Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

namespace WPForms\Forms;

[2] Fix | Delete

[3] Fix | Delete

use Akismet as AkismetPlugin;

[4] Fix | Delete

[5] Fix | Delete

/**

[6] Fix | Delete

* Class Akismet.

[7] Fix | Delete

[8] Fix | Delete

* @since 1.7.6

[9] Fix | Delete

[10] Fix | Delete

class Akismet {

[11] Fix | Delete

[12] Fix | Delete

/**

[13] Fix | Delete

* Is the Akismet plugin installed?

[14] Fix | Delete

[15] Fix | Delete

* @since 1.7.6

[16] Fix | Delete

[17] Fix | Delete

* @return bool

[18] Fix | Delete

[19] Fix | Delete

public static function is_installed(): bool {

[20] Fix | Delete

[21] Fix | Delete

return file_exists( WP_PLUGIN_DIR . '/akismet/akismet.php' );

[22] Fix | Delete

}

[23] Fix | Delete

[24] Fix | Delete

/**

[25] Fix | Delete

* Is the Akismet plugin activated?

[26] Fix | Delete

[27] Fix | Delete

* @since 1.7.6

[28] Fix | Delete

[29] Fix | Delete

* @return bool

[30] Fix | Delete

[31] Fix | Delete

public static function is_activated(): bool {

[32] Fix | Delete

[33] Fix | Delete

return is_callable( [ 'Akismet', 'get_api_key' ] ) && is_callable( [ 'Akismet', 'http_post' ] );

[34] Fix | Delete

}

[35] Fix | Delete

[36] Fix | Delete

/**

[37] Fix | Delete

* Has the Akismet plugin been configured wih a valid API key?

[38] Fix | Delete

[39] Fix | Delete

* @since 1.7.6

[40] Fix | Delete

[41] Fix | Delete

* @return bool

[42] Fix | Delete

[43] Fix | Delete

public static function is_configured(): bool {

[44] Fix | Delete

[45] Fix | Delete

// Akismet will only allow an API key to be saved if it is a valid key.

[46] Fix | Delete

// We can assume that if there is an API key saved, it is valid.

[47] Fix | Delete

return self::is_activated() && ! empty( AkismetPlugin::get_api_key() );

[48] Fix | Delete

}

[49] Fix | Delete

[50] Fix | Delete

/**

[51] Fix | Delete

* Get the list of field types that are allowed to be sent to Akismet.

[52] Fix | Delete

[53] Fix | Delete

* @since 1.7.6

[54] Fix | Delete

[55] Fix | Delete

* @return array List of field types that are allowed to be sent to Akismet

[56] Fix | Delete

[57] Fix | Delete

private function get_field_type_allowlist(): array {

[58] Fix | Delete

[59] Fix | Delete

$field_type_allowlist = [

[60] Fix | Delete

'text',

[61] Fix | Delete

'textarea',

[62] Fix | Delete

'name',

[63] Fix | Delete

'email',

[64] Fix | Delete

'phone',

[65] Fix | Delete

'address',

[66] Fix | Delete

'url',

[67] Fix | Delete

'richtext',

[68] Fix | Delete

];

[69] Fix | Delete

[70] Fix | Delete

/**

[71] Fix | Delete

* Filters the field types that are allowed to be sent to Akismet.

[72] Fix | Delete

[73] Fix | Delete

* @since 1.7.6

[74] Fix | Delete

[75] Fix | Delete

* @param array $field_type_allowlist Field types allowed to be sent to Akismet.

[76] Fix | Delete

[77] Fix | Delete

return (array) apply_filters( 'wpforms_forms_akismet_get_field_type_allowlist', $field_type_allowlist );

[78] Fix | Delete

}

[79] Fix | Delete

[80] Fix | Delete

/**

[81] Fix | Delete

* Get the entry data to be sent to Akismet.

[82] Fix | Delete

[83] Fix | Delete

* @since 1.7.6

[84] Fix | Delete

[85] Fix | Delete

* @param array $fields Field data for the current form.

[86] Fix | Delete

* @param array $entry Entry data.

[87] Fix | Delete

[88] Fix | Delete

* @return array $entry_data Entry data to be sent to Akismet.

