Context Navigation

← Previous Changeset
Next Changeset →

Changeset 536369

Timestamp:

04/25/2012 07:28:18 PM (14 years ago)

Author:

brandonfenning

Message:

Fixed a bug with mechanism that prevents wp-comments-post.php from being hijacked.

Location:

botblocker

Files:

: 5 added
: 2 edited

tags/1.0.4 (added)
tags/1.0.4/botblocker.php (added)
tags/1.0.4/readme.txt (added)
tags/1.0.4/screenshot-1.jpg (added)
tags/1.0.4/styles.css (added)
trunk/botblocker.php (modified) (14 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

botblocker/trunk/botblocker.php

-                      r533682
+                      r536369
 Plugin URI: http://www.lform.com/botblocker/
 Description: Kills spam-bots, leaves humans standing. No CAPTCHAS, no math questions, no passwords, just spam blocking that stops comment spam-bots dead in their tracks.
 Version: 1.0.3
+Version: 1.0.4
 Author: Lform Design (Brandon Fenning)
 Author URI: http://www.lform.com/botblocker/
 …
 /*
- * TODO: Test all the way back to IE 5.5
- * TODO: Test on WP 3.0
  * TODO: add complete obscusfication
  * TODO: add themeable error page hook option
  * TODO: make honey pot togglable
  * TODO: add unit tests
  * BUG: When logged in as admin & commenting, flagged as spam bot
+ *
  */
 …
     protected $options;
     protected $isSpam = FALSE;
+    protected $disabled = FALSE;
     protected $debug = FALSE;
 …
         add_filter('pre_comment_approved',array( &$this, 'commentApproval' ),  '99', 2 );
         add_action('comment_form_top', array( &$this, 'printError' ));
+        add_action('pre_comment_on_post', array( &$this, 'preventRawSubmit' ));
         $this->options = $this->getWpOptions();
         $this->msg = &$_SESSION['_spamMsg'];
+        // # Used to access user data
+        //global $current_user;
+        //get_currentuserinfo();
+    }
+    // # Prevents spammers from directly submitting comments to wp-comments-post.php
+    function preventRawSubmit() {
+        $fieldName = $this->getHoneyPotName();
+        if (!$this->disabled && !isset($_POST[$fieldName])) {
+            $this->isSpam = TRUE;
+            wp_die(__('<strong>ERROR</strong>: '.$this->getErrorMsg()));
+        }
+    }
 …
+    }
+    function getErrorMsg() {
+        $options = $this->getOptions();
+        if ($options['honeypot_reaction'] == 'Block') {
+            $approved = '0';
+            $errorMsg = $options['honeypot_error_msg_block'];
+        }
+        else if ($options['honeypot_reaction'] == 'Spam') {
+            $approved = 'spam';
+            $errorMsg = $options['honeypot_error_msg_flag'];
+        }
+        else if ($options['honeypot_reaction'] == 'Hold') {
+            $approved = '0';
+            $errorMsg = $options['honeypot_error_msg_hold'];
+        }
+        return ($options['honeypot_error_msg'].' '.$errorMsg);
+    }
     function commentApproval($approved, $commentData) {
 …
             $options = $this->getOptions();
+            /*
             if ($options['honeypot_reaction'] == 'Block') {
                 $approved = '0';
 …
             $this->logError($options['honeypot_error_msg'].' '.$errorMsg);
+            */
+            $this->logError($this->getErrorMsg());
             if ($options['honeypot_error_type'] == 'Die') {
 …
         return FALSE;
+    }
     function generateHoneypot($fields) {
         $options = $this->getOptions();
+    function getHoneyPotName() {
+        $options = $this->getOptions();
         $additionalRandom = '';
         if ($options['honeypot_random'] == 'Yes') {
             $additionalRandom = $this->getAdditionalRandom();
+        }
+        if ($options['honeypot_method'] == 'Smart') {
+            $todaysDecoy = $this->getTodaysDecoy($options['fields']);
+            $honeypotName = $additionalRandom.$todaysDecoy;
+        }
+        else if ($options['honeypot_method'] == 'Static') {
+            $honeypotName = $additionalRandom.$options['honeypot_field'];
+        }
+        else {
+            $todaysRandom = $this->getTodaysRandom();
+            $honeypotName = $additionalRandom.$todaysRandom;
+        }
+        return $honeypotName;
+    }
+    function generateHoneypot($fields) {
+        $options = $this->getOptions();
+        // # Update field cache
+        $fieldList = array_keys($fields);
+        $fieldList = array_combine($fieldList, $fieldList);
+        if ($fieldList != $options['fields']) {
+            $options['fields'] = $fieldList;
+            update_option("BotBlocker_options", $options);
+        }
+        $additionalRandom = '';
+        if ($options['honeypot_random'] == 'Yes') {
+            $additionalRandom = $this->getAdditionalRandom();
+        }
         if ($options['obfuscation'] == 'Swap Email and Name') {
 …
             // # Todo: Add ability to completely obfuscate the field names with random characters
+        }
+        $honeypotName = $this->getHoneyPotName();
+        /*
         if ($options['honeypot_method'] == 'Smart') {
             $todaysDecoy = $this->getTodaysDecoy($fields);
 …
             $honeypotName = $additionalRandom.$todaysRandom;
+        }
+         */
         $honeyClass = '';
 …
     function preprocessComment() {
+        //# Disable plugin for logged in users so theyre not flagged as spam.
+        if (is_user_logged_in()) {
+            $this->disabled = TRUE;
+        }
         $additionalRandom = '';
         $options = $this->getOptions();
 …
         if ($isSpam) {
+            $this->isSpam = TRUE;
+            $this->isSpam = TRUE;
+        }
+        if ($this->disabled == TRUE) {
+            $this->isSpam = FALSE;  // # Logged in users not flagged as spam.
+        }
 …
         //get_currentuserinfo();
         if (is_user_logged_in()) { // # Logged in users not flagged as spam.
             $this->isSpam = FALSE;
+        }
+        //if (is_user_logged_in()) {
+        //  $this->isSpam = FALSE;
+        //}
         return $comment;
 …
                 'honeypot_reaction'=>'Block',
                 'obfuscation'=>'Swap Email and Name',
+                'seed'=>rand(0,99999),
+                'seed'=>rand(0,99999999),
+                'fields'=>array(), // # Caches fields for smart system
             );
             add_option("BotBlocker_options",$options);

botblocker/trunk/readme.txt

-                      r533682
+                      r536369
 Contributors: brandonfenning
 Donate link: http://www.lform.com/
 Tags: comments, spam, akismet, captcha, bot, comment spam, anti-spam, block, blocker, botblocker, bot blocker, reduce spam
+Tags: comments, spam, akismet, captcha, bot, comment spam, anti-spam, block, blocker, botblocker, bot blocker, reduce spam, plugin
 Requires at least: 3.0
 Tested up to: 3.3.1
 Stable tag: 1.0.3
+Stable tag: 1.0.4
 Kills spam-bots, leaves humans standing. No CAPTCHAS, no math questions, no passwords, just spam blocking that stops spam-bots dead in their tracks.
 …
 == Changelog ==
+= 1.0.4 =
+* Fixed bug with mechanism that prevents comments from directly being submitted to wp-comments-post.php.
 = 1.0.3 =
 * Fixed bug that caused logged in users & admins to be flagged as spam bots. Registered users & admins will no longer be filtered by the spam bot system.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 536369

Legend:

botblocker/trunk/botblocker.php

botblocker/trunk/readme.txt

Download in other formats: