Shield Security for WordPress

Version Description

Current Release = Released: 4th May, 2018
(v.8) IMPROVED: Add GDPR-compliant Privacy Policy checkboxes to mailing list sign-up forms.
(v.8) ADDED: Introduction video to the Guided Setup Wizard.

Release Info

Developer	paultgoodchild
Plugin	Shield Security for WordPress
Version	6.6.8
Comparing to
See all releases

Code changes from version 6.6.7 to 6.6.8

Files changed (21) hide show

icwp-wpsf.php +1 -1
plugin-spec.php +8 -8
readme.txt +6 -7
src/config/feature-plugin.php +1 -0
src/processors/base_commentsfilter.php +13 -12
src/processors/comments_filter.php +25 -23
src/processors/commentsfilter_antibotspam.php +45 -46
src/processors/commentsfilter_googlerecaptcha.php +5 -4
src/processors/commentsfilter_humanspam.php +26 -26
src/processors/plugin.php +5 -5
src/wizards/plugin.php +10 -1
templates/php/notices/plugin-mailing-list-signup.php +30 -7
templates/php/snippets/admin_access_login_box.php +0 -1
templates/twig/wizard/slides/welcome/admin_access_restriction.twig +1 -1
templates/twig/wizard/slides/welcome/audit_trail.twig +1 -1
templates/twig/wizard/slides/welcome/comments_filter.twig +1 -1
templates/twig/wizard/slides/welcome/ip_detect.twig +5 -4
templates/twig/wizard/slides/welcome/ips.twig +1 -1
templates/twig/wizard/slides/welcome/login_protect.twig +1 -1
templates/twig/wizard/slides/welcome/optin.twig +16 -1
templates/twig/wizard/slides/welcome/welcome.twig +5 -0

icwp-wpsf.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Shield Security
4	* Plugin URI: http://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	- * Version: 6.6.7
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin


3	* Plugin Name: Shield Security
4	* Plugin URI: http://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	+ * Version: 6.6.8
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin

plugin-spec.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	{
2	"properties": {
3	- "version": "6.6.7",
4	- "release_timestamp": ~~1525248893~~,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",
	@@ -63,12 +63,12 @@
63	},
64	"labels": {
65	"Name": "Shield",
66	- "Description": "~~Secure~~ Your Sites With The ~~World's~~ ~~Most~~ ~~Powerful~~ WordPress Security ~~Protection System~~",
67	- "Title": "Shield",
68	- "Author": "~~iControlWP~~",
69	- "AuthorName": "~~iControlWP~~",
70	- "PluginURI": "http://icwp.io/~~home~~",
71	- "AuthorURI": "http://icwp.io/~~home~~",
72	"icon_url_16x16": "pluginlogo_16x16.png",
73	"icon_url_32x32": "pluginlogo_32x32.png"
74	},


1	{
2	"properties": {
3	+ "version": "6.6.8",
4	+ "release_timestamp": 1525438123,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",

63	},
64	"labels": {
65	"Name": "Shield",
66	+ "Description": "Ultimate Security For Your Sites With The Highest Rated WordPress Security Plugin",
67	+ "Title": "Shield Security",
68	+ "Author": "One Dollar Plugin",
69	+ "AuthorName": "One Dollar Plugin",
70	+ "PluginURI": "http://icwp.io/2f",
71	+ "AuthorURI": "http://icwp.io/bv",
72	"icon_url_16x16": "pluginlogo_16x16.png",
73	"icon_url_32x32": "pluginlogo_32x32.png"
74	},

readme.txt CHANGED Viewed

	@@ -3,12 +3,12 @@ Contributors: onedollarplugin, paultgoodchild
3	Donate link: http://icwp.io/bw
4	License: GPLv3
5	License URI: http://www.gnu.org/licenses/gpl.html
6	- Tags: security, all in one, ~~scanner~~, firewall, ~~spam,~~ ~~two-~~factor authentication, wordfence, cerber, ithemes
7	Requires at least: 3.5.0
8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	- Stable tag: 6.6.7
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14
	@@ -353,12 +353,11 @@ If you don't want to support the work, no problem! You can still continue to use
353
354	You can [go Pro for just $1/month](http://icwp.io/aa).
355
356	- = 6.6.7 - Current Release =
357	- Released: ~~2nd~~ May, 2018
358
359	- * (v.7) IMPROVED: ~~reCAPTCHA~~ JS is ~~only~~ ~~included~~ on ~~pages~~ ~~where~~ ~~it's~~ ~~actually used by Shield~~.
360	- * (v.7) ~~IMPROVED~~: ~~Upgrade~~ ~~Bootstrap~~ ~~library~~ to 4.~~1.0.~~
361	- * (v.7) IMPROVED: Include jQuery for the plugin badge as required
362
363	= 6.6 Series =
364	Released: 19th March, 2018 - [Release Notes](http://icwp.io/c3)


3	Donate link: http://icwp.io/bw
4	License: GPLv3
5	License URI: http://www.gnu.org/licenses/gpl.html
6	+ Tags: security, all in one, scan, firewall, two factor authentication, spam, wordfence, cerber, ithemes
7	Requires at least: 3.5.0
8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	+ Stable tag: 6.6.8
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14

353
354	You can [go Pro for just $1/month](http://icwp.io/aa).
355
356	+ = 6.6.8 - Current Release =
357	+ Released: 4th May, 2018
358
359	+ * (v.8) IMPROVED: Add GDPR-compliant Privacy Policy checkboxes to mailing list sign-up forms.
360	+ * (v.8) ADDED: Introduction video to the Guided Setup Wizard.

361
362	= 6.6 Series =
363	Released: 19th March, 2018 - [Release Notes](http://icwp.io/c3)

src/config/feature-plugin.php CHANGED Viewed

	@@ -392,6 +392,7 @@
392	"tracking_cron_handle": "plugin_tracking_cron",
393	"tracking_post_url": "https://tracking.icontrolwp.com/track/plugin/shield",
394	"importexport_cron_name": "autoimport",

395	"active_plugin_features": [
396	{
397	"slug": "admin_access_restriction",


392	"tracking_cron_handle": "plugin_tracking_cron",
393	"tracking_post_url": "https://tracking.icontrolwp.com/track/plugin/shield",
394	"importexport_cron_name": "autoimport",
395	+ "href_privacy_policy": "http://icwp.io/wpshieldprivacypolicy",
396	"active_plugin_features": [
397	{
398	"slug": "admin_access_restriction",

src/processors/base_commentsfilter.php CHANGED Viewed

	@@ -1,8 +1,10 @@
1	<?php
2
3	- if ( !class_exists( 'ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha', false ) ):


4
5	- require_once( dirname(__FILE__ ).'/base_wpsf.php' );
6
7	class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWpsf {
8
	@@ -10,10 +12,12 @@ class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWp
10	* @var array
11	*/
12	static protected $aRawCommentData;

13	/**
14	* @var string
15	*/
16	static protected $sCommentStatus;

17	/**
18	* @var string
19	*/
	@@ -33,8 +37,8 @@ class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWp
33	public function run() {
34	$oFO = $this->getFeature();
35	add_filter( 'preprocess_comment', array( $this, 'doCommentChecking' ), 1, 1 );
36	- add_filter( $oFO->prefix( '~~comments_filter_status~~' ), array( $this, 'getCommentStatus' ), 1 );
37	- add_filter( $oFO->prefix( '~~comments_filter_status_explanation~~' ), array( $this, 'getCommentStatusExplanation' ), 1 );
38	}
39
40	/**
	@@ -50,12 +54,11 @@ class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWp
50
51	/**
52	* A private plugin filter that lets us return up the newly set comment status.
53	- *
54	* @param $sCurrentCommentStatus
55	* @return string
56	*/
57	public function getCommentStatus( $sCurrentCommentStatus ) {
58	- return empty( $sCurrentCommentStatus )? self::$sCommentStatus : $sCurrentCommentStatus;
59	}
60
61	/**
	@@ -74,7 +77,7 @@ class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWp
74	self::$aRawCommentData = array();
75	}
76	if ( !empty( $sKey ) ) {
77	- return isset( self::$aRawCommentData[$sKey] ) ? self::$aRawCommentData[$sKey] : null;
78	}
79	return self::$aRawCommentData;
80	}
	@@ -88,12 +91,11 @@ class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWp
88
89	/**
90	* A private plugin filter that lets us return up the newly set comment status explanation
91	- *
92	* @param $sCurrentCommentStatusExplanation
93	* @return string
94	*/
95	public function getCommentStatusExplanation( $sCurrentCommentStatusExplanation ) {
96	- return empty( $sCurrentCommentStatusExplanation )? self::$sCommentStatusExplanation : $sCurrentCommentStatusExplanation;
97	}
98
99	/**
	@@ -111,11 +113,10 @@ class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWp
111	protected function setCommentStatusExplanation( $sExplanation ) {
112	self::$sCommentStatusExplanation =
113	'[* '.sprintf(
114	- _wpsf__('%s plugin marked this comment as "%s".').' '._wpsf__( 'Reason: %s' ),
115	$this->getController()->getHumanName(),
116	self::$sCommentStatus,
117	$sExplanation
118	)." *]\n";
119	}
120	- }
121	- endif;