[89] Fix | Delete

[90] Fix | Delete

private function get_entry_data( array $fields, array $entry ): array {

[91] Fix | Delete

[92] Fix | Delete

$field_type_allowlist = $this->get_field_type_allowlist();

[93] Fix | Delete

$entry_data = [];

[94] Fix | Delete

$entry_content = [];

[95] Fix | Delete

[96] Fix | Delete

foreach ( $fields as $field_id => $field ) {

[97] Fix | Delete

$field_type = $field['type'];

[98] Fix | Delete

[99] Fix | Delete

if ( ! in_array( $field_type, $field_type_allowlist, true ) ) {

[100] Fix | Delete

continue;

[101] Fix | Delete

}

[102] Fix | Delete

[103] Fix | Delete

$field_content = $this->get_field_content( $field, $entry, $field_id );

[104] Fix | Delete

[105] Fix | Delete

if ( ! isset( $entry_data[ $field_type ] ) && in_array( $field_type, [ 'name', 'email', 'url' ], true ) ) {

[106] Fix | Delete

$entry_data[ $field_type ] = $field_content;

[107] Fix | Delete

[108] Fix | Delete

continue;

[109] Fix | Delete

}

[110] Fix | Delete

[111] Fix | Delete

$entry_content[] = $field_content;

[112] Fix | Delete

}

[113] Fix | Delete

[114] Fix | Delete

$entry_data['content'] = implode( ' ', $entry_content );

[115] Fix | Delete

[116] Fix | Delete

return $entry_data;

[117] Fix | Delete

}

[118] Fix | Delete

[119] Fix | Delete

/**

[120] Fix | Delete

* Get field content.

[121] Fix | Delete

[122] Fix | Delete

* @since 1.8.5

[123] Fix | Delete

* @since 1.8.9.3 Changed $field_id type from string to int|string.

[124] Fix | Delete

[125] Fix | Delete

* @param array $field Field data.

[126] Fix | Delete

* @param array $entry Entry data.

[127] Fix | Delete

* @param int|string $field_id Field ID.

[128] Fix | Delete

[129] Fix | Delete

* @return string

[130] Fix | Delete

[131] Fix | Delete

private function get_field_content( array $field, array $entry, $field_id ): string {

[132] Fix | Delete

[133] Fix | Delete

if ( ! isset( $entry['fields'][ $field_id ] ) ) {

[134] Fix | Delete

return '';

[135] Fix | Delete

}

[136] Fix | Delete

[137] Fix | Delete

if ( ! is_array( $entry['fields'][ $field_id ] ) ) {

[138] Fix | Delete

return (string) $entry['fields'][ $field_id ];

[139] Fix | Delete

}

[140] Fix | Delete

[141] Fix | Delete

if ( ! empty( $field['type'] ) && $field['type'] === 'email' && ! empty( $entry['fields'][ $field_id ]['primary'] ) ) {

[142] Fix | Delete

return (string) $entry['fields'][ $field_id ]['primary'];

[143] Fix | Delete

}

[144] Fix | Delete

[145] Fix | Delete

return implode( ' ', $entry['fields'][ $field_id ] );

[146] Fix | Delete

}

[147] Fix | Delete

[148] Fix | Delete

/**

[149] Fix | Delete

* Is the entry marked as spam by Akismet?

[150] Fix | Delete

[151] Fix | Delete

* @since 1.7.6

[152] Fix | Delete

[153] Fix | Delete

* @param array $form_data Form data for the current form.

[154] Fix | Delete

* @param array $entry Entry data for the current entry.

[155] Fix | Delete

[156] Fix | Delete

* @return bool

[157] Fix | Delete

[158] Fix | Delete

private function entry_is_spam( array $form_data, array $entry ): bool {

[159] Fix | Delete

[160] Fix | Delete

$request = $this->get_request_args( $form_data, $entry );

[161] Fix | Delete

[162] Fix | Delete

// Tell Akismet to not use the submission for training if we're on the Preview page and the user is

[163] Fix | Delete

// an administrator. Checking for both the preview page and the administrator role prevents

[164] Fix | Delete

// abuse by simply adding a GET parameter. This check happens in the ajax request,

[165] Fix | Delete

// where `\WPForms\Forms\Preview::is_preview_page()` does not work, so we

[166] Fix | Delete

// need to check for the GET parameter directly.

