Newsletter - Version 5.2.8

Version Description

Download this release

Release Info

Developer satollo
Plugin Icon 128x128 Newsletter
Version 5.2.8
Comparing to
See all releases

Code changes from version 5.3.0 to 5.2.8

Files changed (8) hide show
  1. includes/controls.php +0 -3
  2. includes/module.php +9 -51
  3. plugin.php +2 -2
  4. readme.txt +2 -12
  5. statistics/statistics.php +2 -1
  6. subscription/languages/en_US.php +0 -5
  7. subscription/options.php +4 -78
  8. subscription/subscription.php +24 -114
includes/controls.php CHANGED
@@ -814,9 +814,6 @@ class NewsletterControls {
814
 
815
  function textarea($name, $width = '100%', $height = '50') {
816
  $value = $this->get_value($name);
817
- if (is_array($value)) {
818
- $value = implode("\n", $value);
819
- }
820
  echo '<textarea id="options-' . esc_attr($name) . '" class="dynamic" name="options[' . esc_attr($name) . ']" wrap="off" style="width:' . esc_attr($width) . ';height:' . esc_attr($height) . '">';
821
  echo esc_html($value);
822
  echo '</textarea>';
814
 
815
  function textarea($name, $width = '100%', $height = '50') {
816
  $value = $this->get_value($name);
 
 
 
817
  echo '<textarea id="options-' . esc_attr($name) . '" class="dynamic" name="options[' . esc_attr($name) . ']" wrap="off" style="width:' . esc_attr($width) . ';height:' . esc_attr($height) . '">';
818
  echo esc_html($value);
819
  echo '</textarea>';
includes/module.php CHANGED
@@ -1132,45 +1132,17 @@ class NewsletterModule {
1132
  return $text;
1133
  }
1134
 
1135
- public static function antibot_form_check($captcha = false) {
1136
- if (strtolower($_SERVER['REQUEST_METHOD']) != 'post') return false;
1137
-
1138
- if (!isset($_POST['ts']) || time() - $_POST['ts'] > 60) {
1139
- return false;
1140
- }
1141
- if ($captcha) {
1142
- $n1 = (int) $_POST['n1'];
1143
- if (empty($n1)) {
1144
- return false;
1145
- }
1146
- $n2 = (int) $_POST['n2'];
1147
- if (empty($n2)) {
1148
- return false;
1149
- }
1150
- $n3 = (int) $_POST['n3'];
1151
- if ($n1 + $n2 != $n3) {
1152
- return false;
1153
- }
1154
- }
1155
-
1156
- return true;
1157
  }
1158
 
