<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Gravity Forms plugin integration module

[2] Fix | Delete

*

[3] Fix | Delete

* Malicious user detection techniques available:

[4] Fix | Delete

*

[5] Fix | Delete

* 1. Zero Spam honeypot field

[6] Fix | Delete

*

[7] Fix | Delete

* @package ZeroSpam

[8] Fix | Delete

*/

[9] Fix | Delete

[10] Fix | Delete

namespace ZeroSpam\Modules\GravityForms;

[11] Fix | Delete

[12] Fix | Delete

// Security Note: Blocks direct access to the plugin PHP files.

[13] Fix | Delete

defined( 'ABSPATH' ) || die();

[14] Fix | Delete

[15] Fix | Delete

/**

[16] Fix | Delete

* Gravity Forms

[17] Fix | Delete

*/

[18] Fix | Delete

class GravityForms {

[19] Fix | Delete

/**

[20] Fix | Delete

* Constructor

[21] Fix | Delete

*/

[22] Fix | Delete

public function __construct() {

[23] Fix | Delete

add_action( 'init', array( $this, 'init' ) );

[24] Fix | Delete

}

[25] Fix | Delete

[26] Fix | Delete

/**

[27] Fix | Delete

* Fires after WordPress has finished loading but before any headers are sent.

[28] Fix | Delete

*/

[29] Fix | Delete

public function init() {

[30] Fix | Delete

add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );

[31] Fix | Delete

add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 2 );

[32] Fix | Delete

add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );

[33] Fix | Delete

[34] Fix | Delete

if (

[35] Fix | Delete

'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_gravityforms' ) &&

[36] Fix | Delete

\ZeroSpam\Core\Access::process()

[37] Fix | Delete

) {

[38] Fix | Delete

// Adds Zero Spam's honeypot field.

[39] Fix | Delete

add_filter( 'gform_form_tag', array( $this, 'add_honeypot' ), 60, 2 );

[40] Fix | Delete

[41] Fix | Delete

// Processes the form.

[42] Fix | Delete

add_action( 'gform_abort_submission_with_confirmation', array( $this, 'process_form' ), 10, 2 );

[43] Fix | Delete

add_filter( 'gform_confirmation', array( $this, 'confirmation_message' ), 10, 4 );

[44] Fix | Delete

/*

[45] Fix | Delete

// Load scripts.

[46] Fix | Delete

add_action( 'wp_print_scripts', array( $this, 'add_scripts' ), 999 );

[47] Fix | Delete

*/

[48] Fix | Delete

}

[49] Fix | Delete

}

[50] Fix | Delete

[51] Fix | Delete

/**

[52] Fix | Delete

* Add to the types array

[53] Fix | Delete

*

[54] Fix | Delete

* @param array $types Array of available detection types.

[55] Fix | Delete

*/

[56] Fix | Delete

public function types( $types ) {

[57] Fix | Delete

$types['gravityforms'] = array(

[58] Fix | Delete

'label' => __( 'Gravity Forms', 'zero-spam' ),

[59] Fix | Delete

'color' => '#f15a29',

[60] Fix | Delete

);

[61] Fix | Delete

[62] Fix | Delete

return $types;

[63] Fix | Delete

}

[64] Fix | Delete

[65] Fix | Delete

/**

[66] Fix | Delete

* Admin section

[67] Fix | Delete

*

[68] Fix | Delete

* @param array $sections Array of available setting sections.

[69] Fix | Delete

*/

[70] Fix | Delete

public function sections( $sections ) {

[71] Fix | Delete

$sections['gravityforms'] = array(

[72] Fix | Delete

'title' => __( 'Gravity Forms', 'zero-spam' ),

[73] Fix | Delete

'icon' => 'modules/gravityforms/icon-gravity-forms.svg',

[74] Fix | Delete

'supports' => array( 'honeypot' ),

[75] Fix | Delete

);

[76] Fix | Delete

[77] Fix | Delete

return $sections;

[78] Fix | Delete

}

[79] Fix | Delete

[80] Fix | Delete

/**

[81] Fix | Delete

* Load the scripts

[82] Fix | Delete

*

[83] Fix | Delete

* @see https://givewp.com/documentation/developers/conditionally-load-give-styles-and-scripts/

[84] Fix | Delete

*/

[85] Fix | Delete

public function add_scripts() {

[86] Fix | Delete

// wp_enqueue_script( 'zerospam-davidwalsh' );

[87] Fix | Delete

// wp_add_inline_script( 'zerospam-davidwalsh', 'jQuery(".give-form").ZeroSpamDavidWalsh();' );

[88] Fix | Delete

}

[89] Fix | Delete

[90] Fix | Delete

[91] Fix | Delete

/**

[92] Fix | Delete

* Adds Zero Spam's honeypot field.

