Use an event for the spam check in message forms

wcfsetup/install/files/lib/bootstrap/com.woltlab.wcf.php

@@ -41,6 +41,10 @@ static function (\wcf\event\session\PreserveVariablesCollecting $event) {
  \wcf\event\page\ContactFormSpamChecking::class,
  \wcf\system\event\listener\ContactFormSpamCheckingSfsListener::class
  );
+ $eventHandler->register(
+ \wcf\event\message\MessageSpamChecking::class,
+ \wcf\system\event\listener\MessageSpamCheckingSfsListener::class
+ );
 
  $eventHandler->register(
  \wcf\event\package\PackageListChanged::class,

wcfsetup/install/files/lib/event/message/MessageSpamChecking.class.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace wcf\event\message;
+
+use wcf\data\user\User;
+use wcf\event\IInterruptableEvent;
+use wcf\event\TInterruptableEvent;
+use wcf\system\html\input\HtmlInputProcessor;
+
+/**
+ * Indicates that a new message by a user is currently validated. If this event is interrupted,
+ * the message is considered to be spam.
+ *
+ * @author Marcel Werk
+ * @copyright 2001-2024 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.1
+ */
+final class MessageSpamChecking implements IInterruptableEvent
+{
+ use TInterruptableEvent;
+
+ public function __construct(
+ public readonly HtmlInputProcessor $processor,
+ public readonly ?User $user = null,
+ public readonly string $ipAddress = '',
+ public readonly string $subject = '',
+ ) {
+ }
+}

wcfsetup/install/files/lib/form/MessageForm.class.php

@@ -6,8 +6,10 @@
 use wcf\data\smiley\category\SmileyCategory;
 use wcf\data\smiley\Smiley;
 use wcf\data\smiley\SmileyCache;
+use wcf\event\message\MessageSpamChecking;
 use wcf\system\attachment\AttachmentHandler;
 use wcf\system\bbcode\BBCodeHandler;
+use wcf\system\event\EventHandler;
 use wcf\system\exception\UserInputException;
 use wcf\system\html\input\HtmlInputProcessor;
 use wcf\system\html\upcast\HtmlUpcastProcessor;
@@ -16,6 +18,7 @@
 use wcf\system\WCF;
 use wcf\util\MessageUtil;
 use wcf\util\StringUtil;
+use wcf\util\UserUtil;
 
 /**
  * MessageForm is an abstract form implementation for a message with optional captcha support.
@@ -347,4 +350,22 @@ public function assignVariables()
  'tmpHash' => $this->tmpHash,
  ]);
  }
+
+ /**
+ * This method triggers the event for the spam check and returns the result.
+ *
+ * @since 6.1
+ */
+ protected function messageIsProbablySpam(): bool
+ {
+ $event = new MessageSpamChecking(
+ $this->htmlInputProcessor,
+ WCF::getUser()->userID ? WCF::getUser() : null,
+ UserUtil::getIpAddress(),
+ $this->subject,
+ );
+ EventHandler::getInstance()->fire($event);
+
+ return $event->defaultPrevented();
+ }
 }

wcfsetup/install/files/lib/system/event/listener/MessageSpamCheckingSfsListener.class.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace wcf\system\event\listener;
+
+use wcf\data\blacklist\entry\BlacklistEntry;
+use wcf\event\message\MessageSpamChecking;
+use wcf\system\cache\runtime\UserProfileRuntimeCache;
+
+/**
+ * Checks for spam messages using data from Stop Forum Spam.
+ *
+ * @author Marcel Werk
+ * @copyright 2001-2024 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @since 6.1
+ */
+final class MessageSpamCheckingSfsListener
+{
+ public function __invoke(MessageSpamChecking $event): void
+ {
+ if (!\BLACKLIST_SFS_ENABLE) {
+ return;
+ }
+
+ if ($event->user !== null) {
+ // Skip spam check for admins and moderators
+ $userProfile = UserProfileRuntimeCache::getInstance()->getObject($event->user->userID);
+ if (
+ $userProfile->getPermission('admin.general.canUseAcp')
+ || $userProfile->getPermission('mod.general.canUseModeration')
+ ) {
+ return;
+ }
+ }
+
+ if (BlacklistEntry::getMatches(
+ $event->user ? $event->user->username : '',
+ $event->user ? $event->user->email : '',
+ $event->ipAddress,
+ ) !== []) {
+ $event->preventDefault();
+ }
+ }
+}