcollections.com',
+        'alfagy.com',
+        'teravide1974.full-design.com',
+        'selfnarhasbllaq1980-blog.logdown.com',
+        'neipononchoi1984.suomiblog.com',
+        'gemttranlonthe1985.blogzet.com',
+        'pitchero.com',
+        'blogolize.com',
+        'lisbopholsven1974.thezenweb.com',
+        'blogocial.com',
+        'tinyblogging.com',
+        'share.pho.to',
+        'community.vietfun.com',
+        'ockuderla1985.full-design.com',
+        'unmosimla1978.total-blog.com',
+        'gemttranlonthe1985.blogzet.com',
+        'rapptubizboe1978.blogminds.com',
+        'descduclighgon1973.full-design.com',
+        'ricphosati1972.full-design.com',
+        'fuddbluslanmaa1975.blogdigy.com',
+        'smarforcute1976.blogdigy.com',
+        'xn--90aizihgi.xn--p1ai',
+        'tinyurl.com',
+        'bit.ly',
+        'bit.do',
+        '123football.space',
+        'bitly.com',
+        'j.mp',
+        'livestreaming.one',
+        'livestreaming.life',
+        'forbest.pw',
+        'olizev.tdska2ll.ru',
+        'tdska2ll.ru',
+        'tdska1ll.ru',
+        'tdska3ll.ru',
+        'tdska4ll.ru',
+        'ihmail.ru',
+        'tdska5ll.ru',
+        'tdska6ll.ru',
+        'll.ru',
+        'shorl.com',
+        'scorestream.space',
+        'bestsplayer.xyz',
+        'worldwideevents.space',
+        'worldseries.space',
+        'best247chemist.net',
+        '9tn.ru',
+        'futbolkin2013.ru',
+        'playnowstore.com',
+        'qr-url.tk',
+        'watchonlinerugby.net',
+        'esecuritys.com',
+        'rufile.no-ip.ca',
+        'imzonline.com',
+        'femeedia.com',
+        'mediomatic.com',
+        'savemoneyeasily.com',
+        'option1pro.com',
+        'perron07.nl',
+        'movieonrails.com',
+        'topmoviestoday.com',
+        'playnowstore.com',
+        'g-files.biz',
+        'dawnloadonline.com',
+        'thedirsite.com',
+        'siteslocate.com',
+        'mydrugdir.com',
+        'find24hs.com',
+        'veeble.org',
+        'movieonrails.com',
+        'bestmoviehd.net',
+        'putmovies.info',
+        'awarefinance.com',
+        'shurll.com',
+        'acceptsearch.com',
+        'signforcover.com',
+        'raisengine.com',
+        'rocketcarrental.com',
+        'godsearchs.com',
+        'listenhanced.com',
+        'find24hs.com',
+        'findinform.com',
+        'sitesworlds.com',
+        'rocketcarrental.com',
+        'thedirsite.com',
+        'getboook.com',
+        'pokerarena88.com',
+        'aquamelia.com',
+        'beautyskintalks.com',
+        'getmooovie.com',
+        'getdriversss.com',
+        'getsoooft.com',
+        'getgamesss.com',
+        'abrts.pro',
+        'leadbit.biz',
+        'efght.pro',
+        'qyresearcheurope.com',
+        'plusfreemaxfr.com',
+        'getappmac.com',
+        'getharlemhealthy.org',
+        'goo.gl',
+        'getmooovie.com',
+        'marketreportscenter.com',
+        'getsooft.com',
+        'myowndom.ru',
+        'print-mgn.ru',
+        'wiki-data.ru',
+        'velobog.ru',
+        'mobisony.ru',
+        'dzeroki.ru',
+        'slimkor.ru',
+        'kak-brosit-kyrit.ru',
+        'jinyurl.com',
+        'urlin.us',
+        'capillus.com',
+        'siteprofissional.com',
+        'mitersawjudge.com',
+        'mohajreen-jeeda.com',
+        'jobberies.com',
+        'bestfilms.site',
+        'baystudios.ch',
+        'elvenarhack.bid',
+        'essencephskincare.com',
+        'blog2learn.com',
+        'superrugbyonline.net',
+        'superrugby18.livejournal.com',
+        'expertairco.com',
+        'draesthetica.co.uk',
+        'sphere.social',
+        'saveabookmarks.xyz',
+        '/t.co',
+        'samuelsconstruction.build',
+        'pmwares.com',
+        'watchesofwales.co.uk',
+        'zotero.org',
+        'speakerdeck.com',
+        'freesiteslike.com',
+        'pusha.se',
+        'vrootdownload.org',
+        'rubberwebshop.nl',
+        'restaurerlecorps.info',
+        'discretthemes.info',
+        'bride-forever.com',
+        'simplesmetamorphoses.info',
+        'mp3gain.com',
+        'mp4gain.com',
+        'ttlink.com',
+        'onepost.cf',
+        'getmefunds.com',
+        'vikinail.pl',
+        'typesofbeauty.info',
+        'joie6portia93.bloglove.cc',
+        'htgtea.com',
+        'tblogz.com',
+        'liveinternet.ru',
+        '.diowebhost.com',
+        '/yoursite.com',
+        'reworkedgames.eu',
+        'mp3gain.sourceforge.net',
+        'pages10.com',
+        'nudegirIs.info',
+        'aidagirls.com',
+        'alsoloves.com',
+        'hotswishes.com',
+        'instaphoto.club',
+        'intimspace.com',
+        'pornopoisk.info',
+        'localmodels.online',
+        'kaikki-mallit.com',
+        'hotswishes.com',
+    ];
+}