1159
- public static function request_to_antibot_form($submit_label = 'Continue...', $captcha = false) {
1160
  header('Content-Type: text/html;charset=UTF-8');
1161
  header('X-Robots-Tag: noindex,nofollow,noarchive');
1162
  header('Cache-Control: no-cache,no-store,private');
1163
  echo "<!DOCTYPE html>\n";
1164
- echo '<html><head>'
1165
- . '<style type="text/css">'
1166
- . 'form {margin: 200px auto 0 auto !important; width: 350px !important; padding: 10px !important; font-family: "Open Sans", sans-serif; background: #ECF0F1; border-radius: 5px; padding: 50px !important; border: none !important;}'
1167
- . 'p {text-align: center; padding: 10px; color: #7F8C8D;}'
1168
- . 'input[type=text] {width: 50px; padding: 10px 10px; border: none; border-radius: 2px; margin: 0px 5px;}'
1169
- . 'input[type=submit] {text-align: center; border: none; padding: 10px 15px; font-family: "Open Sans", sans-serif; background-color: #27AE60; color: white; cursor: pointer;}'
1170
- . '</style>'
1171
- . '</head><body>';
1172
- echo '<form method="post" action="https://www.domain.tld" id="form">';
1173
- echo '<div style="width: 1px; height: 1px; overflow: hidden">';
1174
  foreach ($_REQUEST as $name => $value) {
1175
  if ($name == 'submit')
1176
  continue;
@@ -1195,25 +1167,12 @@ class NewsletterModule {
1195
  echo '<input type="hidden" name="nhr" value="' . esc_attr($_SERVER['HTTP_REFERER']) . '">';
1196
  }
1197
  echo '<input type="hidden" name="ts" value="' . time() . '">';
1198
- echo '</div>';
1199
- if ($captcha) {
1200
- echo '<p>Math question</p>';
1201
- echo '<input type="text" name="n1" value="' . rand(1, 9) . '" readonly style="width: 50px">';
1202
- echo '+';
1203
- echo '<input type="text" name="n2" value="' . rand(1, 9) . '" readonly style="width: 50px">';
1204
- echo '=';
1205
- echo '<input type="text" name="n3" value="?" style="width: 50px">';
1206
- echo '&nbsp;<input type="submit" value="', esc_attr($submit_label), '">';
1207
- }
1208
  echo '<noscript><input type="submit" value="';
1209
  echo esc_attr($submit_label);
1210
  echo '"></noscript></form>';
1211
  echo '<script>';
1212
  echo 'document.getElementById("form").action="' . home_url('/') . '";';
1213
- if (!$captcha) {
1214
- echo 'document.getElementById("form").submit();';
1215
- }
1216
- echo '</script>';
1217
  echo '</body></html>';
1218
  die();
1219
  }
@@ -1252,13 +1211,12 @@ class NewsletterModule {
1252
  }
1253
  return (int) $var;
1254
  }
1255
-
1256
  static function sanitize_ip($ip) {
1257
- if (empty($ip))
1258
- return $ip;
1259
  return preg_replace('/[^0-9a-fA-F:., ]/', '', $ip);
1260
  }
1261
-
1262
  static function get_remote_ip() {
1263
  return self::sanitize_ip($_SERVER['REMOTE_ADDR']);
1264
  }
1132
  return $text;
1133
  }
1134
 
1135
+ public static function antibot_form_check() {
1136
+ return strtolower($_SERVER['REQUEST_METHOD']) == 'post' && isset($_POST['ts']) && time() - $_POST['ts'] < 30;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1137
  }
1138
 
1139
+ public static function request_to_antibot_form($submit_label = 'Continue...') {
1140
  header('Content-Type: text/html;charset=UTF-8');
1141
  header('X-Robots-Tag: noindex,nofollow,noarchive');
1142
  header('Cache-Control: no-cache,no-store,private');
1143
  echo "<!DOCTYPE html>\n";
1144
+ echo '<html><head></head><body>';
1145
+ echo '<form method="post" action="https://www.domain.tld" id="form" style="width: 1px; height: 1px; overflow: hidden">';
 
 
 
 
 
 
 
 
1146
  foreach ($_REQUEST as $name => $value) {
1147
  if ($name == 'submit')
1148
  continue;
1167
  echo '<input type="hidden" name="nhr" value="' . esc_attr($_SERVER['HTTP_REFERER']) . '">';
1168
  }
1169
  echo '<input type="hidden" name="ts" value="' . time() . '">';
 
 
 
 
 
 
 
 
 
 
1170
  echo '<noscript><input type="submit" value="';
1171
  echo esc_attr($submit_label);
1172
  echo '"></noscript></form>';
1173
  echo '<script>';
1174
  echo 'document.getElementById("form").action="' . home_url('/') . '";';
1175
+ echo 'document.getElementById("form").submit();</script>';
 
 
 
1176
  echo '</body></html>';
1177
  die();
1178
  }
1211
  }
1212
  return (int) $var;
1213
  }
1214
+
1215
  static function sanitize_ip($ip) {
1216
+ if (empty($ip)) return $ip;
 