1	<?php
2
3	+ if ( class_exists( 'ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha', false ) ) {
4	+ return;
5	+ }
6
7	+ require_once( dirname( __FILE__ ).'/base_wpsf.php' );
8
9	class ICWP_WPSF_Processor_CommentsFilter_Base extends ICWP_WPSF_Processor_BaseWpsf {
10

12	* @var array
13	*/
14	static protected $aRawCommentData;
15	+
16	/**
17	* @var string
18	*/
19	static protected $sCommentStatus;
20	+
21	/**
22	* @var string
23	*/

37	public function run() {
38	$oFO = $this->getFeature();
39	add_filter( 'preprocess_comment', array( $this, 'doCommentChecking' ), 1, 1 );
40	+ add_filter( $oFO->prefix( 'cf_status' ), array( $this, 'getCommentStatus' ), 1 );
41	+ add_filter( $oFO->prefix( 'cf_status_expl' ), array( $this, 'getCommentStatusExplanation' ), 1 );
42	}
43
44	/**

54
55	/**
56	* A private plugin filter that lets us return up the newly set comment status.

57	* @param $sCurrentCommentStatus
58	* @return string
59	*/
60	public function getCommentStatus( $sCurrentCommentStatus ) {
61	+ return empty( $sCurrentCommentStatus ) ? self::$sCommentStatus : $sCurrentCommentStatus;
62	}
63
64	/**

77	self::$aRawCommentData = array();
78	}
79	if ( !empty( $sKey ) ) {
80	+ return isset( self::$aRawCommentData[ $sKey ] ) ? self::$aRawCommentData[ $sKey ] : null;
81	}
82	return self::$aRawCommentData;
83	}

91
92	/**
93	* A private plugin filter that lets us return up the newly set comment status explanation

94	* @param $sCurrentCommentStatusExplanation
95	* @return string
96	*/
97	public function getCommentStatusExplanation( $sCurrentCommentStatusExplanation ) {
98	+ return empty( $sCurrentCommentStatusExplanation ) ? self::$sCommentStatusExplanation : $sCurrentCommentStatusExplanation;
99	}
100
101	/**

113	protected function setCommentStatusExplanation( $sExplanation ) {
114	self::$sCommentStatusExplanation =
115	'[* '.sprintf(
116	+ _wpsf__( '%s plugin marked this comment as "%s".' ).' '._wpsf__( 'Reason: %s' ),
117	$this->getController()->getHumanName(),
118	self::$sCommentStatus,
119	$sExplanation
120	)." *]\n";
121	}
122	+ }

src/processors/comments_filter.php CHANGED Viewed

	@@ -1,8 +1,10 @@
1	<?php
2
3	- if ( !class_exists( 'ICWP_WPSF_Processor_CommentsFilter', false ) ):


4
5	- require_once( dirname(__FILE__ ).'/base_wpsf.php' );
6
7	class ICWP_WPSF_Processor_CommentsFilter extends ICWP_WPSF_Processor_BaseWpsf {
8
	@@ -14,31 +16,34 @@ class ICWP_WPSF_Processor_CommentsFilter extends ICWP_WPSF_Processor_BaseWpsf {
14	add_filter( $oFO->prefix( 'if-do-comments-check' ), array( $this, 'getIfDoCommentsCheck' ) );
15
16	if ( $oFO->isEnabledGaspCheck() ) {
17	- require_once( dirname(__FILE__ ).'/commentsfilter_antibotspam.php' );
18	$oBotSpamProcessor = new ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam( $oFO );
19	$oBotSpamProcessor->run();
20	}
21
22	- if ( $this->getIsOption( 'enable_comments_human_spam_filter', 'Y' ) && $this->loadWpCommentsProcessor()~~->isCommentPost() ) {~~
23	- ~~require_once~~( ~~dirname(__FILE__~~ )~~.'/commentsfilter_humanspam.php'~~ );

24	$oHumanSpamProcessor = new ICWP_WPSF_Processor_CommentsFilter_HumanSpam( $oFO );
25	$oHumanSpamProcessor->run();
26	}
27
28	if ( $oFO->getIsGoogleRecaptchaEnabled() ) {
29	- require_once( dirname(__FILE__ ).'/commentsfilter_googlerecaptcha.php' );
30	$oHumanSpamProcessor = new ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha( $oFO );
31	$oHumanSpamProcessor->run();
32	}
33
34	- add_filter( 'pre_comment_approved', array( $this, 'doSetCommentStatus' ), 1 );
35	- add_filter( 'pre_comment_content', array( $this, 'doInsertCommentStatusExplanation' ), 1, 1 );
36	- add_filter( 'comment_notification_recipients', array( ~~$this, 'doClearCommentNotificationEmail_Filter' ), 100, 1 );~~



37	}
38
39	/**
40	* Always default to true, and if false, return that.
41	- *
42	* @param boolean $bDoCheck
43	* @return boolean
44	*/
	@@ -52,20 +57,21 @@ class ICWP_WPSF_Processor_CommentsFilter extends ICWP_WPSF_Processor_BaseWpsf {
52	protected function addNotice_akismet_running( $aNoticeAttributes ) {
53
54	// We only warn when the human spam filter is running
55	- if ( $this->getIsOption( 'enable_comments_human_spam_filter', 'Y' ) && $this->getController()~~->getIsValidAdminArea() ) {~~

56
57	$oWpPlugins = $this->loadWpPlugins();
58	$sPluginFile = $oWpPlugins->findPluginBy( 'Akismet', 'Name' );
59	if ( $oWpPlugins->isActive( $sPluginFile ) ) {
60	$aRenderData = array(
61	'notice_attributes' => $aNoticeAttributes,
62	- 'strings' => array(
63	'title' => 'Akismet is Running',
64	'appears_running_akismet' => _wpsf__( 'It appears you have Akismet Anti-SPAM running alongside the our human Anti-SPAM filter.' ),
65	- 'not_recommended' => _wpsf__('This is not recommended and you should disable Akismet.'),
66	- 'click_to_deactivate' => _wpsf__('Click to deactivate Akismet now.'),
67	),
68	- 'hrefs' => array(
69	'deactivate' => $oWpPlugins->getLinkPluginDeactivate( $sPluginFile )
70	)
71	);
	@@ -77,12 +83,11 @@ class ICWP_WPSF_Processor_CommentsFilter extends ICWP_WPSF_Processor_BaseWpsf {
77	/**
78	* We set the final approval status of the comments if we've set it in our scans, and empties the notification email
79	* in case we "trash" it (since WP sends out a notification email if it's anything but SPAM)
80	- *
81	* @param $sApprovalStatus
82	* @return string
83	*/
84	public function doSetCommentStatus( $sApprovalStatus ) {
85	- $sStatus = apply_filters( $this->getFeature()->prefix( '~~comments_filter_status~~' ), '' );
86	return empty( $sStatus ) ? $sApprovalStatus : $sStatus;
87	}
88
	@@ -92,7 +97,7 @@ class ICWP_WPSF_Processor_CommentsFilter extends ICWP_WPSF_Processor_BaseWpsf {
92	*/
93	public function doInsertCommentStatusExplanation( $sCommentContent ) {
94
95	- $sExplanation = apply_filters( $this->getFeature()->prefix( '~~comments_filter_status_explanation~~' ), '' );
96
97	// If either spam filtering process left an explanation, we add it here
98	if ( !empty( $sExplanation ) ) {
	@@ -104,17 +109,14 @@ class ICWP_WPSF_Processor_CommentsFilter extends ICWP_WPSF_Processor_BaseWpsf {
104	/**
105	* When you set a new comment as anything but 'spam' a notification email is sent to the post author.
106	* We suppress this for when we mark as trash by emptying the email notifications list.
107	- *
108	* @param array $aEmails
109	* @return array
110	*/
111	public function doClearCommentNotificationEmail_Filter( $aEmails ) {
112	- $sStatus = apply_filters( $this->getFeature()->prefix( '~~comments_filter_status~~' ), '' );
113	if ( in_array( $sStatus, array( 'reject', 'trash' ) ) ) {
114	$aEmails = array();
115	}
116	return $aEmails;
117	}
118	-
119	- }
120	- endif;