[167] Fix | Delete

if (

[168] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[169] Fix | Delete

isset( $_REQUEST['page_url'] ) && strpos( wp_unslash( $_REQUEST['page_url'] ), 'wpforms_form_preview' ) !== false &&

[170] Fix | Delete

current_user_can( 'manage_options' )

[171] Fix | Delete

) {

[172] Fix | Delete

$request['is_test'] = true;

[173] Fix | Delete

}

[174] Fix | Delete

[175] Fix | Delete

$response = $this->http_post( $request, 'comment-check' );

[176] Fix | Delete

[177] Fix | Delete

return ! empty( $response ) && isset( $response[1] ) && 'true' === trim( $response[1] );

[178] Fix | Delete

}

[179] Fix | Delete

[180] Fix | Delete

/**

[181] Fix | Delete

* Mark the entry as not spam in Akismet.

[182] Fix | Delete

[183] Fix | Delete

* @since 1.8.8

[184] Fix | Delete

[185] Fix | Delete

* @param array $form_data Form data for the current form.

[186] Fix | Delete

* @param array $entry Entry data for the current entry.

[187] Fix | Delete

[188] Fix | Delete

* @return bool

[189] Fix | Delete

[190] Fix | Delete

public function set_entry_not_spam( array $form_data, array $entry ) {

[191] Fix | Delete

[192] Fix | Delete

if ( ! self::is_configured() ) {

[193] Fix | Delete

return false;

[194] Fix | Delete

}

[195] Fix | Delete

[196] Fix | Delete

$request = $this->get_request_args( $form_data, $entry );

[197] Fix | Delete

[198] Fix | Delete

$response = $this->http_post( $request, 'submit-ham' );

[199] Fix | Delete

[200] Fix | Delete

// Yes, Akismet returns "Thanks for making the web a better place." as the response.

[201] Fix | Delete

return ! empty( $response ) && isset( $response[1] ) && 'Thanks for making the web a better place.' === trim( $response[1] );

[202] Fix | Delete

}

[203] Fix | Delete

[204] Fix | Delete

/**

[205] Fix | Delete

* Mark the entry as spam in Akismet.

[206] Fix | Delete

[207] Fix | Delete

* @since 1.8.9

[208] Fix | Delete

[209] Fix | Delete

* @param array $form_data Form data for the current form.

[210] Fix | Delete

* @param array $entry Entry data for the current entry.

[211] Fix | Delete

[212] Fix | Delete

* @return bool

[213] Fix | Delete

[214] Fix | Delete

public function submit_missed_spam( array $form_data, array $entry ) {

[215] Fix | Delete

[216] Fix | Delete

if ( ! self::is_configured() ) {

[217] Fix | Delete

return false;

[218] Fix | Delete

}

[219] Fix | Delete

[220] Fix | Delete

$request = $this->get_request_args( $form_data, $entry );

[221] Fix | Delete

[222] Fix | Delete

$response = $this->http_post( $request, 'submit-spam' );

[223] Fix | Delete

[224] Fix | Delete

// Yes, Akismet returns "Thanks for making the web a better place." as the response.

[225] Fix | Delete

return ! empty( $response ) && isset( $response[1] ) && 'Thanks for making the web a better place.' === trim( $response[1] );

[226] Fix | Delete

}

[227] Fix | Delete

[228] Fix | Delete

/**

[229] Fix | Delete

* Get the request arguments to be sent to Akismet.

[230] Fix | Delete

[231] Fix | Delete

* @since 1.8.8

[232] Fix | Delete

[233] Fix | Delete

* @param array $form_data Form data for the current form.

[234] Fix | Delete

* @param array $entry Entry data for the current entry.

[235] Fix | Delete

[236] Fix | Delete

* @return array $request_args Request arguments to be sent to Akismet.

[237] Fix | Delete

[238] Fix | Delete

private function get_request_args( $form_data, $entry ) {

[239] Fix | Delete

[240] Fix | Delete

$entry_data = $this->get_entry_data( $form_data['fields'], $entry );

[241] Fix | Delete

[242] Fix | Delete

$entry_id = $entry['entry_id'] ?? null;

[243] Fix | Delete

[244] Fix | Delete

// We can't use certain real-time functions when the entry is marked as not spam.

[245] Fix | Delete

// In this case, we need to use the smart tag value.

[246] Fix | Delete

if ( ! empty( $entry_id ) ) {

[247] Fix | Delete

$page_url = wpforms_process_smart_tags( '{page_url}', $form_data, [], $entry_id, 'akismet-request-args' );

[248] Fix | Delete

$url_referer = wpforms_process_smart_tags( '{url_referer}', $form_data, [], $entry_id, 'akismet-request-args' );

[249] Fix | Delete

$user_id = wpforms_process_smart_tags( '{user_id}', $form_data, [], $entry_id, 'akismet-request-args' );

[250] Fix | Delete

$user_ip = wpforms_process_smart_tags( '{user_ip}', $form_data, [], $entry_id, 'akismet-request-args' );

[251] Fix | Delete

$user_agent = '';

[252] Fix | Delete

} else {

[253] Fix | Delete

$page_url = wpforms_current_url();

[254] Fix | Delete

$url_referer = wp_get_referer();

[255] Fix | Delete

$user_id = get_current_user_id();

[256] Fix | Delete

$user_ip = wpforms_get_ip();

[257] Fix | Delete

$user_agent = isset( $_SERVER['HTTP_USER_AGENT'] ) ? wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[258] Fix | Delete

}

[259] Fix | Delete

[260] Fix | Delete

return [

[261] Fix | Delete

'blog' => get_option( 'home' ),

[262] Fix | Delete

'blog_lang' => get_locale(),

[263] Fix | Delete

'blog_charset' => get_bloginfo( 'charset' ),

[264] Fix | Delete

'permalink' => $page_url,

[265] Fix | Delete

'user_ip' => wpforms_is_collecting_ip_allowed( $form_data ) ? $user_ip : '',

[266] Fix | Delete

'user_id' => $user_id,

[267] Fix | Delete

'user_role' => AkismetPlugin::get_user_roles( $user_id ),

[268] Fix | Delete

'user_agent' => $user_agent,

[269] Fix | Delete

'referrer' => $url_referer ? $url_referer : '',

[270] Fix | Delete

'comment_type' => 'contact-form',

[271] Fix | Delete

'comment_author' => $entry_data['name'] ?? '',

[272] Fix | Delete

'comment_author_email' => $entry_data['email'] ?? '',

[273] Fix | Delete

'comment_author_url' => $entry_data['url'] ?? '',

[274] Fix | Delete

'comment_content' => $entry_data['content'] ?? '',

[275] Fix | Delete

'honeypot_field_name' => 'wpforms[hp]',

[276] Fix | Delete

];

[277] Fix | Delete

}

[278] Fix | Delete

[279] Fix | Delete

/**

[280] Fix | Delete

* Send a POST request to the Akismet API.

[281] Fix | Delete

[282] Fix | Delete

* @since 1.8.8

[283] Fix | Delete

[284] Fix | Delete

* @param array $request Request arguments to be sent to Akismet.

[285] Fix | Delete

* @param string $path API path.

[286] Fix | Delete

[287] Fix | Delete

* @return array

[288] Fix | Delete

[289] Fix | Delete

private function http_post( $request, $path ) {

[290] Fix | Delete

[291] Fix | Delete

// build_query() does not urlencode the values, but API explicitly requires it.

[292] Fix | Delete

$request = array_map( 'urlencode', $request );

[293] Fix | Delete

[294] Fix | Delete

return AkismetPlugin::http_post( build_query( $request ), $path );

[295] Fix | Delete

}

[296] Fix | Delete

[297] Fix | Delete

/**

[298] Fix | Delete

* Validate entry.

[299] Fix | Delete

[300] Fix | Delete

* @since 1.7.6

[301] Fix | Delete

[302] Fix | Delete

* @param array $form_data Form data for the current form.

[303] Fix | Delete

* @param array $entry Entry data for the current entry.

[304] Fix | Delete

[305] Fix | Delete

* @return string|bool

[306] Fix | Delete

[307] Fix | Delete

public function validate( array $form_data, array $entry ) {

[308] Fix | Delete

[309] Fix | Delete

// If Akismet is turned on in form settings, is activated, is configured and the entry is spam.

[310] Fix | Delete

if (

[311] Fix | Delete

! empty( $form_data['settings']['akismet'] ) &&

[312] Fix | Delete

self::is_configured() &&

[313] Fix | Delete

$this->entry_is_spam( $form_data, $entry )

[314] Fix | Delete

) {

[315] Fix | Delete

// This string is being logged not printed, so it does not need to be translatable.

[316] Fix | Delete

return esc_html__( 'Anti-spam verification failed, please try again later.', 'wpforms-lite' );

[317] Fix | Delete

}

[318] Fix | Delete

[319] Fix | Delete

return false;

[320] Fix | Delete

}

[321] Fix | Delete

}

[322] Fix | Delete

[323] Fix | Delete