Core/Security/Spam.php

@@ -2,421 +2,49 @@
 
 namespace Minds\Core\Security;
 
-use Minds\Core\Di\Di;
-use Minds\Core\Events\Dispatcher;
-use Minds\Core\Security\TwoFactor;
-use Minds\Exceptions;
+use Minds\Helpers\Text;
+use Minds\Core\Config;
+use Minds\Core\Security\ProhibitedDomains;
 
 class Spam
 {
-    public function check($entity)
+    /**
+     * Check for spam
+     * @param mixed $entity
+     * @return bool
+     */
+    public function check($entity): ?bool
     {
         $foundSpam = false;
 
         switch ($entity->getType()) {
             case 'comment':
-                $foundSpam = $this->strposa($entity->getBody(), $this->prohibitedDomains());
+                $foundSpam = Text::strposa($entity->getBody(), ProhibitedDomains::DOMAINS);
                 break;
             case 'activity':
+                $foundSpam = Text::strposa($entity->getMessage(), ProhibitedDomains::DOMAINS);
+                break;
             case 'object':
                 if ($entity->getSubtype() === 'blog') {
-                    $foundSpam = $this->strposa($entity->getBody(), $this->prohibitedDomains());
+                    $foundSpam = Text::strposa($entity->getBody(), ProhibitedDomains::DOMAINS);
                     break;
                 }
-                $foundSpam = $this->strposa($entity->getDescription(), $this->prohibitedDomains());
+                $foundSpam = Text::strposa($entity->getDescription(), ProhibitedDomains::DOMAINS);
                 break;
             case 'user':
-                $foundSpam = $this->strposa($entity->briefdescription, $this->prohibitedDomains());
+                $foundSpam = Text::strposa($entity->briefdescription, ProhibitedDomains::DOMAINS);
                 break;
             case 'group':
-                $foundSpam = $this->strposa($entity->getBriefDescription(), $this->prohibitedDomains());
+                $foundSpam = Text::strposa($entity->getBriefDescription(), ProhibitedDomains::DOMAINS);
                 break;
             default:
                 error_log("[spam-check]: $entity->type:$entity->subtype not supported");
          }
 
