WordPress.org
Get WordPress

Plugin Directory

Changeset 3107397


Ignore:
Timestamp:
06/25/2024 10:51:06 AM (21 months ago)
Author:
TechGasp
Message:

Version 7.4.3

Location:
spam-master
Files:
99 added
7 deleted
13 edited

Legend:

Unmodified
Added
Removed

  • spam-master/trunk/class-spammaster.php

    r3098658 r3107397  
    33 * Plugin Name: Spam Master
    44 * Plugin URI: https://www.spammaster.org
    5  * Version: 7.4.2
     5 * Version: 7.4.3
    66 * Author: TechGasp
    77 * Author URI: https://www.techgasp.com
     
    3434if ( ! class_exists( 'SpamMaster' ) ) :
    3535
    36     define( 'SPAM_MASTER_VERSION', '7.4.2' );
     36    define( 'SPAM_MASTER_VERSION', '7.4.3' );
    3737    define( 'SPAM_MASTER_NAME', 'Spam Master' );
    3838    define( 'SPAM_MASTER_DOMAIN', 'SpamMaster.org' );
     
    858858        require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-honeypot.php';
    859859    }
    860     if ( '1' === $spam_master_firewall_rules || '2' === $spam_master_firewall_rules ) {
    861         // Hook learning reg.
    862         require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-registration.php';
    863         // Hook learning com.
    864         require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-comment.php';
    865     }
    866860    // Hook learning action.
    867861    require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-action.php';
     
    889883    if ( class_exists( 'WPCF7' ) ) {
    890884        if ( 'true' === $spam_master_integrations_contact_form_7 ) {
    891             if ( '1' === $spam_master_firewall_rules || '2' === $spam_master_firewall_rules ) {
    892                 require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-contact-form-7.php';
    893             }
    894885            require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-contact-form-7-honey.php';
    895886        }
     
    959950        );
    960951        if ( 'true' === $spam_master_integrations_woocommerce ) {
    961             if ( '1' === $spam_master_firewall_rules || '2' === $spam_master_firewall_rules ) {
    962                 require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-woocommerce.php';
    963             }
    964952            require_once WP_PLUGIN_DIR . '/spam-master/includes/protection/spam-master-woocommerce-honey.php';
    965953        }

  • spam-master/trunk/includes/admin/spam-master-admin-connection-sender.php

    r3045786 r3107397  
    2727    // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
    2828    $spam_master_db_protection_hash = substr( $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_db_protection_hash'" ), 0, 64 );
     29    // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     30    $spam_master_firewall_rules = $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_firewall_rules'" );
    2931
    3032    if ( empty( $spam_master_connection ) && empty( $spam_license_key ) && 'INACTIVE' === $spam_master_status && 'EMPTY' === $spam_master_type ) {
     
    182184        }
    183185        $spam_count_pre_ar = array(
    184             'buffer' => $spam_master_buffer_count,
    185             'white'  => $spam_master_white_count,
    186             'logs'   => $spam_master_logs_count,
    187             'exempt' => $spam_master_exempt_count,
     186            'buf' => $spam_master_buffer_count,
     187            'whi' => $spam_master_white_count,
     188            'log' => $spam_master_logs_count,
     189            'exe' => $spam_master_exempt_count,
     190            'fir' => $spam_master_firewall_rules,
    188191        );
    189192        $spam_count_ar     = wp_json_encode( $spam_count_pre_ar );

  • spam-master/trunk/includes/admin/spam-master-admin-key-sender.php

    r3030882 r3107397  
    9999// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
    100100$spam_master_db_protection_hash = substr( $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_db_protection_hash'" ), 0, 64 );
     101// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     102$spam_master_firewall_rules = $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_firewall_rules'" );
    101103// Get Counts.
    102104// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     
    121123}
    122124$spam_count_pre_ar = array(
    123     'buffer' => $spam_master_buffer_count,
    124     'white'  => $spam_master_white_count,
    125     'logs'   => $spam_master_logs_count,
    126     'exempt' => $spam_master_exempt_count,
     125    'buf' => $spam_master_buffer_count,
     126    'whi' => $spam_master_white_count,
     127    'log' => $spam_master_logs_count,
     128    'exe' => $spam_master_exempt_count,
     129    'fir' => $spam_master_firewall_rules,
    127130);
    128131$spam_count_ar     = wp_json_encode( $spam_count_pre_ar );

  • spam-master/trunk/includes/admin/spam-master-admin-status-table.php

    r3045786 r3107397  
    109109// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
    110110$spam_master_db_protection_hash = substr( $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_db_protection_hash'" ), 0, 64 );
     111// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     112$spam_master_firewall_rules = $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_firewall_rules'" );
    111113
    112114// Get Counts.
     
