403Webshell
Server IP : 146.190.157.162  /  Your IP : 216.73.217.6
Web Server : Apache
System : Linux ubuntu-s-2vcpu-4gb-amd-sfo3-01-KIT-DIGITAL 6.5.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 7 15:10:09 UTC 2024 x86_64
User : businessweek ( 639)
PHP Version : 8.2.10-2ubuntu2.2
Disable Function : exec,passthru,shell_exec,system,proc_open,popen,pcntl_exec,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_signal,pcntl_signal_dispatch,pcntl_getpriority,pcntl_setpriority,dl,putenv,parse_ini_file,show_source
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/html/reformas/wp-content/plugins/zero-spam/modules/comments/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/html/reformas/wp-content/plugins/zero-spam/modules/comments/class-comments.php
<?php
/**
 * Comments integration module
 *
 * Malicious user detection techniques available:
 *
 * 1. Zero Spam honeypot field
 * 2. Checks blocked email domains (author email)
 * 3. Uses the David Walsh technique
 * 4. Checks against the disallowed words list
 *
 * @package ZeroSpam
 */

namespace ZeroSpam\Modules\Comments;

use WP_Error;

// Security Note: Blocks direct access to the plugin PHP files.
defined( 'ABSPATH' ) || die();

/**
 * Comments
 */
class Comments {
	/**
	 * Constructor
	 */
	public function __construct() {
		add_action( 'init', array( $this, 'init' ) );
	}

	/**
	 * Fires after WordPress has finished loading but before any headers are sent.
	 */
	public function init() {
		add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
		add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );
		add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );

		if (
			'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_comments' ) &&
			\ZeroSpam\Core\Access::process()
		) {
			add_action( 'comment_form_before', array( $this, 'add_scripts' ) );
			add_filter( 'comment_form_defaults', array( $this, 'honeypot' ) );
			add_action( 'preprocess_comment', array( $this, 'preprocess_comments' ) );
		}
	}

	/**
	 * Add to the detection types array
	 *
	 * @param array $types Array of available detection types.
	 */
	public function types( $types ) {
		$types['comment'] = array(
			'label' => __( 'Comment', 'zero-spam' ),
			'color' => '#0073aa',
		);

		return $types;
	}

	/**
	 * Load the scripts
	 */
	public function add_scripts() {
		// Only add scripts to the appropriate pages.
		if (
			'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_comments' ) &&
			'enabled' === \ZeroSpam\Core\Settings::get_settings( 'davidwalsh' )
		) {
			wp_enqueue_script( 'zerospam-davidwalsh' );
			add_action(
				'wp_footer',
				function (): void {
					// .wpd_comm_form for the wpDiscuz plugin
					echo '<script type="text/javascript">document.addEventListener("DOMContentLoaded", function() { jQuery(".comment-form, #commentform, .wpd_comm_form").ZeroSpamDavidWalsh(); });</script>';
				},
				999
			);
		}
	}

	/**
	 * Preprocess comments
	 *
	 * @param array $commentdata Comment data array.
	 */
	public function preprocess_comments( $commentdata ) {
		// @codingStandardsIgnoreLine
		$post = \ZeroSpam\Core\Utilities::sanitize_array( $_POST );

		// Get the error message.
		$error_message = \ZeroSpam\Core\Utilities::detection_message( 'comment_spam_message' );

		// Create the details array for logging & sharing data.
		$details = $commentdata;

		$details['type'] = 'comment';

		// Begin validation checks.
		$validation_errors = array();

		// Check Zero Spam's honeypot field.
		$honeypot_field_name = \ZeroSpam\Core\Utilities::get_honeypot();
		// @codingStandardsIgnoreLine
		if ( isset( $post[ $honeypot_field_name ] ) && ! empty( $post[ $honeypot_field_name ] ) ) {
			// Failed the honeypot check.
			$details['failed'] = 'honeypot';

			$validation_errors[] = 'honeypot';
		}

		// Check email.
		if ( ! empty( $commentdata['comment_author_email'] ) && ! \ZeroSpam\Core\Utilities::is_email( $commentdata['comment_author_email'] ) ) {
			$validation_errors[] = 'invalid_email';
		}

		// Check blocked email domains.
		if (
			! empty( $commentdata['comment_author_email'] ) &&
			\ZeroSpam\Core\Utilities::is_email_domain_blocked( $commentdata['comment_author_email'] )
		) {
			// Email domain has been blocked.
			$validation_errors[] = 'blocked_email_domain';
		}

		// Fire hook for additional validation (ex. David Walsh script).
		$post['comment_author_email'] = $commentdata['comment_author_email'];