[93] Fix | Delete

*

[94] Fix | Delete

* @see https://docs.gravityforms.com/gform_form_tag/#h-add-hidden-input

[95] Fix | Delete

*

[96] Fix | Delete

* @param string $form_tag The string containing the <form> tag

[97] Fix | Delete

* @param array $form The current form object to be filtered.

[98] Fix | Delete

*/

[99] Fix | Delete

public function add_honeypot( $form_tag, $form ) {

[100] Fix | Delete

$form_tag .= \ZeroSpam\Core\Utilities::honeypot_field();

[101] Fix | Delete

[102] Fix | Delete

return $form_tag;

[103] Fix | Delete

}

[104] Fix | Delete

[105] Fix | Delete

public function confirmation_message( $confirmation, $form, $entry, $ajax ) {

[106] Fix | Delete

if ( empty( $entry ) || rgar( $entry, 'status' ) === 'spam' ) {

[107] Fix | Delete

$error_message = \ZeroSpam\Core\Utilities::detection_message( 'gravityforms_spam_message' );

[108] Fix | Delete

[109] Fix | Delete

return $error_message;

[110] Fix | Delete

}

[111] Fix | Delete

[112] Fix | Delete

return $confirmation;

[113] Fix | Delete

}

[114] Fix | Delete

[115] Fix | Delete

/**

[116] Fix | Delete

* Processes a donation submission.

[117] Fix | Delete

*

[118] Fix | Delete

* @param boolean $do_abort Indicates if the submission should abort without saving the entry. Default is false. Will be true if the anti-spam honeypot is enabled and the honeypot identified the submission as spam.

[119] Fix | Delete

* @param FormObject $form The form currently being processed.

[120] Fix | Delete

*/

[121] Fix | Delete

public function process_form( $do_abort, $form ) {

[122] Fix | Delete

// // If submission is already marked to be aborted early, don't change it.

[123] Fix | Delete

if ( $do_abort ) {

[124] Fix | Delete

return true;

[125] Fix | Delete

}

[126] Fix | Delete

[127] Fix | Delete

// @codingStandardsIgnoreLine

[128] Fix | Delete

$post = \ZeroSpam\Core\Utilities::sanitize_array( $_POST );

[129] Fix | Delete

[130] Fix | Delete

// Check Zero Spam's honeypot field.

[131] Fix | Delete

$honeypot_field_name = \ZeroSpam\Core\Utilities::get_honeypot();

[132] Fix | Delete

[133] Fix | Delete

// Create the details array for logging & sharing data.

[134] Fix | Delete

$details = $post;

[135] Fix | Delete

[136] Fix | Delete

$details['type'] = 'gravityforms';

[137] Fix | Delete

[138] Fix | Delete

// Begin validation checks.

[139] Fix | Delete

$validation_errors = array();

[140] Fix | Delete

[141] Fix | Delete

// @codingStandardsIgnoreLine

[142] Fix | Delete

if ( isset( $post[ $honeypot_field_name ] ) && ! empty( $post[ $honeypot_field_name ] ) ) {

[143] Fix | Delete

// Failed the honeypot check.

[144] Fix | Delete

$validation_errors[] = 'honeypot';

[145] Fix | Delete

}

[146] Fix | Delete

[147] Fix | Delete

if ( ! empty( $validation_errors ) ) {

[148] Fix | Delete

do_action( 'zero_spam_detection', $details, $validation_errors );

[149] Fix | Delete

$do_abort = true;

[150] Fix | Delete

[151] Fix | Delete

// Failed validations, log & send details if enabled.

[152] Fix | Delete

foreach ( $validation_errors as $key => $fail ) {

[153] Fix | Delete

$details['failed'] = $fail;

[154] Fix | Delete

[155] Fix | Delete

// Log the detection if enabled.

[156] Fix | Delete

if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'log_blocked_gravityforms' ) ) {

[157] Fix | Delete

\ZeroSpam\Includes\DB::log( 'gravityforms', $details );

[158] Fix | Delete

}

[159] Fix | Delete

[160] Fix | Delete

// Share the detection if enabled.