1217
  return preg_replace('/[^0-9a-fA-F:., ]/', '', $ip);
1218
  }
1219
+
1220
  static function get_remote_ip() {
1221
  return self::sanitize_ip($_SERVER['REMOTE_ADDR']);
1222
  }
plugin.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin Name: Newsletter
5
  Plugin URI: https://www.thenewsletterplugin.com/plugins/newsletter
6
  Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="https://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
7
- Version: 5.3.0
8
  Author: Stefano Lissa & The Newsletter Team
9
  Author URI: https://www.thenewsletterplugin.com
10
  Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
@@ -14,7 +14,7 @@
14
  */
15
 
16
  // Used as dummy parameter on css and js links
17
- define('NEWSLETTER_VERSION', '5.3.0');
18
 
19
  global $wpdb, $newsletter;
20
 
4
  Plugin Name: Newsletter
5
  Plugin URI: https://www.thenewsletterplugin.com/plugins/newsletter
6
  Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="https://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
7
+ Version: 5.2.7
8
  Author: Stefano Lissa & The Newsletter Team
9
  Author URI: https://www.thenewsletterplugin.com
10
  Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
14
  */
15
 
16
  // Used as dummy parameter on css and js links
17
+ define('NEWSLETTER_VERSION', '5.2.7');
18
 
19
  global $wpdb, $newsletter;
20
 
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Tags: newsletter,email,subscription,mass mail,list build,email marketing,direct mailing,automation,automated
3
  Requires at least: 3.4.0
4
  Tested up to: 4.9.4
5
- Stable tag: 5.3.0
6
  Contributors: satollo,webagile,michael-travan
7
 
8
  Add a real newsletter system to your blog. For free. With unlimited newsletters and subscribers.
@@ -88,17 +88,7 @@ Thank you, The Newsletter Team
88
 
89
  == Changelog ==
90
 
91
- = 5.3.0 =
92
-
93
- * CAPTCHA system
94
- * IP black list
95
- * Email address black list
96
-
97
- = 5.2.8 =
98
-
99
- * Redirect fix
100
-
101
- = 5.2.7 =
102
 
103
  * Improved block layout
104
  * Added filter on profile url
2
  Tags: newsletter,email,subscription,mass mail,list build,email marketing,direct mailing,automation,automated
3
  Requires at least: 3.4.0
4
  Tested up to: 4.9.4
5
+ Stable tag: 5.2.7
6
  Contributors: satollo,webagile,michael-travan
7
 
8
  Add a real newsletter system to your blog. For free. With unlimited newsletters and subscribers.
88
 
89
  == Changelog ==
90
 
91
+ = NEXT =
 
 
 
 
 
 
 
 
 
 
92
 
93
  * Improved block layout
94
  * Added filter on profile url
statistics/statistics.php CHANGED
@@ -119,7 +119,8 @@ class NewsletterStatistics extends NewsletterModule {
119
 
120
  $wpdb->query($wpdb->prepare("update " . NEWSLETTER_SENT_TABLE . " set open=2, ip=%s where email_id=%d and user_id=%d limit 1", $ip, $email_id, $user_id));
121
 
122
- header('Location: ' . apply_filters('newsletter_redirect_url', $url, $email, $user));
 
123
  die();
124
  }
125
 
119
 
120
  $wpdb->query($wpdb->prepare("update " . NEWSLETTER_SENT_TABLE . " set open=2, ip=%s where email_id=%d and user_id=%d limit 1", $ip, $email_id, $user_id));
121
 
122
+ wp_safe_redirect(apply_filters('newsletter_redirect_url', $url, $email, $user));
123
+
124
  die();
125
  }
126
 
subscription/languages/en_US.php CHANGED
@@ -14,11 +14,6 @@ $options = array();
14
 
15
  $options['noconfirmation'] = 0;
16
  $options['antiflood'] = 10;
17
- $options['ip_blacklist'] = array();
18
- $options['address_blacklist'] = array();
19
- $options['domain_check'] = 0;
20
- $options['akismet'] = 0;
21
- $options['captcha'] = 0;
22
  $options['notify_email'] = get_option('admin_email');
23
 