    132134}
    133135$spam_count_pre_ar = array(
    134     'buffer' => $spam_master_buffer_count,
    135     'white'  => $spam_master_white_count,
    136     'logs'   => $spam_master_logs_count,
    137     'exempt' => $spam_master_exempt_count,
     136    'buf' => $spam_master_buffer_count,
     137    'whi' => $spam_master_white_count,
     138    'log' => $spam_master_logs_count,
     139    'exe' => $spam_master_exempt_count,
     140    'fir' => $spam_master_firewall_rules,
    138141);
    139142$spam_count_ar     = wp_json_encode( $spam_count_pre_ar );

  • spam-master/trunk/includes/controllers/class-spammasterhoneycontroller.php

    r3059027 r3107397  
    8484
    8585    /**
     86     * Variable spam_master_content.
     87     *
     88     * @var spam_master_content $spam_master_content
     89     **/
     90    protected $spam_master_content;
     91
     92    /**
    8693     * Spam master honey.
    8794     *
     
    95102     * @param spammaster_extra_field_2 $spammaster_extra_field_2 for scan.
    96103     * @param spam_master_page         $spam_master_page for scan.
     104     * @param spam_master_content      $spam_master_content for scan.
    97105     *
    98106     * @return void
    99107     */
    100     public function spammasterhoney( $remote_ip, $blog_threat_email, $remote_referer, $dest_url, $remote_agent, $spamuser_a, $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page ) {
     108    public function spammasterhoney( $remote_ip, $blog_threat_email, $remote_referer, $dest_url, $remote_agent, $spamuser_a, $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $spam_master_content ) {
    101109        global $wpdb, $blog_id;
    102110
     
    116124        $spam_master_ip = substr( $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_ip'" ), 0, 48 );
    117125
     126        $result_post_content_trim  = substr( wp_unslash( $spam_master_content ), 0, 963 );
     127        $result_post_content_clean = wp_strip_all_tags( stripslashes_deep( $result_post_content_trim ), true );
     128
    118129        if ( 'VALID' === $spam_master_status || 'MALFUNCTION_1' === $spam_master_status || 'MALFUNCTION_2' === $spam_master_status ) {
    119130
     
    125136                'blog_threat_type'    => 'honeypot',
    126137                'blog_threat_email'   => $blog_threat_email,
    127                 'blog_threat_content' => substr( 'Honeypot ' . $spam_master_page . ' Field 1: ' . $spammaster_extra_field_1 . ', Field 2: ' . $spammaster_extra_field_2, 0, 963 ),
     138                'blog_threat_content' => substr( 'Honeypot ' . $spam_master_page . ' Field 1: ' . $spammaster_extra_field_1 . ', Field 2: ' . $spammaster_extra_field_2 . ', MSG: ' . $result_post_content_clean, 0, 963 ),
    128139                'blog_threat_agent'   => $remote_agent,
    129140                'blog_threat_refe'    => $remote_referer,

  • spam-master/trunk/includes/controllers/class-spammasterkeycontroller.php

    r3059027 r3107397  
    174174            // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
    175175            $spam_master_db_protection_hash = substr( $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_db_protection_hash'" ), 0, 64 );
     176            // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     177            $spam_master_firewall_rules = $wpdb->get_var( "SELECT spamvalue FROM {$spam_master_keys} WHERE spamkey = 'Option' AND spamtype = 'spam_master_firewall_rules'" );
    176178            // Get Counts.
    177179            // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared
     