[161] Fix | Delete

if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'share_data' ) ) {

[162] Fix | Delete

do_action( 'zerospam_share_detection', $details );

[163] Fix | Delete

}

[164] Fix | Delete

}

[165] Fix | Delete

}

[166] Fix | Delete

[167] Fix | Delete

return $do_abort;

[168] Fix | Delete

}

[169] Fix | Delete

[170] Fix | Delete

/**

[171] Fix | Delete

* Admin settings

[172] Fix | Delete

*

[173] Fix | Delete

* @param array $settings Array of available settings.

[174] Fix | Delete

*/

[175] Fix | Delete

public function settings( $settings ) {

[176] Fix | Delete

$options = get_option( 'zero-spam-gravityforms' );

[177] Fix | Delete

[178] Fix | Delete

$settings['verify_gravityforms'] = array(

[179] Fix | Delete

'title' => sprintf(

[180] Fix | Delete

wp_kses(

[181] Fix | Delete

/* translators: %s: url */

[182] Fix | Delete

__( 'Protect <a href="%s" target="_blank" rel="noreferrer noopener">Gravity Form</a> Submissions', 'zero-spam' ),

[183] Fix | Delete

array(

[184] Fix | Delete

'a' => array(

[185] Fix | Delete

'href' => array(),

[186] Fix | Delete

'class' => array(),

[187] Fix | Delete

'target' => array(),

[188] Fix | Delete

'rel' => array(),

[189] Fix | Delete

),

[190] Fix | Delete

)

[191] Fix | Delete

),

[192] Fix | Delete

esc_url( 'https://www.gravityforms.com/' )

[193] Fix | Delete

),

[194] Fix | Delete

'desc' => __( 'Protects & monitors Gravity Form submissions (requires >=v2.7 to enable).', 'zero-spam' ),

[195] Fix | Delete

'section' => 'gravityforms',

[196] Fix | Delete

'module' => 'gravityforms',

[197] Fix | Delete

'type' => 'checkbox',

[198] Fix | Delete

'options' => array(

[199] Fix | Delete

'enabled' => false,

[200] Fix | Delete

),

[201] Fix | Delete

'value' => ! empty( $options['verify_gravityforms'] ) ? $options['verify_gravityforms'] : false,

[202] Fix | Delete

'recommended' => 'enabled',

[203] Fix | Delete

);

[204] Fix | Delete

[205] Fix | Delete

$message = __( 'We were unable to process your submission due to possible malicious activity.', 'zero-spam' );

[206] Fix | Delete

$settings['gravityforms_spam_message'] = array(

[207] Fix | Delete

'title' => __( 'Flagged Message', 'zero-spam' ),

[208] Fix | Delete

'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),

[209] Fix | Delete

'section' => 'gravityforms',

[210] Fix | Delete

'module' => 'gravityforms',

[211] Fix | Delete

'type' => 'text',

[212] Fix | Delete

'field_class' => 'large-text',

[213] Fix | Delete

'placeholder' => $message,

[214] Fix | Delete

'value' => ! empty( $options['gravityforms_spam_message'] ) ? $options['gravityforms_spam_message'] : $message,

[215] Fix | Delete

'recommended' => $message,

[216] Fix | Delete

);

[217] Fix | Delete

[218] Fix | Delete

$settings['log_blocked_gravityforms'] = array(

[219] Fix | Delete

'title' => __( 'Log Blocked Gravity Form Submissions', 'zero-spam' ),

[220] Fix | Delete

'section' => 'gravityforms',

[221] Fix | Delete

'module' => 'gravityforms',

[222] Fix | Delete

'type' => 'checkbox',

[223] Fix | Delete

'desc' => wp_kses(

[224] Fix | Delete

__( 'When enabled, stores blocked form submissions in the database.', 'zero-spam' ),

[225] Fix | Delete

array( 'strong' => array() )

[226] Fix | Delete

),

[227] Fix | Delete

'options' => array(

[228] Fix | Delete

'enabled' => false,

[229] Fix | Delete

),

[230] Fix | Delete

'value' => ! empty( $options['log_blocked_gravityforms'] ) ? $options['log_blocked_gravityforms'] : false,

[231] Fix | Delete

'recommended' => 'enabled',

[232] Fix | Delete

);

[233] Fix | Delete

[234] Fix | Delete

return $settings;

[235] Fix | Delete

}

[236] Fix | Delete

}

[237] Fix | Delete

[238] Fix | Delete