24
  // Profile page
14
 
15
  $options['noconfirmation'] = 0;
16
  $options['antiflood'] = 10;
 
 
 
 
 
17
  $options['notify_email'] = get_option('admin_email');
18
 
19
  // Profile page
subscription/options.php CHANGED
@@ -58,29 +58,6 @@ if ($controls->is_action()) {
58
  if (!empty($controls->data['page'])) {
59
  $controls->data['url'] = ''; // do not unset
60
  }
61
-
62
- $blacklist = trim($controls->data['ip_blacklist']);
63
- if (empty($blacklist)) $blacklist = array();
64
- else {
65
- $blacklist = preg_split("/\\r\\n/", $blacklist);
66
- $blacklist = array_map('trim', $blacklist);
67
- $blacklist = array_map('strtolower', $blacklist);
68
- $blacklist = array_filter($blacklist);
69
-
70
- $controls->data['ip_blacklist'] = $blacklist;
71
- }
72
-
73
- $blacklist = trim($controls->data['address_blacklist']);
74
- if (empty($blacklist)) $blacklist = array();
75
- else {
76
- $blacklist = preg_split("/\\r\\n/", $blacklist);
77
- $blacklist = array_map('trim', $blacklist);
78
- $blacklist = array_map('strtolower', $blacklist);
79
- $blacklist = array_filter($blacklist);
80
-
81
- $controls->data['address_blacklist'] = $blacklist;
82
- }
83
-
84
 
85
  $module->merge_options($controls->data);
86
  $controls->add_message_saved();
@@ -281,24 +258,10 @@ if (empty($controls->data['page'])) {
281
  <td>
282
  <?php $controls->yesno('antibot_disable'); ?>
283
  <p class="description">
284
- <?php _e('Disable for ajax form submission', 'newsletter'); ?>
285
  </p>
286
  </td>
287
  </tr>
288
- <?php /*
289
- <tr>
290
- <th><?php _e('Akismet', 'newsletter') ?></th>
291
- <td>
292
- <?php
293
- $controls->select('akismet', array(
294
- 0 => __('Disabled', 'newsletter'),
295
- 1 => __('Enabled', 'newsletter')
296
- ));
297
- ?>
298
- <?php $controls->help('https://www.thenewsletterplugin.com/documentation/akismet') ?>
299
- </td>
300
- </tr>
301
- */ ?>
302
  <tr>
303
  <th><?php _e('Antiflood', 'newsletter') ?></th>
304
  <td>
@@ -320,43 +283,6 @@ if (empty($controls->data['page'])) {
320
  <?php $controls->help('https://www.thenewsletterplugin.com/documentation/antiflood') ?>
321
  </td>
322
  </tr>
323
- <tr>
324
- <th><?php _e('Captcha', 'newsletter') ?></th>
325
- <td>
326
- <?php
327
- $controls->enabled('captcha');
328
- ?>
329
- </td>
330
- </tr>
331
- <?php /*
332
- <tr>
333
- <th><?php _e('Domain check', 'newsletter') ?></th>
334
- <td>
335
- <?php
336
- $controls->yesno('domain_check');
337
- ?>
338
- </td>
339
- </tr>
340
- */ ?>
341
-
342
- <tr>
343
- <th><?php _e('IP black list', 'newsletter') ?></th>
344
- <td>
345
- <?php
346
- $controls->textarea('ip_blacklist');
347
- ?>
348
- <?php $controls->help('https://www.thenewsletterplugin.com/documentation/blacklist') ?>
349
- </td>
350
- </tr>
351
- <tr>
352
- <th><?php _e('Address black list', 'newsletter') ?></th>
353
- <td>
354
- <?php
355
- $controls->textarea('address_blacklist');
356
- ?>
357
- <?php $controls->help('https://www.thenewsletterplugin.com/documentation/blacklist') ?>
358
- </td>
359
- </tr>
360
  </table>
361
 