         if ($foundSpam) {
-            throw new \Exception('Sorry, you included a reference to a domain name linked to spam. You can not use short urls (eg. bit.ly). Please remove it and try again');
-        }
-    }
-
-    protected function strposa($haystack, $needles, $offset = 0)
-    {
-        if (!is_array($needles)) {
-            $needles = [$needles];
+            throw new \Exception("Sorry, you included a reference to a domain name linked to spam (${foundSpam})");
+            return true;
         }
-        foreach ($needles as $query) {
-            if (stripos($haystack, $query, $offset) !== false) {
-                return true;
-            } // stop on first true result
-        }
-        return false;
-    }
-
-    protected function prohibitedDomains()
-    {
-        return [
-            //shorts
-            //	't.co', 'goo.gl', 'ow.ly', 'bitly.com', 'bit.ly','tinyurl.com','bit.do','go2.do',
-            //	'adf.ly', 'adcrun.ch', 'zpag.es','ity.im', 'q.gs', 'lnk.co', 'is.gd',
-            //full
-            'movieblog.tumblr.com',
-            'moviehdstream.wordpress.com',
-            'moviehq.tumblr.com',
-            'moviehq.webs.com',
-            'moviehq.wordpress.com',
-            'movieo.wordpress.com',
-            'movieonline.tumblr.com',
-            'movieonline.webs.com',
-            'movieonline.wordpress.com',
-            'movieonlinehd.tumblr.com',
-            'movieonlinehd.webs.com',
-            'movieonlinehd.wordpress.com',
-            'movies.tumblr.com',
-            'moviesf.tumblr.com',
-            'moviesgodetia.com',
-            'movieslinks4u',
-            'moviesmount.com',
-            'moviesmonster.biz',
-            'moviesondesktop',
-            'moviesonlinefree.biz',
-            'moviestream.wordpress.com',
-            'movieontop.com',
-            'afllivestreaming.com.au',
-            'londonolympiccorner',
-            'nrllivestreaming.com.au',
-            '24x7livestreamtvchannels.com',
-            'www.edogo.us',
-            'all4health.in',
-            'watches4a.co.uk',
-            'es.jennyjoseph.com',
-            'allsportslive24x7.blogspot.com',
-            'boxing-tv-2014-live-stream.blogspot.com',
-            'amarblogdalima.blogspot.com',
-            'www.officialtvstream.com.es',
-            'topsalor.com',
-            'busybo.org',
-            'www.nowvideo.sx',
-            '180upload.com',
-            'allmyvideos.net',
-            'busybo.org',
-            'hdmovieshouse.biz',
-            'sportblog.info',
-            'psport.space',
-            'discus.space',
-            'euro2016.it.ua',
-            'neymar.space',
-            'espnstream.space',
-            '2016.vn.u',
-            'blogstream.space',
-            'liveextratime.xyz',
-            'thebestlive.xyz',
-            'streamoffside.xyz',
-            'sportmaster2014.page.tl',
-            'bloggersdelight.dk',
-            'watchsportslive.space',
-            'freeforward.xyz',
-            'live4sports.xyz',
-            'streamfun.xyz',
-            'angelfire.com',
-            'streamtime.xyz',
-            'futebol2star.com',
-            'live2sport.com',
-            'newssports.space',
-            'onlineolympics.xyz',
-            'liveolympics.xyz',
-            'streamontv.xyz',
-            'londonschedule.com',
-            'onlineolympics.space',
-            'sportwinning.xyz',
-            'streamworld.xyz',
-            'streamtop.xyz',
-            'livechampion.xyz',
-            'playstreams.xyz',
-            'live4sport.xyz',
-            'streampage.xyz',
-            'calendarsport.space',
-            'fsport.space',
-            'euro2016.od.ua',
-            'streambig.xyz',
-            'sportprediction.xyz',
-            'streamwork.xyz',
-            'r041.donnael.com',
-            '2016.lt.ua',
-            'vipleague.se',
-            'liveonline.company',
-            'liveolympics.space',
-            'seoandvideomarketing.com.au',
-            'vipbox.sx',
-            'germanypolandlivestream.club',
-            'sportgoal.xyz',
-            'ggdbsale.com',
-            'gorillasteroids.eu',
-            'watchlivesports.space',
-            'penaltyshootout.xyz',
-            'streamgroup.xyz',
-            'streamnew.xyz',
-            'cottonsport.space',
