Skip to content

Commit

Permalink
Merge pull request #23 from CleanTalk/release_280
Browse files Browse the repository at this point in the history 
Release 280
  • Loading branch information
@AntonV1211
AntonV1211 authored Sep 2, 2024
2 parents c2c6258 + a64a520 commit 9bb0b96
Show file tree
Hide file tree
Showing 14 changed files with 442 additions and 144 deletions.
11 changes: 8 additions & 3 deletions cleantalk/cleantalk.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ function ct_attach_js($buffer){
global $apbct_checkjs_val;
if(
!(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') // No ajax
&& preg_match('/^\s*(<!doctype|<html)[\s\S]*html>/i', $buffer) == 1 // Only for HTML documents
&& preg_match('/\s*(<!doctype|<html)[\s\S]*html>/i', $buffer) == 1 // Only for HTML documents
){
$html_addition =
'<script>var apbct_checkjs_val = "' . $apbct_checkjs_val . '";</script>'
Expand Down Expand Up @@ -117,9 +117,14 @@ function ct_attach_js($buffer){
apbct_spam_test($_GET);
}

$request_data = $_POST;
if ( empty($request_data) ) {
$request_data = getRequestDataFromRaw();
}

// General spam test
if(!empty($_POST)){
apbct_spam_test($_POST);
if( ! empty($request_data) ){
apbct_spam_test($request_data);
}

// Set Cookies test for cookie test
Expand Down
9 changes: 7 additions & 2 deletions cleantalk/config.php
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
<?php

//warning: do not use ";" symbol in strings without serialization!
//Settings
$antispam_activity_status = true;
$registrations_test = true;
$general_postdata_test = false;
$spam_firewall = true;
$general_post_exclusion_usage = false;
// exclusion by service field
$service_field_in_post_exclusion_enabled = false;
//form post data signs exclusions
$form_post_exclusions_enabled = false;
$form_post_signs_exclusions_set = array (
);

// Statistics
$sfw_last_update = 0;
Expand Down
143 changes: 139 additions & 4 deletions cleantalk/inc/admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ function uninstall( $files = array() ){
File::replace__variable( $path_to_config, 'registrations_test', true );
File::replace__variable( $path_to_config, 'general_postdata_test', false );
File::replace__variable( $path_to_config, 'spam_firewall', true );
File::replace__variable( $path_to_config, 'general_post_exclusion_usage', false );
File::replace__variable( $path_to_config, 'service_field_in_post_exclusion_enabled', false );

// Deleting cron tasks
File::replace__variable( CLEANTALK_CRON_FILE, 'tasks', array() );
Expand Down Expand Up @@ -265,6 +265,14 @@ function detect_cms( $path_to_index, $out = 'Unknown' ){
//moodle moodle
if ( preg_match('/(moodle.*?)/', $index_file) ) {
$out = 'moodle';
}
// OpenMage
if ( preg_match('/(OpenMage.*?)/', $index_file) ) {
$out = 'OpenMage';
}
// vBulletin
if ( preg_match('/(vBulletin.*?)/', $index_file) ) {
$out = 'vBulletin';
}
}

Expand Down Expand Up @@ -296,13 +304,13 @@ function apbct__plugin_update_message() {
*/
function apbct__cscart_js_snippet() {
global $apikey, $apbct_salt, $detected_cms;

// Only for CsCart
if ($detected_cms != 'cscart') return;

$apbct_checkjs_hash = apbct_checkjs_hash($apikey, $apbct_salt);
?>

<div class="highlight">
<h4>Add this code to all pages of the site (use the basic template). Detailed instruction is <a href="https://blog.cleantalk.org/protecting-cs-cart-website-from-spam/">here</a></h4>
<pre tabindex="0" class="chroma">
Expand All @@ -316,3 +324,130 @@ function apbct__cscart_js_snippet() {

<?php
}

/**
* @return string
*/
function apbct__prepare_form_sign_exclusions_textarea()
{
global $form_post_signs_exclusions_set;

if (!is_array($form_post_signs_exclusions_set)) {
$form_post_signs_exclusions_set = array();
}

$hint_text = 'Regular expression. If the form contains any of these signs in POST array keys or in value of "action" key, the whole form submission is excluded from spam checking.';
$link_learn_more = 'https://cleantalk.org/help/exclusion-by-form-signs?utm_id=&utm_term=&utm_source=admin_panel&utm_medium=settings&utm_content=uni_hint_exclusions__form_signs&utm_campaign=uni_links';

$template = '
<p>%s</br><span style="%s"><a href="%s" target="_blank">Learn more</a></span></p>
<textarea id="form_signs_exclusions-textarea" name="form_signs_exclusions-textarea" style="%s">%s</textarea>
';
$signs = '';
foreach ( $form_post_signs_exclusions_set as $sign) {
if (is_string($sign)) {
$signs .= $sign . "\r\n";
}
}

