Merge pull request #32 from erikyo/0.4.4

version 0.4.4

Author: erikyo

.editorconfig

@@ -8,7 +8,7 @@ root = true
 
 [*]
 charset = utf-8
-end_of_line = lf
+end_of_line = crlf
 insert_final_newline = true
 trim_trailing_whitespace = true
 indent_style = tab

.github/workflows/build.yml

@@ -32,26 +32,3 @@ jobs:
         with:
           reporter: github-check
           eslint_flags: -c .eslintrc.js --ext .js --fix admin/src/ includes/src/
-
-
-  e2e:
-    name: E2E Tests
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Setup environment to use the desired version of NodeJS
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16
-          cache: npm
-
-      - name: Installing NPM dependencies
-        run: npm install
-
-      - name: Starting the WordPress Environment
-        run: npm run wp-env:start
-
-      - name: Running the tests
-        run: npm run test:e2e

.github/workflows/tests.yml

@@ -42,3 +42,45 @@ jobs:
 
       - name: Run PHP Unit tests
         run: composer run test
+
+
+  test-e2e:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x, 16.x, 18.x]
+        wp: [ '6.0', 'latest' ]
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 7.4
+          tools: composer
+          extensions: mysql
+          coverage: none
+
+      - name: Install dependencies
+        run: composer install --no-interaction --no-progress
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - name: Installing NPM dependencies
+        run: npm install
+
+      - name: Build
+        run: npm run build
+
+      - name: Starting the WordPress Environment
+        run: npm run wp-env:start
+
+      - name: Running e2e tests
+        run: npm run test:e2e

.wp-env.json

@@ -1,5 +1,4 @@
 {
-  "phpVersion": "7.4",
   "core": "WordPress/WordPress",
   "plugins": [
 	".",

admin/admin-customizations.php

@@ -273,7 +273,7 @@ public function cf7a_options_init() {
 		/* Settings check_bad_ip */
 		add_settings_field(
 			'check_bad_ip',
-			__( 'IP Address', 'cf7-antispam' ),
+			__( 'Check Bad IP Address', 'cf7-antispam' ),
 			array( $this, 'cf7a_check_bad_ip_callback' ),
 			'cf7a-settings',
 			'cf7a_bad_ip'
@@ -920,6 +920,43 @@ public function cf7a_enable_geo( $enabled ) {
 		}
 	}
 
+	/**
+	 * Handles WP-cron task registrations
+	 *
+	 * @param array  $input      - The post input values.
+	 * @param string $input_name - The value of the input field.
+	 * @param string $cron_task  - The slug of the Post value.
+	 * @param array  $schedule   - The schedules list obtained with wp_get_schedules().
+	 *
+	 * @return array|false the new value that the user has selected
+	 */
+	private function cf7a_input_cron_schedule( $input, $input_name, $cron_task, $schedule ) {
+		$new_value = false;
+
+		if ( ! empty( $input[$input_name] ) && in_array( $input[$input_name], array_keys( $schedule ), true ) ) {
+			if ( $this->options[$input_name] !== $input[$input_name] ) {
+				$new_value = $input[$input_name];
+				/* delete previous scheduled events */
+				$timestamp = wp_next_scheduled( $cron_task );
+				if ( $timestamp ) {
+					wp_clear_scheduled_hook( $cron_task );
+				}
+
+				/* add the new scheduled event */
+				wp_schedule_event( time() + $schedule[ $new_value ]['interval'], $new_value, $cron_task );
+			}
+		} else {
+			/* Get the timestamp for the next event. */
+			$timestamp = wp_next_scheduled( $cron_task );
+			if ( $timestamp ) {
+				wp_clear_scheduled_hook( $cron_task );
+			}
+			$new_value[$input_name] = 'disabled';
+		}
+		return $new_value;
+	}
+
+
 	/**
 	 * Sanitize each setting field as needed
 	 *
@@ -975,26 +1012,9 @@ public function cf7a_sanitize_options( $input ) {
 
 		/* auto-unban delay */
 		$schedule = wp_get_schedules();
-		if ( ! empty( $input['unban_after'] ) && in_array( $input['unban_after'], array_keys( $schedule ), true ) ) {
-			if ( $this->options['unban_after'] !== $input['unban_after'] ) {
-				$new_input['unban_after'] = $input['unban_after'];
-				/* delete previous scheduled events */
-				$timestamp = wp_next_scheduled( 'cf7a_cron' );
-				if ( $timestamp ) {
-					wp_clear_scheduled_hook( 'cf7a_cron' );
-				}
 
-				/* add the new scheduled event */
-				wp_schedule_event( time() + $schedule[ $new_input['unban_after'] ]['interval'], $new_input['unban_after'], 'cf7a_cron' );
-			}
-		} else {
-			/* Get the timestamp for the next event. */
-			$timestamp = wp_next_scheduled( 'cf7a_cron' );
-			if ( $timestamp ) {
-				wp_clear_scheduled_hook( 'cf7a_cron' );
-			}
-			$new_input['unban_after'] = 'disabled';
-		}
+		/* unban after */
+		$new_input['unban_after'] = $this->cf7a_input_cron_schedule( $input, 'unban_after', 'cf7a_cron', $schedule );
 
 		/* bad ip */
 		$new_input['check_refer']  = isset( $input['check_refer'] ) ? 1 : 0;

admin/admin-tools.php

@@ -75,13 +75,17 @@ public function cf7a_handle_actions() {
 
 				$filter = new CF7_AntiSpam_Filters();
 
+				$plugin_options = CF7_AntiSpam::get_options();
+
 				$ban_id = intval( substr( $action, 12 ) );
 				$ban_ip = $filter->cf7a_blacklist_get_id( $ban_id );
 
-				if ( $ban_ip ) {
-					if ( CF7_AntiSpam::update_plugin_option( 'bad_ip_list', array( $ban_ip->ip ) ) ) {
+				if ( $ban_ip && !empty($plugin_options) ) {
+
+					if ( CF7_AntiSpam::update_plugin_option( 'bad_ip_list', array_merge( $plugin_options['bad_ip_list'], array( $ban_ip->ip ) ) ) ) {
 						$filter->cf7a_unban_by_id( $ban_id );
 					}
+
 					self::cf7a_push_notice(
 						sprintf(
 						/* translators: the %1$s is the user id and %2$s is the ip address. */
@@ -90,6 +94,7 @@ public function cf7a_handle_actions() {
 							! empty( $ban_ip->ip ) ? $ban_ip->ip : 'not available'
 						)
 					);
+
 				} else {
 					self::cf7a_push_notice(
 						sprintf(

admin/dist/admin-scripts.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array(), 'version' => '31f79903e33e38d0926a');
+<?php return array('dependencies' => array(), 'version' => '55a0a782bc47ae12f770');

babel.config.js

@@ -0,0 +1,7 @@
+module.exports = ( api ) => {
+	api.cache( true );
+
+	return {
+		presets: [ '@wordpress/babel-preset-default' ],
+	};
+};

cf7-antispam.php

@@ -5,7 +5,7 @@
  * Author: Codekraft
  * Text Domain: cf7-antispam
  * Domain Path: /languages/
- * Version: 0.4.3
+ * Version: 0.4.4
  *
  * @package cf7-antispam
  */

composer.json

@@ -15,17 +15,11 @@
 	"php": ">=7.2",
 	"friendsofphp/php-cs-fixer": "3.*",
 	"squizlabs/php_codesniffer": "^3",
-	"phpmd/phpmd" : "@stable",
-    "phpstan/phpstan": "^1.8",
 	"phpcompatibility/php-compatibility": "*",
 	"wp-coding-standards/wpcs": "^2.3",
 	"automattic/vipwpcs": "^2.3",
 	"phpcompatibility/phpcompatibility-wp": "*",
-	"slevomat/coding-standard": "^7.2",
-    "phpstan/extension-installer": "^1.2",
-    "szepeviktor/phpstan-wordpress": "^1.1",
-    "vimeo/psalm": "^4.29",
-	"phpunit/phpunit": "^7",
+	"phpunit/phpunit": "^8",
 	"wp-phpunit/wp-phpunit": "^5.9.5",
 	"yoast/phpunit-polyfills": "*",
     "dealerdirect/phpcodesniffer-composer-installer": "^0.7"

includes/cf7a-antispam-filters.php

@@ -328,6 +328,7 @@ public function cf7a_spam_filter( $spam ) {
 
 		/* client referer */
 		$cf7a_referer = isset( $_POST[ $prefix . 'referer' ] ) ? cf7a_decrypt( sanitize_text_field( wp_unslash( $_POST[ $prefix . 'referer' ] ) ), $options['cf7a_cipher'] ) : false;
+		$cf7a_protocol = isset( $_POST[ $prefix . 'protocol' ] ) ? cf7a_decrypt( sanitize_text_field( wp_unslash( $_POST[ $prefix . 'protocol' ] ) ), $options['cf7a_cipher'] ) : false;
 
 		/* CF7 user agent */
 		$user_agent = sanitize_text_field( $submission->get_meta( 'user_agent' ) );
@@ -490,6 +491,16 @@ public function cf7a_spam_filter( $spam ) {
 				}
 			}
 
+			if ( $cf7a_protocol ) {
+				if ( in_array($cf7a_protocol, array('HTTP/1.0', 'HTTP/1.1','HTTP/1.2') ) ) {
+
+					$spam_score           += $score_warn;
+					$reason['no_protocol'] = 'client has a bot-like connection protocol';
+
+					cf7a_log( "the $remote_ip has a bot-like connection protocol (HTTP/1.X)", 1 );
+				}
+			}
+
 			/**
 			 * Check the CF7 AntiSpam version field
 			 */
@@ -854,22 +865,23 @@ public function cf7a_spam_filter( $spam ) {
 			 */
 			if ( $options['check_honeypot'] ) {
 
