5
|
1 |
<?php |
|
2 |
|
|
3 |
class Akismet { |
|
4 |
const API_HOST = 'rest.akismet.com'; |
|
5 |
const API_PORT = 80; |
|
6 |
const MAX_DELAY_BEFORE_MODERATION_EMAIL = 86400; // One day in seconds |
|
7 |
|
|
8 |
private static $last_comment = ''; |
|
9 |
private static $initiated = false; |
|
10 |
private static $prevent_moderation_email_for_these_comments = array(); |
|
11 |
private static $last_comment_result = null; |
|
12 |
private static $comment_as_submitted_allowed_keys = array( 'blog' => '', 'blog_charset' => '', 'blog_lang' => '', 'blog_ua' => '', 'comment_agent' => '', 'comment_author' => '', 'comment_author_IP' => '', 'comment_author_email' => '', 'comment_author_url' => '', 'comment_content' => '', 'comment_date_gmt' => '', 'comment_tags' => '', 'comment_type' => '', 'guid' => '', 'is_test' => '', 'permalink' => '', 'reporter' => '', 'site_domain' => '', 'submit_referer' => '', 'submit_uri' => '', 'user_ID' => '', 'user_agent' => '', 'user_id' => '', 'user_ip' => '' ); |
|
13 |
|
|
14 |
public static function init() { |
|
15 |
if ( ! self::$initiated ) { |
|
16 |
self::init_hooks(); |
|
17 |
} |
|
18 |
} |
|
19 |
|
|
20 |
/** |
|
21 |
* Initializes WordPress hooks |
|
22 |
*/ |
|
23 |
private static function init_hooks() { |
|
24 |
self::$initiated = true; |
|
25 |
|
|
26 |
add_action( 'wp_insert_comment', array( 'Akismet', 'auto_check_update_meta' ), 10, 2 ); |
|
27 |
add_filter( 'preprocess_comment', array( 'Akismet', 'auto_check_comment' ), 1 ); |
|
28 |
add_action( 'akismet_scheduled_delete', array( 'Akismet', 'delete_old_comments' ) ); |
|
29 |
add_action( 'akismet_scheduled_delete', array( 'Akismet', 'delete_old_comments_meta' ) ); |
|
30 |
add_action( 'akismet_schedule_cron_recheck', array( 'Akismet', 'cron_recheck' ) ); |
|
31 |
|
|
32 |
$akismet_comment_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) ); |
|
33 |
|
|
34 |
if ( $akismet_comment_nonce_option == 'true' || $akismet_comment_nonce_option == '' ) |
|
35 |
add_action( 'comment_form', array( 'Akismet', 'add_comment_nonce' ), 1 ); |
|
36 |
|
|
37 |
add_action( 'admin_head-edit-comments.php', array( 'Akismet', 'load_form_js' ) ); |
|
38 |
add_action( 'comment_form', array( 'Akismet', 'load_form_js' ) ); |
|
39 |
add_action( 'comment_form', array( 'Akismet', 'inject_ak_js' ) ); |
|
40 |
|
|
41 |
add_filter( 'comment_moderation_recipients', array( 'Akismet', 'disable_moderation_emails_if_unreachable' ), 1000, 2 ); |
|
42 |
add_filter( 'pre_comment_approved', array( 'Akismet', 'last_comment_status' ), 10, 2 ); |
|
43 |
|
|
44 |
add_action( 'transition_comment_status', array( 'Akismet', 'transition_comment_status' ), 10, 3 ); |
|
45 |
|
|
46 |
// Run this early in the pingback call, before doing a remote fetch of the source uri |
|
47 |
add_action( 'xmlrpc_call', array( 'Akismet', 'pre_check_pingback' ) ); |
|
48 |
|
|
49 |
if ( '3.0.5' == $GLOBALS['wp_version'] ) { |
|
50 |
remove_filter( 'comment_text', 'wp_kses_data' ); |
|
51 |
if ( is_admin() ) |
|
52 |
add_filter( 'comment_text', 'wp_kses_post' ); |
|
53 |
} |
|
54 |
} |
|
55 |
|
|
56 |
public static function get_api_key() { |
|
57 |
return apply_filters( 'akismet_get_api_key', defined('WPCOM_API_KEY') ? constant('WPCOM_API_KEY') : get_option('wordpress_api_key') ); |
|
58 |
} |
|
59 |
|
|
60 |
public static function check_key_status( $key, $ip = null ) { |
|
61 |
return self::http_post( Akismet::build_query( array( 'key' => $key, 'blog' => get_option('home') ) ), 'verify-key', $ip ); |
|
62 |
} |
|
63 |
|
|
64 |
public static function verify_key( $key, $ip = null ) { |
|
65 |
$response = self::check_key_status( $key, $ip ); |
|
66 |
|
|
67 |
if ( $response[1] != 'valid' && $response[1] != 'invalid' ) |
|
68 |
return 'failed'; |
|
69 |
|
|
70 |
return $response[1]; |
|
71 |
} |
|
72 |
|
|
73 |
public static function deactivate_key( $key ) { |
|
74 |
$response = self::http_post( Akismet::build_query( array( 'key' => $key, 'blog' => get_option('home') ) ), 'deactivate' ); |
|
75 |
|
|
76 |
if ( $response[1] != 'deactivated' ) |
|
77 |
return 'failed'; |
|
78 |
|
|
79 |
return $response[1]; |
|
80 |
} |
|
81 |
|
|
82 |
public static function auto_check_comment( $commentdata ) { |
|
83 |
self::$last_comment_result = null; |
|
84 |
|
|
85 |
$comment = $commentdata; |
|
86 |
|
|
87 |
$comment['user_ip'] = self::get_ip_address(); |
|
88 |
$comment['user_agent'] = self::get_user_agent(); |
|
89 |
$comment['referrer'] = self::get_referer(); |
|
90 |
$comment['blog'] = get_option('home'); |
|
91 |
$comment['blog_lang'] = get_locale(); |
|
92 |
$comment['blog_charset'] = get_option('blog_charset'); |
|
93 |
$comment['permalink'] = get_permalink( $comment['comment_post_ID'] ); |
|
94 |
|
|
95 |
if ( !empty( $comment['user_ID'] ) ) |
|
96 |
$comment['user_role'] = Akismet::get_user_roles( $comment['user_ID'] ); |
|
97 |
|
|
98 |
$akismet_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) ); |
|
99 |
$comment['akismet_comment_nonce'] = 'inactive'; |
|
100 |
if ( $akismet_nonce_option == 'true' || $akismet_nonce_option == '' ) { |
|
101 |
$comment['akismet_comment_nonce'] = 'failed'; |
|
102 |
if ( isset( $_POST['akismet_comment_nonce'] ) && wp_verify_nonce( $_POST['akismet_comment_nonce'], 'akismet_comment_nonce_' . $comment['comment_post_ID'] ) ) |
|
103 |
$comment['akismet_comment_nonce'] = 'passed'; |
|
104 |
|
|
105 |
// comment reply in wp-admin |
|
106 |
if ( isset( $_POST['_ajax_nonce-replyto-comment'] ) && check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ) ) |
|
107 |
$comment['akismet_comment_nonce'] = 'passed'; |
|
108 |
|
|
109 |
} |
|
110 |
|
|
111 |
if ( self::is_test_mode() ) |
|
112 |
$comment['is_test'] = 'true'; |
|
113 |
|
|
114 |
foreach( $_POST as $key => $value ) { |
|
115 |
if ( is_string( $value ) ) |
|
116 |
$comment["POST_{$key}"] = $value; |
|
117 |
} |
|
118 |
|
|
119 |
$ignore = array( 'HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW' ); |
|
120 |
|
|
121 |
foreach ( $_SERVER as $key => $value ) { |
|
122 |
if ( !in_array( $key, $ignore ) && is_string($value) ) |
|
123 |
$comment["$key"] = $value; |
|
124 |
else |
|
125 |
$comment["$key"] = ''; |
|
126 |
} |
|
127 |
|
|
128 |
$post = get_post( $comment['comment_post_ID'] ); |
|
129 |
$comment[ 'comment_post_modified_gmt' ] = $post->post_modified_gmt; |
|
130 |
|
|
131 |