362
  <h3>Special cases</h3>
@@ -387,10 +313,10 @@ if (empty($controls->data['page'])) {
387
 
388
 
389
  <div id="tabs-3">
390
-
391
  <p><?php _e('Only for double opt-in mode.', 'newsletter') ?></p>
392
  <?php $controls->panel_help('https://www.thenewsletterplugin.com/documentation/subscription#activation') ?>
393
-
394
  <table class="form-table">
395
  <tr>
396
  <th><?php _e('Activation message', 'newsletter') ?></th>
@@ -441,7 +367,7 @@ if (empty($controls->data['page'])) {
441
 
442
  <tr>
443
  <th><?php _e('Conversion tracking code', 'newsletter') ?>
444
- <?php $controls->help('https://www.thenewsletterplugin.com/documentation/subscription#conversion') ?></th>
445
  <td>
446
  <?php $controls->textarea('confirmed_tracking'); ?>
447
  </td>
58
  if (!empty($controls->data['page'])) {
59
  $controls->data['url'] = ''; // do not unset
60
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
61
 
62
  $module->merge_options($controls->data);
63
  $controls->add_message_saved();
258
  <td>
259
  <?php $controls->yesno('antibot_disable'); ?>
260
  <p class="description">
261
+ <?php _e ('Disable for ajax form submission', 'newsletter'); ?>
262
  </p>
263
  </td>
264
  </tr>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
265
  <tr>
266
  <th><?php _e('Antiflood', 'newsletter') ?></th>
267
  <td>
283
  <?php $controls->help('https://www.thenewsletterplugin.com/documentation/antiflood') ?>
284
  </td>
285
  </tr>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
286
  </table>
287
 
288
  <h3>Special cases</h3>
313
 
314
 
315
  <div id="tabs-3">
316
+
317
  <p><?php _e('Only for double opt-in mode.', 'newsletter') ?></p>
318
  <?php $controls->panel_help('https://www.thenewsletterplugin.com/documentation/subscription#activation') ?>
319
+
320
  <table class="form-table">
321
  <tr>
322
  <th><?php _e('Activation message', 'newsletter') ?></th>
367
 
368
  <tr>
369
  <th><?php _e('Conversion tracking code', 'newsletter') ?>
370
+ <?php $controls->help('https://www.thenewsletterplugin.com/documentation/subscription#conversion') ?></th>
371
  <td>
372
  <?php $controls->textarea('confirmed_tracking'); ?>
373
  </td>
subscription/subscription.php CHANGED
@@ -23,7 +23,7 @@ class NewsletterSubscription extends NewsletterModule {
23
 
24
  function __construct() {
25
 
26
- parent::__construct('subscription', '2.0.4');
27
 
28
  // Must be called after the Newsletter::hook_init, since some constants are defined
29
  // there.
@@ -80,19 +80,6 @@ class NewsletterSubscription extends NewsletterModule {
80
  wp_localize_script('newsletter-subscription', 'newsletter', $data);
81
  }
82
 
83
- function ip_match($ip, $range) {
84
- if (strpos($range, '/')) {
85
- list ($subnet, $bits) = explode('/', $range);
86
- $ip = ip2long($ip);
87
- $subnet = ip2long($subnet);
88
- $mask = -1 << (32 - $bits);
89
- $subnet &= $mask; # nb: in case the supplied subnet wasn't correctly aligned
90
- return ($ip & $mask) == $subnet;
91
- } else {
92
- return strpos($range, $ip) === 0;
93
- }
94
- }
95
-
96
  function hook_wp_loaded() {
97
  global $newsletter, $wpdb;
98
 
