Akismet Anti-Spam - Version 4.1.2

Version Description

Release Date - 14 May 2019

Fixed a conflict between the Akismet setup banner and other plugin notices.
Reduced the number of API requests made by the plugin when attempting to verify the API key.
Include additional data in the pingback pre-check API request to help make the stats more accurate.
Fixed a bug that was enabling the "Check for Spam" button when no comments were eligible to be checked.
Improved Akismet's AMP compatibility.

Release Info

Developer	cfinke
Plugin	Akismet Anti-Spam
Version	4.1.2
Comparing to
See all releases

Code changes from version 4.1.1 to 4.1.2

Files changed (8) hide show

_inc/akismet.css +3 -3
_inc/akismet.js +7 -2
akismet.php +2 -2
class.akismet-admin.php +2 -2
class.akismet.php +20 -25
readme.txt +11 -2
views/get.php +6 -0
wrapper.php +2 -1

_inc/akismet.css CHANGED Viewed

	@@ -80,9 +80,11 @@ table.comments td.comment p a:after {
80	display: inline-block !important;
81	}
82	.checkforspam-progress {
83	- padding-left: 1ex;
84	display: none;
85	}



86	.checkforspam.button-disabled .checkforspam-progress {
87	display: inline;
88	}
	@@ -246,7 +248,6 @@ table.comments td.comment p a:after {
246	font-size: 140px;
247	color: #769F33;
248	font-family: Georgia, "Times New Roman", Times, serif;
249	- z-index: 1;
250	}
251
252	.akismet_activate .aa_button {
	@@ -312,7 +313,6 @@ table.comments td.comment p a:after {
312	margin-left: 25px;
313	color: #E5F2B1;
314	font-size: 15px;
315	- z-index: 1000;
316	}
317
318	.akismet_activate .aa_description strong {


80	display: inline-block !important;
81	}
82	.checkforspam-progress {

83	display: none;
84	}
85	+ .checkforspam.checking .checkforspam-progress {
86	+ padding-left: 1ex;
87	+ }
88	.checkforspam.button-disabled .checkforspam-progress {
89	display: inline;
90	}

248	font-size: 140px;
249	color: #769F33;
250	font-family: Georgia, "Times New Roman", Times, serif;

251	}
252
253	.akismet_activate .aa_button {

313	margin-left: 25px;
314	color: #E5F2B1;
315	font-size: 15px;

316	}
317
318	.akismet_activate .aa_description strong {

_inc/akismet.js CHANGED Viewed

	@@ -146,10 +146,15 @@ jQuery( function ( $ ) {
146	} );
147	} );
148
149	- $('.checkforspam~~:not(.button-disabled)~~').click( function(e) {
150	e.preventDefault();
151
152	- $(~~'.checkforspam:not(.button-disabled~~)').~~addClass~~('button-disabled');





153	$('.checkforspam-spinner').addClass( 'spinner' ).addClass( 'is-active' );
154
155	// Update the label on the "Check for Spam" button to use the active "Checking for Spam" language.


146	} );
147	} );
148
149	+ $( '.checkforspam' ).click( function( e ) {
150	e.preventDefault();
151
152	+ if ( $( this ).hasClass( 'button-disabled' ) ) {
153	+ window.location.href = $( this ).data( 'success-url' ).replace( '__recheck_count__', 0 ).replace( '__spam_count__', 0 );
154	+ return;
155	+ }
156	+
157	+ $('.checkforspam').addClass('button-disabled').addClass( 'checking' );
158	$('.checkforspam-spinner').addClass( 'spinner' ).addClass( 'is-active' );
159
160	// Update the label on the "Check for Spam" button to use the active "Checking for Spam" language.

akismet.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	Plugin Name: Akismet Anti-Spam
7	Plugin URI: https://akismet.com/
8	Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
9	- Version: 4.1.1
10	Author: Automattic
11	Author URI: https://automattic.com/wordpress-plugins/
12	License: GPLv2 or later
	@@ -37,7 +37,7 @@ if ( !function_exists( 'add_action' ) ) {
37	exit;
38	}
39
40	- define( 'AKISMET_VERSION', '4.1.1' );
41	define( 'AKISMET__MINIMUM_WP_VERSION', '4.0' );
42	define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
43	define( 'AKISMET_DELETE_LIMIT', 100000 );


6	Plugin Name: Akismet Anti-Spam
7	Plugin URI: https://akismet.com/
8	Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
9	+ Version: 4.1.2
10	Author: Automattic
11	Author URI: https://automattic.com/wordpress-plugins/
12	License: GPLv2 or later