$style_textarea = 'word-break: break-all; padding: 1%; background: #fff; width: 100%';
$style_span = 'display: flex; justify-content: flex-end; margin: 1%';

return sprintf($template, $hint_text, $style_span, $link_learn_more, $style_textarea, htmlspecialchars($signs));
}

function apbct__prepare_service_field_exclusion_layout()
{
global $exclusion_key;

if (!empty($exclusion_key)) {
$service_field = htmlspecialchars('<input id="any_id_1" name="ct_service_data" type="hidden" value="'. $exclusion_key .'">');
} else {
$service_field = 'Error! Can not gain exclusion key.';
}

$hint_text = 'Regular expression. If the form contains any of these signs in POST array keys or in value of "action" key, the whole form submission is excluded from spam checking.';
$style = 'border: solid 1px; word-break: break-all; padding: 1%; background: #fff;';

$template = '
<p>%s</p>
<div id="exclusion-html" style="%s">
%s
</div>
';

return $exclusion_key ? sprintf($template, $hint_text, $style, $service_field) : $service_field;
}
/**
* Sanitize and validate exclusions.
* Explode given string by commas and trim each string.
* Cut first 20 entities if more than 20 given. Remove duplicates.
* Skip element if it's empty. Validate entity as URL. Cut first 128 chars if more than 128 given
*
* Return false if exclusion is bad
* Return sanitized string if all is ok
*
* @param string $exclusions
* @param bool $regexp
*
* @return bool|string|array
*/
function apbct_settings__sanitize__exclusions($exclusions, $return_array = false, $regexp = true, $urls = false)
{
if ( ! is_string($exclusions) ) {
return false;
}

$result = array();
$type = 0;

if ( ! empty($exclusions) ) {
if ( strpos($exclusions, "\r\n") !== false ) {
$exclusions = explode("\r\n", $exclusions);
$type = 2;
} elseif ( strpos($exclusions, "\n") !== false ) {
$exclusions = explode("\n", $exclusions);
$type = 1;
} else {
$exclusions = explode(',', $exclusions);
}
//Drop duplicates first (before cut)
$exclusions = array_unique($exclusions);
//Take first 20 exclusions entities
$exclusions = array_slice($exclusions, 0, 20);
//Sanitizing
foreach ($exclusions as $exclusion) {
//Cut exclusion if more than 128 symbols gained
$sanitized_exclusion = substr($exclusion, 0, 128);
$sanitized_exclusion = trim($sanitized_exclusion);

if ( ! empty($sanitized_exclusion) ) {
if ( $regexp ) {
if ( @preg_match('/' . $exclusion . '/', '') === false) {
return false;
}
} elseif ( $urls ) {
if (
( strpos($exclusion, 'http://') !== false || strpos($exclusion, 'https://') !== false ) &&
filter_var($exclusion, FILTER_VALIDATE_URL)
) {
return false;
}
}
$result[] = $sanitized_exclusion;
}
}
}
if ($return_array) {
return $result;
}
switch ( $type ) {
case 0:
default:
return implode(',', $result);
case 1:
return implode("\n", $result);
case 2:
return implode("\r\n", $result);
}
}
2 changes: 1 addition & 1 deletion cleantalk/inc/common.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
use Cleantalk\Variables\Server;

define('APBCT_PLUGIN', 'uni');
define('APBCT_VERSION', '2.7.2');
define('APBCT_VERSION', '2.8.0');
define('APBCT_AGENT', APBCT_PLUGIN . '-' . str_replace( '.', '', APBCT_VERSION ) );
define('APBCT_USER_AGENT', 'Cleantalk-Antispam-Universal-Plugin/' . APBCT_VERSION);
define('APBCT_INITIAL_INCLUDE_PATH', get_include_path());
Expand Down
99 changes: 81 additions & 18 deletions cleantalk/inc/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,19 @@
use Cleantalk\Variables\Cookie;
use Cleantalk\Variables\Post;

function getRequestDataFromRaw()
{
$raw = file_get_contents('php://input');
if ( ! $raw ) {
return array();
}
$json = json_decode($raw, true);
if ( ! $json ) {
return array();
}
return $json;
}

/*
* Performs spam test
* @return void or exit script
Expand All @@ -16,8 +29,7 @@ function apbct_spam_test($data){
$registrations_test,
$general_postdata_test,
$detected_cms,
$exclusion_key,
$general_post_exclusion_usage;
$form_post_signs_exclusions_set;