1	<?php
2
3	+ if ( class_exists( 'ICWP_WPSF_Processor_CommentsFilter', false ) ) {
4	+ return;
5	+ }
6
7	+ require_once( dirname( __FILE__ ).'/base_wpsf.php' );
8
9	class ICWP_WPSF_Processor_CommentsFilter extends ICWP_WPSF_Processor_BaseWpsf {
10

16	add_filter( $oFO->prefix( 'if-do-comments-check' ), array( $this, 'getIfDoCommentsCheck' ) );
17
18	if ( $oFO->isEnabledGaspCheck() ) {
19	+ require_once( dirname( __FILE__ ).'/commentsfilter_antibotspam.php' );
20	$oBotSpamProcessor = new ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam( $oFO );
21	$oBotSpamProcessor->run();
22	}
23
24	+ if ( $this->getIsOption( 'enable_comments_human_spam_filter', 'Y' ) && $this->loadWpCommentsProcessor()
25	+ ->isCommentPost() ) {
26	+ require_once( dirname( __FILE__ ).'/commentsfilter_humanspam.php' );
27	$oHumanSpamProcessor = new ICWP_WPSF_Processor_CommentsFilter_HumanSpam( $oFO );
28	$oHumanSpamProcessor->run();
29	}
30
31	if ( $oFO->getIsGoogleRecaptchaEnabled() ) {
32	+ require_once( dirname( __FILE__ ).'/commentsfilter_googlerecaptcha.php' );
33	$oHumanSpamProcessor = new ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha( $oFO );
34	$oHumanSpamProcessor->run();
35	}
36
37	+ add_filter( 'pre_comment_approved', array( $this, 'doSetCommentStatus' ), 1 );
38	+ add_filter( 'pre_comment_content', array( $this, 'doInsertCommentStatusExplanation' ), 1, 1 );
39	+ add_filter( 'comment_notification_recipients', array(
40	+ $this,
41	+ 'doClearCommentNotificationEmail_Filter'
42	+ ), 100, 1 );
43	}
44
45	/**
46	* Always default to true, and if false, return that.

47	* @param boolean $bDoCheck
48	* @return boolean
49	*/

57	protected function addNotice_akismet_running( $aNoticeAttributes ) {
58
59	// We only warn when the human spam filter is running
60	+ if ( $this->getIsOption( 'enable_comments_human_spam_filter', 'Y' ) && $this->getController()
61	+ ->getIsValidAdminArea() ) {
62
63	$oWpPlugins = $this->loadWpPlugins();
64	$sPluginFile = $oWpPlugins->findPluginBy( 'Akismet', 'Name' );
65	if ( $oWpPlugins->isActive( $sPluginFile ) ) {
66	$aRenderData = array(
67	'notice_attributes' => $aNoticeAttributes,
68	+ 'strings' => array(
69	'title' => 'Akismet is Running',
70	'appears_running_akismet' => _wpsf__( 'It appears you have Akismet Anti-SPAM running alongside the our human Anti-SPAM filter.' ),
71	+ 'not_recommended' => _wpsf__( 'This is not recommended and you should disable Akismet.' ),
72	+ 'click_to_deactivate' => _wpsf__( 'Click to deactivate Akismet now.' ),
73	),
74	+ 'hrefs' => array(
75	'deactivate' => $oWpPlugins->getLinkPluginDeactivate( $sPluginFile )
76	)
77	);

83	/**
84	* We set the final approval status of the comments if we've set it in our scans, and empties the notification email
85	* in case we "trash" it (since WP sends out a notification email if it's anything but SPAM)

86	* @param $sApprovalStatus
87	* @return string
88	*/
89	public function doSetCommentStatus( $sApprovalStatus ) {
90	+ $sStatus = apply_filters( $this->getFeature()->prefix( 'cf_status' ), '' );
91	return empty( $sStatus ) ? $sApprovalStatus : $sStatus;
92	}
93

97	*/
98	public function doInsertCommentStatusExplanation( $sCommentContent ) {
99
100	+ $sExplanation = apply_filters( $this->getFeature()->prefix( 'cf_status_expl' ), '' );
101
102	// If either spam filtering process left an explanation, we add it here
103	if ( !empty( $sExplanation ) ) {

109	/**
110	* When you set a new comment as anything but 'spam' a notification email is sent to the post author.
111	* We suppress this for when we mark as trash by emptying the email notifications list.

112	* @param array $aEmails
113	* @return array
114	*/
115	public function doClearCommentNotificationEmail_Filter( $aEmails ) {
116	+ $sStatus = apply_filters( $this->getFeature()->prefix( 'cf_status' ), '' );
117	if ( in_array( $sStatus, array( 'reject', 'trash' ) ) ) {
118	$aEmails = array();
119	}
120	return $aEmails;
121	}
122	+ }

src/processors/commentsfilter_antibotspam.php CHANGED Viewed

	@@ -1,8 +1,10 @@
1	<?php
2
3	- if ( !class_exists('ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam') ):


4
5	- require_once( dirname(__FILE__ ).'/basedb.php' );
6
7	class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbProcessor {
8
	@@ -11,15 +13,18 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
11	* @var integer
12	*/
13	protected $sUniqueCommentToken;

14	/**
15	* The unique comment token assigned to this page
16	* @var string
17	*/
18	protected $sFormId;

19	/**
20	* @var string
21	*/
22	protected $sCommentStatus;

23	/**
24	* @var string
25	*/
	@@ -64,7 +69,7 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
64	}
65
66	if ( $fIfDoCheck && $oWpComments->getIfCommentsMustBePreviouslyApproved()
67	- && $oWpComments->isCommentAuthorPreviouslyApproved( $this->getRawCommentData( 'comment_author_email' ) ) ) {
68	$fIfDoCheck = false;
69	}
70
	@@ -81,12 +86,12 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
81	add_filter( $this->getFeature()->prefix( 'if-do-comments-check' ), array( $this, 'getIfDoCommentsCheck' ) );
82
83	// Add GASP checking to the comment form.
84	- add_action( 'comment_form', array( $this, 'printGaspFormHook_Action' ), 1 );
85	- add_action( 'comment_form', array( $this, 'printGaspFormParts_Action' ), 2 );
86	- add_filter( 'preprocess_comment', array( $this, 'doCommentChecking' ), 1, 1 );
87
88	- add_filter( $this->getFeature()->prefix( '~~comments_filter_status~~' ), array( $this, 'getCommentStatus' ), 1 );
89	- add_filter( $this->getFeature()->prefix( '~~comments_filter_status_explanation~~' ), array( $this, 'getCommentStatusExplanation' ), 1 );
90	}
91
92	/**
	@@ -98,29 +103,27 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
98	$this->aRawCommentData = array();
99	}
100	if ( !empty( $sKey ) ) {
101	- return isset( $this->aRawCommentData[$sKey] ) ? $this->aRawCommentData[$sKey] : null;
102	}
103	return $this->aRawCommentData;
104	}
105
106	/**
107	* A private plugin filter that lets us return up the newly set comment status.
108	- *
109	* @param $sCurrentCommentStatus
110	* @return string
111	*/
112	public function getCommentStatus( $sCurrentCommentStatus ) {
113	- return empty( $sCurrentCommentStatus )? $this->sCommentStatus : $sCurrentCommentStatus;
114	}
115
116	/**
117	* A private plugin filter that lets us return up the newly set comment status explanation
118	- *
119	* @param $sCurrentCommentStatusExplanation
120	* @return string
121	*/
122	public function getCommentStatusExplanation( $sCurrentCommentStatusExplanation ) {
123	- return empty( $sCurrentCommentStatusExplanation )? $this->sCommentStatusExplanation : $sCurrentCommentStatusExplanation;
124	}
125
126	/**
	@@ -136,7 +139,7 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
136	return $aCommentData;
137	}
138
139	- $this->doGaspCommentCheck( $aCommentData['comment_post_ID'] );
140
141	// Now we check whether comment status is to completely reject and then we simply redirect to "home"
142	if ( $this->sCommentStatus == 'reject' ) {
	@@ -149,7 +152,6 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
149
150	/**
151	* Performs the actual GASP comment checking
152	- *
153	* @param $nPostId
154	*/
155	protected function doGaspCommentCheck( $nPostId ) {
	@@ -176,7 +178,7 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
176	$sFieldCommentToken = $oDp->FetchPost( 'comment_token' );
177
178	// we have the cb name, is it set?
179	- if( !$sFieldCheckboxName \|\| !$oDp->FetchPost( $sFieldCheckboxName ) ) {
180	$sExplanation = sprintf( _wpsf__( 'Failed GASP Bot Filter Test (%s)' ), _wpsf__( 'checkbox' ) );
181	$sStatKey = 'checkbox';
182	}
	@@ -215,7 +217,6 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
215
216	/**
217	* Tells us whether, for this particular comment post, if we should do GASP comments checking.
218	- *
219	* @return boolean
220	*/
221	protected function getIfDoGaspCheck() {
	@@ -243,7 +244,7 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
243	protected function getUniqueFormId() {
244	if ( !isset( $this->sFormId ) ) {
245	$oDp = $this->loadDataProcessor();
246	- $sId = $oDp->GenerateRandomLetter() ~~. $~~oDp->GenerateRandomString( rand( 7, 23 ), 7 );
247	$this->sFormId = preg_replace(
248	'#[^a-zA-Z0-9]#', '',
249	apply_filters( 'icwp_shield_cf_gasp_uniqid', $sId ) );
	@@ -340,8 +341,8 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
340	frm$sId.onsubmit = check$sId;
341
342	".(
343	- ( $nCooldown > 0 \|\| $nExpire > 0 ) ?
344	- "
345	var subbuttonList$sId = frm$sId.querySelectorAll( 'input[type=\"submit\"]' );
346
347	if ( typeof( subbuttonList$sId ) != \"undefined\" ) {
	@@ -349,22 +350,22 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
349	if ( typeof( subbutton$sId ) != \"undefined\" ) {
350
351	".(
352	- ( $nCooldown > 0 )?
353	- "
354	subbutton$sId.disabled = true;
355	origButtonValue$sId = subbutton$sId.value;
356	subbutton$sId.value = \"$sCommentWait\";
357	nTimerCounter$sId = 0;
358	sCountdownTimer$sId = setInterval( reenableButton$sId, 1000 );
359	"
360	- :''
361	- ).(
362	- ( $nExpire > 0 )? "sTimeoutTimer$sId = setTimeout( redisableButton$sId, ".(1000 * $nExpire - 1000)." );" : ''
363	- )."
364	}
365	}
366	- ":''
367	- )."
368	</script>
369	";
370	return $sReturn;
	@@ -372,7 +373,7 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
372
373	/**
374	* @param string $sCommentToken
375	- * @param $sPostId
376	* @return bool
377	*/
378	protected function checkCommentToken( $sCommentToken, $sPostId ) {
	@@ -397,7 +398,7 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
397	);
398	$mResult = $this->selectCustom( $sQuery );
399
400	- if ( empty( $mResult ) \|\| !is_array($mResult) \|\| count($mResult) != 1 ) {
401	return false;
402	}
403	else {
	@@ -405,11 +406,11 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
405	$this->deleteUniquePostCommentToken( $sToken, $sPostId );
406
407	// Did sufficient time pass, or has it expired?
408	- $aRecord = $mResult[0];
409	- $nInterval = $this->time() - $aRecord['created_at'];
410	if ( $nInterval < $this->getOption( 'comments_cooldown_interval' )
411	- \|\| ( $this->getOption( 'comments_token_expire_interval' ) > 0 && $nInterval > $this->getOption('comments_token_expire_interval') )
412	- ) {
413	return false;
414	}
415	return true;
	@@ -443,13 +444,12 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
443	/**
444	* @param string $sUniqueToken
445	* @param string $sPostId
446	- *
447	* @return bool\|int
448	*/
449	protected function deleteUniquePostCommentToken( $sUniqueToken, $sPostId ) {
450	$aWhere = array(
451	- 'unique_token' => $sUniqueToken,
452	- 'post_id' => $sPostId
453	);
454	return $this->loadDbProcessor()->deleteRowsFromTableWhere( $this->getTableName(), $aWhere );
455	}
	@@ -460,8 +460,8 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
460	*/
461	protected function deleteOldPostCommentTokens( $sPostId = null ) {
462	$aWhere = array(
463	- 'ip' => $this->ip(),
464	- 'post_id' => empty( $sPostId ) ? $this->loadWp()->getCurrentPostId() : $sPostId
465	);
466	return $this->loadDbProcessor()->deleteRowsFromTableWhere( $this->getTableName(), $aWhere );
467	}
	@@ -471,10 +471,10 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
471	*/
472	protected function insertUniquePostCommentToken() {
473	$aData = array(
474	- 'post_id' => $this->loadWp()->getCurrentPostId(),
475	- 'unique_token' => $this->getUniqueCommentToken(),
476	- 'ip' => $this->ip(),
477	- 'created_at' => $this->time()
478	);
479	return $this->insertData( $aData );
480	}
	@@ -493,7 +493,7 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
493	protected function setCommentStatusExplanation( $sExplanation ) {
494	$this->sCommentStatusExplanation =
495	'[* '.sprintf(
496	- _wpsf__('%s plugin marked this comment as "%s".').' '._wpsf__( 'Reason: %s' ),
497	$this->getController()->getHumanName(),
498	$this->sCommentStatus,
499	$sExplanation
	@@ -506,5 +506,4 @@ class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbPro
506	protected function getAutoExpirePeriod() {
507	return DAY_IN_SECONDS;
508	}
509	- }
510	- endif;


1	<?php
2
3	+ if ( class_exists( 'ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam' ) ) {
4	+ return;
5	+ }
6
7	+ require_once( dirname( __FILE__ ).'/basedb.php' );
8
9	class ICWP_WPSF_Processor_CommentsFilter_AntiBotSpam extends ICWP_WPSF_BaseDbProcessor {
10

13	* @var integer
14	*/
15	protected $sUniqueCommentToken;
16	+
17	/**
18	* The unique comment token assigned to this page
19	* @var string
20	*/
21	protected $sFormId;
22	+
23	/**
24	* @var string
25	*/
26	protected $sCommentStatus;
27	+
28	/**
29	* @var string
30	*/

69	}
70
71	if ( $fIfDoCheck && $oWpComments->getIfCommentsMustBePreviouslyApproved()
72	+ && $oWpComments->isCommentAuthorPreviouslyApproved( $this->getRawCommentData( 'comment_author_email' ) ) ) {
73	$fIfDoCheck = false;
74	}
75

86	add_filter( $this->getFeature()->prefix( 'if-do-comments-check' ), array( $this, 'getIfDoCommentsCheck' ) );
87
88	// Add GASP checking to the comment form.
89	+ add_action( 'comment_form', array( $this, 'printGaspFormHook_Action' ), 1 );
90	+ add_action( 'comment_form', array( $this, 'printGaspFormParts_Action' ), 2 );
91	+ add_filter( 'preprocess_comment', array( $this, 'doCommentChecking' ), 1, 1 );
92
93	+ add_filter( $this->getFeature()->prefix( 'cf_status' ), array( $this, 'getCommentStatus' ), 1 );
94	+ add_filter( $this->getFeature()->prefix( 'cf_status_expl' ), array( $this, 'getCommentStatusExplanation' ), 1 );
95	}
96
97	/**

103	$this->aRawCommentData = array();
104	}
105	if ( !empty( $sKey ) ) {
106	+ return isset( $this->aRawCommentData[ $sKey ] ) ? $this->aRawCommentData[ $sKey ] : null;
107	}
108	return $this->aRawCommentData;
109	}
110
111	/**
112	* A private plugin filter that lets us return up the newly set comment status.