-            'gosport.space',
-            'streambest.xyz',
-            'penaltyspot.xyz',
-            'streamthe.xyz',
-            'liveevents.name',
-            'londonblog.work',
-            'testcollections.com',
-            'alfagy.com',
-            'teravide1974.full-design.com',
-            'selfnarhasbllaq1980-blog.logdown.com',
-            'neipononchoi1984.suomiblog.com',
-            'gemttranlonthe1985.blogzet.com',
-            'pitchero.com',
-            'blogolize.com',
-            'lisbopholsven1974.thezenweb.com',
-            'blogocial.com',
-            'tinyblogging.com',
-            'share.pho.to',
-            'community.vietfun.com',
-            'ockuderla1985.full-design.com',
-            'unmosimla1978.total-blog.com',
-            'gemttranlonthe1985.blogzet.com',
-            'rapptubizboe1978.blogminds.com',
-            'descduclighgon1973.full-design.com',
-            'ricphosati1972.full-design.com',
-            'fuddbluslanmaa1975.blogdigy.com',
-            'smarforcute1976.blogdigy.com',
-            'xn--90aizihgi.xn--p1ai',
-            'tinyurl.com',
-            'bit.ly',
-            'bit.do',
-            '123football.space',
-            'bitly.com',
-            'j.mp',
-            'livestreaming.one',
-            'livestreaming.life',
-            'forbest.pw',
-            'olizev.tdska2ll.ru',
-            'tdska2ll.ru',
-            'tdska1ll.ru',
-            'tdska3ll.ru',
-            'tdska4ll.ru',
-            'ihmail.ru',
-            'tdska5ll.ru',
-            'tdska6ll.ru',
-            'll.ru',
-            'shorl.com',
-            'scorestream.space',
-            'bestsplayer.xyz',
-            'worldwideevents.space',
-            'worldseries.space',
-            'best247chemist.net',
-            '9tn.ru',
-            'futbolkin2013.ru',
-            'playnowstore.com',
-            'qr-url.tk',
-            'watchonlinerugby.net',
-            'esecuritys.com',
-            'rufile.no-ip.ca',
-            'imzonline.com',
-            'femeedia.com',
-            'mediomatic.com',
-            'savemoneyeasily.com',
-            'option1pro.com',
-            'perron07.nl',
-            'movieonrails.com',
-            'topmoviestoday.com',
-            'playnowstore.com',
-            'g-files.biz',
-            'dawnloadonline.com',
-            'thedirsite.com',
-            'siteslocate.com',
-            'mydrugdir.com',
-            'find24hs.com',
-            'veeble.org',
-            'movieonrails.com',
-            'bestmoviehd.net',
-            'putmovies.info',
-            'awarefinance.com',
-            'shurll.com',
-            'acceptsearch.com',
-            'signforcover.com',
-            'raisengine.com',
-            'rocketcarrental.com',
-            'godsearchs.com',
-            'listenhanced.com',
-            'find24hs.com',
-            'findinform.com',
-            'sitesworlds.com',
-            'rocketcarrental.com',
-            'thedirsite.com',
-            'getboook.com',
-            'pokerarena88.com',
-            'aquamelia.com',
-            'beautyskintalks.com',
-            'getmooovie.com',
-            'getdriversss.com',
-            'getsoooft.com',
-            'getgamesss.com',
-            'abrts.pro',
-            'leadbit.biz',
-            'efght.pro',
-            'qyresearcheurope.com',
-            'plusfreemaxfr.com',
-            'getappmac.com',
-            'getharlemhealthy.org',
-            'goo.gl',
-            'getmooovie.com',
-            'marketreportscenter.com',
-            'getsooft.com',
-            'myowndom.ru',
-            'print-mgn.ru',
-            'wiki-data.ru',
-            'velobog.ru',
-            'mobisony.ru',
-            'dzeroki.ru',
-            'slimkor.ru',
-            'kak-brosit-kyrit.ru',
-            'jinyurl.com',
-            'urlin.us',
-            'capillus.com',
-            'siteprofissional.com',
-            'mitersawjudge.com',
-            'mohajreen-jeeda.com',
-            'jobberies.com',
-            'bestfilms.site',
-            'baystudios.ch',
-            'elvenarhack.bid',
-            'essencephskincare.com',
-            'blog2learn.com',
-            'superrugbyonline.net',
-            'superrugby18.livejournal.com',
-            'expertairco.com',