$response = self::http_post( Akismet::build_query( $comment ), 'comment-check' ); |
|
132 |
|
|
133 |
do_action( 'akismet_comment_check_response', $response ); |
|
134 |
|
|
135 |
$commentdata['comment_as_submitted'] = array_intersect_key( $comment, self::$comment_as_submitted_allowed_keys ); |
|
136 |
$commentdata['akismet_result'] = $response[1]; |
|
137 |
|
|
138 |
if ( isset( $response[0]['x-akismet-pro-tip'] ) ) |
|
139 |
$commentdata['akismet_pro_tip'] = $response[0]['x-akismet-pro-tip']; |
|
140 |
|
|
141 |
if ( isset( $response[0]['x-akismet-error'] ) ) { |
|
142 |
// An error occurred that we anticipated (like a suspended key) and want the user to act on. |
|
143 |
// Send to moderation. |
|
144 |
self::$last_comment_result = '0'; |
|
145 |
} |
|
146 |
else if ( 'true' == $response[1] ) { |
|
147 |
// akismet_spam_count will be incremented later by comment_is_spam() |
|
148 |
self::$last_comment_result = 'spam'; |
|
149 |
|
|
150 |
$discard = ( isset( $commentdata['akismet_pro_tip'] ) && $commentdata['akismet_pro_tip'] === 'discard' && self::allow_discard() ); |
|
151 |
|
|
152 |
do_action( 'akismet_spam_caught', $discard ); |
|
153 |
|
|
154 |
if ( $discard ) { |
|
155 |
// akismet_result_spam() won't be called so bump the counter here |
|
156 |
if ( $incr = apply_filters('akismet_spam_count_incr', 1) ) |
|
157 |
update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr ); |
|
158 |
$redirect_to = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : get_permalink( $post ); |
|
159 |
wp_safe_redirect( esc_url_raw( $redirect_to ) ); |
|
160 |
die(); |
|
161 |
} |
|
162 |
} |
|
163 |
|
|
164 |
// if the response is neither true nor false, hold the comment for moderation and schedule a recheck |
|
165 |
if ( 'true' != $response[1] && 'false' != $response[1] ) { |
|
166 |
if ( !current_user_can('moderate_comments') ) { |
|
167 |
// Comment status should be moderated |
|
168 |
self::$last_comment_result = '0'; |
|
169 |
} |
|
170 |
if ( function_exists('wp_next_scheduled') && function_exists('wp_schedule_single_event') ) { |
|
171 |
if ( !wp_next_scheduled( 'akismet_schedule_cron_recheck' ) ) { |
|
172 |
wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' ); |
|
173 |
do_action( 'akismet_scheduled_recheck', 'invalid-response-' . $response[1] ); |
|
174 |
} |
|
175 |
} |
|
176 |
|
|
177 |
self::$prevent_moderation_email_for_these_comments[] = $commentdata; |
|
178 |
} |
|
179 |
|
|
180 |
if ( function_exists('wp_next_scheduled') && function_exists('wp_schedule_event') ) { |
|
181 |
// WP 2.1+: delete old comments daily |
|
182 |
if ( !wp_next_scheduled( 'akismet_scheduled_delete' ) ) |
|
183 |
wp_schedule_event( time(), 'daily', 'akismet_scheduled_delete' ); |
|
184 |
} |
|
185 |
elseif ( (mt_rand(1, 10) == 3) ) { |
|
186 |
// WP 2.0: run this one time in ten |
|
187 |
self::delete_old_comments(); |
|
188 |
} |
|
189 |
|
|
190 |
self::set_last_comment( $commentdata ); |
|
191 |
self::fix_scheduled_recheck(); |
|
192 |
|
|
193 |
return $commentdata; |
|
194 |
} |
|
195 |
|
|
196 |
public static function get_last_comment() { |
|
197 |
return self::$last_comment; |
|
198 |
} |
|
199 |
|
|
200 |
public static function set_last_comment( $comment ) { |
|
201 |
if ( is_null( $comment ) ) { |
|
202 |
self::$last_comment = null; |
|
203 |
} |
|
204 |
else { |
|
205 |
// We filter it here so that it matches the filtered comment data that we'll have to compare against later. |
|
206 |
// wp_filter_comment expects comment_author_IP |
|
207 |
self::$last_comment = wp_filter_comment( |
|
208 |
array_merge( |
|
209 |
array( 'comment_author_IP' => self::get_ip_address() ), |
|
210 |
$comment |
|
211 |
) |
|
212 |
); |
|
213 |
} |
|
214 |
} |
|
215 |
|
|
216 |
// this fires on wp_insert_comment. we can't update comment_meta when auto_check_comment() runs |
|
217 |
// because we don't know the comment ID at that point. |
|
218 |
public static function auto_check_update_meta( $id, $comment ) { |
|
219 |
|
|
220 |
// failsafe for old WP versions |
|
221 |
if ( !function_exists('add_comment_meta') ) |
|
222 |
return false; |
|
223 |
|
|
224 |
if ( !isset( self::$last_comment['comment_author_email'] ) ) |
|
225 |
self::$last_comment['comment_author_email'] = ''; |
|
226 |
|
|
227 |
// wp_insert_comment() might be called in other contexts, so make sure this is the same comment |
|
228 |
// as was checked by auto_check_comment |
|
229 |
if ( is_object( $comment ) && !empty( self::$last_comment ) && is_array( self::$last_comment ) ) { |
|
230 |
if ( self::matches_last_comment( $comment ) ) { |
|
231 |
|
|
232 |
load_plugin_textdomain( 'akismet' ); |
|
233 |
|
|
234 |
// normal result: true or false |
|
235 |
if ( self::$last_comment['akismet_result'] == 'true' ) { |
|
236 |
update_comment_meta( $comment->comment_ID, 'akismet_result', 'true' ); |
|
237 |
self::update_comment_history( $comment->comment_ID, '', 'check-spam' ); |
|
238 |
if ( $comment->comment_approved != 'spam' ) |
|
239 |
self::update_comment_history( |
|
240 |
$comment->comment_ID, |
|
241 |
'', |
|
242 |
'status-changed-'.$comment->comment_approved |
|
243 |
); |
|
244 |
} |
|
245 |
elseif ( self::$last_comment['akismet_result'] == 'false' ) { |
|
246 |
update_comment_meta( $comment->comment_ID, 'akismet_result', 'false' ); |
|
247 |
self::update_comment_history( $comment->comment_ID, '', 'check-ham' ); |
|
248 |
if ( $comment->comment_approved == 'spam' ) { |
|
249 |
if ( wp_blacklist_check($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent) ) |
|
250 |
self::update_comment_history( $comment->comment_ID, '', 'wp-blacklisted' ); |
|
251 |
else |
|
252 |
self::update_comment_history( $comment->comment_ID, '', 'status-changed-'.$comment->comment_approved ); |
|
253 |
} |
|
254 |
} // abnormal result: error |
|
255 |
else { |
|
256 |
update_comment_meta( $comment->comment_ID, 'akismet_error', time() ); |
|
257 |
self::update_comment_history( |
|
258 |
$comment->comment_ID, |
|
259 |
'', |
|
260 |
'check-error', |
|
261 |
array( 'response' => substr( self::$last_comment['akismet_result'], 0, 50 ) ) |
|
262 |
); |
|
263 |
} |
|
264 |
|
|
265 |
// record the complete original data as submitted for checking |
|
266 |
if ( isset( self::$last_comment['comment_as_submitted'] ) ) |
|
267 |
update_comment_meta( $comment->comment_ID, 'akismet_as_submitted', self::$last_comment['comment_as_submitted'] ); |
