| Server IP : 66.29.132.124 / Your IP : 13.59.36.4 Web Server : LiteSpeed System : Linux business141.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64 User : wavevlvu ( 1524) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/wavevlvu/blog.diixadigital.com/wp-content/plugins/wpforms-lite/src/Forms/ |
Upload File : |
<?php
namespace WPForms\Forms;
use Akismet as AkismetPlugin;
/**
* Class Akismet.
*
* @since 1.7.6
*/
class Akismet {
/**
* Is the Akismet plugin installed?
*
* @since 1.7.6
*
* @return bool
*/
public static function is_installed(): bool {
return file_exists( WP_PLUGIN_DIR . '/akismet/akismet.php' );
}
/**
* Is the Akismet plugin activated?
*
* @since 1.7.6
*
* @return bool
*/
public static function is_activated(): bool {
return is_callable( [ 'Akismet', 'get_api_key' ] ) && is_callable( [ 'Akismet', 'http_post' ] );
}
/**
* Has the Akismet plugin been configured wih a valid API key?
*
* @since 1.7.6
*
* @return bool
*/
public static function is_configured(): bool {
// Akismet will only allow an API key to be saved if it is a valid key.
// We can assume that if there is an API key saved, it is valid.
return self::is_activated() && ! empty( AkismetPlugin::get_api_key() );
}
/**
* Get the list of field types that are allowed to be sent to Akismet.
*
* @since 1.7.6
*
* @return array List of field types that are allowed to be sent to Akismet
*/
private function get_field_type_allowlist(): array {
$field_type_allowlist = [
'text',
'textarea',
'name',
'email',
'phone',
'address',
'url',
'richtext',
];
/**
* Filters the field types that are allowed to be sent to Akismet.
*
* @since 1.7.6
*
* @param array $field_type_allowlist Field types allowed to be sent to Akismet.
*/
return (array) apply_filters( 'wpforms_forms_akismet_get_field_type_allowlist', $field_type_allowlist );
}
/**
* Get the entry data to be sent to Akismet.
*
* @since 1.7.6
*
* @param array $fields Field data for the current form.
* @param array $entry Entry data.
*
* @return array $entry_data Entry data to be sent to Akismet.
*/
private function get_entry_data( array $fields, array $entry ): array {
$field_type_allowlist = $this->get_field_type_allowlist();
$entry_data = [];
$entry_content = [];
foreach ( $fields as $field_id => $field ) {
$field_type = $field['type'];
if ( ! in_array( $field_type, $field_type_allowlist, true ) ) {
continue;
}
$field_content = $this->get_field_content( $field, $entry, $field_id );
if ( ! isset( $entry_data[ $field_type ] ) && in_array( $field_type, [ 'name', 'email', 'url' ], true ) ) {
$entry_data[ $field_type ] = $field_content;
continue;
}
$entry_content[] = $field_content;
}
$entry_data['content'] = implode( ' ', $entry_content );
return $entry_data;
}
/**
* Get field content.
*
* @since 1.8.5
*
* @param array $field Field data.
* @param array $entry Entry data.
* @param int $field_id Field ID.
*
* @return string
*/
private function get_field_content( array $field, array $entry, int $field_id ): string {
if ( ! isset( $entry['fields'][ $field_id ] ) ) {
return '';
}
if ( ! is_array( $entry['fields'][ $field_id ] ) ) {
return (string) $entry['fields'][ $field_id ];
}
if ( ! empty( $field['type'] ) && $field['type'] === 'email' && ! empty( $entry['fields'][ $field_id ]['primary'] ) ) {
return (string) $entry['fields'][ $field_id ]['primary'];
}
return implode( ' ', $entry['fields'][ $field_id ] );
}
/**
* Is the entry marked as spam by Akismet?
*
* @since 1.7.6
*
* @param array $form_data Form data for the current form.
* @param array $entry Entry data for the current entry.
*
* @return bool
*/
private function entry_is_spam( array $form_data, array $entry ): bool { // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh
$entry_data = $this->get_entry_data( $form_data['fields'], $entry );
$request = [
'blog' => get_option( 'home' ),
'blog_lang' => get_locale(),
'blog_charset' => get_bloginfo( 'charset' ),
'permalink' => wpforms_current_url(),
'user_ip' => wpforms_is_collecting_ip_allowed( $form_data ) ? wpforms_get_ip() : null,
'user_id' => get_current_user_id(),
'user_role' => AkismetPlugin::get_user_roles( get_current_user_id() ),
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
'user_agent' => isset( $_SERVER['HTTP_USER_AGENT'] ) ? wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) : null,
'referrer' => wp_get_referer() ? wp_get_referer() : null,
'comment_type' => 'contact-form',
'comment_author' => $entry_data['name'] ?? '',
'comment_author_email' => $entry_data['email'] ?? '',
'comment_author_url' => $entry_data['url'] ?? '',
'comment_content' => $entry_data['content'] ?? '',
'honeypot_field_name' => 'wpforms[hp]',
];
// Tell Akismet to not use the submission for training if we're on the Preview page and the user is
// an administrator. Checking for both the preview page and the administrator role prevents
// abuse by simply adding a GET parameter. This check happens in the ajax request,
// where `\WPForms\Forms\Preview::is_preview_page()` does not work, so we
// need to check for the GET parameter directly.
if (
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
isset( $_REQUEST['page_url'] ) && strpos( wp_unslash( $_REQUEST['page_url'] ), 'wpforms_form_preview' ) !== false &&
current_user_can( 'manage_options' )
) {
$request['is_test'] = true;
}
// build_query() does not urlencode the values, but API explicitly requires it.
$request = array_map( 'urlencode', $request );
$response = AkismetPlugin::http_post( build_query( $request ), 'comment-check' );
return ! empty( $response ) && isset( $response[1] ) && 'true' === trim( $response[1] );
}
/**
* Validate entry.
*
* @since 1.7.6
*
* @param array $form_data Form data for the current form.
* @param array $entry Entry data for the current entry.
*
* @return string|bool
*/
public function validate( array $form_data, array $entry ) {
// If Akismet is turned on in form settings, is activated, is configured and the entry is spam.
if (
! empty( $form_data['settings']['akismet'] ) &&
self::is_configured() &&
$this->entry_is_spam( $form_data, $entry )
) {
// This string is being logged not printed, so it does not need to be translatable.
return esc_html__( 'Anti-spam verification failed, please try again later.', 'wpforms-lite' );
}
return false;
}
}