-            'draesthetica.co.uk',
-            'sphere.social',
-            'saveabookmarks.xyz',
-            '/t.co',
-            'samuelsconstruction.build',
-            'pmwares.com',
-            'watchesofwales.co.uk',
-            //'.ru',
-            'zotero.org',
-            'speakerdeck.com',
-            'freesiteslike.com',
-            'pusha.se',
-            'vrootdownload.org',
-            'rubberwebshop.nl',
-            'restaurerlecorps.info',
-            'discretthemes.info',
-            'bride-forever.com',
-            'simplesmetamorphoses.info',
-            'mp3gain.com',
-            'mp4gain.com',
-            'ttlink.com',
-            'onepost.cf',
-            'getmefunds.com',
-            'vikinail.pl',
-            'typesofbeauty.info',
-            'joie6portia93.bloglove.cc',
-            'htgtea.com',
-            'tblogz.com',
-            'liveinternet.ru',
-            '.diowebhost.com',
-            '/yoursite.com',
-            'reworkedgames.eu',
-            'mp3gain.sourceforge.net',
-            'pages10.com',
-            '2213ys.com',
-            'goldengoosesneakershop.com',
-            'howtocrazy.com',
-            'divatsport-blog.info',
-            '1xroyal.com',
-            'yuctw.com',
-            'bangalorehotescorts.in',
-            'hx.269w.net',
-            'fr.pdffile.org',
-            'evistas.usc.edu.co',
-            'caelt3.harrisburgu.edu',
-            'seehd.pl',
-            'benonscatering.co.uk',
-            'itoolsdownload.info',
-            'knoji.com',
-            'srsintl.com',
-            'www.trauringe-efes.de',
-            'myassignmenthelp.com',
-            'sgamepro.io',
-            'brycewalkeruk.weebly.com',
-            'windscreendiscounters.co.za',
-            'bitcoinrevolutionreview.com',
-            'freebetqq.com',
-            'mpocash.com',
-            'backofficevi.com',
-            'thesingaporepropertyblog.wordpress.com',
-            'www.winni.in',
-            'www.viki.com',
-            '//is.gd',
-            '/answerfirst.com',
-            'cewnote.com',
-            'www.mastherapy.es',
-            'pcpltd.com',
-            '/nutoyshop.info',
-            '/ppcair.com',
-            'xe365.info',
-            'www.foodpoisoningnews.com',
-            '/freecracks.net',
-            'www.noosaboatique.com.au',
-            'www.bestbeds.co.nz',
-            '/taxisweybridge.com',
-            'www.speakwell.co.in',
-            'www.islamickalajadu.com',
-            'www.zxpanel.com',
-            '.shop1.cz',
-            '//Inve.one',
-            'www.rsstop10.com',
-            'www.cheapjerseys91.com',
-            '.blogcountry.net',
-            '/renewableenergyworld.com',
-            '/www.anobii.com',
-            '/atreointernational.com',
-            '/thoushallnotwhine.com',
-            '/boldwap.net',
-            '/images16.fotki.com',
-            '/www.mirrorcreator.com',
-            '/ipaymu.com',
-            '/www.deerasa.com',
-            '/lp-distributors.com',
-            '/www.radyoharunyahya.com',
-            '/dominoqiu.co/',
-            '/rejuvabrains.org/',
-            '/images108.fotki.com',
-            '/www.wizhez.com',
-            'www.iamsport.org',
-            '/justinbravo.com',
-            '/alix92irina.blog5.net',
-            '/usachinatraining.com',
-            'prodid3gizi.poltekkes-malang.ac.id',
-            '/www.getjealous.com',
-            '/www.gdaca.com',
-            '/bxxlacy864398.wordpress.com',
-            '/vip126.cafe24.com',
-            '/treltistconsi1972.wordpress.com',
-            '/dansmoke.com/',
-            '/www.boostmedia.in',
-            'www.thechubbybuddy.com',
-            '/anewwellnessspa.com',
-            '/mercer82rios.wordpress.com',
-            '/cadcamoffices.co.uk',
-            '/carpetexperts.net',
-            '/media4.picsearch.com',
-            'slotsbonus777.com',
-            'nudegirls.info',
-            'aidagirls.com',
-            'alsoloves.com',
-            'hotswishes.com',
-            'instaphoto.club',
-            'intimspace.com',
-            'pornopoisk.info',
-            'localmodels.online',
-            'kaikki-mallit.com',
-            'hotswishes.com',
-        ];
+        return $foundSpam ? true : false;
     }
 }

