Newsletter - Version 6.3.9

Version Description

  • Improved antibot and/or spam subscription checks (please review your security configuration)
Download this release

Release Info

Developer satollo
Plugin Icon 128x128 Newsletter
Version 6.3.9
Comparing to
See all releases

Code changes from version 6.3.8 to 6.3.9

Files changed (9) hide show
  1. includes/module.php +15 -2
  2. main/index.php +2 -2
  3. main/status.php +20 -1
  4. plugin.php +2 -2
  5. readme.txt +5 -1
  6. subscription/antibot.php +12 -40
  7. subscription/defaults-antibot.php +11 -0
  8. subscription/defaults.php +8 -6
  9. subscription/subscription.php +43 -11
includes/module.php CHANGED
@@ -571,7 +571,7 @@ class NewsletterModule {
571
  }
572
  return $r;
573
  }
574
-
575
  function get_results($query) {
576
  global $wpdb;
577
  $r = $wpdb->get_results($query);
@@ -581,7 +581,7 @@ class NewsletterModule {
581
  $logger->fatal($wpdb->last_error);
582
  }
583
  return $r;
584
- }
585
 
586
  /**
587
  *
@@ -2264,6 +2264,19 @@ class NewsletterModule {
2264
  return (int) $var;
2265
  }
2266
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2267
  static function sanitize_ip($ip) {
2268
  if (empty($ip))
2269
  return '';
571
  }
572
  return $r;
573
  }
574
+
575
  function get_results($query) {
576
  global $wpdb;
577
  $r = $wpdb->get_results($query);
581
  $logger->fatal($wpdb->last_error);
582
  }
583
  return $r;
584
+ }
585
 
586
  /**
587
  *
2264
  return (int) $var;
2265
  }
2266
 
2267
+ static function to_array($text) {
2268
+ $text = trim($text);
2269
+ if (empty($text)) {
2270
+ return array();
2271
+ }
2272
+ $text = preg_split("/\\r\\n/", $text);
2273
+ $text = array_map('trim', $text);
2274
+ $text = array_map('strtolower', $text);
2275
+ $text = array_filter($text);
2276
+
2277
+ return $text;
2278
+ }
2279
+
2280
  static function sanitize_ip($ip) {
2281
  if (empty($ip))
2282
  return '';
main/index.php CHANGED
@@ -244,11 +244,11 @@ $labels = array_reverse( $labels );
244
  </a>
245
  </h3>
246
  <div class="inside">
247
- <div class="tnp-video-container">
248
  <iframe width="480" height="360"
249
  src="https://www.youtube.com/embed/JaxK7XwqvVI?rel=0" frameborder="0"
250
  allowfullscreen></iframe>
251
- </div>
252
  <div>
253
  <a class="orange"
254
  href="https://www.thenewsletterplugin.com/plugins/newsletter/newsletter-documentation/email-sending-issues"
244
  </a>
245
  </h3>
246
  <div class="inside">
247
+ <!-- <div class="tnp-video-container">
248
  <iframe width="480" height="360"
249
  src="https://www.youtube.com/embed/JaxK7XwqvVI?rel=0" frameborder="0"
250
  allowfullscreen></iframe>
251
+ </div> -->
252
  <div>
253
  <a class="orange"
254
  href="https://www.thenewsletterplugin.com/plugins/newsletter/newsletter-documentation/email-sending-issues"
main/status.php CHANGED
@@ -221,6 +221,8 @@ $speed = Newsletter::$instance->options['scheduler_max'];
221
 
222
  <?php echo esc_html($name) ?>
223
  </td>
 
 
224
  <tr>
225
  <td>Mailing</td>
226
  <td>
@@ -254,7 +256,24 @@ $speed = Newsletter::$instance->options['scheduler_max'];
254
  </td>
255
 
256
  </tr>
257
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
258
  <?php
259
  $return_path = $module->options['return_path'];
260
  if (!empty($return_path)) {
221
 
222
  <?php echo esc_html($name) ?>
223
  </td>
224
+ </tr>
225
+
226
  <tr>
227
  <td>Mailing</td>
228
  <td>
256
  </td>
257
 