		$filtered_errors = apply_filters( 'zerospam_preprocess_comment_submission', array(), $post, 'comment_spam_message' );

		if ( ! empty( $filtered_errors ) ) {
			foreach ( $filtered_errors as $key => $message ) {
				$validation_errors[] = str_replace( 'zerospam_', '', $key );
			}
		}

		// Check comment disallowed list.
		$disallowed_check = array(
			'author'  => ! empty( $commentdata['comment_author'] ) ? $commentdata['comment_author'] : false,
			'email'   => ! empty( $commentdata['comment_author_email'] ) ? $commentdata['comment_author_email'] : false,
			'url'     => ! empty( $commentdata['comment_author_url'] ) ? $commentdata['comment_author_url'] : false,
			'content' => ! empty( $commentdata['comment_content'] ) ? $commentdata['comment_content'] : false,
			'ip'      => \ZeroSpam\Core\User::get_ip(),
			'agent'   => ! empty( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : false,
		);

		if ( wp_check_comment_disallowed_list(
			$disallowed_check['author'],
			$disallowed_check['email'],
			$disallowed_check['url'],
			$disallowed_check['content'],
			$disallowed_check['ip'],
			$disallowed_check['agent'],
		) ) {
			$validation_errors[] = 'disallowed_list';
		}

		if ( ! empty( $validation_errors ) ) {
			// Failed validations, log & send details if enabled.
			foreach ( $validation_errors as $key => $fail ) {
				$details['failed'] = $fail;

				// Log the detection if enabled.
				if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'log_blocked_comments' ) ) {
					\ZeroSpam\Includes\DB::log( 'comment', $details );
				}

				// Share the detection if enabled.
				if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'share_data' ) ) {
					do_action( 'zerospam_share_detection', $details );
				}
			}

			\ZeroSpam\Core\Access::terminate_execution(
				\ZeroSpam\Core\Utilities::detection_title( 'comment_spam_message' ),
				$error_message
			);
		}

		return $commentdata;
	}

	/**
	 * Add a 'honeypot' field to the comment form
	 *
	 * @param array $defaults The default comment form arguments.
	 */
	public function honeypot( $defaults ) {
		$defaults['fields']['wpzerospam_hp'] = \ZeroSpam\Core\Utilities::honeypot_field();

		return $defaults;
	}

	/**
	 * Admin setting sections
	 *
	 * @param array $sections Array of admin setting sections.
	 */
	public function sections( $sections ) {
		$sections['comments'] = array(
			'title'    => __( 'Comments', 'zero-spam' ),
			'icon'     => 'assets/img/icon-wordpress.svg',
			'supports' => array( 'honeypot', 'email', 'davidwalsh', 'words' ),
		);

		return $sections;
	}

	/**
	 * Admin settings
	 *
	 * @param array $settings Array of available settings.
	 */
	public function settings( $settings ) {
		$options = get_option( 'zero-spam-comments' );

		$settings['verify_comments'] = array(
			'title'       => __( 'Protect Comments', 'zero-spam' ),
			'desc'        => __( 'Protects & monitors comment submissions.', 'zero-spam' ),
			'section'     => 'comments',
			'module'      => 'comments',
			'type'        => 'checkbox',
			'options'     => array(
				'enabled' => false
			),
			'value'       => ! empty( $options['verify_comments'] ) ? $options['verify_comments'] : false,
			'recommended' => 'enabled',
		);

		$message = __( 'Your IP has been flagged as spam/malicious.', 'zero-spam' );

		$settings['comment_spam_message'] = array(
			'title'       => __( 'Flagged Message', 'zero-spam' ),
			'desc'        => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),
			'section'     => 'comments',
			'module'      => 'comments',
			'type'        => 'text',
			'field_class' => 'large-text',
			'placeholder' => $message,
			'value'       => ! empty( $options['comment_spam_message'] ) ? $options['comment_spam_message'] : $message,
			'recommended' => $message,
		);

		$settings['log_blocked_comments'] = array(
			'title'       => __( 'Log Blocked Comments', 'zero-spam' ),
			'section'     => 'comments',
			'module'      => 'comments',
			'type'        => 'checkbox',
			'desc'        => wp_kses(
				__( 'When enabled, stores blocked comment submissions in the database.', 'zero-spam' ),
				array( 'strong' => array() )
			),
			'options'     => array(
				'enabled' => false,
			),
			'value'       => ! empty( $options['log_blocked_comments'] ) ? $options['log_blocked_comments'] : false,
			'recommended' => 'enabled',
		);

		return $settings;
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit