Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Comments integration module

[2] Fix | Delete

[3] Fix | Delete

* Malicious user detection techniques available:

[4] Fix | Delete

[5] Fix | Delete

* 1. Zero Spam honeypot field

[6] Fix | Delete

* 2. Checks blocked email domains (author email)

[7] Fix | Delete

* 3. Uses the David Walsh technique

[8] Fix | Delete

* 4. Checks against the disallowed words list

[9] Fix | Delete

[10] Fix | Delete

* @package ZeroSpam

[11] Fix | Delete

[12] Fix | Delete

[13] Fix | Delete

namespace ZeroSpam\Modules\Comments;

[14] Fix | Delete

[15] Fix | Delete

use WP_Error;

[16] Fix | Delete

[17] Fix | Delete

// Security Note: Blocks direct access to the plugin PHP files.

[18] Fix | Delete

defined( 'ABSPATH' ) || die();

[19] Fix | Delete

[20] Fix | Delete

/**

[21] Fix | Delete

* Comments

[22] Fix | Delete

[23] Fix | Delete

class Comments {

[24] Fix | Delete

/**

[25] Fix | Delete

* Constructor

[26] Fix | Delete

[27] Fix | Delete

public function __construct() {

[28] Fix | Delete

add_action( 'init', array( $this, 'init' ) );

[29] Fix | Delete

}

[30] Fix | Delete

[31] Fix | Delete

/**

[32] Fix | Delete

* Fires after WordPress has finished loading but before any headers are sent.

[33] Fix | Delete

[34] Fix | Delete

public function init() {

[35] Fix | Delete

add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );

[36] Fix | Delete

add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );

[37] Fix | Delete

add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );

[38] Fix | Delete

[39] Fix | Delete

if (

[40] Fix | Delete

'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_comments' ) &&

[41] Fix | Delete

\ZeroSpam\Core\Access::process()

[42] Fix | Delete

) {

[43] Fix | Delete

add_action( 'comment_form_before', array( $this, 'add_scripts' ) );

[44] Fix | Delete

add_filter( 'comment_form_defaults', array( $this, 'honeypot' ) );

[45] Fix | Delete

add_action( 'preprocess_comment', array( $this, 'preprocess_comments' ) );

[46] Fix | Delete

}

[47] Fix | Delete

}

[48] Fix | Delete

[49] Fix | Delete

/**

[50] Fix | Delete

* Add to the detection types array

[51] Fix | Delete

[52] Fix | Delete

* @param array $types Array of available detection types.

[53] Fix | Delete

[54] Fix | Delete

public function types( $types ) {

[55] Fix | Delete

$types['comment'] = array(

[56] Fix | Delete

'label' => __( 'Comment', 'zero-spam' ),

[57] Fix | Delete

'color' => '#0073aa',

[58] Fix | Delete

);

[59] Fix | Delete

[60] Fix | Delete

return $types;

[61] Fix | Delete

}

[62] Fix | Delete

[63] Fix | Delete

/**

[64] Fix | Delete

* Load the scripts

[65] Fix | Delete

[66] Fix | Delete

public function add_scripts() {

[67] Fix | Delete

// Only add scripts to the appropriate pages.

[68] Fix | Delete

if (

[69] Fix | Delete

'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_comments' ) &&

[70] Fix | Delete

'enabled' === \ZeroSpam\Core\Settings::get_settings( 'davidwalsh' )

[71] Fix | Delete

) {

[72] Fix | Delete

wp_enqueue_script( 'zerospam-davidwalsh' );

[73] Fix | Delete

add_action(

[74] Fix | Delete

'wp_footer',

[75] Fix | Delete

function (): void {

[76] Fix | Delete

// .wpd_comm_form for the wpDiscuz plugin

[77] Fix | Delete

echo '<script type="text/javascript">document.addEventListener("DOMContentLoaded", function() { jQuery(".comment-form, #commentform, .wpd_comm_form").ZeroSpamDavidWalsh(); });</script>';

[78] Fix | Delete

[79] Fix | Delete

999

[80] Fix | Delete

);

[81] Fix | Delete

}

[82] Fix | Delete

}

[83] Fix | Delete

[84] Fix | Delete

/**

[85] Fix | Delete

* Preprocess comments

[86] Fix | Delete

[87] Fix | Delete

* @param array $commentdata Comment data array.

[88] Fix | Delete

[89] Fix | Delete

public function preprocess_comments( $commentdata ) {

[90] Fix | Delete

// @codingStandardsIgnoreLine

[91] Fix | Delete

$post = \ZeroSpam\Core\Utilities::sanitize_array( $_POST );

[92] Fix | Delete

[93] Fix | Delete

// Get the error message.

[94] Fix | Delete

$error_message = \ZeroSpam\Core\Utilities::detection_message( 'comment_spam_message' );

[95] Fix | Delete

[96] Fix | Delete

// Create the details array for logging & sharing data.

[97] Fix | Delete

$details = $commentdata;

[98] Fix | Delete

[99] Fix | Delete

$details['type'] = 'comment';

[100] Fix | Delete

[101] Fix | Delete

// Begin validation checks.

[102] Fix | Delete

$validation_errors = array();

[103] Fix | Delete

[104] Fix | Delete

// Check Zero Spam's honeypot field.

[105] Fix | Delete

$honeypot_field_name = \ZeroSpam\Core\Utilities::get_honeypot();

[106] Fix | Delete

// @codingStandardsIgnoreLine

[107] Fix | Delete

if ( isset( $post[ $honeypot_field_name ] ) && ! empty( $post[ $honeypot_field_name ] ) ) {

[108] Fix | Delete

// Failed the honeypot check.

[109] Fix | Delete

$details['failed'] = 'honeypot';

[110] Fix | Delete

[111] Fix | Delete

$validation_errors[] = 'honeypot';

[112] Fix | Delete

}

[113] Fix | Delete

[114] Fix | Delete

// Check email.

[115] Fix | Delete

if ( ! empty( $commentdata['comment_author_email'] ) && ! \ZeroSpam\Core\Utilities::is_email( $commentdata['comment_author_email'] ) ) {

[116] Fix | Delete

$validation_errors[] = 'invalid_email';

[117] Fix | Delete

}

[118] Fix | Delete

[119] Fix | Delete

// Check blocked email domains.

[120] Fix | Delete

if (

[121] Fix | Delete

! empty( $commentdata['comment_author_email'] ) &&

[122] Fix | Delete

\ZeroSpam\Core\Utilities::is_email_domain_blocked( $commentdata['comment_author_email'] )

[123] Fix | Delete

) {

[124] Fix | Delete

// Email domain has been blocked.

[125] Fix | Delete

$validation_errors[] = 'blocked_email_domain';

[126] Fix | Delete

}

[127] Fix | Delete

[128] Fix | Delete

// Fire hook for additional validation (ex. David Walsh script).

[129] Fix | Delete

$post['comment_author_email'] = $commentdata['comment_author_email'];

[130] Fix | Delete

[131] Fix | Delete

$filtered_errors = apply_filters( 'zerospam_preprocess_comment_submission', array(), $post, 'comment_spam_message' );

[132] Fix | Delete

[133] Fix | Delete

if ( ! empty( $filtered_errors ) ) {

[134] Fix | Delete

foreach ( $filtered_errors as $key => $message ) {

[135] Fix | Delete

$validation_errors[] = str_replace( 'zerospam_', '', $key );

[136] Fix | Delete

}

[137] Fix | Delete

}

[138] Fix | Delete

[139] Fix | Delete

// Check comment disallowed list.

[140] Fix | Delete

$disallowed_check = array(

[141] Fix | Delete

'author' => ! empty( $commentdata['comment_author'] ) ? $commentdata['comment_author'] : false,

[142] Fix | Delete

'email' => ! empty( $commentdata['comment_author_email'] ) ? $commentdata['comment_author_email'] : false,

[143] Fix | Delete

'url' => ! empty( $commentdata['comment_author_url'] ) ? $commentdata['comment_author_url'] : false,

[144] Fix | Delete

'content' => ! empty( $commentdata['comment_content'] ) ? $commentdata['comment_content'] : false,

[145] Fix | Delete

'ip' => \ZeroSpam\Core\User::get_ip(),

[146] Fix | Delete

'agent' => ! empty( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : false,

[147] Fix | Delete

);

[148] Fix | Delete

[149] Fix | Delete

if ( wp_check_comment_disallowed_list(

[150] Fix | Delete

$disallowed_check['author'],

[151] Fix | Delete

$disallowed_check['email'],

[152] Fix | Delete

$disallowed_check['url'],

[153] Fix | Delete

$disallowed_check['content'],

[154] Fix | Delete

$disallowed_check['ip'],

[155] Fix | Delete

$disallowed_check['agent'],

[156] Fix | Delete

) ) {

[157] Fix | Delete

$validation_errors[] = 'disallowed_list';

[158] Fix | Delete

}

[159] Fix | Delete

[160] Fix | Delete

if ( ! empty( $validation_errors ) ) {

[161] Fix | Delete

// Failed validations, log & send details if enabled.

[162] Fix | Delete

foreach ( $validation_errors as $key => $fail ) {

[163] Fix | Delete

$details['failed'] = $fail;

[164] Fix | Delete

[165] Fix | Delete

// Log the detection if enabled.

[166] Fix | Delete

if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'log_blocked_comments' ) ) {

[167] Fix | Delete

\ZeroSpam\Includes\DB::log( 'comment', $details );

[168] Fix | Delete

}

[169] Fix | Delete

[170] Fix | Delete

// Share the detection if enabled.

[171] Fix | Delete

if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'share_data' ) ) {

[172] Fix | Delete

do_action( 'zerospam_share_detection', $details );

[173] Fix | Delete

}

[174] Fix | Delete

}

[175] Fix | Delete

[176] Fix | Delete

\ZeroSpam\Core\Access::terminate_execution(

[177] Fix | Delete

\ZeroSpam\Core\Utilities::detection_title( 'comment_spam_message' ),

[178] Fix | Delete

$error_message

[179] Fix | Delete

);

[180] Fix | Delete

}

[181] Fix | Delete

[182] Fix | Delete

return $commentdata;

[183] Fix | Delete

}

[184] Fix | Delete

[185] Fix | Delete

/**

[186] Fix | Delete

* Add a 'honeypot' field to the comment form

[187] Fix | Delete

[188] Fix | Delete

* @param array $defaults The default comment form arguments.

[189] Fix | Delete

[190] Fix | Delete

public function honeypot( $defaults ) {

[191] Fix | Delete

$defaults['fields']['wpzerospam_hp'] = \ZeroSpam\Core\Utilities::honeypot_field();

[192] Fix | Delete

[193] Fix | Delete

return $defaults;

[194] Fix | Delete

}

[195] Fix | Delete

[196] Fix | Delete

/**

[197] Fix | Delete

* Admin setting sections

[198] Fix | Delete

[199] Fix | Delete

* @param array $sections Array of admin setting sections.

[200] Fix | Delete

[201] Fix | Delete

public function sections( $sections ) {

[202] Fix | Delete

$sections['comments'] = array(

[203] Fix | Delete

'title' => __( 'Comments', 'zero-spam' ),

[204] Fix | Delete

'icon' => 'assets/img/icon-wordpress.svg',

[205] Fix | Delete

'supports' => array( 'honeypot', 'email', 'davidwalsh', 'words' ),

[206] Fix | Delete

);

[207] Fix | Delete

[208] Fix | Delete

return $sections;

[209] Fix | Delete

}

[210] Fix | Delete

[211] Fix | Delete

/**

[212] Fix | Delete

* Admin settings

[213] Fix | Delete

[214] Fix | Delete

* @param array $settings Array of available settings.

[215] Fix | Delete

[216] Fix | Delete

public function settings( $settings ) {

[217] Fix | Delete

$options = get_option( 'zero-spam-comments' );

[218] Fix | Delete

[219] Fix | Delete

$settings['verify_comments'] = array(

[220] Fix | Delete

'title' => __( 'Protect Comments', 'zero-spam' ),

[221] Fix | Delete

'desc' => __( 'Protects & monitors comment submissions.', 'zero-spam' ),

[222] Fix | Delete

'section' => 'comments',

[223] Fix | Delete

'module' => 'comments',

[224] Fix | Delete

'type' => 'checkbox',

[225] Fix | Delete

'options' => array(

[226] Fix | Delete

'enabled' => false

[227] Fix | Delete

[228] Fix | Delete

'value' => ! empty( $options['verify_comments'] ) ? $options['verify_comments'] : false,

[229] Fix | Delete

'recommended' => 'enabled',

[230] Fix | Delete

);

[231] Fix | Delete

[232] Fix | Delete

$message = __( 'Your IP has been flagged as spam/malicious.', 'zero-spam' );

[233] Fix | Delete

[234] Fix | Delete

$settings['comment_spam_message'] = array(

[235] Fix | Delete

'title' => __( 'Flagged Message', 'zero-spam' ),

[236] Fix | Delete

'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),

[237] Fix | Delete

'section' => 'comments',

[238] Fix | Delete

'module' => 'comments',

[239] Fix | Delete

'type' => 'text',

[240] Fix | Delete

'field_class' => 'large-text',

[241] Fix | Delete

'placeholder' => $message,

[242] Fix | Delete

'value' => ! empty( $options['comment_spam_message'] ) ? $options['comment_spam_message'] : $message,

[243] Fix | Delete

'recommended' => $message,

[244] Fix | Delete

);

[245] Fix | Delete

[246] Fix | Delete

$settings['log_blocked_comments'] = array(

[247] Fix | Delete

'title' => __( 'Log Blocked Comments', 'zero-spam' ),

[248] Fix | Delete

'section' => 'comments',

[249] Fix | Delete

'module' => 'comments',

[250] Fix | Delete

'type' => 'checkbox',

[251] Fix | Delete

'desc' => wp_kses(

[252] Fix | Delete

__( 'When enabled, stores blocked comment submissions in the database.', 'zero-spam' ),

[253] Fix | Delete

array( 'strong' => array() )

[254] Fix | Delete

[255] Fix | Delete

'options' => array(

[256] Fix | Delete

'enabled' => false,

[257] Fix | Delete

[258] Fix | Delete

'value' => ! empty( $options['log_blocked_comments'] ) ? $options['log_blocked_comments'] : false,

[259] Fix | Delete

'recommended' => 'enabled',

[260] Fix | Delete

);

[261] Fix | Delete

[262] Fix | Delete

return $settings;

[263] Fix | Delete

}

[264] Fix | Delete

}

[265] Fix | Delete

[266] Fix | Delete