113	* @param $sCurrentCommentStatus
114	* @return string
115	*/
116	public function getCommentStatus( $sCurrentCommentStatus ) {
117	+ return empty( $sCurrentCommentStatus ) ? $this->sCommentStatus : $sCurrentCommentStatus;
118	}
119
120	/**
121	* A private plugin filter that lets us return up the newly set comment status explanation

122	* @param $sCurrentCommentStatusExplanation
123	* @return string
124	*/
125	public function getCommentStatusExplanation( $sCurrentCommentStatusExplanation ) {
126	+ return empty( $sCurrentCommentStatusExplanation ) ? $this->sCommentStatusExplanation : $sCurrentCommentStatusExplanation;
127	}
128
129	/**

139	return $aCommentData;
140	}
141
142	+ $this->doGaspCommentCheck( $aCommentData[ 'comment_post_ID' ] );
143
144	// Now we check whether comment status is to completely reject and then we simply redirect to "home"
145	if ( $this->sCommentStatus == 'reject' ) {

152
153	/**
154	* Performs the actual GASP comment checking

155	* @param $nPostId
156	*/
157	protected function doGaspCommentCheck( $nPostId ) {

178	$sFieldCommentToken = $oDp->FetchPost( 'comment_token' );
179
180	// we have the cb name, is it set?
181	+ if ( !$sFieldCheckboxName \|\| !$oDp->FetchPost( $sFieldCheckboxName ) ) {
182	$sExplanation = sprintf( _wpsf__( 'Failed GASP Bot Filter Test (%s)' ), _wpsf__( 'checkbox' ) );
183	$sStatKey = 'checkbox';
184	}

217
218	/**
219	* Tells us whether, for this particular comment post, if we should do GASP comments checking.

220	* @return boolean
221	*/
222	protected function getIfDoGaspCheck() {

244	protected function getUniqueFormId() {
245	if ( !isset( $this->sFormId ) ) {
246	$oDp = $this->loadDataProcessor();
247	+ $sId = $oDp->GenerateRandomLetter().$oDp->GenerateRandomString( rand( 7, 23 ), 7 );
248	$this->sFormId = preg_replace(
249	'#[^a-zA-Z0-9]#', '',
250	apply_filters( 'icwp_shield_cf_gasp_uniqid', $sId ) );

341	frm$sId.onsubmit = check$sId;
342
343	".(
344	+ ( $nCooldown > 0 \|\| $nExpire > 0 ) ?
345	+ "
346	var subbuttonList$sId = frm$sId.querySelectorAll( 'input[type=\"submit\"]' );
347
348	if ( typeof( subbuttonList$sId ) != \"undefined\" ) {

350	if ( typeof( subbutton$sId ) != \"undefined\" ) {
351
352	".(
353	+ ( $nCooldown > 0 ) ?
354	+ "
355	subbutton$sId.disabled = true;
356	origButtonValue$sId = subbutton$sId.value;
357	subbutton$sId.value = \"$sCommentWait\";
358	nTimerCounter$sId = 0;
359	sCountdownTimer$sId = setInterval( reenableButton$sId, 1000 );
360	"
361	+ : ''
362	+ ).(
363	+ ( $nExpire > 0 ) ? "sTimeoutTimer$sId = setTimeout( redisableButton$sId, ".( 1000*$nExpire - 1000 )." );" : ''
364	+ )."
365	}
366	}
367	+ " : ''
368	+ )."
369	</script>
370	";
371	return $sReturn;

373
374	/**
375	* @param string $sCommentToken
376	+ * @param $sPostId
377	* @return bool
378	*/
379	protected function checkCommentToken( $sCommentToken, $sPostId ) {

398	);
399	$mResult = $this->selectCustom( $sQuery );
400
401	+ if ( empty( $mResult ) \|\| !is_array( $mResult ) \|\| count( $mResult ) != 1 ) {
402	return false;
403	}
404	else {

406	$this->deleteUniquePostCommentToken( $sToken, $sPostId );
407
408	// Did sufficient time pass, or has it expired?
409	+ $aRecord = $mResult[ 0 ];
410	+ $nInterval = $this->time() - $aRecord[ 'created_at' ];
411	if ( $nInterval < $this->getOption( 'comments_cooldown_interval' )
412	+ \|\| ( $this->getOption( 'comments_token_expire_interval' ) > 0 && $nInterval > $this->getOption( 'comments_token_expire_interval' ) )
413	+ ) {
414	return false;
415	}
416	return true;

444	/**
445	* @param string $sUniqueToken
446	* @param string $sPostId

447	* @return bool\|int
448	*/
449	protected function deleteUniquePostCommentToken( $sUniqueToken, $sPostId ) {
450	$aWhere = array(
451	+ 'unique_token' => $sUniqueToken,
452	+ 'post_id' => $sPostId
453	);
454	return $this->loadDbProcessor()->deleteRowsFromTableWhere( $this->getTableName(), $aWhere );
455	}

460	*/
461	protected function deleteOldPostCommentTokens( $sPostId = null ) {
462	$aWhere = array(
463	+ 'ip' => $this->ip(),
464	+ 'post_id' => empty( $sPostId ) ? $this->loadWp()->getCurrentPostId() : $sPostId
465	);
466	return $this->loadDbProcessor()->deleteRowsFromTableWhere( $this->getTableName(), $aWhere );
467	}

471	*/
472	protected function insertUniquePostCommentToken() {
473	$aData = array(
474	+ 'post_id' => $this->loadWp()->getCurrentPostId(),
475	+ 'unique_token' => $this->getUniqueCommentToken(),
476	+ 'ip' => $this->ip(),
477	+ 'created_at' => $this->time()
478	);
479	return $this->insertData( $aData );
480	}

493	protected function setCommentStatusExplanation( $sExplanation ) {
494	$this->sCommentStatusExplanation =
495	'[* '.sprintf(
496	+ _wpsf__( '%s plugin marked this comment as "%s".' ).' '._wpsf__( 'Reason: %s' ),
497	$this->getController()->getHumanName(),
498	$this->sCommentStatus,
499	$sExplanation

506	protected function getAutoExpirePeriod() {
507	return DAY_IN_SECONDS;
508	}
509	+ }

src/processors/commentsfilter_googlerecaptcha.php CHANGED Viewed

	@@ -1,8 +1,10 @@
1	<?php
2
3	- if ( !class_exists( 'ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha', false ) ):


4
5	- require_once( dirname(__FILE__ ).'/base_commentsfilter.php' );
6
7	class ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha extends ICWP_WPSF_Processor_CommentsFilter_Base {
8
	@@ -91,5 +93,4 @@ class ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha extends ICWP_WPSF_Proce
91	}
92	return $aCommentData;
93	}
94	- }
95	- endif;


1	<?php
2
3	+ if ( class_exists( 'ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha', false ) ) {
4	+ return;
5	+ }
6
7	+ require_once( dirname( __FILE__ ).'/base_commentsfilter.php' );
8
9	class ICWP_WPSF_Processor_CommentsFilter_GoogleRecaptcha extends ICWP_WPSF_Processor_CommentsFilter_Base {
10

93	}
94	return $aCommentData;
95	}
96	+ }

src/processors/commentsfilter_humanspam.php CHANGED Viewed

	@@ -1,8 +1,10 @@
1	<?php
2
3	- if ( !class_exists( 'ICWP_WPSF_Processor_CommentsFilter_HumanSpam', false ) ):


