--- a/wp/wp-content/plugins/akismet/class.akismet.php Mon Oct 14 18:06:33 2019 +0200
+++ b/wp/wp-content/plugins/akismet/class.akismet.php Mon Oct 14 18:28:13 2019 +0200
@@ -65,6 +65,11 @@
}
public static function verify_key( $key, $ip = null ) {
+ // Shortcut for obviously invalid keys.
+ if ( strlen( $key ) != 12 ) {
+ return 'invalid';
+ }
+
$response = self::check_key_status( $key, $ip );
if ( $response[1] != 'valid' && $response[1] != 'invalid' )
@@ -575,6 +580,11 @@
if ( $new_status == $old_status )
return;
+ if ( 'spam' === $new_status || 'spam' === $old_status ) {
+ // Clear the cache of the "X comments in your spam queue" count on the dashboard.
+ wp_cache_delete( 'akismet_spam_count', 'widget' );
+ }
+
# we don't need to record a history item for deleted comments
if ( $new_status == 'delete' )
return;
@@ -762,7 +772,6 @@
|| strtotime( $comment->comment_date_gmt ) < strtotime( "-15 days" ) // Comment is too old.
|| $comment->comment_approved !== "0" // Comment is no longer in the Pending queue
) {
- echo "Deleting";
delete_comment_meta( $comment_id, 'akismet_error' );
delete_comment_meta( $comment_id, 'akismet_delayed_moderation_email' );
continue;
@@ -1174,6 +1183,10 @@
}
public static function load_form_js() {
+ if ( function_exists( 'is_amp_endpoint' ) && is_amp_endpoint() ) {
+ return;
+ }
+
wp_register_script( 'akismet-form', plugin_dir_url( __FILE__ ) . '_inc/form.js', array(), AKISMET_VERSION, true );
wp_enqueue_script( 'akismet-form' );
}
@@ -1329,9 +1342,16 @@
if ( !empty( $args[1] ) ) {
$post_id = url_to_postid( $args[1] );
- // If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification
- Akismet::pingback_forwarded_for( null, $args[0] );
- add_filter( 'http_request_args', array( 'Akismet', 'pingback_forwarded_for' ), 10, 2 );
+ // If pingbacks aren't open on this post, we'll still check whether this request is part of a potential DDOS,
+ // but indicate to the server that pingbacks are indeed closed so we don't include this request in the user's stats,
+ // since the user has already done their part by disabling pingbacks.
+ $pingbacks_closed = false;
+
+ $post = get_post( $post_id );
+
+ if ( ! $post || ! pings_open( $post ) ) {
+ $pingbacks_closed = true;
+ }
$comment = array(
'comment_author_url' => $args[0],
@@ -1342,6 +1362,7 @@
'comment_type' => 'pingback',
'akismet_pre_check' => '1',
'comment_pingback_target' => $args[1],
+ 'pingbacks_closed' => $pingbacks_closed ? '1' : '0',
);
$comment = Akismet::auto_check_comment( $comment );
@@ -1352,29 +1373,7 @@
}
}
}
-
- public static function pingback_forwarded_for( $r, $url ) {
- static $urls = array();
-
- // Call this with $r == null to prime the callback to add headers on a specific URL
- if ( is_null( $r ) && !in_array( $url, $urls ) ) {
- $urls[] = $url;
- }
- // Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source)
- if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) {
- $remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] );
-
- // Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use
- $r['headers']['X-Pingback-Forwarded-For'] = $remote_ip;
-
- // Also identify the request as a pingback verification in the UA string so it appears in logs
- $r['user-agent'] .= '; verifying pingback from ' . $remote_ip;
- }
-
- return $r;
- }
-
/**
* Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta.
*