    196198            }
    197199            $spam_count_pre_ar = array(
    198                 'buffer' => $spam_master_buffer_count,
    199                 'white'  => $spam_master_white_count,
    200                 'logs'   => $spam_master_logs_count,
    201                 'exempt' => $spam_master_exempt_count,
     200                'buf' => $spam_master_buffer_count,
     201                'whi' => $spam_master_white_count,
     202                'log' => $spam_master_logs_count,
     203                'exe' => $spam_master_exempt_count,
     204                'fir' => $spam_master_firewall_rules,
    202205            );
    203206            $spam_count_ar     = wp_json_encode( $spam_count_pre_ar );

  • spam-master/trunk/includes/controllers/class-spammasterusercontroller.php

    r2771127 r3107397  
    4242            include ABSPATH . 'wp-includes/pluggable.php';
    4343        }
     44
     45        // phpcs:ignore WordPress.Security.NonceVerification.Missing
     46        $spampost = $_POST;
     47        // Start scan of post.
     48        if ( ! empty( $spampost ) && is_array( $spampost ) ) {
     49            $spampoststr = str_replace( '=', ' ', urldecode( http_build_query( $spampost, '', ' ' ) ) );
     50        } else {
     51            $spampoststr = 'contentless';
     52        }
     53
    4454        // Current User.
    4555        $current_user_id = get_current_user_id();
     
    6979            );
    7080        } else {
    71             // Prepare Email.
    72             if ( ! empty( $spampreemail ) ) {
    73                 if ( filter_var( $spampreemail, FILTER_VALIDATE_EMAIL ) ) {
    74                     $blog_threat_email = wp_strip_all_tags( substr( $spampreemail, 0, 256 ) );
    75                 } else {
    76                     $blog_threat_email = $spaminitial . '@' . wp_rand( 10000000, 99999999 ) . '.wp';
     81            $blog_threat_email = $spaminitial . '@' . wp_rand( 10000000, 99999999 ) . '.wp';
     82            // Collect email to scan.
     83            preg_match( '/[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})/i', $spampoststr, $matches );
     84            if ( $matches ) {
     85                foreach ( $matches as $key => $val ) {
     86                    if ( filter_var( $val, FILTER_VALIDATE_EMAIL ) ) {
     87                        $blog_threat_email = wp_strip_all_tags( substr( $val, 0, 256 ) );
     88                    }
    7789                }
    7890            } else {
     
    8193            $spamuser = array( 'ID' => 'none' );
    8294        }
    83         $spamuser_a = wp_json_encode( $spamuser );
    8495
     96        $spamuser_a    = wp_json_encode( $spamuser );
     97        $spampoststr_a = wp_json_encode( $spampost );
    8598        return array(
    86             'spamuserA'         => $spamuser_a,
    87             'blog_threat_email' => $blog_threat_email,
     99            'spamuserA'           => $spamuser_a,
     100            'blog_threat_email'   => $blog_threat_email,
     101            'blog_threat_content' => $spampoststr_a,
    88102        );
    89103    }

  • spam-master/trunk/includes/controllers/spam-master-classes.php

    r3098658 r3107397  
    1111if ( ! class_exists( 'SpamMasterBufferController' ) ) {
    1212    require_once WP_PLUGIN_DIR . '/spam-master/includes/controllers/class-spammasterbuffercontroller.php';
    13 }
    14 if ( ! class_exists( 'SpamMasterComConController' ) ) {
    15     require_once WP_PLUGIN_DIR . '/spam-master/includes/controllers/class-spammastercomconcontroller.php';
    1613}
    1714if ( ! class_exists( 'SpamMasterElusiveController' ) ) {
     
    3229if ( ! class_exists( 'SpamMasterLogController' ) ) {
    3330    require_once WP_PLUGIN_DIR . '/spam-master/includes/controllers/class-spammasterlogcontroller.php';
    34 }
    35 if ( ! class_exists( 'SpamMasterRegistrationController' ) ) {
    36     require_once WP_PLUGIN_DIR . '/spam-master/includes/controllers/class-spammasterregistrationcontroller.php';
    3731}
    3832if ( ! class_exists( 'SpamMasterWhiteController' ) ) {

  • spam-master/trunk/includes/protection/spam-master-buddypress-honey.php

    r3059027 r3107397  
    8787
    8888            // Spam User Controller.
    89             //
    9089            $spam_master_user_controller = new SpamMasterUserController();
    9190            $spaminitial                 = 'honey_bot';
    92             // phpcs:ignore WordPress.Security.NonceVerification.Missing
    93             if ( ! empty( $_POST['signup_email'] ) ) {
    94                 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    95                 if ( filter_var( wp_unslash( $_POST['signup_email'] ), FILTER_VALIDATE_EMAIL ) ) {
    96                     // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    97                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['signup_email'] ), 0, 256 ) );
    98                 } else {
    99                     $spampreemail = false;
    100                 }
    101             } else {
    102                     $spampreemail = false;
    103             }
    104             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     91            $spampreemail                = false;
     92            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    10593
    10694            // Spam Buffer Controller.
     
    130118                // Spam Honey Controller.
    131119                $spam_master_honey_controller = new SpamMasterHoneyController();
    132                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     120                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    133121                if ( $is_honey ) {
    134122                    $bp->signup->errors['signup_email'] = __( 'SPAM MASTER', 'spam-master' ) . $spam_master_message;

  • spam-master/trunk/includes/protection/spam-master-contact-form-7-honey.php

    r3068881 r3107397  
    9191            $spam_master_user_controller = new SpamMasterUserController();
    9292            $spaminitial                 = 'honey_bot';
    93 
    94             // phpcs:ignore WordPress.Security.NonceVerification.Missing
    95             if ( isset( $_POST['your-email'] ) ) {
    96                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    97                 if ( filter_var( wp_unslash( $_POST['your-email'] ), FILTER_VALIDATE_EMAIL ) ) {
    98                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    99                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['your-email'] ), 0, 256 ) );
    100                 } else {
    101                     $spampreemail = false;
    102                 }
    103             } elseif ( isset( $_POST['email'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    104                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    105                 if ( filter_var( wp_unslash( $_POST['email'] ), FILTER_VALIDATE_EMAIL ) ) {
    106                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    107                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['email'] ), 0, 256 ) );
    108                 } else {
    109                     $spampreemail = false;
    110                 }
    111             } elseif ( isset( $_POST['mail'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    112                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    113                 if ( filter_var( wp_unslash( $_POST['mail'] ), FILTER_VALIDATE_EMAIL ) ) {
    114                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    115                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['mail'] ), 0, 256 ) );
    116                 } else {
    117                     $spampreemail = false;
    118                 }
    119             } elseif ( isset( $_POST['input_email'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    120                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    121                 if ( filter_var( wp_unslash( $_POST['input_email'] ), FILTER_VALIDATE_EMAIL ) ) {
    122                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    123                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['input_email'] ), 0, 256 ) );
    124                 } else {
    125                     $spampreemail = false;
    126                 }
    127             } elseif ( isset( $_POST['contact_email'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    128                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    129                 if ( filter_var( wp_unslash( $_POST['contact_email'] ), FILTER_VALIDATE_EMAIL ) ) {
    130                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    131                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['contact_email'] ), 0, 256 ) );
    132                 } else {
    133                     $spampreemail = false;
    134                 }
    135             } elseif ( isset( $_POST['contact-email'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    136                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    137                 if ( filter_var( wp_unslash( $_POST['contact-email'] ), FILTER_VALIDATE_EMAIL ) ) {
    138                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    139                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['contact-email'] ), 0, 256 ) );
    140                 } else {
    141                     $spampreemail = false;
    142                 }
    143             } elseif ( isset( $_POST['email-395'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    144                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    145                 if ( filter_var( wp_unslash( $_POST['email-395'] ), FILTER_VALIDATE_EMAIL ) ) {
    146                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
    147                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['email-395'] ), 0, 256 ) );
    148                 } else {
    149                     $spampreemail = false;
    150                 }
    151             } elseif ( isset( $_POST['email-469'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    152                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    153                 if ( filter_var( wp_unslash( $_POST['email-469'] ), FILTER_VALIDATE_EMAIL ) ) {
    154                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
    155                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['email-469'] ), 0, 256 ) );
    156                 } else {
    157                     $spampreemail = false;
    158                 }
    159             } elseif ( isset( $_POST['email-address'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    160                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    161                 if ( filter_var( wp_unslash( $_POST['email-address'] ), FILTER_VALIDATE_EMAIL ) ) {
    162                     // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
    163                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['email-address'] ), 0, 256 ) );
    164                 } else {
    165                     $spampreemail = false;
    166                 }
    167             } else {
    168                 $spampreemail = false;
    169             }
    170             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    171             if ( isset( $_POST['your-message'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    172                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    173                 $result_comment_content_trim  = substr( wp_unslash( $_POST['your-message'] ), 0, 963 );
    174                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    175             } elseif ( isset( $_POST['message'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    176                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    177                 $result_comment_content_trim  = substr( wp_unslash( $_POST['message'] ), 0, 963 );
    178                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    179             } elseif ( isset( $_POST['notes'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    180                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    181                 $result_comment_content_trim  = substr( wp_unslash( $_POST['notes'] ), 0, 963 );
    182                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    183             } elseif ( isset( $_POST['mensaje'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    184                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    185                 $result_comment_content_trim  = substr( wp_unslash( $_POST['mensaje'] ), 0, 963 );
    186                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    187             } elseif ( isset( $_POST['textarea-387'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    188                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    189                 $result_comment_content_trim  = substr( wp_unslash( $_POST['textarea-387'] ), 0, 963 );
    190                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    191             } elseif ( isset( $_POST['overview'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    192                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    193                 $result_comment_content_trim  = substr( wp_unslash( $_POST['overview'] ), 0, 963 );
    194                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    195             } elseif ( isset( $_POST['contact-message'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    196                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    197                 $result_comment_content_trim  = substr( wp_unslash( $_POST['contact-message'] ), 0, 963 );
    198                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    199             } elseif ( isset( $_POST['Comment-Message'] ) ) {// phpcs:ignore WordPress.Security.NonceVerification.Missing
    200                 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
    201                 $result_comment_content_trim  = substr( wp_unslash( $_POST['Comment-Message'] ), 0, 963 );
    202                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    203             } else {
    204                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    205                 $result_comment_content_json  = wp_json_encode( $_POST );
    206                 $result_comment_content_trim  = substr( wp_unslash( $result_comment_content_json ), 0, 963 );
    207                 $result_comment_content_clean = wp_strip_all_tags( stripslashes_deep( $result_comment_content_trim ), true );
    208             }
     93            $spampreemail                = false;
     94            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    20995
    21096            // Spam Buffer Controller.
     
    235121                // Spam Honey Controller.
    236122                $spam_master_honey_controller = new SpamMasterHoneyController();
    237                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     123                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    238124                if ( $is_honey ) {
    239125                    // phpcs:ignore Squiz.PHP.DisallowMultipleAssignments.Found

  • spam-master/trunk/includes/protection/spam-master-honeypot.php

    r3059638 r3107397  
    102102            $spam_master_user_controller = new SpamMasterUserController();
    103103            $spaminitial                 = 'honey_bot';
    104             if ( ! empty( $result['user_email'] ) && ! is_array( $result['user_email'] ) ) {
    105                 if ( filter_var( $result['user_email'], FILTER_VALIDATE_EMAIL ) ) {
    106                     $spampreemail = wp_strip_all_tags( substr( $result['user_email'], 0, 256 ) );
    107                 } else {
    108                     $spampreemail = false;
    109                 }
    110             } else {
    111                 $spampreemail = false;
    112             }
    113             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     104            $spampreemail                = false;
     105            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    114106
    115107            // Spam Buffer Controller.
     
    141133                // Spam Honey Controller.
    142134                $spam_master_honey_controller = new SpamMasterHoneyController();
    143                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     135                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    144136                if ( $is_honey ) {
    145137                    // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
     
    190182            $spam_master_user_controller = new SpamMasterUserController();
    191183            $spaminitial                 = 'honey_bot';
    192             if ( ! empty( $user_email ) ) {
    193                 if ( filter_var( $user_email, FILTER_VALIDATE_EMAIL ) ) {
    194                     $spampreemail = wp_strip_all_tags( substr( $user_email, 0, 256 ) );
    195                 } else {
    196                     $spampreemail = false;
    197                 }
    198             } else {
    199                 $spampreemail = false;
    200             }
    201             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     184            $spampreemail                = false;
     185            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    202186
    203187            // Spam Buffer Controller.
     