4
5	- require_once( dirname(__FILE__ ).'/base_commentsfilter.php' );
6
7	class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_CommentsFilter_Base {
8
	@@ -34,7 +36,7 @@ class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_C
34	}
35
36	if ( $fIfDoCheck && $oWpComments->getIfCommentsMustBePreviouslyApproved()
37	- && $oWpComments->isCommentAuthorPreviouslyApproved( $this->getRawCommentData( 'comment_author_email' ) ) ) {
38	$fIfDoCheck = false;
39	}
40
	@@ -70,20 +72,19 @@ class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_C
70	*/
71	protected function doBlacklistSpamCheck( $aCommentData ) {
72	$this->doBlacklistSpamCheck_Action(
73	- $aCommentData['comment_author'],
74	- $aCommentData['comment_author_email'],
75	- $aCommentData['comment_author_url'],
76	- $aCommentData['comment_content'],
77	$this->ip(),
78	substr( $this->loadDataProcessor()->FetchServer( 'HTTP_USER_AGENT', '' ), 0, 254 )
79	);
80	}
81
82	/**
83	- * Does the same as the WordPress blacklist filter, but more intelligently and with a nod towards much higher ~~performance.~~
84	- *
85	- * ~~It also uses defined options for which fields are checked for SPAM instead of just checking~~ EVERYTHING!
86	- *
87	* @param string $sAuthor
88	* @param string $sEmail
89	* @param string $sUrl
	@@ -95,31 +96,31 @@ class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_C
95
96	$sCurrentStatus = $this->getStatus();
97	// Check that we haven't already marked the comment through another scan, say GASP
98	- if ( !empty( $sCurrentStatus ) \|\| !$this->getIsOption('enable_comments_human_spam_filter', 'Y') ) {
99	return;
100	}
101	// read the file of spam words
102	$sSpamWords = $this->getSpamBlacklist();
103	- if ( empty($sSpamWords) ) {
104	return;
105	}
106	$aWords = explode( "\n", $sSpamWords );
107
108	$aItemsMap = array(
109	- 'comment_content' => $sComment,
110	- 'url' => $sUrl,
111	- 'author_name' => $sAuthor,
112	- 'author_email' => $sEmail,
113	- 'ip_address' => $sUserIp,
114	- 'user_agent' => $sUserAgent
115	);
116	$aDesiredItemsToCheck = $this->getOption( 'enable_comments_human_spam_filter_items' );
117	$aItemsToCheck = array();
118	- foreach( $aDesiredItemsToCheck as $sKey ) {
119	$aItemsToCheck[ $sKey ] = $aItemsMap[ $sKey ];
120	}
121
122	- foreach( $aItemsToCheck as $sKey => $sItem ) {
123	foreach ( $aWords as $sWord ) {
124	if ( stripos( $sItem, $sWord ) !== false ) {
125	//mark as spam and exit;
	@@ -141,7 +142,7 @@ class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_C
141	$sBLFile = $this->getSpamBlacklistFile();
142
143	// first, does the file exist? If not import
144	- if ( !$oFs->exists( $sBLFile ) \|\| ( $this->time() - $oFs->getModifiedTime( $sBLFile ) > ( DAY_IN_SECONDS * 2 ) ) ) {
145	$this->doSpamBlacklistUpdate();
146	}
147	return $this->readSpamList();
	@@ -178,7 +179,7 @@ class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_C
178
179	$sRawList = $this->doSpamBlacklistDownload();
180
181	- if ( empty($sRawList) ) {
182	$sList = '';
183	}
184	else {
	@@ -213,7 +214,6 @@ class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_C
213	* @return string
214	*/
215	protected function getSpamBlacklistFile() {
216	- return $this->getFeature()->getResourcesDir() . 'spamblacklist.txt';
217	}
218	- }
219	- endif;


1	<?php
2
3	+ if ( class_exists( 'ICWP_WPSF_Processor_CommentsFilter_HumanSpam', false ) ) {
4	+ return;
5	+ }
6
7	+ require_once( dirname( __FILE__ ).'/base_commentsfilter.php' );
8
9	class ICWP_WPSF_Processor_CommentsFilter_HumanSpam extends ICWP_WPSF_Processor_CommentsFilter_Base {
10

36	}
37
38	if ( $fIfDoCheck && $oWpComments->getIfCommentsMustBePreviouslyApproved()
39	+ && $oWpComments->isCommentAuthorPreviouslyApproved( $this->getRawCommentData( 'comment_author_email' ) ) ) {
40	$fIfDoCheck = false;
41	}
42

72	*/
73	protected function doBlacklistSpamCheck( $aCommentData ) {
74	$this->doBlacklistSpamCheck_Action(
75	+ $aCommentData[ 'comment_author' ],
76	+ $aCommentData[ 'comment_author_email' ],
77	+ $aCommentData[ 'comment_author_url' ],
78	+ $aCommentData[ 'comment_content' ],
79	$this->ip(),
80	substr( $this->loadDataProcessor()->FetchServer( 'HTTP_USER_AGENT', '' ), 0, 254 )
81	);
82	}
83
84	/**
85	+ * Does the same as the WordPress blacklist filter, but more intelligently and with a nod towards much higher
86	+ * performance. It also uses defined options for which fields are checked for SPAM instead of just checking
87	+ * EVERYTHING!

88	* @param string $sAuthor
89	* @param string $sEmail
90	* @param string $sUrl

96
97	$sCurrentStatus = $this->getStatus();
98	// Check that we haven't already marked the comment through another scan, say GASP
99	+ if ( !empty( $sCurrentStatus ) \|\| !$this->getIsOption( 'enable_comments_human_spam_filter', 'Y' ) ) {
100	return;
101	}
102	// read the file of spam words
103	$sSpamWords = $this->getSpamBlacklist();
104	+ if ( empty( $sSpamWords ) ) {
105	return;
106	}
107	$aWords = explode( "\n", $sSpamWords );
108
109	$aItemsMap = array(
110	+ 'comment_content' => $sComment,
111	+ 'url' => $sUrl,
112	+ 'author_name' => $sAuthor,
113	+ 'author_email' => $sEmail,
114	+ 'ip_address' => $sUserIp,
115	+ 'user_agent' => $sUserAgent
116	);
117	$aDesiredItemsToCheck = $this->getOption( 'enable_comments_human_spam_filter_items' );
118	$aItemsToCheck = array();
119	+ foreach ( $aDesiredItemsToCheck as $sKey ) {
120	$aItemsToCheck[ $sKey ] = $aItemsMap[ $sKey ];
121	}
122
123	+ foreach ( $aItemsToCheck as $sKey => $sItem ) {
124	foreach ( $aWords as $sWord ) {
125	if ( stripos( $sItem, $sWord ) !== false ) {
126	//mark as spam and exit;

142	$sBLFile = $this->getSpamBlacklistFile();
143
144	// first, does the file exist? If not import
145	+ if ( !$oFs->exists( $sBLFile ) \|\| ( $this->time() - $oFs->getModifiedTime( $sBLFile ) > ( DAY_IN_SECONDS*2 ) ) ) {
146	$this->doSpamBlacklistUpdate();
147	}
148	return $this->readSpamList();

179
180	$sRawList = $this->doSpamBlacklistDownload();
181
182	+ if ( empty( $sRawList ) ) {
183	$sList = '';
184	}
185	else {

214	* @return string
215	*/
216	protected function getSpamBlacklistFile() {
217	+ return $this->getFeature()->getResourcesDir().'spamblacklist.txt';
218	}
219	+ }

src/processors/plugin.php CHANGED Viewed

	@@ -119,8 +119,7 @@ class ICWP_WPSF_Processor_Plugin extends ICWP_WPSF_Processor_BasePlugin {
119	'strings' => array(
120	'tracking_data' => print_r( $this->getTrackingProcessor()->collectTrackingData(), true ),
121	),
122	- 'js_snippets' => array(
123	- )
124	);
125	add_thickbox();
126	echo $oFO->renderTemplate( 'snippets/plugin_tracking_data_dump.php', $aRenderData );
	@@ -172,7 +171,7 @@ class ICWP_WPSF_Processor_Plugin extends ICWP_WPSF_Processor_BasePlugin {
172	* @param array $aNoticeAttributes
173	*/
174	protected function addNotice_plugin_mailing_list_signup( $aNoticeAttributes ) {
175	-
176	$sName = $this->getController()->getHumanName();
177
178	$nDays = $this->getInstallationDays();
	@@ -187,11 +186,12 @@ class ICWP_WPSF_Processor_Plugin extends ICWP_WPSF_Processor_BasePlugin {
187	'your_name' => _wpsf__( 'Your Name' ),
188	'your_email' => _wpsf__( 'Your Email' ),
189	'dismiss' => "No thanks, I'm not interested in such informative groups",
190	- 'summary' => sprintf( 'The %s security team is running an initiative (with currently ~~2000~~+ members) to raise awareness of WordPress Security
191	and to provide further help with the %s security plugin. Get Involved here:', $sName, $sName ),
192	),
193	'hrefs' => array(
194	- 'form_action' => '//hostliketoast.us2.list-manage.com/subscribe/post?u=e736870223389e44fb8915c9a&id=0e1d527259'

195	),
196	'install_days' => $nDays
197	);


119	'strings' => array(
120	'tracking_data' => print_r( $this->getTrackingProcessor()->collectTrackingData(), true ),
121	),
122	+ 'js_snippets' => array()

123	);
124	add_thickbox();
125	echo $oFO->renderTemplate( 'snippets/plugin_tracking_data_dump.php', $aRenderData );

171	* @param array $aNoticeAttributes
172	*/
173	protected function addNotice_plugin_mailing_list_signup( $aNoticeAttributes ) {
174	+ $oModCon = $this->getFeature();
175	$sName = $this->getController()->getHumanName();
176
177	$nDays = $this->getInstallationDays();

186	'your_name' => _wpsf__( 'Your Name' ),
187	'your_email' => _wpsf__( 'Your Email' ),
188	'dismiss' => "No thanks, I'm not interested in such informative groups",
189	+ 'summary' => sprintf( 'The %s security team is running an initiative (with currently 3000+ members) to raise awareness of WordPress Security
190	and to provide further help with the %s security plugin. Get Involved here:', $sName, $sName ),
191	),
192	'hrefs' => array(
193	+ 'form_action' => '//hostliketoast.us2.list-manage.com/subscribe/post?u=e736870223389e44fb8915c9a&id=0e1d527259',
194	+ 'privacy_policy' => $oModCon->getDef( 'href_privacy_policy' )
195	),
196	'install_days' => $nDays
197	);

src/wizards/plugin.php CHANGED Viewed

	@@ -201,9 +201,18 @@ class ICWP_WPSF_Wizard_Plugin extends ICWP_WPSF_Wizard_BaseWpsf {
201	case 'optin':
202	$oUser = $this->loadWpUsers()->getCurrentWpUser();
203	$aAdditional = array(
204	- 'data' => array(
205	'name' => $oUser->first_name,
206	'user_email' => $oUser->user_email









207	)
208	);
209	break;


201	case 'optin':
202	$oUser = $this->loadWpUsers()->getCurrentWpUser();
203	$aAdditional = array(
204	+ 'data' => array(
205	'name' => $oUser->first_name,
206	'user_email' => $oUser->user_email
207	+ ),
208	+ 'hrefs' => array(
209	+ 'privacy_policy' => $this->getModCon()->getDef( 'href_privacy_policy' )
210	+ ),
211	+ 'strings' => array(
212	+ 'privacy_policy' => sprintf(
213	+ 'I certify that I have read and agree to the <a href="%s" target="_blank">Privacy Policy</a>',
214	+ $this->getModCon()->getDef( 'href_privacy_policy' )
215	+ ),
216	)
217	);
218	break;

templates/php/notices/plugin-mailing-list-signup.php CHANGED Viewed

@@ -1,17 +1,40 @@
             <div id="mc_embed_signup">
-            -
            	<form class="form form-inline validate" action="<?php echo $hrefs['form_action']; ?>"
             		  method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" target="_blank" novalidate>
-            -
            		<p><?php echo $strings['summary']; ?></p>
-            -
            		<input type="text" value="" name="EMAIL" class="required email" id="mce-EMAIL" placeholder="<?php echo $strings['your_email']; ?>" />
-            -
            		<input type="text" value="" name="FNAME" class="" id="mce-FNAME" placeholder="<?php echo $strings['your_name']; ?>" />
             		<input type="hidden" value="<?php echo $install_days; ?>" name="DAYS" class="" id="mce-DAYS" />
-            -
            		<input type="submit" value="<?php echo $strings['yes']; ?>" name="subscribe" id="mc-embedded-subscribe" class="button button-primary" />
-            -
            		<br /><?php echo $strings['we_dont_spam']; ?>
             		<div id="mce-responses" class="clear">
             			<div class="response" id="mce-error-response" style="display:none"></div>
             			<div class="response" id="mce-success-response" style="display:none"></div>
             		</div>
-            -
            		<div style="position: absolute; left: -5000px;"><input type="text" name="b_e736870223389e44fb8915c9a_0e1d527259" tabindex="-1" value=""></div>
             		<div class="clear"></div>
             	</form>
             </div>


1	<div id="mc_embed_signup">
2	+ <form class="form form-inline validate" action="<?php echo $hrefs[ 'form_action' ]; ?>"
3	method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" target="_blank" novalidate>
4	+ <p><?php echo $strings[ 'summary' ]; ?></p>
5	+ <input type="text" value="" name="EMAIL" class="required email" id="mce-EMAIL"
6	+ placeholder="<?php echo $strings[ 'your_email' ]; ?>" />
7	+ <input type="text" value="" name="FNAME" class="" id="mce-FNAME"
8	+ placeholder="<?php echo $strings[ 'your_name' ]; ?>" />
9	<input type="hidden" value="<?php echo $install_days; ?>" name="DAYS" class="" id="mce-DAYS" />
10	+
11	+ <br />
12	+ <label>
13	+ <input type="checkbox" style="margin:12px 8px" id="OptinConsent" />I certify that I have read and agree to the
14	+ <a href="<?php echo $hrefs[ 'privacy_policy' ]; ?>" target="_blank">Privacy Policy</a>
15	+ </label>
16	+ <br />
17	+
18	+ <button type="submit" name="subscribe" id="mc-embedded-subscribe"
19	+ class="button button-primary"><?php echo $strings[ 'yes' ]; ?></button>
20	+ <br /><?php echo $strings[ 'we_dont_spam' ]; ?>
21	<div id="mce-responses" class="clear">
22	<div class="response" id="mce-error-response" style="display:none"></div>
23	<div class="response" id="mce-success-response" style="display:none"></div>
24	</div>
25	+ <div style="position: absolute; left: -5000px;"><input type="text" name="b_e736870223389e44fb8915c9a_0e1d527259"
26	+ tabindex="-1" value=""></div>
27	<div class="clear"></div>
28	</form>
29	+
30	+ <script type="text/javascript">
31	+ jQuery( document ).ready( function ( $ ) {
32	+ var $oSubButton = $( 'form#mc-embedded-subscribe-form button' );
33	+ var $oCheck = $( '#OptinConsent' );
34	+ $oSubButton.attr( "disabled", "disabled" );
35	+ $( document ).on( 'change', $oCheck, function () {
36	+ $oSubButton.prop( "disabled", ! $oCheck.is(":checked") );
37	+ } );
38	+ } );
39	+ </script>
40	</div>

templates/php/snippets/admin_access_login_box.php CHANGED Viewed

	@@ -37,7 +37,6 @@
37
38	$oTarget.html( '<div class="spinner"></div>' );
39	jQuery.post( ajaxurl, requestData, function ( oResponse ) {
40	- console.log( oResponse );
41	if ( oResponse.data ) {
42	$oTarget.html( oResponse.data.html );
43	}


37
38	$oTarget.html( '<div class="spinner"></div>' );
39	jQuery.post( ajaxurl, requestData, function ( oResponse ) {

40	if ( oResponse.data ) {
41	$oTarget.html( oResponse.data.html );
42	}

templates/twig/wizard/slides/welcome/admin_access_restriction.twig CHANGED Viewed

	@@ -6,7 +6,7 @@
6	<p>Shield lets you lock down access to the <em>Shield Security plugin itself</em> using a Security Access Key.</p>
7
8	<h6 class="more_details">
9	- <a class="btn btn-~~outline-secondary~~" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">


6	<p>Shield lets you lock down access to the <em>Shield Security plugin itself</em> using a Security Access Key.</p>
7
8	<h6 class="more_details">
9	+ <a class="btn btn-link" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">

templates/twig/wizard/slides/welcome/audit_trail.twig CHANGED Viewed

	@@ -6,7 +6,7 @@
6	<p>Turn on the Audit Trail below so you can track activity on your site and troubleshoot problems more easily.</p>
7
8	<h6 class="more_details">
9	- <a class="btn btn-~~outline-secondary~~" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">


6	<p>Turn on the Audit Trail below so you can track activity on your site and troubleshoot problems more easily.</p>
7
8	<h6 class="more_details">
9	+ <a class="btn btn-link" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">

templates/twig/wizard/slides/welcome/comments_filter.twig CHANGED Viewed

	@@ -6,7 +6,7 @@
6	<p>Shield can block 100% of automated Comment SPAM sent by "bots". You can turn it on below.</p>
7
8	<h6 class="more_details">
9	- <a class="btn btn-~~outline-secondary~~" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">


6	<p>Shield can block 100% of automated Comment SPAM sent by "bots". You can turn it on below.</p>
7
8	<h6 class="more_details">
9	+ <a class="btn btn-link" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">

templates/twig/wizard/slides/welcome/ip_detect.twig CHANGED Viewed

	@@ -6,14 +6,15 @@
6	<p>Use the steps below to enter your IP address. This helps Shield detect visitor IP
7	addresses more accurately, for your particular web hosting.</p>
8	<h6 class="more_details">
9	- <a class="btn btn-~~outline-secondary~~" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">
13	- <p>All websites and webhosts are configured ~~differently. This makes IP detection~~ a bit ~~tricky to automate.</p>~~

14	<p>We try to do this automatically for you, of course, but sometimes a server configuration
15	can be... unexpected. You can help ensure Shield gets the right IP address every time.</p>
16	- <p>Simply tell your IP address is, so we can match it against ~~all~~ the possibilities
17	that your webhost server presents to us. When we find a match, Shield will know how to best detect
18	visitor IPs for your web hosting.</p>
19	</div>
	@@ -29,7 +30,7 @@
29	{{ slideMacros.formInput_Text( 'ip', '', 'My IP Address', '123.456.789.012' ) }}
30
31	{{ slideMacros.formInput_Hidden( 'wizard-step', 'ip_detect' ) }}
32	- {{ slideMacros.formInput_Submit( 'Submit: This Is My IP' ) }}
33	</form>
34
35	{% endblock %}


6	<p>Use the steps below to enter your IP address. This helps Shield detect visitor IP
7	addresses more accurately, for your particular web hosting.</p>
8	<h6 class="more_details">
9	+ <a class="btn btn-link" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">
13	+ <p>All websites and webhosts are configured a bit differently.
14	+ This makes IP detection a bit tricky to automate.</p>
15	<p>We try to do this automatically for you, of course, but sometimes a server configuration
16	can be... unexpected. You can help ensure Shield gets the right IP address every time.</p>
17	+ <p>Simply tell us what your IP address is, so we can match it against the possibilities
18	that your webhost server presents to us. When we find a match, Shield will know how to best detect
19	visitor IPs for your web hosting.</p>
20	</div>

30	{{ slideMacros.formInput_Text( 'ip', '', 'My IP Address', '123.456.789.012' ) }}
31
32	{{ slideMacros.formInput_Hidden( 'wizard-step', 'ip_detect' ) }}
33	+ {{ slideMacros.formInput_Submit( 'Submit: This Is My IP Address' ) }}
34	</form>
35
36	{% endblock %}

templates/twig/wizard/slides/welcome/ips.twig CHANGED Viewed

	@@ -6,7 +6,7 @@
6	<p>Turn on the IP Manager below so Shield can automatically limit login attempts and block automated attacks.</p>
7
8	<h6 class="more_details">
9	- <a class="btn btn-~~outline-secondary~~" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">


6	<p>Turn on the IP Manager below so Shield can automatically limit login attempts and block automated attacks.</p>
7
8	<h6 class="more_details">
9	+ <a class="btn btn-link" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">

templates/twig/wizard/slides/welcome/login_protect.twig CHANGED Viewed

	@@ -6,7 +6,7 @@
6	<p>Shield can protect your WP Login against automated attacks and bots.</p>
7
8	<h6 class="more_details">
9	- <a class="btn btn-~~outline-secondary~~" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">


6	<p>Shield can protect your WP Login against automated attacks and bots.</p>
7
8	<h6 class="more_details">
9	+ <a class="btn btn-link" data-toggle="collapse" data-target=".more_details_body">More Details →</a>
10	</h6>
11	<div id="MoreDetails" class="collapse more_details_body">
12	<div class="card card-body">

templates/twig/wizard/slides/welcome/optin.twig CHANGED Viewed

@@ -21,9 +21,24 @@
             		{{ slideMacros.formInput_Text( 'FNAME', data.name, 'Your Name', data.name ) }}
             		{{ slideMacros.formInput_Email( 'EMAIL', data.user_email, 'Your Email',
             			data.user_email, 'We never SPAM and you can remove yourself at any time.' ) }}
             		{{ slideMacros.formInput_Submit( 'Sign-Up', 'subscribe' ) }}
             	</form>
-            -
             	<hr />
             	<h5>#2 Anonymous Usage Data</h5>


21	{{ slideMacros.formInput_Text( 'FNAME', data.name, 'Your Name', data.name ) }}
22	{{ slideMacros.formInput_Email( 'EMAIL', data.user_email, 'Your Email',
23	data.user_email, 'We never SPAM and you can remove yourself at any time.' ) }}
24	+ {{ slideMacros.formInput_Checkbox(
25	+ 'OptinConsent', 'Y', 'Agree To Privacy Policy',
26	+ strings.privacy_policy,
27	+ 'We treat your membership information under our strict, and GDPR-compliant, privacy policy.',
28	+ 'OptinConsent'
29	+ ) }}
30	{{ slideMacros.formInput_Submit( 'Sign-Up', 'subscribe' ) }}
31	</form>
32	+ <script type="text/javascript">
33	+ jQuery( document ).ready( function ( $ ) {
34	+ var $oSubButton = $( 'form#mc-embedded-subscribe-form button' );
35	+ var $oCheck = $( '#OptinConsent' );
36	+ $oSubButton.attr( "disabled", "disabled" );
37	+ $( document ).on( 'change', $oCheck, function () {
38	+ $oSubButton.prop( "disabled", ! $oCheck.is(":checked") );
39	+ } );
40	+ } );
41	+ </script>
42	<hr />
43
44	<h5>#2 Anonymous Usage Data</h5>

templates/twig/wizard/slides/welcome/welcome.twig CHANGED Viewed

	@@ -2,6 +2,11 @@
2
3	{% block slide_body %}
4	{{ slideMacros.slideTitle( 'Welcome To Shield Security for WordPress' ) }}





5	<p>Shield Security does a lot, and has a lot of options.</p>
6	<p>Rather than overwhelm you with everything all at once, we'll walk you through the main features
7	first, to give you a feel for how Shield will protect your site.</p>


2
3	{% block slide_body %}
4	{{ slideMacros.slideTitle( 'Welcome To Shield Security for WordPress' ) }}
5	+ <div class="embed-responsive embed-responsive-16by9">
6	+ <iframe src="https://player.vimeo.com/video/267962208" width="640" height="480"
7	+ frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
8	+ </div>
9	+
10	<p>Shield Security does a lot, and has a lot of options.</p>
11	<p>Rather than overwhelm you with everything all at once, we'll walk you through the main features
12	first, to give you a feel for how Shield will protect your site.</p>

Shield Security for WordPress - Version 6.6.8

Version Description

Release Info

Code changes from version 6.6.7 to 6.6.8