// Patch for old PHP versions.
require_once( CLEANTALK_ROOT . 'lib' . DS . 'ct_phpFix.php');
Expand Down Expand Up @@ -51,23 +63,26 @@ function apbct_spam_test($data){
$registration = true;
}

//init exclusions array if general_post_exclusion_usage is enabled
if ( isset($exclusion_key, $general_post_exclusion_usage) && $general_post_exclusion_usage ) {
$exclusions_in_post = array(
'ct_service_data' => $exclusion_key,
$url_exclusions = array();

if (
strpos($_SERVER['SCRIPT_NAME'], 'server.php') !== false //laravel sign
) {
$url_exclusions = array(
'recharge_user_by_wallet',
'delete-user',
'update-user',
'password/email'
);
} else {
$exclusions_in_post = array();
}


// Skip check if
// Skip check if
if ( $skip || // Skip flag set by apbct_get_fields_any()
(!$sender_email && !$general_postdata_test) || // No email detected and general post data test is disabled
($registration && !$registrations_test) || // It's registration and registration check is disabled
(apbct_check__exclusions()) || // main exclusion function
(apbct_check__exclusions_in_post($exclusions_in_post)) || // Has an exclusions in POST
(apbct_check__url_exclusions()) // Has an exclusions in URL
(apbct_check__exclusions_general()) || // main exclusion function
(apbct_check__url_exclusions($url_exclusions)) || // Has an exclusions in URL
(apbct_check__form_signs_exclusions($data, $form_post_signs_exclusions_set)) // Has an exclusions in POST fields
) {
$skip = true;
}
Expand Down Expand Up @@ -397,6 +412,11 @@ function apbct_die($comment, $registration = false, $additional_text = null){
die(json_encode(array('status' =>'ok', 'text' => $comment)));
}

// vBulletin integration
if( $detected_cms === 'vBulletin' ) {
die(json_encode(['error' => $comment]));
}

// Custom ajax response
require_once CLEANTALK_CONFIG_FILE;
global $ajax_response;
Expand Down Expand Up @@ -470,19 +490,22 @@ function apbct_check__url_exclusions( $exclusions = array() ){
global $detected_cms;

//custom login word transform ruleset
$login_word = 'login';
if ( isset($detected_cms) ) {
switch ( $detected_cms ) {
//moodle case
case 'moodle':
{
$login_word = 'login/index.php';
$exclusions[] = 'login/index.php';
break;
}
case 'OpenMage':
{
$exclusions[] = 'sales_order_create';
$exclusions[] = 'customer/validate';
break;
}
//add a new rule if needs
}
}
$exclusions[] = $login_word;

foreach ( $exclusions as $name => $exclusion ){
if( \Cleantalk\Variables\Server::has_string('REQUEST_URI', $exclusion ) ){
Expand All @@ -493,10 +516,42 @@ function apbct_check__url_exclusions( $exclusions = array() ){
return false;
}

/**
* Check POST array for the exclusion form signs. Listen for array keys or for value in case if key is "action".
* @param array $form_data The POST array or another filtered array of form data.
* @param array $exclusions
* @return bool True if exclusion found in the keys of array, false otherwise.
*/
function apbct_check__form_signs_exclusions($form_data, $exclusions)
{
if ( is_array($exclusions) && is_array($form_data) ) {
foreach ( $exclusions as $exclusion ) {
foreach ($form_data as $key => $value) {
if ( !empty($value) && is_array($value) ) {
if ( apbct_check__form_signs_exclusions($value, $exclusions) ) {
return true;
}
}
$haystack = ($key === 'action' || $key === 'data') ? $value : $key;
if (
$haystack === $exclusion ||
(is_string($haystack) && stripos($haystack, $exclusion) !== false) ||
(is_string($haystack) && preg_match('@' . $exclusion . '@', $haystack) === 1)
) {
return true;
}
}
}
return false;
}
return false;
}


/**
* Another function for excluding validation based on any number of parameters
*/
function apbct_check__exclusions() {
function apbct_check__exclusions_general() {

global $detected_cms;

Expand Down Expand Up @@ -541,6 +596,14 @@ function apbct_check__exclusions() {
return true;
}

//init exclusions array if service_field_in_post_exclusion is enabled
if ( isset($exclusion_key, $service_field_in_post_exclusion_enabled) && $service_field_in_post_exclusion_enabled ) {
$service_field_exclusion = array(
'ct_service_data' => $exclusion_key,
);
return apbct_check__exclusions_in_post($service_field_exclusion);
}

if (\Cleantalk\Variables\Get::equal('controller', 'ajax') &&
\Cleantalk\Variables\Get::equal('do', 'passwordStrength')
) {
Expand Down
Loading

0 comments on commit 9bb0b96

Please sign in to comment.