    228212                // Spam Honey Controller.
    229213                $spam_master_honey_controller = new SpamMasterHoneyController();
    230                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     214                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    231215                if ( $is_honey ) {
    232216                    $errors->add( 'invalid_email', esc_attr( __( 'SPAM MASTER: ', 'spam_master' ) . $spam_master_message ) );
     
    275259            $spam_master_user_controller = new SpamMasterUserController();
    276260            $spaminitial                 = 'honey_bot';
    277             if ( ! empty( $user_email ) ) {
    278                 if ( filter_var( $user_email, FILTER_VALIDATE_EMAIL ) ) {
    279                     $spampreemail = wp_strip_all_tags( substr( $user_email, 0, 256 ) );
    280                 } else {
    281                     $spampreemail = false;
    282                 }
    283             } else {
    284                 // phpcs:ignore WordPress.Security.NonceVerification.Recommended
    285                 if ( ! empty( $_REQUEST['log'] ) ) {
    286                     // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    287                     if ( filter_var( wp_unslash( $_REQUEST['log'] ), FILTER_VALIDATE_EMAIL ) ) {
    288                         // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    289                         $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_REQUEST['log'] ), 0, 256 ) );
    290                     } else {
    291                         $spampreemail = false;
    292                     }
    293                 } else {
    294                     $spampreemail = false;
    295                 }
    296             }
    297             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     261            $spampreemail                = false;
     262            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    298263
    299264            // Spam Buffer Controller.
     
    323288                // Spam Honey Controller.
    324289                $spam_master_honey_controller = new SpamMasterHoneyController();
    325                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     290                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    326291                if ( $is_honey ) {
    327292                    $error = '<strong>SPAM MASTER</strong>: ' . $spam_master_message;
     
    366331            $spam_master_user_controller = new SpamMasterUserController();
    367332            $spaminitial                 = 'honey_bot';
    368             if ( ! empty( $commentdata['comment_author_email'] ) ) {
    369                 if ( filter_var( $commentdata['comment_author_email'], FILTER_VALIDATE_EMAIL ) ) {
    370                     $spampreemail = wp_strip_all_tags( substr( $commentdata['comment_author_email'], 0, 256 ) );
    371                 } else {
    372                     $spampreemail = false;
    373                 }
    374             } else {
    375                 $spampreemail = false;
    376             }
    377             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     333            $spampreemail                = false;
     334            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    378335
    379336            // Prepare Comment.
     
    411368                // Spam Honey Controller.
    412369                $spam_master_honey_controller = new SpamMasterHoneyController();
    413                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     370                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    414371                if ( $is_honey ) {
    415372                    return wp_die( esc_attr( __( 'SPAM MASTER: ', 'spam_master' ) . $spam_master_message ) );

  • spam-master/trunk/includes/protection/spam-master-woocommerce-honey.php

    r3059638 r3107397  
    104104            $spam_master_user_controller = new SpamMasterUserController();
    105105            $spaminitial                 = 'honey_bot';
    106             if ( ! empty( $creds_user_login ) ) {
    107                 if ( filter_var( $creds_user_login, FILTER_VALIDATE_EMAIL ) ) {
    108                     $spampreemail = wp_strip_all_tags( substr( $creds_user_login, 0, 256 ) );
    109                 } else {
    110                     $spampreemail = false;
    111                 }
    112             } else {
    113                 $spampreemail = false;
    114             }
    115             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     106            $spampreemail                = false;
     107            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    116108
    117109            // Spam Buffer Controller.
     
    142134                // Spam Honey Controller.
    143135                $spam_master_honey_controller = new SpamMasterHoneyController();
    144                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     136                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    145137                if ( $is_honey ) {
    146138                    $validation_error->add( 'invalid_email', esc_attr( __( 'SPAM MASTER: ', 'spam_master' ) . $spam_master_message ) );
     
    189181            $spam_master_user_controller = new SpamMasterUserController();
    190182            $spaminitial                 = 'honey_bot';
    191             if ( ! empty( $email ) ) {
    192                 if ( filter_var( $email, FILTER_VALIDATE_EMAIL ) ) {
    193                     $spampreemail = wp_strip_all_tags( substr( $email, 0, 256 ) );
    194                 } else {
    195                     $spampreemail = false;
    196                 }
    197             } else {
    198                 $spampreemail = false;
    199             }
    200             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     183            $spampreemail                = false;
     184            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    201185
    202186            // Spam Buffer Controller.
     
