? modules/contact.module.sbm
? modules/search.module.sbm
? modules/statistics.module.sbm
? modules/user.module.sbm
? includes/bootstrap.inc.sbm
Index: modules/statistics.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/statistics.module,v
retrieving revision 1.202
diff -u -r1.202 statistics.module
--- modules/statistics.module	1 Aug 2005 05:14:05 -0000	1.202
+++ modules/statistics.module	9 Aug 2005 14:13:48 -0000
@@ -308,6 +308,13 @@
  * Menu callback; presents the "referrer" page.
  */
 function statistics_top_referrers() {
+  // Remove trailing port designations from $_SERVER['HTTP_HOST'].
+  $http_host = $_SERVER['HTTP_HOST'];
+  $colon_position = strrpos($http_host, ':');
+  if ($colon_position !== FALSE) {
+    $http_host = substr($http_host, 0, $colon_position-1);
+  }
+  
   $query = "SELECT url, COUNT(url) AS hits, MAX(timestamp) AS last FROM {accesslog} WHERE url NOT LIKE '%%%s%%' AND url <> '' GROUP BY url";
   $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%%%s%%'";
   drupal_set_title(t('Top referrers in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200)))));
@@ -316,16 +323,18 @@
     array('data' => t('Hits'), 'field' => 'hits', 'sort' => 'desc'),
     array('data' => t('Url'), 'field' => 'url'),
     array('data' => t('Last visit'), 'field' => 'last'),
+    array('data' => t('Ban referrer'))
   );
 
   $query .= tablesort_sql($header);
-  $result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']);
+  $result = pager_query($query, 30, 0, $query_cnt, $http_host);
 
   while ($referrer = db_fetch_object($result)) {
-    $rows[] = array($referrer->hits, '<a href="'. check_url($referrer->url) .'">'. check_plain(_statistics_column_width($referrer->url)) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
+    $referrer_parsed = parse_url($referrer->url);
+    $rows[] = array($referrer->hits, '<a href="'. check_url($referrer->url) .'">'. check_plain(_statistics_column_width($referrer->url)) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))), l(t("Ban Referrer"), "admin/access/rules/add/%25". $referrer_parsed['host'] ."%25/referrer"));
   }
   if ($pager = theme('pager', NULL, 30, 0, tablesort_pager())) {
-    $rows[] = array(array('data' => $pager, 'colspan' => '3'));
+    $rows[] = array(array('data' => $pager, 'colspan' => '4'));
   }
 
   return theme('table', $header, $rows);
@@ -489,4 +498,4 @@
   }
 }
 
-?>
+?>
\ No newline at end of file
Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user.module,v
retrieving revision 1.498
diff -u -r1.498 user.module
--- modules/user.module	5 Aug 2005 01:18:39 -0000	1.498
+++ modules/user.module	9 Aug 2005 14:11:55 -0000
@@ -1438,6 +1438,11 @@
   $form .= form_hidden('type', 'host');
   $form .= form_submit(t('Check host'));
   $output .= form_group(t('Host'), form($form));
+  
+  $form = form_textfield('', 'test', '', 30, 64, t('Enter a referrer to check if it will be denied or allowed.'));
+  $form .= form_hidden('type', 'referrer');
+  $form .= form_submit(t('Check referrer'));
+  $output .= form_group(t('Referrer'), form($form));
 
   return $output;
 }
@@ -1516,7 +1521,7 @@
 
 function _user_admin_access_form($edit) {
   $output = '<div class="access-type">'. form_radios(t('Access type'), 'status', $edit['status'], array('1' => t('Allow'), '0' => t('Deny'))) .'</div>';
-  $output .= '<div class="rule-type">'. form_radios(t('Rule type'), 'type', $edit['type'] ? $edit['type'] : 'user', array('user' => t('Username'), 'mail' => t('E-mail'), 'host' => t('Host'))) .'</div>';
+  $output .= '<div class="rule-type">'. form_radios(t('Rule type'), 'type', $edit['type'] ? $edit['type'] : 'user', array('user' => t('Username'), 'mail' => t('E-mail'), 'host' => t('Host'), 'referrer' => t('Referrer'))) .'</div>';
   $output .= '<div class="mask">'. form_textfield(t('Mask'), 'mask', $edit['mask'], 30, 64, '%: '. t('Matches any number of characters, even zero characters') .'.<br />_: '. t('Matches exactly one character.'), NULL, TRUE) .'</div>';
 
   return $output;
@@ -1528,7 +1533,7 @@
 function user_admin_access() {
   $header = array(array('data' => t('Access type'), 'field' => 'status'), array('data' => t('Rule type'), 'field' => 'type'), array('data' =>t('Mask'), 'field' => 'mask'), array('data' => t('Operations'), 'colspan' => 2));
   $result = db_query("SELECT aid, type, status, mask FROM {access}". tablesort_sql($header));
-  $access_types = array('user' => t('username'), 'mail' => t('e-mail'), 'host' => t('host'));
+  $access_types = array('user' => t('username'), 'mail' => t('e-mail'), 'host' => t('host'), 'referrer' => t('referrer'));
   $rows = array();
   while ($rule = db_fetch_object($result)) {
     $rows[] = array($rule->status ? t('allow') : t('deny'), $access_types[$rule->type], $rule->mask, l(t('edit'), 'admin/access/rules/edit/'. $rule->aid), l(t('delete'), 'admin/access/rules/delete/'. $rule->aid));
@@ -1788,7 +1793,7 @@
     case 'admin/user/account/create':
       return t('<p>This web page allows the administrators to register a new users by hand. Note that you cannot have a user where either the e-mail address or the username match another user in the system.</p>');
     case strstr($section, 'admin/access/rules'):
-      return t('<p>Set up username and e-mail address access rules for new accounts. If a username or email address for a new account matches any deny rule, but not an allow rule, then the new account will not be allowed to be created. A host rule is effective for every page view, not just registrations.</p>');
+      return t('<p>Set up username and e-mail address access rules for new accounts. If a username or email address for a new account matches any deny rule, but not an allow rule, then the new account will not be allowed to be created. Host and referrer rules are effective for every page view, not just registrations.</p>');
     case 'admin/access':
       return t('<p>Permissions let you control what users can do on your site.  Each user role (defined on the <a href="%role">user roles page</a>) has its own set of permissions. For example, you could give users classified as "Administrators" permission to "administer nodes" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.</p>', array('%role' => url('admin/access/roles')));
     case 'admin/access/roles':
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.60
diff -u -r1.60 bootstrap.inc
--- includes/bootstrap.inc	5 Aug 2005 00:49:02 -0000	1.60
+++ includes/bootstrap.inc	9 Aug 2005 14:11:55 -0000
@@ -844,12 +844,17 @@
       // Start a page timer:
       timer_start('page');
 
-      // deny access to hosts which were banned. t() is not yet available.
+      // deny access to hosts and referrers which were banned. t() is not yet available.
       if (drupal_is_denied('host', $_SERVER['REMOTE_ADDR'])) {
         header('HTTP/1.0 403 Forbidden');
         print "Sorry, ". $_SERVER['REMOTE_ADDR']. " has been banned.";
         exit();
       }
+      elseif (drupal_is_denied('referrer', $_SERVER['HTTP_REFERER'])) {
+        header('HTTP/1.0 403 Forbidden');
+        print "Sorry, the referer ". $_SERVER['HTTP_REFERER']. " has been banned.";
+        exit();
+      }
 
       // Initialize configuration variables, using values from conf.php if available.
       $conf = variable_init(isset($conf) ? $conf : array());
@@ -879,4 +884,4 @@
   $theme = '';
 }
 
-?>
\ No newline at end of file
+?>