-				/* we need only the text tags of the form */
+				/* collect the input "name" value of the type="text" tags of the submitted form */
 				foreach ( $mail_tags as $mail_tag ) {
 					if ( 'text' === $mail_tag['type'] || 'text*' === $mail_tag['type'] ) {
 						$mail_tag_text[] = $mail_tag['name'];
 					}
 				}
 
-				if ( isset( $mail_tag_text ) ) {
+				if ( ! empty( $mail_tag_text ) ) {
 
-					/* faked input name used into honeypots */
+					/* get the collection of the generated (fake) input name used as honeypots name value */
 					$input_names = get_honeypot_input_names( $options['honeypot_input_names'] );
 
 					$mail_tag_count = count( $input_names );
 
 					for ( $i = 0; $i < $mail_tag_count; $i ++ ) {
 
+						/* check if any posted input name value has a name from the honeypot names array, if yes the bot has fallen into the trap and filled the input */
 						$has_honeypot = ! empty( $_POST[ $input_names[ $i ] ] );
 
 						/* check only if it's set and if it is different from "" */

includes/cf7a-frontend.php

@@ -95,7 +95,7 @@ public function cf7a_honeypot_add( $form_elements ) {
 		 *
 		 * @since 0.4.3
 		 */
-		$max_replacements = intval( apply_filters( 'cf7a_additional_max_honeypots', 5 ) );
+		$max_replacements = min( intval( apply_filters( 'cf7a_additional_max_honeypots', 5 ) ), count( $input_names ) );
 
 		/* get the inputs data */
 		if ( $inputs && $inputs->length > 0 ) {
@@ -280,12 +280,14 @@ public function cf7a_add_hidden_fields( $fields ) {
 
 		/* add the default hidden fields */
 		$referrer = ! empty( $_SERVER['HTTP_REFERER'] ) ? esc_url_raw( wp_unslash( $_SERVER['HTTP_REFERER'] ) ) : false;
+		$protocol = ! empty( $_SERVER['SERVER_PROTOCOL'] ) ? esc_url_raw( wp_unslash( $_SERVER['SERVER_PROTOCOL'] ) ) : false;
 		return array_merge(
 			$fields,
 			array(
 				$prefix . 'version' => '1.0',
 				$prefix . 'address' => cf7a_crypt( cf7a_get_real_ip(), $this->options['cf7a_cipher'] ),
 				$prefix . 'referer' => cf7a_crypt( $referrer ? $referrer : 'no referer', $this->options['cf7a_cipher'] ),
+				$prefix . 'protocol' => cf7a_crypt( $protocol ? $protocol : 'protocol missing', $this->options['cf7a_cipher'] ),
 			)
 		);
 	}

includes/cf7a-functions.php

@@ -109,6 +109,28 @@ function ( $res, $el ) {
 	);
 }
 
+/**
+ * It adds two new cron schedules to WordPress
+ *
+ * @param array $schedules This is the name of the hook that we're adding a schedule to.
+ */
+function cf7a_add_cron_steps( $schedules ) {
+	return array_merge(
+		$schedules,
+		array(
+			'5min'  => array(
+				'interval' => 300,
+				'display'  => __( 'Every 5 Minutes', 'cf7-antispam' ),
+			),
+			'60sec' => array(
+				'interval' => 60,
+				'display'  => __( 'Every 60 seconds', 'cf7-antispam' ),
+			),
+		)
+	);
+}
+add_filter( 'cron_schedules', 'cf7a_add_cron_steps' );
+
 /**
  * It adds a bunch of common honeypot input names to the list of honeypot input names
  *
@@ -140,29 +162,6 @@ function get_honeypot_input_names( $custom_names = array() ) {
 	);
 }
 
-
-/**
- * It adds two new cron schedules to WordPress
- *
- * @param array $schedules This is the name of the hook that we're adding a schedule to.
- */
-function cf7a_add_cron_steps( $schedules ) {
-	return array_merge(
-		$schedules,
-		array(
-			'5min'  => array(
-				'interval' => 300,
-				'display'  => __( 'Every 5 Minutes', 'cf7-antispam' ),
-			),
-			'60sec' => array(
-				'interval' => 60,
-				'display'  => __( 'Every 60 seconds', 'cf7-antispam' ),
-			),
-		)
-	);
-}
-add_filter( 'cron_schedules', 'cf7a_add_cron_steps' );
-
 /**
  * It encrypts a string using the WordPress salt as the key
  *

includes/dist/script.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array(), 'version' => 'f679f15b63f8cb923e61');
+<?php return array('dependencies' => array(), 'version' => '269fbb9de6b1349e0e67');