|
268 |
|
|
269 |
if ( isset( self::$last_comment['akismet_pro_tip'] ) ) |
|
270 |
update_comment_meta( $comment->comment_ID, 'akismet_pro_tip', self::$last_comment['akismet_pro_tip'] ); |
|
271 |
} |
|
272 |
} |
|
273 |
} |
|
274 |
|
|
275 |
public static function delete_old_comments() { |
|
276 |
global $wpdb; |
|
277 |
|
|
278 |
/** |
|
279 |
* Determines how many comments will be deleted in each batch. |
|
280 |
* |
|
281 |
* @param int The default, as defined by AKISMET_DELETE_LIMIT. |
|
282 |
*/ |
|
283 |
$delete_limit = apply_filters( 'akismet_delete_comment_limit', defined( 'AKISMET_DELETE_LIMIT' ) ? AKISMET_DELETE_LIMIT : 10000 ); |
|
284 |
$delete_limit = max( 1, intval( $delete_limit ) ); |
|
285 |
|
|
286 |
/** |
|
287 |
* Determines how many days a comment will be left in the Spam queue before being deleted. |
|
288 |
* |
|
289 |
* @param int The default number of days. |
|
290 |
*/ |
|
291 |
$delete_interval = apply_filters( 'akismet_delete_comment_interval', 15 ); |
|
292 |
$delete_interval = max( 1, intval( $delete_interval ) ); |
|
293 |
|
|
294 |
while ( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_id FROM {$wpdb->comments} WHERE DATE_SUB(NOW(), INTERVAL %d DAY) > comment_date_gmt AND comment_approved = 'spam' LIMIT %d", $delete_interval, $delete_limit ) ) ) { |
|
295 |
if ( empty( $comment_ids ) ) |
|
296 |
return; |
|
297 |
|
|
298 |
$wpdb->queries = array(); |
|
299 |
|
|
300 |
foreach ( $comment_ids as $comment_id ) { |
|
301 |
do_action( 'delete_comment', $comment_id ); |
|
302 |
} |
|
303 |
|
|
304 |
$comma_comment_ids = implode( ', ', array_map('intval', $comment_ids) ); |
|
305 |
|
|
306 |
$wpdb->query("DELETE FROM {$wpdb->comments} WHERE comment_id IN ( $comma_comment_ids )"); |
|
307 |
$wpdb->query("DELETE FROM {$wpdb->commentmeta} WHERE comment_id IN ( $comma_comment_ids )"); |
|
308 |
|
|
309 |
clean_comment_cache( $comment_ids ); |
|
310 |
} |
|
311 |
|
|
312 |
if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11), $wpdb->comments ) ) // lucky number |
|
313 |
$wpdb->query("OPTIMIZE TABLE {$wpdb->comments}"); |
|
314 |
} |
|
315 |
|
|
316 |
public static function delete_old_comments_meta() { |
|
317 |
global $wpdb; |
|
318 |
|
|
319 |
$interval = apply_filters( 'akismet_delete_commentmeta_interval', 15 ); |
|
320 |
|
|
321 |
# enfore a minimum of 1 day |
|
322 |
$interval = absint( $interval ); |
|
323 |
if ( $interval < 1 ) |
|
324 |
$interval = 1; |
|
325 |
|
|
326 |
// akismet_as_submitted meta values are large, so expire them |
|
327 |
// after $interval days regardless of the comment status |
|
328 |
while ( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT m.comment_id FROM {$wpdb->commentmeta} as m INNER JOIN {$wpdb->comments} as c USING(comment_id) WHERE m.meta_key = 'akismet_as_submitted' AND DATE_SUB(NOW(), INTERVAL %d DAY) > c.comment_date_gmt LIMIT 10000", $interval ) ) ) { |
|
329 |
if ( empty( $comment_ids ) ) |
|
330 |
return; |
|
331 |
|
|
332 |
$wpdb->queries = array(); |
|
333 |
|
|
334 |
foreach ( $comment_ids as $comment_id ) { |
|
335 |
delete_comment_meta( $comment_id, 'akismet_as_submitted' ); |
|
336 |
} |
|
337 |
} |
|
338 |
|
|
339 |
if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11), $wpdb->commentmeta ) ) // lucky number |
|
340 |
$wpdb->query("OPTIMIZE TABLE {$wpdb->commentmeta}"); |
|
341 |
} |
|
342 |
|
|
343 |
// how many approved comments does this author have? |
|
344 |
public static function get_user_comments_approved( $user_id, $comment_author_email, $comment_author, $comment_author_url ) { |
|
345 |
global $wpdb; |
|
346 |
|
|
347 |
if ( !empty( $user_id ) ) |
|
348 |
return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->comments} WHERE user_id = %d AND comment_approved = 1", $user_id ) ); |
|
349 |
|
|
350 |
if ( !empty( $comment_author_email ) ) |
|
351 |
return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->comments} WHERE comment_author_email = %s AND comment_author = %s AND comment_author_url = %s AND comment_approved = 1", $comment_author_email, $comment_author, $comment_author_url ) ); |
|
352 |
|
|
353 |
return 0; |
|
354 |
} |
|
355 |
|
|
356 |
// get the full comment history for a given comment, as an array in reverse chronological order |
|
357 |
public static function get_comment_history( $comment_id ) { |
|
358 |
|
|
359 |
// failsafe for old WP versions |
|
360 |
if ( !function_exists('add_comment_meta') ) |
|
361 |
return false; |
|
362 |
|
|
363 |
$history = get_comment_meta( $comment_id, 'akismet_history', false ); |
|
364 |
usort( $history, array( 'Akismet', '_cmp_time' ) ); |
|
365 |
return $history; |
|
366 |
} |
|
367 |
|
|
368 |
/** |
|
369 |
* Log an event for a given comment, storing it in comment_meta. |
|
370 |
* |
|
371 |
* @param int $comment_id The ID of the relevant comment. |
|
372 |
* @param string $message The string description of the event. No longer used. |
|
373 |
* @param string $event The event code. |
|
374 |
* @param array $meta Metadata about the history entry. e.g., the user that reported or changed the status of a given comment. |
|
375 |
*/ |
|
376 |
public static function update_comment_history( $comment_id, $message, $event=null, $meta=null ) { |
|
377 |
global $current_user; |
|
378 |
|
|
379 |
// failsafe for old WP versions |
|
380 |
if ( !function_exists('add_comment_meta') ) |
|
381 |
return false; |
|
382 |
|
|
383 |
$user = ''; |
|
384 |
|
|
385 |
$event = array( |
|
386 |
'time' => self::_get_microtime(), |
|
387 |
'event' => $event, |
|
388 |
); |
|
389 |
|
|
390 |
if ( is_object( $current_user ) && isset( $current_user->user_login ) ) { |
|
391 |
$event['user'] = $current_user->user_login; |
|
392 |
} |
|
393 |
|
|
394 |
if ( ! empty( $meta ) ) { |
|
395 |
$event['meta'] = $meta; |
|
396 |
} |
|
397 |
|
|
398 |
// $unique = false so as to allow multiple values per comment |
|
399 |
$r = add_comment_meta( $comment_id, 'akismet_history', $event, false ); |
|
400 |
} |
|
401 |
|
|
402 |
public static function check_db_comment( $id, $recheck_reason = 'recheck_queue' ) { |
|
403 |
global $wpdb; |
|
404 |
|
|
405 |
$c = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->comments} WHERE comment_ID = %d", $id ), ARRAY_A ); |
|
406 |
if ( !$c ) |
|
407 |
return; |
|
408 |
|
|
409 |
$c['user_ip'] = $c['comment_author_IP']; |