@@ -103,7 +90,7 @@ class NewsletterSubscription extends NewsletterModule {
103
  if (!$user || $user->status != 'C') {
104
  die('Subscriber not found or not active.');
105
  }
106
-
107
  $email = $this->get_email_from_request();
108
  if (!$email) {
109
  die('Newsletter not found');
@@ -117,9 +104,9 @@ class NewsletterSubscription extends NewsletterModule {
117
  if (!$list || $list['status'] == 0) {
118
  die('Private list.');
119
  }
120
-
121
  $url = $_REQUEST['redirect'];
122
-
123
  $this->set_user_list($user, $list_id, $_REQUEST['value']);
124
  NewsletterStatistics::instance()->add_click(wp_sanitize_redirect($url), $user->id, $email->id);
125
  wp_safe_redirect($url);
@@ -138,107 +125,30 @@ class NewsletterSubscription extends NewsletterModule {
138
  // normal subscription
139
  case 's':
140
  case 'subscribe':
141
-
142
- $ip = $this->get_remote_ip();
143
- $email = $this->normalize_email($_REQUEST['ne']);
144
- $antibot_logger = new NewsletterLogger('antibot');
145
-
146
- if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
147
- $antibot_logger->fatal($email . ' - ' . $ip . ' - HTTP method invalid');
148
- die('Invalid');
 
149
  }
150
-
151
- $captcha = !empty($this->options['captcha']);
152
-
153
- if (!empty($this->options['antibot_disable']) || $this->antibot_form_check($captcha)) {
154
-
155
-
156
- // Cannot check for administrator here, too early.
157
- if (true) {
158
-
159
- $this->logger->debug('Subscription of: ' . $email);
160
- // if ($this->options['domain_check']) {
161
- // $this->logger->debug('Domain checking');
162
- // list($local, $domain) = explode('@', $email);
163
- //
164
- // $hosts = array();
165
- // if (!getmxrr($domain, $hosts)) {
166
- // $antibot_logger->fatal($email . ' - ' . $ip . ' - MX check failed');
167
- // die('Blocked 0');
168
- // }
169
- // }
170
-
171
- if (!empty($this->options['ip_blacklist'])) {
172
- $this->logger->debug('IP blacklist check');
173
- foreach ($this->options['ip_blacklist'] as $item) {
174
- if ($this->ip_match($ip, $item)) {
175
- $antibot_logger->fatal($email . ' - ' . $ip . ' - IP blacklisted');
176
- header("HTTP/1.0 404 Not Found"); die();
177
- }
178
- }
179
- }
180
-
181
- if (!empty($this->options['address_blacklist'])) {
182
- $this->logger->debug('Address blacklist check');
183
- $rev_email = strrev($email);
184
- foreach ($this->options['address_blacklist'] as $item) {
185
- if (strpos($rev_email, strrev($item)) === 0) {
186
- $antibot_logger->fatal($email . ' - ' . $ip . ' - Address blacklisted');
187
- header("HTTP/1.0 404 Not Found"); die();
188
- }
189
- }
190
- }
191
 
192
- // Akismet check
193
- // if (!empty($this->options['akismet']) && class_exists('Akismet')) {
194
- // $this->logger->debug('Akismet check');
195
- // $request = 'blog=' . urlencode(home_url()) . '&referrer=' . urlencode($_SERVER['HTTP_REFERER']) .
196
- // '&user_agent=' . urlencode($_SERVER['HTTP_USER_AGENT']) .
197
- // '&comment_type=signup' .
198
- // '&comment_author_email=' . urlencode($_REQUEST['ne']) .
199
- // '&user_ip=' . urlencode($_SERVER['REMOTE_ADDR']);
200
- // if (isset($_REQUEST['nn'])) {
201
- // $request .= '&comment_author=' . urlencode($_REQUEST['nn']);
202
- // }
203
- //
204
- // $response = Akismet::http_post($request, 'comment-check');
205
- //
206
- // if ($response && $response[1] == 'true') {
207
- // $antibot_logger->fatal($email . ' - ' . $ip . ' - Akismet blocked');
208
- // //$this->logger->error('Reported as spam by Akismet: ' . $_REQUEST['ne'] . ' ' . $_SERVER['REMOTE_ADDR']);
209
- // die('Blocked 3');
210
- // }
211
- // }
212
-
213
- // Flood check
214
- if (!empty($this->options['antiflood'])) {
215
- $this->logger->debug('Antiflood check');
216
- $email = $this->is_email($_REQUEST['ne']);
217
- $updated = $wpdb->get_var($wpdb->prepare("select updated from " . NEWSLETTER_USERS_TABLE . " where ip=%s or email=%s order by updated desc limit 1", $ip, $email));
218
-
219
- if ($updated && time() - $updated < $this->options['antiflood']) {
220
- $antibot_logger->fatal($email . ' - ' . $ip . ' - Antiflood triggered');
221
- die('Too quick');
222
- }
223
- }
224
-
225
- $user = $this->subscribe();
226
 