258
  </tr>
259
+
260
+ <?php if (ini_get('opcache.validate_timestamps') === '0') { ?>
261
+
262
+ <tr>
263
+ <td>
264
+ Opcache
265
+ </td>
266
+
267
+ <td>
268
+ <span class="tnp-ko">KO</span>
269
+ </td>
270
+
271
+ <td>
272
+ You have the PHP opcache active with file validation disable so every blog plugins update needs a webserver restart!
273
+ </td>
274
+ </tr>
275
+ <?php } ?>
276
+
277
  <?php
278
  $return_path = $module->options['return_path'];
279
  if (!empty($return_path)) {
plugin.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin Name: Newsletter
5
  Plugin URI: https://www.thenewsletterplugin.com/plugins/newsletter
6
  Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="https://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
7
- Version: 6.3.8
8
  Author: Stefano Lissa & The Newsletter Team
9
  Author URI: https://www.thenewsletterplugin.com
10
  Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
@@ -28,7 +28,7 @@
28
 
29
  */
30
 
31
- define('NEWSLETTER_VERSION', '6.3.8');
32
 
33
  global $newsletter, $wpdb;
34
 
4
  Plugin Name: Newsletter
5
  Plugin URI: https://www.thenewsletterplugin.com/plugins/newsletter
6
  Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="https://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
7
+ Version: 6.3.9
8
  Author: Stefano Lissa & The Newsletter Team
9
  Author URI: https://www.thenewsletterplugin.com
10
  Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
28
 
29
  */
30
 
31
+ define('NEWSLETTER_VERSION', '6.3.9');
32
 
33
  global $newsletter, $wpdb;
34
 
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Tags: email, email marketing, newsletter, newsletter subscribers, welcome email, signup forms, contact, lead generation, popup, marketing automation
3
  Requires at least: 3.4.0
4
  Tested up to: 5.2.4
5
- Stable tag: 6.3.8
6
  Requires PHP: 5.6
7
  Contributors: satollo,webagile,michael-travan
8
 
@@ -109,6 +109,10 @@ Thank you, The Newsletter Team
109
 
110
  == Changelog ==
111
 
 
 
 
 
112
  = 6.3.8 =
113
 
114
  * Fixed email encoding when sent with wp_mail() and an encoding is selected on main settings
2
  Tags: email, email marketing, newsletter, newsletter subscribers, welcome email, signup forms, contact, lead generation, popup, marketing automation
3
  Requires at least: 3.4.0
4
  Tested up to: 5.2.4
5
+ Stable tag: 6.3.9
6
  Requires PHP: 5.6
7
  Contributors: satollo,webagile,michael-travan
8
 
109
 
110
  == Changelog ==
111
 
112
+ = 6.3.9 =
113
+
114
+ * Improved antibot and/or spam subscription checks (please review your security configuration)
115
+
116
  = 6.3.8 =
117
 
118
  * Fixed email encoding when sent with wp_mail() and an encoding is selected on main settings
subscription/antibot.php CHANGED
@@ -1,46 +1,22 @@
1
  <?php
 
2
  defined('ABSPATH') || exit;
3
 
4
  @include_once NEWSLETTER_INCLUDES_DIR . '/controls.php';
5
  $controls = new NewsletterControls();
6
- $module = NewsletterSubscription::instance();
7
-
8
- // TODO: Remove and use the $module->options.
9
- $options = get_option('newsletter', array());
10
 
11
  if ($controls->is_action()) {
12
 
13
  if ($controls->is_action('save')) {
14
 
15
- $blacklist = trim($controls->data['ip_blacklist']);
16
- if (empty($blacklist))
17
- $blacklist = array();
18
- else {
19
- $blacklist = preg_split("/\\r\\n/", $blacklist);
20
- $blacklist = array_map('trim', $blacklist);
21
- $blacklist = array_map('strtolower', $blacklist);
22
- $blacklist = array_filter($blacklist);
23
-
24
- $controls->data['ip_blacklist'] = $blacklist;
25
- }
26
-
27
- $blacklist = trim($controls->data['address_blacklist']);
28
- if (empty($blacklist))
29
- $blacklist = array();
30
- else {
31
- $blacklist = preg_split("/\\r\\n/", $blacklist);
32
- $blacklist = array_map('trim', $blacklist);
33
- $blacklist = array_map('strtolower', $blacklist);
34
- $blacklist = array_filter($blacklist);
35
-
36
- $controls->data['address_blacklist'] = $blacklist;
37
- }
38
-
39
- $module->merge_options($controls->data);
40
  $controls->add_message_saved();
41
  }
42
  } else {
43
- $controls->data = get_option('newsletter', array());
44
  }
45
  ?>
46
 
@@ -78,7 +54,7 @@ if ($controls->is_action()) {
78
  <tr>
79
  <th><?php _e('Disable antibot/antispam?', 'newsletter') ?></th>
80
  <td>
81
- <?php $controls->yesno('antibot_disable'); ?>
82
  <p class="description">
83
  <?php _e('Disable for ajax form submission', 'newsletter'); ?>
84
  </p>
@@ -123,7 +99,7 @@ if ($controls->is_action()) {
123
  <tr>
124
  <th><?php _e('Captcha', 'newsletter') ?> </th>
125
  <td>
126
- <?php $controls->enabled('captcha'); ?> <?php $controls->field_help('https://www.thenewsletterplugin.com/documentation/antiflood#captcha')?>
127
  </td>
128
  </tr>
129
  <?php /*
@@ -150,10 +126,8 @@ if ($controls->is_action()) {
150
  <?php $controls->field_help('https://www.thenewsletterplugin.com/documentation/antiflood#ip') ?>
151
  </th>
152
  <td>
153
- <?php
154
- $controls->textarea('ip_blacklist');
155
- ?>
156
- <p class="description"><?php _e('One per line', 'newsletter')?></p>
157
  </td>
158
  </tr>
159
  <tr>
@@ -162,10 +136,8 @@ if ($controls->is_action()) {
162
  <?php $controls->field_help('https://www.thenewsletterplugin.com/documentation/antiflood#domains') ?>
163
  </th>
164
  <td>
165
- <?php
166
- $controls->textarea('address_blacklist');
167
- ?>
168
- <p class="description"><?php _e('One per line', 'newsletter')?></p>
169
  </td>
170
  </tr>
171
  </table>
1
  <?php
2
+ /* @var $this NewsletterSubscription */
3
  defined('ABSPATH') || exit;
4
 
5
  @include_once NEWSLETTER_INCLUDES_DIR . '/controls.php';
6
  $controls = new NewsletterControls();
 
 
 
 
7
 
8
  if ($controls->is_action()) {
9
 
10
  if ($controls->is_action('save')) {
11
 
12
+ $controls->data['ip_blacklist'] = $this->to_array($controls->data['ip_blacklist']);
13
+ $controls->data['address_blacklist'] = $this->to_array($controls->data['address_blacklist']);
14
+
15
+ $this->save_options($controls->data, 'antibot');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
16
  $controls->add_message_saved();
17
  }
18
  } else {
19
+ $controls->data = $this->get_options('antibot');
20
  }
21
  ?>
22
 
54
  <tr>
55
  <th><?php _e('Disable antibot/antispam?', 'newsletter') ?></th>
56
  <td>
57
+ <?php $controls->yesno('disabled'); ?>
58
  <p class="description">
59
  <?php _e('Disable for ajax form submission', 'newsletter'); ?>
60
  </p>
99
  <tr>
100
  <th><?php _e('Captcha', 'newsletter') ?> </th>
101
  <td>
102
+ <?php $controls->enabled('captcha'); ?> <?php $controls->field_help('https://www.thenewsletterplugin.com/documentation/antiflood#captcha') ?>
103
  </td>
104
  </tr>
105
  <?php /*
126
  <?php $controls->field_help('https://www.thenewsletterplugin.com/documentation/antiflood#ip') ?>
127
  </th>
128
  <td>
129
+ <?php $controls->textarea('ip_blacklist'); ?>
130
+ <p class="description"><?php _e('One per line', 'newsletter') ?></p>
 
 
131
  </td>
132
  </tr>
133
  <tr>
136
  <?php $controls->field_help('https://www.thenewsletterplugin.com/documentation/antiflood#domains') ?>
137
  </th>
138
  <td>
139
+ <?php $controls->textarea('address_blacklist'); ?>
140
+ <p class="description"><?php _e('One per line', 'newsletter') ?></p>
 
 
141
  </td>
142
  </tr>
143
  </table>
subscription/defaults-antibot.php ADDED
@@ -0,0 +1,11 @@
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ // This file is used only on first installation!
4
+
5
+ $options = array();
6
+ $options['ip_blacklist'] = array();
7
+ $options['address_blacklist'] = array();
8
+ $options['antiflood'] = 60;
9
+ $options['akismet'] = 0;
10
+ $options['captcha'] = 0;
11
+ $options['disabled'] = 0;
subscription/defaults.php CHANGED
@@ -13,12 +13,14 @@
13
  $options = array();
14
 
15
  $options['noconfirmation'] = 1;
16
- $options['antiflood'] = 10;
17
- $options['ip_blacklist'] = array();
18
- $options['address_blacklist'] = array();
19
- $options['domain_check'] = 0;
20
- $options['akismet'] = 0;
21
- $options['captcha'] = 0;
 
 
22
  $options['notify_email'] = get_option('admin_email');
23
  $options['multiple'] = 1;
24
  $options['notify'] = 0;
13
  $options = array();
14
 
15
  $options['noconfirmation'] = 1;
16
+
17
+ //$options['antiflood'] = 10;
18
+ //$options['ip_blacklist'] = array();
19
+ //$options['address_blacklist'] = array();
20
+ //$options['domain_check'] = 0;
21
+ //$options['akismet'] = 1;
22
+ //$options['captcha'] = 1;
23
+
24
  $options['notify_email'] = get_option('admin_email');
25
  $options['multiple'] = 1;
26
  $options['notify'] = 0;
subscription/subscription.php CHANGED
@@ -35,7 +35,7 @@ class NewsletterSubscription extends NewsletterModule {
35
 
36
  function __construct() {
37
 
38
- parent::__construct('subscription', '2.1.7', null, array('lists', 'template', 'profile'));
39
  $this->options_profile = $this->get_options('profile');
40
  $this->options_lists = $this->get_options('lists');
41
 
@@ -109,13 +109,15 @@ class NewsletterSubscription extends NewsletterModule {
109
  }
110
 
111
  function is_address_blacklisted($email) {
112
- if (empty($this->options['address_blacklist'])) {
 
 
113
  return false;
114
  }
115
 
116
  $this->logger->debug('Address blacklist check');
117
  $rev_email = strrev($email);
118
- foreach ($this->options['address_blacklist'] as $item) {
119
  if (strpos($rev_email, strrev($item)) === 0) {
120
  return true;
121
  }
@@ -124,11 +126,13 @@ class NewsletterSubscription extends NewsletterModule {
124
  }
125
 
126
  function is_ip_blacklisted($ip) {
127
- if (empty($this->options['ip_blacklist'])) {
 
 
128
  return false;
129
  }
130
  $this->logger->debug('IP blacklist check');
131
- foreach ($this->options['ip_blacklist'] as $item) {
132
  if ($this->ip_match($ip, $item)) {
133
  return true;
134
  }
@@ -156,8 +160,10 @@ class NewsletterSubscription extends NewsletterModule {
156
 
157
  function is_flood($email, $ip) {
158
  global $wpdb;
159
-
160
- if (empty($this->options['antiflood'])) {
 
 
161
  return false;
162
  }
163
 
@@ -165,7 +171,7 @@ class NewsletterSubscription extends NewsletterModule {
165
 
166
  $updated = $wpdb->get_var($wpdb->prepare("select updated from " . NEWSLETTER_USERS_TABLE . " where ip=%s or email=%s order by updated desc limit 1", $ip, $email));
167
 
168
- if ($updated && time() - $updated < $this->options['antiflood']) {
169
  return true;
170
  }
171
 
@@ -183,7 +189,10 @@ class NewsletterSubscription extends NewsletterModule {
183
  }
184
 
185
  function is_spam_by_akismet($email, $name, $ip, $agent, $referrer) {
186
- if (empty($this->options['akismet'])) {
 
 
 
187
  return false;
188
  }
189
  if (!class_exists('Akismet')) {
@@ -283,10 +292,12 @@ class NewsletterSubscription extends NewsletterModule {
283
  $antibot_logger->fatal($email . ' - ' . $ip . ' - HTTP method invalid');
284
  die('Invalid');
285
  }
 
 
286
 
287
- $captcha = !empty($this->options['captcha']);
288
 
289
- if (!empty($this->options['antibot_disable']) || $this->antibot_form_check($captcha)) {
290
 
291
 
292
  if ($this->is_spam_text($full_name)) {
@@ -397,6 +408,25 @@ class NewsletterSubscription extends NewsletterModule {
397
  function upgrade() {
398
  global $wpdb, $charset_collate;
399
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
400
  parent::upgrade();
401
 
402
  $newsletter = Newsletter::instance();
@@ -458,6 +488,8 @@ class NewsletterSubscription extends NewsletterModule {
458
 
459
  $this->init_options('template', false);
460
 
 
 
461
  global $wpdb, $charset_collate;
462
 
463
  require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
35
 
36
  function __construct() {
37
 
38
+ parent::__construct('subscription', '2.2.7', null, array('lists', 'template', 'profile', 'antibot'));
39
  $this->options_profile = $this->get_options('profile');
40
  $this->options_lists = $this->get_options('lists');
41
 
109
  }
110
 
111
  function is_address_blacklisted($email) {
112
+ // TODO: Optimize!
113
+ $options = $this->get_options('antibot');
114
+ if (empty($options['address_blacklist'])) {
115
  return false;
116
  }
117
 
118
  $this->logger->debug('Address blacklist check');
119
  $rev_email = strrev($email);
120
+ foreach ($options['address_blacklist'] as $item) {
121
  if (strpos($rev_email, strrev($item)) === 0) {
122
  return true;
123
  }
126
  }
127
 
128
  function is_ip_blacklisted($ip) {
129
+ // TODO: Optimize!
130
+ $options = $this->get_options('antibot');
131
+ if (empty($options['ip_blacklist'])) {
132
  return false;
133
  }
134
  $this->logger->debug('IP blacklist check');
135
+ foreach ($options['ip_blacklist'] as $item) {
136
  if ($this->ip_match($ip, $item)) {
137
  return true;
138
  }
160
 
161
  function is_flood($email, $ip) {
162
  global $wpdb;
163
+ // TODO: Optimize!
164
+ $options = $this->get_options('antibot');
165
+
166
+ if (empty($options['antiflood'])) {
167
  return false;
168
  }
169
 
171
 
172
  $updated = $wpdb->get_var($wpdb->prepare("select updated from " . NEWSLETTER_USERS_TABLE . " where ip=%s or email=%s order by updated desc limit 1", $ip, $email));
173
 
174
+ if ($updated && time() - $updated < $options['antiflood']) {
175
  return true;
176
  }
177
 
189
  }
190
 
191
  function is_spam_by_akismet($email, $name, $ip, $agent, $referrer) {
192
+ // TODO: Optimize!
193
+ $options = $this->get_options('antibot');
194
+
195
+ if (empty($options['akismet'])) {
196
  return false;
197
  }
198
  if (!class_exists('Akismet')) {
292
  $antibot_logger->fatal($email . ' - ' . $ip . ' - HTTP method invalid');
293
  die('Invalid');
294
  }
295
+
296
+ $options_antibot = $this->get_options('antibot');
297
 
298
+ $captcha = !empty($options_antibot['captcha']);
299
 
300
+ if (!empty($options_antibot['disabled']) || $this->antibot_form_check($captcha)) {
301
 
302
 
303
  if ($this->is_spam_text($full_name)) {
408
  function upgrade() {
409
  global $wpdb, $charset_collate;
410
 
411
+ // Possible migration
412
+ $options_antibot = $this->get_options('antibot');
413
+
414
+ if (empty($options_antibot)) {
415
+ $options = $this->get_options();
416
+ foreach (array('address_blacklist', 'ip_blacklist', 'akismet', 'captcha', 'antiflood') as $key) {
417
+ if (isset($options[$key])) {
418
+ $options_antibot[$key] = $options[$key];
419
+ }
420
+ }
421
+ if (isset($options['antibot_disable'])) {
422
+ $options_antibot['disabled'] = $options['antibot_disable'];
423
+ } else {
424
+ $options_antibot['disabled'] = 0;
425
+ }
426
+
427
+ $this->save_options($options_antibot, 'antibot');
428
+ }
429
+
430
  parent::upgrade();
431
 
432
  $newsletter = Newsletter::instance();
488
 
489
  $this->init_options('template', false);
490
 
491
+
492
+
493
  global $wpdb, $charset_collate;
494
 
495
  require_once(ABSPATH . 'wp-admin/includes/upgrade.php');