37	exit;
38	}
39
40	+ define( 'AKISMET_VERSION', '4.1.2' );
41	define( 'AKISMET__MINIMUM_WP_VERSION', '4.0' );
42	define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
43	define( 'AKISMET_DELETE_LIMIT', 100000 );

class.akismet-admin.php CHANGED Viewed

	@@ -390,9 +390,9 @@ class Akismet_Admin {
390	$comments_count = wp_count_comments();
391
392	echo '</div>';
393	- echo '<div class="alignleft">';
394	echo '<a
395	- class="button-secondary checkforspam"
396	href="' . esc_url( $link ) . '"
397	data-active-label="' . esc_attr( __( 'Checking for Spam', 'akismet' ) ) . '"
398	data-progress-label-format="' . esc_attr( __( '(%1$s%)', 'akismet' ) ) . '"


390	$comments_count = wp_count_comments();
391
392	echo '</div>';
393	+ echo '<div class="alignleft actions">';
394	echo '<a
395	+ class="button-secondary checkforspam' . ( $comments_count->moderated == 0 ? ' button-disabled' : '' ) . '"
396	href="' . esc_url( $link ) . '"
397	data-active-label="' . esc_attr( __( 'Checking for Spam', 'akismet' ) ) . '"
398	data-progress-label-format="' . esc_attr( __( '(%1$s%)', 'akismet' ) ) . '"

class.akismet.php CHANGED Viewed

	@@ -65,6 +65,11 @@ class Akismet {
65	}
66
67	public static function verify_key( $key, $ip = null ) {





68	$response = self::check_key_status( $key, $ip );
69
70	if ( $response[1] != 'valid' && $response[1] != 'invalid' )
	@@ -1178,6 +1183,10 @@ class Akismet {
1178	}
1179
1180	public static function load_form_js() {




1181	wp_register_script( 'akismet-form', plugin_dir_url( __FILE__ ) . '_inc/form.js', array(), AKISMET_VERSION, true );
1182	wp_enqueue_script( 'akismet-form' );
1183	}
	@@ -1333,9 +1342,16 @@ p {
1333	if ( !empty( $args[1] ) ) {
1334	$post_id = url_to_postid( $args[1] );
1335
1336	- // If ~~this~~ ~~gets~~ ~~through~~ ~~the~~ ~~pre-check~~, ~~make sure~~ we ~~properly~~ ~~identify~~ ~~the~~ ~~outbound~~ request as a ~~pingback~~ ~~verification~~
1337	- ~~Akismet::pingback_forwarded_for(~~ ~~null,~~ ~~$args[0]~~ );
1338	- ~~add_filter(~~ ~~'http_request_args',~~ ~~array(~~ ~~'Akismet',~~ ~~'pingback_forwarded_for'~~ ), ~~10,~~ 2 );







1339
1340	$comment = array(
1341	'comment_author_url' => $args[0],
	@@ -1346,6 +1362,7 @@ p {
1346	'comment_type' => 'pingback',
1347	'akismet_pre_check' => '1',
1348	'comment_pingback_target' => $args[1],

1349	);
1350
1351	$comment = Akismet::auto_check_comment( $comment );
	@@ -1356,29 +1373,7 @@ p {
1356	}
1357	}
1358	}
1359	-
1360	- public static function pingback_forwarded_for( $r, $url ) {
1361	- static $urls = array();
1362	-
1363	- // Call this with $r == null to prime the callback to add headers on a specific URL
1364	- if ( is_null( $r ) && !in_array( $url, $urls ) ) {
1365	- $urls[] = $url;
1366	- }
1367	-
1368	- // Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source)
1369	- if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) {
1370	- $remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] );
1371	-
1372	- // Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use
1373	- $r['headers']['X-Pingback-Forwarded-For'] = $remote_ip;
1374
1375	- // Also identify the request as a pingback verification in the UA string so it appears in logs
1376	- $r['user-agent'] .= '; verifying pingback from ' . $remote_ip;
1377	- }
1378	-
1379	- return $r;
1380	- }
1381	-
1382	/**
1383	* Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta.
1384	*


65	}
66
67	public static function verify_key( $key, $ip = null ) {
68	+ // Shortcut for obviously invalid keys.
69	+ if ( strlen( $key ) != 12 ) {
70	+ return 'invalid';
71	+ }
72	+
73	$response = self::check_key_status( $key, $ip );
74
75	if ( $response[1] != 'valid' && $response[1] != 'invalid' )