|
410 |
$c['user_agent'] = $c['comment_agent']; |
|
411 |
$c['referrer'] = ''; |
|
412 |
$c['blog'] = get_option('home'); |
|
413 |
$c['blog_lang'] = get_locale(); |
|
414 |
$c['blog_charset'] = get_option('blog_charset'); |
|
415 |
$c['permalink'] = get_permalink($c['comment_post_ID']); |
|
416 |
$c['recheck_reason'] = $recheck_reason; |
|
417 |
|
|
418 |
if ( self::is_test_mode() ) |
|
419 |
$c['is_test'] = 'true'; |
|
420 |
|
|
421 |
$response = self::http_post( Akismet::build_query( $c ), 'comment-check' ); |
|
422 |
|
|
423 |
return ( is_array( $response ) && ! empty( $response[1] ) ) ? $response[1] : false; |
|
424 |
} |
|
425 |
|
|
426 |
|
|
427 |
|
|
428 |
public static function transition_comment_status( $new_status, $old_status, $comment ) { |
|
429 |
|
|
430 |
if ( $new_status == $old_status ) |
|
431 |
return; |
|
432 |
|
|
433 |
# we don't need to record a history item for deleted comments |
|
434 |
if ( $new_status == 'delete' ) |
|
435 |
return; |
|
436 |
|
|
437 |
if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) ) |
|
438 |
return; |
|
439 |
|
|
440 |
if ( defined('WP_IMPORTING') && WP_IMPORTING == true ) |
|
441 |
return; |
|
442 |
|
|
443 |
// if this is present, it means the status has been changed by a re-check, not an explicit user action |
|
444 |
if ( get_comment_meta( $comment->comment_ID, 'akismet_rechecking' ) ) |
|
445 |
return; |
|
446 |
|
|
447 |
global $current_user; |
|
448 |
$reporter = ''; |
|
449 |
if ( is_object( $current_user ) ) |
|
450 |
$reporter = $current_user->user_login; |
|
451 |
|
|
452 |
// Assumption alert: |
|
453 |
// We want to submit comments to Akismet only when a moderator explicitly spams or approves it - not if the status |
|
454 |
// is changed automatically by another plugin. Unfortunately WordPress doesn't provide an unambiguous way to |
|
455 |
// determine why the transition_comment_status action was triggered. And there are several different ways by which |
|
456 |
// to spam and unspam comments: bulk actions, ajax, links in moderation emails, the dashboard, and perhaps others. |
|
457 |
// We'll assume that this is an explicit user action if certain POST/GET variables exist. |
|
458 |
if ( ( isset( $_POST['status'] ) && in_array( $_POST['status'], array( 'spam', 'unspam' ) ) ) || |
|
459 |
( isset( $_POST['spam'] ) && (int) $_POST['spam'] == 1 ) || |
|
460 |
( isset( $_POST['unspam'] ) && (int) $_POST['unspam'] == 1 ) || |
|
461 |
( isset( $_POST['comment_status'] ) && in_array( $_POST['comment_status'], array( 'spam', 'unspam' ) ) ) || |
|
462 |
( isset( $_GET['action'] ) && in_array( $_GET['action'], array( 'spam', 'unspam' ) ) ) || |
|
463 |
( isset( $_POST['action'] ) && in_array( $_POST['action'], array( 'editedcomment' ) ) ) |
|
464 |
) { |
|
465 |
if ( $new_status == 'spam' && ( $old_status == 'approved' || $old_status == 'unapproved' || !$old_status ) ) { |
|
466 |
return self::submit_spam_comment( $comment->comment_ID ); |
|
467 |
} elseif ( $old_status == 'spam' && ( $new_status == 'approved' || $new_status == 'unapproved' ) ) { |
|
468 |
return self::submit_nonspam_comment( $comment->comment_ID ); |
|
469 |
} |
|
470 |
} |
|
471 |
|
|
472 |
self::update_comment_history( $comment->comment_ID, '', 'status-' . $new_status ); |
|
473 |
} |
|
474 |
|
|
475 |
public static function submit_spam_comment( $comment_id ) { |
|
476 |
global $wpdb, $current_user, $current_site; |
|
477 |
|
|
478 |
$comment_id = (int) $comment_id; |
|
479 |
|
|
480 |
$comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->comments} WHERE comment_ID = %d", $comment_id ) ); |
|
481 |
|
|
482 |
if ( !$comment ) // it was deleted |
|
483 |
return; |
|
484 |
|
|
485 |
if ( 'spam' != $comment->comment_approved ) |
|
486 |
return; |
|
487 |
|
|
488 |
// use the original version stored in comment_meta if available |
|
489 |
$as_submitted = self::sanitize_comment_as_submitted( get_comment_meta( $comment_id, 'akismet_as_submitted', true ) ); |
|
490 |
|
|
491 |
if ( $as_submitted && is_array( $as_submitted ) && isset( $as_submitted['comment_content'] ) ) |
|
492 |
$comment = (object) array_merge( (array)$comment, $as_submitted ); |
|
493 |
|
|
494 |
$comment->blog = get_bloginfo('url'); |
|
495 |
$comment->blog_lang = get_locale(); |
|
496 |
$comment->blog_charset = get_option('blog_charset'); |
|
497 |
$comment->permalink = get_permalink($comment->comment_post_ID); |
|
498 |
|
|
499 |
if ( is_object($current_user) ) |
|
500 |
$comment->reporter = $current_user->user_login; |
|
501 |
|
|
502 |
if ( is_object($current_site) ) |
|
503 |
$comment->site_domain = $current_site->domain; |
|
504 |
|
|
505 |
$comment->user_role = ''; |
|
506 |
if ( isset( $comment->user_ID ) ) |
|
507 |
$comment->user_role = Akismet::get_user_roles( $comment->user_ID ); |
|
508 |
|
|
509 |
if ( self::is_test_mode() ) |
|
510 |
$comment->is_test = 'true'; |
|
511 |
|
|
512 |
$post = get_post( $comment->comment_post_ID ); |
|
513 |
$comment->comment_post_modified_gmt = $post->post_modified_gmt; |
|
514 |
|
|
515 |
$response = Akismet::http_post( Akismet::build_query( $comment ), 'submit-spam' ); |
|
516 |
if ( $comment->reporter ) { |
|
517 |
self::update_comment_history( $comment_id, '', 'report-spam' ); |
|
518 |
update_comment_meta( $comment_id, 'akismet_user_result', 'true' ); |
|
519 |
update_comment_meta( $comment_id, 'akismet_user', $comment->reporter ); |
|
520 |
} |
|
521 |
|
|
522 |
do_action('akismet_submit_spam_comment', $comment_id, $response[1]); |
|
523 |
} |
|
524 |
|
|
525 |
public static function submit_nonspam_comment( $comment_id ) { |
|
526 |
global $wpdb, $current_user, $current_site; |
|
527 |
|
|
528 |
$comment_id = (int) $comment_id; |
|
529 |
|
|
530 |
$comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->comments} WHERE comment_ID = %d", $comment_id ) ); |
|
531 |
if ( !$comment ) // it was deleted |
|
532 |
return; |
|
533 |
|
|
534 |
// use the original version stored in comment_meta if available |
|
535 |
$as_submitted = self::sanitize_comment_as_submitted( get_comment_meta( $comment_id, 'akismet_as_submitted', true ) ); |
|
536 |
|
|
537 |
if ( $as_submitted && is_array($as_submitted) && isset($as_submitted['comment_content']) ) |
|
538 |
$comment = (object) array_merge( (array)$comment, $as_submitted ); |
|
539 |
|
|
540 |
$comment->blog = get_bloginfo('url'); |