227
- if ($user->status == 'E')
228
- $this->show_message('error', $user->id);
229
- if ($user->status == 'C')
230
- $this->show_message('confirmed', $user->id);
231
- if ($user->status == 'A')
232
- $this->show_message('already_confirmed', $user->id);
233
- if ($user->status == 'S')
234
- $this->show_message('confirmation', $user->id);
235
- }
236
  } else {
237
- // Temporary store data
238
- //$data_key = wp_generate_password(16, false, false);
239
- //set_transient('newsletter_' . $data_key, $_REQUEST, 60);
240
- //$this->antibot_redirect($data_key);
241
- $this->request_to_antibot_form('Subscribe', $captcha);
242
  }
243
  die();
244
 
23
 
24
  function __construct() {
25
 
26
+ parent::__construct('subscription', '2.0.3');
27
 
28
  // Must be called after the Newsletter::hook_init, since some constants are defined
29
  // there.
80
  wp_localize_script('newsletter-subscription', 'newsletter', $data);
81
  }
82
 
 
 
 
 
 
 
 
 
 
 
 
 
 
83
  function hook_wp_loaded() {
84
  global $newsletter, $wpdb;
85
 
90
  if (!$user || $user->status != 'C') {
91
  die('Subscriber not found or not active.');
92
  }
93
+
94
  $email = $this->get_email_from_request();
95
  if (!$email) {
96
  die('Newsletter not found');
104
  if (!$list || $list['status'] == 0) {
105
  die('Private list.');
106
  }
107
+
108
  $url = $_REQUEST['redirect'];
109
+
110
  $this->set_user_list($user, $list_id, $_REQUEST['value']);
111
  NewsletterStatistics::instance()->add_click(wp_sanitize_redirect($url), $user->id, $email->id);
112
  wp_safe_redirect($url);
125
  // normal subscription
126
  case 's':
127
  case 'subscribe':
128
+ // Flood check
129
+ if (!empty($this->options['antiflood'])) {
130
+ $ip = (string) $_SERVER['REMOTE_ADDR'];
131
+ $email = $this->is_email($_REQUEST['ne']);
132
+ $updated = $wpdb->get_var($wpdb->prepare("select updated from " . NEWSLETTER_USERS_TABLE . " where ip=%s or email=%s order by updated desc limit 1", $ip, $email));
133
+
134
+ if ($updated && time() - $updated < $this->options['antiflood']) {
135
+ die('Too quick');
136
+ }
137
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
138
 
139
+ if (!empty($this->options['antibot_disable']) || $this->antibot_form_check()) {
140
+ $user = $this->subscribe();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
141
 
142
+ if ($user->status == 'E')
143
+ $this->show_message('error', $user->id);
144
+ if ($user->status == 'C')
145
+ $this->show_message('confirmed', $user->id);
146
+ if ($user->status == 'A')
147
+ $this->show_message('already_confirmed', $user->id);
148
+ if ($user->status == 'S')
149
+ $this->show_message('confirmation', $user->id);
 
150
  } else {
151
+ $this->request_to_antibot_form('Subscribe');
 
 
 
 
152
  }
153
  die();
154