1183	}
1184
1185	public static function load_form_js() {
1186	+ if ( function_exists( 'is_amp_endpoint' ) && is_amp_endpoint() ) {
1187	+ return;
1188	+ }
1189	+
1190	wp_register_script( 'akismet-form', plugin_dir_url( __FILE__ ) . '_inc/form.js', array(), AKISMET_VERSION, true );
1191	wp_enqueue_script( 'akismet-form' );
1192	}

1342	if ( !empty( $args[1] ) ) {
1343	$post_id = url_to_postid( $args[1] );
1344
1345	+ // If pingbacks aren't open on this post, we'll still check whether this request is part of a potential DDOS,
1346	+ // but indicate to the server that pingbacks are indeed closed so we don't include this request in the user's stats,
1347	+ // since the user has already done their part by disabling pingbacks.
1348	+ $pingbacks_closed = false;
1349	+
1350	+ $post = get_post( $post_id );
1351	+
1352	+ if ( ! $post \|\| ! pings_open( $post ) ) {
1353	+ $pingbacks_closed = true;
1354	+ }
1355
1356	$comment = array(
1357	'comment_author_url' => $args[0],

1362	'comment_type' => 'pingback',
1363	'akismet_pre_check' => '1',
1364	'comment_pingback_target' => $args[1],
1365	+ 'pingbacks_closed' => $pingbacks_closed ? '1' : '0',
1366	);
1367
1368	$comment = Akismet::auto_check_comment( $comment );

1373	}
1374	}
1375	}















1376







1377	/**
1378	* Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta.
1379	*

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau
3	Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments
4	Requires at least: 4.0
5	- Tested up to: 5.1
6	- Stable tag: 4.1.1
7	License: GPLv2 or later
8
9	Akismet checks your comments and contact form submissions against our global database of spam to protect you and your site from malicious content.
	@@ -30,6 +30,15 @@ Upload the Akismet plugin to your blog, Activate it, then enter your [Akismet.co
30
31	== Changelog ==
32









33	= 4.1.1 =
34	Release Date - 31 January 2019
35


2	Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau
3	Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments
4	Requires at least: 4.0
5	+ Tested up to: 5.2
6	+ Stable tag: 4.1.2
7	License: GPLv2 or later
8
9	Akismet checks your comments and contact form submissions against our global database of spam to protect you and your site from malicious content.

30
31	== Changelog ==
32
33	+ = 4.1.2 =
34	+ Release Date - 14 May 2019
35	+
36	+ * Fixed a conflict between the Akismet setup banner and other plugin notices.
37	+ * Reduced the number of API requests made by the plugin when attempting to verify the API key.
38	+ * Include additional data in the pingback pre-check API request to help make the stats more accurate.
39	+ * Fixed a bug that was enabling the "Check for Spam" button when no comments were eligible to be checked.
40	+ * Improved Akismet's AMP compatibility.
41	+
42	= 4.1.1 =
43	Release Date - 31 January 2019
44

views/get.php CHANGED Viewed

@@ -1,3 +1,9 @@
             <form name="akismet_activate" action="https://akismet.com/get/" method="POST" target="_blank">
             	<input type="hidden" name="passback_url" value="<?php echo esc_url( Akismet_Admin::get_page_url() ); ?>"/>
             	<input type="hidden" name="blog" value="<?php echo esc_url( get_option( 'home' ) ); ?>"/>


1	+ <?php
2	+
3	+ //phpcs:disable VariableAnalysis
4	+ // There are "undefined" variables here because they're defined in the code that includes this file as a template.
5	+
6	+ ?>
7	<form name="akismet_activate" action="https://akismet.com/get/" method="POST" target="_blank">
8	<input type="hidden" name="passback_url" value="<?php echo esc_url( Akismet_Admin::get_page_url() ); ?>"/>
9	<input type="hidden" name="blog" value="<?php echo esc_url( get_option( 'home' ) ); ?>"/>

wrapper.php CHANGED Viewed

	@@ -206,7 +206,8 @@ function akismet_kill_proxy_check( $option ) {
206	return 0;
207	}
208	function akismet_pingback_forwarded_for( $r, $url ) {
209	- ~~return~~ ~~Akismet::pingback_forwarded_for(~~ ~~$r,~~ ~~$url~~ );

210	}
211	function akismet_pre_check_pingback( $method ) {
212	return Akismet::pre_check_pingback( $method );


206	return 0;
207	}
208	function akismet_pingback_forwarded_for( $r, $url ) {
209	+ // This functionality is now in core.
210	+ return false;
211	}
212	function akismet_pre_check_pingback( $method ) {
213	return Akismet::pre_check_pingback( $method );