|
541 |
$comment->blog_lang = get_locale(); |
|
542 |
$comment->blog_charset = get_option('blog_charset'); |
|
543 |
$comment->permalink = get_permalink( $comment->comment_post_ID ); |
|
544 |
$comment->user_role = ''; |
|
545 |
|
|
546 |
if ( is_object($current_user) ) |
|
547 |
$comment->reporter = $current_user->user_login; |
|
548 |
|
|
549 |
if ( is_object($current_site) ) |
|
550 |
$comment->site_domain = $current_site->domain; |
|
551 |
|
|
552 |
if ( isset( $comment->user_ID ) ) |
|
553 |
$comment->user_role = Akismet::get_user_roles($comment->user_ID); |
|
554 |
|
|
555 |
if ( Akismet::is_test_mode() ) |
|
556 |
$comment->is_test = 'true'; |
|
557 |
|
|
558 |
$post = get_post( $comment->comment_post_ID ); |
|
559 |
$comment->comment_post_modified_gmt = $post->post_modified_gmt; |
|
560 |
|
|
561 |
$response = self::http_post( Akismet::build_query( $comment ), 'submit-ham' ); |
|
562 |
if ( $comment->reporter ) { |
|
563 |
self::update_comment_history( $comment_id, '', 'report-ham' ); |
|
564 |
update_comment_meta( $comment_id, 'akismet_user_result', 'false' ); |
|
565 |
update_comment_meta( $comment_id, 'akismet_user', $comment->reporter ); |
|
566 |
} |
|
567 |
|
|
568 |
do_action('akismet_submit_nonspam_comment', $comment_id, $response[1]); |
|
569 |
} |
|
570 |
|
|
571 |
public static function cron_recheck() { |
|
572 |
global $wpdb; |
|
573 |
|
|
574 |
$api_key = self::get_api_key(); |
|
575 |
|
|
576 |
$status = self::verify_key( $api_key ); |
|
577 |
if ( get_option( 'akismet_alert_code' ) || $status == 'invalid' ) { |
|
578 |
// since there is currently a problem with the key, reschedule a check for 6 hours hence |
|
579 |
wp_schedule_single_event( time() + 21600, 'akismet_schedule_cron_recheck' ); |
|
580 |
do_action( 'akismet_scheduled_recheck', 'key-problem-' . get_option( 'akismet_alert_code' ) . '-' . $status ); |
|
581 |
return false; |
|
582 |
} |
|
583 |
|
|
584 |
delete_option('akismet_available_servers'); |
|
585 |
|
|
586 |
$comment_errors = $wpdb->get_col( "SELECT comment_id FROM {$wpdb->commentmeta} WHERE meta_key = 'akismet_error' LIMIT 100" ); |
|
587 |
|
|
588 |
load_plugin_textdomain( 'akismet' ); |
|
589 |
|
|
590 |
foreach ( (array) $comment_errors as $comment_id ) { |
|
591 |
// if the comment no longer exists, or is too old, remove the meta entry from the queue to avoid getting stuck |
|
592 |
$comment = get_comment( $comment_id ); |
|
593 |
if ( !$comment || strtotime( $comment->comment_date_gmt ) < strtotime( "-15 days" ) ) { |
|
594 |
delete_comment_meta( $comment_id, 'akismet_error' ); |
|
595 |
delete_comment_meta( $comment_id, 'akismet_delayed_moderation_email' ); |
|
596 |
continue; |
|
597 |
} |
|
598 |
|
|
599 |
add_comment_meta( $comment_id, 'akismet_rechecking', true ); |
|
600 |
$status = self::check_db_comment( $comment_id, 'retry' ); |
|
601 |
|
|
602 |
$event = ''; |
|
603 |
if ( $status == 'true' ) { |
|
604 |
$event = 'cron-retry-spam'; |
|
605 |
} elseif ( $status == 'false' ) { |
|
606 |
$event = 'cron-retry-ham'; |
|
607 |
} |
|
608 |
|
|
609 |
// If we got back a legit response then update the comment history |
|
610 |
// other wise just bail now and try again later. No point in |
|
611 |
// re-trying all the comments once we hit one failure. |
|
612 |
if ( !empty( $event ) ) { |
|
613 |
delete_comment_meta( $comment_id, 'akismet_error' ); |
|
614 |
self::update_comment_history( $comment_id, '', $event ); |
|
615 |
update_comment_meta( $comment_id, 'akismet_result', $status ); |
|
616 |
// make sure the comment status is still pending. if it isn't, that means the user has already moved it elsewhere. |
|
617 |
$comment = get_comment( $comment_id ); |
|
618 |
if ( $comment && 'unapproved' == wp_get_comment_status( $comment_id ) ) { |
|
619 |
if ( $status == 'true' ) { |
|
620 |
wp_spam_comment( $comment_id ); |
|
621 |
} elseif ( $status == 'false' ) { |
|
622 |
// comment is good, but it's still in the pending queue. depending on the moderation settings |
|
623 |
// we may need to change it to approved. |
|
624 |
if ( check_comment($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent, $comment->comment_type) ) |
|
625 |
wp_set_comment_status( $comment_id, 1 ); |
|
626 |
else if ( get_comment_meta( $comment_id, 'akismet_delayed_moderation_email', true ) ) |
|
627 |
wp_notify_moderator( $comment_id ); |
|
628 |
} |
|
629 |
} |
|
630 |
|
|
631 |
delete_comment_meta( $comment_id, 'akismet_delayed_moderation_email' ); |
|
632 |
} else { |
|
633 |
// If this comment has been pending moderation for longer than MAX_DELAY_BEFORE_MODERATION_EMAIL, |
|
634 |
// send a moderation email now. |
|
635 |
if ( ( intval( gmdate( 'U' ) ) - strtotime( $comment->comment_date_gmt ) ) < self::MAX_DELAY_BEFORE_MODERATION_EMAIL ) { |
|
636 |
delete_comment_meta( $comment_id, 'akismet_delayed_moderation_email' ); |
|
637 |
wp_notify_moderator( $comment_id ); |
|
638 |
} |
|
639 |
|
|
640 |
delete_comment_meta( $comment_id, 'akismet_rechecking' ); |
|
641 |
wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' ); |
|
642 |
do_action( 'akismet_scheduled_recheck', 'check-db-comment-' . $status ); |
|
643 |
return; |
|
644 |
} |
|
645 |
delete_comment_meta( $comment_id, 'akismet_rechecking' ); |
|
646 |
} |
|
647 |
|
|
648 |
$remaining = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->commentmeta} WHERE meta_key = 'akismet_error'" ); |
|
649 |
if ( $remaining && !wp_next_scheduled('akismet_schedule_cron_recheck') ) { |
|
650 |
wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' ); |
|
651 |
do_action( 'akismet_scheduled_recheck', 'remaining' ); |
|
652 |
} |
|
653 |
} |
|
654 |
|
|
655 |
public static function fix_scheduled_recheck() { |
|
656 |
$future_check = wp_next_scheduled( 'akismet_schedule_cron_recheck' ); |
|
657 |
if ( !$future_check ) { |
|
658 |
return; |
|
659 |
} |
|
660 |
|
|
661 |
if ( get_option( 'akismet_alert_code' ) > 0 ) { |
|
662 |
return; |
|
663 |
} |
|
664 |
|
|
665 |
$check_range = time() + 1200; |
|
666 |
if ( $future_check > $check_range ) { |
|
667 |
wp_clear_scheduled_hook( 'akismet_schedule_cron_recheck' ); |
|
668 |
wp_schedule_single_event( time() + 300, 'akismet_schedule_cron_recheck' ); |
|
669 |
do_action( 'akismet_scheduled_recheck', 'fix-scheduled-recheck' ); |
|
670 |
} |
|
671 |
} |
|
672 |
|
|
673 |
public static function add_comment_nonce( $post_id ) { |
|
674 |
echo '<p style="display: none;">'; |
|
675 |
wp_nonce_field( 'akismet_comment_nonce_' . $post_id, 'akismet_comment_nonce', FALSE ); |
|
676 |
echo '</p>'; |
|
677 |
} |
|
678 |
|
|
679 |
public static function is_test_mode() { |
|
680 |
return defined('AKISMET_TEST_MODE') && AKISMET_TEST_MODE; |
|
681 |
} |
|
682 |
|
|
683 |
public static function allow_discard() { |
|
684 |
if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) |
|
685 |
return false; |
|
686 |
if ( is_user_logged_in() ) |
|
687 |
return false; |
|
688 |
|
|
689 |
return ( get_option( 'akismet_strictness' ) === '1' ); |
|
690 |
} |
|
691 |
|
|
692 |
public static function get_ip_address() { |
|
693 |
return isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null; |
|
694 |
} |
|
695 |
|
|
696 |
/** |
|
697 |
* Do these two comments, without checking the comment_ID, "match"? |
|
698 |
* |
|
699 |
* @param mixed $comment1 A comment object or array. |
|
700 |
* @param mixed $comment2 A comment object or array. |
|
701 |
* @return bool Whether the two comments should be treated as the same comment. |
|
702 |
*/ |
|
703 |
private static function comments_match( $comment1, $comment2 ) { |
|
704 |
$comment1 = (array) $comment1; |
|
705 |
$comment2 = (array) $comment2; |
|
706 |
|
|
707 |
return ( |
|
708 |
isset( $comment1['comment_post_ID'], $comment2['comment_post_ID'] ) |
|
709 |
&& intval( $comment1['comment_post_ID'] ) == intval( $comment2['comment_post_ID'] ) |
|
710 |
&& ( |
|
711 |
$comment1['comment_author'] == $comment2['comment_author'] |
|
712 |
|| stripslashes( $comment1['comment_author'] ) == $comment2['comment_author'] |
|
713 |
|| $comment1['comment_author'] == stripslashes( $comment2['comment_author'] ) |
|
714 |
) |
|
715 |
&& ( |
|
716 |
$comment1['comment_author_email'] == $comment2['comment_author_email'] |
|
717 |
|| stripslashes( $comment1['comment_author_email'] ) == $comment2['comment_author_email'] |
|
718 |
|| $comment1['comment_author_email'] == stripslashes( $comment2['comment_author_email'] ) |
|
719 |
) |
|
720 |
); |
|
721 |
} |
|
722 |
|
|
723 |
// Does the supplied comment match the details of the one most recently stored in self::$last_comment? |
|
724 |
public static function matches_last_comment( $comment ) { |
|
725 |
if ( is_object( $comment ) ) |
|
726 |
$comment = (array) $comment; |
|
727 |
|
|
728 |
return self::comments_match( self::$last_comment, $comment ); |
|
729 |
} |
|
730 |
|
|
731 |
private static function get_user_agent() { |
|
732 |
return isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : null; |
|
733 |
} |
|
734 |
|
|
735 |
private static function get_referer() { |
|
736 |
return isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : null; |
|
737 |
} |
|
738 |
|
|
739 |
// return a comma-separated list of role names for the given user |
|
740 |
public static function get_user_roles( $user_id ) { |
|
741 |
$roles = false; |
|
742 |
|
|
743 |
if ( !class_exists('WP_User') ) |
|
744 |
return false; |
|
745 |
|
|
746 |
if ( $user_id > 0 ) { |
|
747 |
$comment_user = new WP_User( $user_id ); |
|
748 |
if ( isset( $comment_user->roles ) ) |
|
749 |
$roles = join( ',', $comment_user->roles ); |
|
750 |
} |
|
751 |
|
|
752 |
if ( is_multisite() && is_super_admin( $user_id ) ) { |
|
753 |
if ( empty( $roles ) ) { |
|
754 |
$roles = 'super_admin'; |
|
755 |
} else { |
|
756 |
$comment_user->roles[] = 'super_admin'; |
|
757 |
$roles = join( ',', $comment_user->roles ); |
|
758 |
} |
|
759 |
} |
|
760 |
|
|
761 |
return $roles; |
|
762 |
} |
|
763 |
|
|
764 |
// filter handler used to return a spam result to pre_comment_approved |
|
765 |
public static function last_comment_status( $approved, $comment ) { |
|
766 |
// Only do this if it's the correct comment |
|
767 |
if ( is_null(self::$last_comment_result) || ! self::matches_last_comment( $comment ) ) { |
|
768 |
self::log( "comment_is_spam mismatched comment, returning unaltered $approved" ); |
|
769 |
return $approved; |
|
770 |
} |
|
771 |
|
|
772 |
// bump the counter here instead of when the filter is added to reduce the possibility of overcounting |
|
773 |
if ( $incr = apply_filters('akismet_spam_count_incr', 1) ) |
|
774 |
update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr ); |
|
775 |
|
|
776 |
return self::$last_comment_result; |
|
777 |
} |
|
778 |
|
|
779 |
/** |
|
780 |
* If Akismet is temporarily unreachable, we don't want to "spam" the blogger with |
|
781 |
* moderation emails for comments that will be automatically cleared or spammed on |
|
782 |
* the next retry. |
|
783 |
* |
|
784 |
* For comments that will be rechecked later, empty the list of email addresses that |
|
785 |
* the moderation email would be sent to. |
|
786 |
* |
|
787 |
* @param array $emails An array of email addresses that the moderation email will be sent to. |
|
788 |
* @param int $comment_id The ID of the relevant comment. |
|
789 |
* @return array An array of email addresses that the moderation email will be sent to. |
|
790 |
*/ |
|
791 |
public static function disable_moderation_emails_if_unreachable( $emails, $comment_id ) { |
|
792 |
if ( ! empty( self::$prevent_moderation_email_for_these_comments ) && ! empty( $emails ) ) { |
|
793 |
$comment = get_comment( $comment_id ); |
|
794 |
|
|
795 |
foreach ( self::$prevent_moderation_email_for_these_comments as $possible_match ) { |
|
796 |
if ( self::comments_match( $possible_match, $comment ) ) { |
|
797 |
update_comment_meta( $comment_id, 'akismet_delayed_moderation_email', true ); |
|
798 |
return array(); |
|
799 |
} |
|
800 |
} |
|
801 |
} |
|
802 |
|
|
803 |
return $emails; |
|
804 |
} |
|
805 |
|
|
806 |
public static function _cmp_time( $a, $b ) { |
|
807 |
return $a['time'] > $b['time'] ? -1 : 1; |
|
808 |
} |
|
809 |
|
|
810 |
public static function _get_microtime() { |
|
811 |
$mtime = explode( ' ', microtime() ); |
|
812 |
return $mtime[1] + $mtime[0]; |
|
813 |
} |
|
814 |
|
|
815 |
/** |
|
816 |
* Make a POST request to the Akismet API. |
|
817 |
* |
|
818 |
* @param string $request The body of the request. |
|
819 |
* @param string $path The path for the request. |
|
820 |
* @param string $ip The specific IP address to hit. |
|
821 |
* @return array A two-member array consisting of the headers and the response body, both empty in the case of a failure. |
|
822 |
*/ |
|
823 |
public static function http_post( $request, $path, $ip=null ) { |
|
824 |
|
|
825 |
$akismet_ua = sprintf( 'WordPress/%s | Akismet/%s', $GLOBALS['wp_version'], constant( 'AKISMET_VERSION' ) ); |
|
826 |
$akismet_ua = apply_filters( 'akismet_ua', $akismet_ua ); |
|
827 |
|
|
828 |
$content_length = strlen( $request ); |
|
829 |
|
|
830 |
$api_key = self::get_api_key(); |
|
831 |
$host = self::API_HOST; |
|
832 |
|
|
833 |
if ( !empty( $api_key ) ) |
|
834 |
$host = $api_key.'.'.$host; |
|
835 |
|
|
836 |
$http_host = $host; |
|
837 |
// use a specific IP if provided |
|
838 |
// needed by Akismet_Admin::check_server_connectivity() |
|
839 |
if ( $ip && long2ip( ip2long( $ip ) ) ) { |
|
840 |
$http_host = $ip; |
|
841 |
} |
|
842 |
|
|
843 |
$http_args = array( |
|
844 |
'body' => $request, |
|
845 |
'headers' => array( |
|
846 |
'Content-Type' => 'application/x-www-form-urlencoded; charset=' . get_option( 'blog_charset' ), |
|
847 |
'Host' => $host, |
|
848 |
'User-Agent' => $akismet_ua, |
|
849 |
), |
|
850 |
'httpversion' => '1.0', |
|
851 |
'timeout' => 15 |
|
852 |
); |
|
853 |
|
|
854 |
$akismet_url = $http_akismet_url = "http://{$http_host}/1.1/{$path}"; |
|
855 |
|
|
856 |
/** |
|
857 |
* Try SSL first; if that fails, try without it and don't try it again for a while. |
|
858 |
*/ |
|
859 |
|
|
860 |
$ssl = $ssl_failed = false; |
|
861 |
|
|
862 |
// Check if SSL requests were disabled fewer than X hours ago. |
|
863 |
$ssl_disabled = get_option( 'akismet_ssl_disabled' ); |
|
864 |
|
|
865 |
if ( $ssl_disabled && $ssl_disabled < ( time() - 60 * 60 * 24 ) ) { // 24 hours |
|
866 |
$ssl_disabled = false; |
|
867 |
delete_option( 'akismet_ssl_disabled' ); |
|
868 |
} |
|
869 |
else if ( $ssl_disabled ) { |
|
870 |
do_action( 'akismet_ssl_disabled' ); |
|
871 |
} |
|
872 |
|
|
873 |
if ( ! $ssl_disabled && function_exists( 'wp_http_supports') && ( $ssl = wp_http_supports( array( 'ssl' ) ) ) ) { |
|
874 |
$akismet_url = set_url_scheme( $akismet_url, 'https' ); |
|
875 |
|
|
876 |
do_action( 'akismet_https_request_pre' ); |
|
877 |
} |
|
878 |
|
|
879 |
$response = wp_remote_post( $akismet_url, $http_args ); |
|
880 |
|
|
881 |
Akismet::log( compact( 'akismet_url', 'http_args', 'response' ) ); |
|
882 |
|
|
883 |
if ( $ssl && is_wp_error( $response ) ) { |
|
884 |
do_action( 'akismet_https_request_failure', $response ); |
|
885 |
|
|
886 |
// Intermittent connection problems may cause the first HTTPS |
|
887 |
// request to fail and subsequent HTTP requests to succeed randomly. |
|
888 |
// Retry the HTTPS request once before disabling SSL for a time. |
|
889 |
$response = wp_remote_post( $akismet_url, $http_args ); |
|
890 |
|
|
891 |
Akismet::log( compact( 'akismet_url', 'http_args', 'response' ) ); |
|
892 |
|
|
893 |
if ( is_wp_error( $response ) ) { |
|
894 |
$ssl_failed = true; |
|
895 |
|
|
896 |
do_action( 'akismet_https_request_failure', $response ); |
|
897 |
|
|
898 |
do_action( 'akismet_http_request_pre' ); |
|
899 |
|
|
900 |
// Try the request again without SSL. |
|
901 |
$response = wp_remote_post( $http_akismet_url, $http_args ); |
|
902 |
|
|
903 |
Akismet::log( compact( 'http_akismet_url', 'http_args', 'response' ) ); |
|
904 |
} |
|
905 |
} |
|
906 |
|
|
907 |
if ( is_wp_error( $response ) ) { |
|
908 |
do_action( 'akismet_request_failure', $response ); |
|
909 |
|
|
910 |
return array( '', '' ); |
|
911 |
} |
|
912 |
|
|
913 |
if ( $ssl_failed ) { |
|
914 |
// The request failed when using SSL but succeeded without it. Disable SSL for future requests. |
|
915 |
update_option( 'akismet_ssl_disabled', time() ); |
|
916 |
|
|
917 |
do_action( 'akismet_https_disabled' ); |
|
918 |
} |
|
919 |
|
|
920 |
$simplified_response = array( $response['headers'], $response['body'] ); |
|
921 |
|
|
922 |
self::update_alert( $simplified_response ); |
|
923 |
|
|
924 |
return $simplified_response; |
|
925 |
} |
|
926 |
|
|
927 |
// given a response from an API call like check_key_status(), update the alert code options if an alert is present. |
|
928 |
private static function update_alert( $response ) { |
|
929 |
$code = $msg = null; |
|
930 |
if ( isset( $response[0]['x-akismet-alert-code'] ) ) { |
|
931 |
$code = $response[0]['x-akismet-alert-code']; |
|
932 |
$msg = $response[0]['x-akismet-alert-msg']; |
|
933 |
} |
|
934 |
|
|
935 |
// only call update_option() if the value has changed |
|
936 |
if ( $code != get_option( 'akismet_alert_code' ) ) { |
|
937 |
if ( ! $code ) { |
|
938 |
delete_option( 'akismet_alert_code' ); |
|
939 |
delete_option( 'akismet_alert_msg' ); |
|
940 |
} |
|
941 |
else { |
|
942 |
update_option( 'akismet_alert_code', $code ); |
|
943 |
update_option( 'akismet_alert_msg', $msg ); |
|
944 |
} |
|
945 |
} |
|
946 |
} |
|
947 |
|
|
948 |
public static function load_form_js() { |
|
949 |
// WP < 3.3 can't enqueue a script this late in the game and still have it appear in the footer. |
|
950 |
// Once we drop support for everything pre-3.3, this can change back to a single enqueue call. |
|
951 |
wp_register_script( 'akismet-form', AKISMET__PLUGIN_URL . '_inc/form.js', array(), AKISMET_VERSION, true ); |
|
952 |
add_action( 'wp_footer', array( 'Akismet', 'print_form_js' ) ); |
|
953 |
add_action( 'admin_footer', array( 'Akismet', 'print_form_js' ) ); |
|
954 |
} |
|
955 |
|
|
956 |
public static function print_form_js() { |
|
957 |
wp_print_scripts( 'akismet-form' ); |
|
958 |
} |
|
959 |
|
|
960 |
public static function inject_ak_js( $fields ) { |
|
961 |
echo '<p style="display: none;">'; |
|
962 |
echo '<input type="hidden" id="ak_js" name="ak_js" value="' . mt_rand( 0, 250 ) . '"/>'; |
|
963 |
echo '</p>'; |
|
964 |
} |
|
965 |
|
|
966 |
private static function bail_on_activation( $message, $deactivate = true ) { |
|
967 |
?> |
|
968 |
<!doctype html> |
|
969 |
<html> |
|
970 |
<head> |
|
971 |
<meta charset="<?php bloginfo( 'charset' ); ?>"> |
|
972 |
<style> |
|
973 |
* { |
|
974 |
text-align: center; |
|
975 |
margin: 0; |
|
976 |
padding: 0; |
|
977 |
font-family: "Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif; |
|
978 |
} |
|
979 |
p { |
|
980 |
margin-top: 1em; |
|
981 |
font-size: 18px; |
|
982 |
} |
|
983 |
</style> |
|
984 |
<body> |
|
985 |
<p><?php echo esc_html( $message ); ?></p> |
|
986 |
</body> |
|
987 |
</html> |
|
988 |
<?php |
|
989 |
if ( $deactivate ) { |
|
990 |
$plugins = get_option( 'active_plugins' ); |
|
991 |
$akismet = plugin_basename( AKISMET__PLUGIN_DIR . 'akismet.php' ); |
|
992 |
$update = false; |
|
993 |
foreach ( $plugins as $i => $plugin ) { |
|
994 |
if ( $plugin === $akismet ) { |
|
995 |
$plugins[$i] = false; |
|
996 |
$update = true; |
|
997 |
} |
|
998 |
} |
|
999 |
|
|
1000 |
if ( $update ) { |
|
1001 |
update_option( 'active_plugins', array_filter( $plugins ) ); |
|
1002 |
} |
|
1003 |
} |
|
1004 |
exit; |
|
1005 |
} |
|
1006 |
|
|
1007 |
public static function view( $name, array $args = array() ) { |
|
1008 |
$args = apply_filters( 'akismet_view_arguments', $args, $name ); |
|
1009 |
|
|
1010 |
foreach ( $args AS $key => $val ) { |
|
1011 |
$$key = $val; |
|
1012 |
} |
|
1013 |
|
|
1014 |
load_plugin_textdomain( 'akismet' ); |
|
1015 |
|
|
1016 |
$file = AKISMET__PLUGIN_DIR . 'views/'. $name . '.php'; |
|
1017 |
|
|
1018 |
include( $file ); |
|
1019 |
} |
|
1020 |
|
|
1021 |
/** |
|
1022 |
* Attached to activate_{ plugin_basename( __FILES__ ) } by register_activation_hook() |
|
1023 |
* @static |
|
1024 |
*/ |
|
1025 |
public static function plugin_activation() { |
|
1026 |
if ( version_compare( $GLOBALS['wp_version'], AKISMET__MINIMUM_WP_VERSION, '<' ) ) { |
|
1027 |
load_plugin_textdomain( 'akismet' ); |
|
1028 |
|
|
1029 |
$message = '<strong>'.sprintf(esc_html__( 'Akismet %s requires WordPress %s or higher.' , 'akismet'), AKISMET_VERSION, AKISMET__MINIMUM_WP_VERSION ).'</strong> '.sprintf(__('Please <a href="%1$s">upgrade WordPress</a> to a current version, or <a href="%2$s">downgrade to version 2.4 of the Akismet plugin</a>.', 'akismet'), 'https://codex.wordpress.org/Upgrading_WordPress', 'http://wordpress.org/extend/plugins/akismet/download/'); |
|
1030 |
|
|
1031 |
Akismet::bail_on_activation( $message ); |
|
1032 |
} |
|
1033 |
} |
|
1034 |
|
|
1035 |
/** |
|
1036 |
* Removes all connection options |
|
1037 |
* @static |
|
1038 |
*/ |
|
1039 |
public static function plugin_deactivation( ) { |
|
1040 |
return self::deactivate_key( self::get_api_key() ); |
|
1041 |
} |
|
1042 |
|
|
1043 |
/** |
|
1044 |
* Essentially a copy of WP's build_query but one that doesn't expect pre-urlencoded values. |
|
1045 |
* |
|
1046 |
* @param array $args An array of key => value pairs |
|
1047 |
* @return string A string ready for use as a URL query string. |
|
1048 |
*/ |
|
1049 |
public static function build_query( $args ) { |
|
1050 |
return _http_build_query( $args, '', '&' ); |
|
1051 |
} |
|
1052 |
|
|
1053 |
/** |
|
1054 |
* Log debugging info to the error log. |
|
1055 |
* |
|
1056 |
* Enabled when WP_DEBUG_LOG is enabled, but can be disabled via the akismet_debug_log filter. |
|
1057 |
* |
|
1058 |
* @param mixed $akismet_debug The data to log. |
|
1059 |
*/ |
|
1060 |
public static function log( $akismet_debug ) { |
|
1061 |
if ( apply_filters( 'akismet_debug_log', defined( 'WP_DEBUG_LOG' ) && WP_DEBUG_LOG ) ) { |
|
1062 |
error_log( print_r( compact( 'akismet_debug' ), true ) ); |
|
1063 |
} |
|
1064 |
} |
|
1065 |
|
|
1066 |
public static function pre_check_pingback( $method ) { |
|
1067 |
if ( $method !== 'pingback.ping' ) |
|
1068 |
return; |
|
1069 |
|
|
1070 |
global $wp_xmlrpc_server; |
|
1071 |
|
|
1072 |
if ( !is_object( $wp_xmlrpc_server ) ) |
|
1073 |
return false; |
|
1074 |
|
|
1075 |
// Lame: tightly coupled with the IXR class. |
|
1076 |
$args = $wp_xmlrpc_server->message->params; |
|
1077 |
|
|
1078 |
if ( !empty( $args[1] ) ) { |
|
1079 |
$post_id = url_to_postid( $args[1] ); |
|
1080 |
|
|
1081 |
// If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification |
|
1082 |
Akismet::pingback_forwarded_for( null, $args[0] ); |
|
1083 |
add_filter( 'http_request_args', array( 'Akismet', 'pingback_forwarded_for' ), 10, 2 ); |
|
1084 |
|
|
1085 |
$comment = array( |
|
1086 |
'comment_author_url' => $args[0], |
|
1087 |
'comment_post_ID' => $post_id, |
|
1088 |
'comment_author' => '', |
|
1089 |
'comment_author_email' => '', |
|
1090 |
'comment_content' => '', |
|
1091 |
'comment_type' => 'pingback', |
|
1092 |
'akismet_pre_check' => '1', |
|
1093 |
'comment_pingback_target' => $args[1], |
|
1094 |
); |
|
1095 |
|
|
1096 |
$comment = Akismet::auto_check_comment( $comment ); |
|
1097 |
|
|
1098 |
if ( isset( $comment['akismet_result'] ) && 'true' == $comment['akismet_result'] ) { |
|
1099 |
// Lame: tightly coupled with the IXR classes. Unfortunately the action provides no context and no way to return anything. |
|
1100 |
$wp_xmlrpc_server->error( new IXR_Error( 0, 'Invalid discovery target' ) ); |
|
1101 |
} |
|
1102 |
} |
|
1103 |
} |
|
1104 |
|
|
1105 |
public static function pingback_forwarded_for( $r, $url ) { |
|
1106 |
static $urls = array(); |
|
1107 |
|
|
1108 |
// Call this with $r == null to prime the callback to add headers on a specific URL |
|
1109 |
if ( is_null( $r ) && !in_array( $url, $urls ) ) { |
|
1110 |
$urls[] = $url; |
|
1111 |
} |
|
1112 |
|
|
1113 |
// Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source) |
|
1114 |
if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) { |
|
1115 |
$remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] ); |
|
1116 |
|
|
1117 |
// Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use |
|
1118 |
$r['headers']['X-Pingback-Forwarded-For'] = $remote_ip; |
|
1119 |
|
|
1120 |
// Also identify the request as a pingback verification in the UA string so it appears in logs |
|
1121 |
$r['user-agent'] .= '; verifying pingback from ' . $remote_ip; |
|
1122 |
} |
|
1123 |
|
|
1124 |
return $r; |
|
1125 |
} |
|
1126 |
|
|
1127 |
/** |
|
1128 |
* Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta. |
|
1129 |
* |
|
1130 |
* @param mixed $meta_value |
|
1131 |
* @return mixed |
|
1132 |
*/ |
|
1133 |
private static function sanitize_comment_as_submitted( $meta_value ) { |
|
1134 |
if ( empty( $meta_value ) ) { |
|
1135 |
return $meta_value; |
|
1136 |
} |
|
1137 |
|
|
1138 |
$meta_value = (array) $meta_value; |
|
1139 |
|
|
1140 |
foreach ( $meta_value as $key => $value ) { |
|
1141 |
if ( ! isset( self::$comment_as_submitted_allowed_keys[$key] ) || ! is_scalar( $value ) ) { |
|
1142 |
unset( $meta_value[$key] ); |
|
1143 |
} |
|
1144 |
} |
|
1145 |
|
|
1146 |
return $meta_value; |
|
1147 |
} |
|
1148 |
} |