Helpers/Text.php

@@ -90,4 +90,26 @@ class Text
     {
         return (string) $value;
     }
+
+    /**
+     * Runs through a body of text, checking it for values.
+     *
+     * @param [type] $haystack - Body of text.
+     * @param [type] $needles - Array of values to be searched for.
+     * @param integer $offset - offset to start.
+     * @return boolean|string - The matching value.
+     */
+    public static function strposa($haystack, $needles, $offset = 0)
+    {
+        if (!is_array($needles)) {
+            $needles = [$needles];
+        }
+        foreach ($needles as $query) {
+            if (stripos($haystack, $query, $offset) !== false) {
+                // stop on first true result
+                return $query;
+            }
+        }
+        return false;
+    }
 }

Spec/Core/Blogs/ManagerSpec.php

@@ -275,28 +275,26 @@ class ManagerSpec extends ObjectBehavior
             ->shouldReturn(true);
     }
 
-    public function it_should_abort_if_spam(Blog $blog)
+    public function it_should_check_for_spam(Blog $blog, Spam $spam)
     {
         $this->beConstructedWith(
             $this->repository,
             $this->paywallReview,
             $this->slug,
             $this->feeds,
-            null,
+            $this->spam,
             $this->search
         );
 
+        $spamUrl = 'movieblog.tumblr.com';
+
         $blog->getType()
-            ->willReturn('object');
+                ->willReturn('object');
 
         $blog->getSubtype()
-            ->willReturn('blog');
-
-        $blog->getBody()
-            ->shouldBeCalled()
-            ->willReturn('movieblog.tumblr.com');
+                ->willReturn('blog');
 
-        $this->shouldThrow(new \Exception('Sorry, you included a reference to a domain name linked to spam. You can not use short urls (eg. bit.ly). Please remove it and try again'))
-            ->duringAdd($blog);
+        $this->spam->check(Argument::any())->shouldBeCalled()->willReturn(true);
+        $this->add($blog);
     }
 }

Spec/Core/Router/DispatcherSpec.php

+<?php
+
+namespace Spec\Minds\Core\Router;
+
+use Minds\Core\Router\Dispatcher;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+
+class DispatcherSpec extends ObjectBehavior
+{
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(Dispatcher::class);
+    }
+
+    public function it_should_pipe(
+        MiddlewareInterface $middleware
+    ) {
+        $this
+            ->pipe($middleware)
+            ->shouldReturn($this);
+    }
+
+    public function it_should_handle(
+        MiddlewareInterface $middleware1,
+        MiddlewareInterface $middleware2,
+        ServerRequestInterface $request,
+        ResponseInterface $response
+    ) {
+        $middleware1->process($request, $this)
+            ->shouldBeCalled()
+            ->willReturn($response);
+
+        $middleware2->process(Argument::cetera())
+            ->shouldNotBeCalled();
+
+        $this
+            ->pipe($middleware1)
+            ->pipe($middleware2)
+            ->handle($request)
+            ->shouldReturn($response);
+    }
+
+    public function it_should_handle_an_empty_stack(
+        MiddlewareInterface $fallbackMiddleware,
+        ServerRequestInterface $request,
+        ResponseInterface $response
+    ) {
+        $this->beConstructedWith($fallbackMiddleware);
+
+        $fallbackMiddleware->process($request, $this)
+            ->shouldBeCalled()
+            ->willReturn($response);
+
+        $this
+            ->handle($request)
+            ->shouldReturn($response);
+    }
+}

Spec/Core/Router/Middleware/AdminMiddlewareSpec.php

+<?php
+
+namespace Spec\Minds\Core\Router\Middleware;
+
+use Minds\Core\Router\Middleware\AdminMiddleware;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+
+class AdminMiddlewareSpec extends ObjectBehavior
+{
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(AdminMiddleware::class);
+    }
+}

Spec/Core/Router/Middleware/Kernel/ContentNegotiationMiddlewareSpec.php

+<?php
+
+namespace Spec\Minds\Core\Router\Middleware\Kernel;
+
+use Minds\Core\Router\Middleware\Kernel\ContentNegotiationMiddleware;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+
+class ContentNegotiationMiddlewareSpec extends ObjectBehavior
+{
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(ContentNegotiationMiddleware::class);
+    }
+}

Spec/Core/Router/Middleware/Kernel/CorsMiddlewareSpec.php

+<?php
+
+namespace Spec\Minds\Core\Router\Middleware\Kernel;
+
+use Minds\Core\Router\Middleware\Kernel\CorsMiddleware;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+
+class CorsMiddlewareSpec extends ObjectBehavior
+{
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(CorsMiddleware::class);
+    }
+}

Spec/Core/Router/Middleware/Kernel/EmptyResponseMiddlewareSpec.php

+<?php
+
+namespace Spec\Minds\Core\Router\Middleware\Kernel;
+
+use Minds\Core\Router\Middleware\Kernel\EmptyResponseMiddleware;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+
+class EmptyResponseMiddlewareSpec extends ObjectBehavior
+{
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(EmptyResponseMiddleware::class);
+    }
+}

Spec/Core/Router/Middleware/Kernel/ErrorHandlerMiddlewareSpec.php

+<?php
+
+namespace Spec\Minds\Core\Router\Middleware\Kernel;
+
+use Minds\Core\Router\Middleware\Kernel\ErrorHandlerMiddleware;
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+
+class ErrorHandlerMiddlewareSpec extends ObjectBehavior
+{
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType(ErrorHandlerMiddleware::class);
+    }
+}