    227211                // Spam Honey Controller.
    228212                $spam_master_honey_controller = new SpamMasterHoneyController();
    229                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     213                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    230214                if ( $is_honey ) {
    231215                    $validation_errors->add( 'invalid_email', esc_attr( __( 'SPAM MASTER: ', 'spam_master' ) . $spam_master_message ) );
     
    268252            $spam_master_user_controller = new SpamMasterUserController();
    269253            $spaminitial                 = 'honey_bot';
    270             // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    271             if ( ! empty( $_POST['billing_email'] ) ) {
    272                 // phpcs:ignore WordPress.Security.NonceVerification
    273                 if ( filter_var( wp_unslash( $_POST['billing_email'] ), FILTER_VALIDATE_EMAIL ) ) {
    274                     // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    275                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['billing_email'] ), 0, 256 ) );
    276                 } else {
    277                     $spampreemail = false;
    278                 }
    279             } else {
    280                 $spampreemail = false;
    281             }
    282             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     254            $spampreemail                = false;
     255            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    283256
    284257            // Spam Buffer Controller.
     
    308281                // Spam Honey Controller.
    309282                $spam_master_honey_controller = new SpamMasterHoneyController();
    310                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     283                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    311284                if ( $is_honey ) {
    312285                    wc_add_notice( esc_attr( __( 'SPAM MASTER: ', 'spam_master' ) . $spam_master_message ) );
     
    350323            $spam_master_user_controller = new SpamMasterUserController();
    351324            $spaminitial                 = 'honey_bot';
    352             // phpcs:ignore WordPress.Security.NonceVerification.Missing
    353             if ( ! empty( $_POST['user_login'] ) ) {
    354                 // phpcs:ignore WordPress.Security.NonceVerification.Missing
    355                 if ( filter_var( wp_unslash( $_POST['user_login'] ), FILTER_VALIDATE_EMAIL ) ) {
    356                     // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    357                     $spampreemail = wp_strip_all_tags( substr( wp_unslash( $_POST['user_login'] ), 0, 256 ) );
    358                 } else {
    359                     $spampreemail = false;
    360                 }
    361             } else {
    362                 $spampreemail = false;
    363             }
    364             $is_user = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
     325            $spampreemail                = false;
     326            $is_user                     = $spam_master_user_controller->spammastergetuser( $spaminitial, $spampreemail );
    365327
    366328            // Spam Buffer Controller.
     
    390352                // Spam Honey Controller.
    391353                $spam_master_honey_controller = new SpamMasterHoneyController();
    392                 $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page );
     354                $is_honey                     = $spam_master_honey_controller->spammasterhoney( $is_collected['remote_ip'], $is_user['blog_threat_email'], $is_collected['remote_referer'], $is_collected['dest_url'], $is_collected['remote_agent'], $is_user['spamuserA'], $spammaster_extra_field_1, $spammaster_extra_field_2, $spam_master_page, $is_user['blog_threat_content'] );
    393355                if ( $is_honey ) {
    394356                    $errors->add( esc_attr( __( 'SPAM MASTER: ', 'spam_master' ) . $spam_master_message ) );

  • spam-master/trunk/readme.txt

    r3098658 r3107397  
    33Tags: firewall, spam, antispam, antibot, protection
    44Requires at least: 5.0
    5 Tested up to: 6.5.4
    6 Stable tag: 7.4.2
     5Tested up to: 6.5.5
     6Stable tag: 7.4.3
    77License: GPLv2 or later
    88
     
    217217
    218218== Changelog ==
     219
     220= 7.4.3 =
     221* Action service should take in account firewall rule set
     222* Further speed improvements and log reduction
     223* Load reduction by removing duplicate checks in forms via HAF check
     224* Honeypot and antibot single check trigger
     225* Cleaning and removing legacy data collection in honeypot and HAF
    219226
    220227= 7.4.2 =
Note: See TracChangeset for help on using the changeset viewer.