WordPress Zero Spam - Version 5.0.3

Version Description

Download this release

Release Info

Developer bmarshall511
Plugin Icon 128x128 WordPress Zero Spam
Version 5.0.3
Comparing to
See all releases

Code changes from version 5.0.2 to 5.0.3

Files changed (7) hide show
  1. core/class-user.php +19 -19
  2. includes/class-plugin.php +8 -2
  3. modules/class-stopforumspam.php +0 -7
  4. modules/formidable/class-formidable.php +136 -0
  5. modules/wpforms/class-wpforms.php +2 -2
  6. readme.txt +9 -5
  7. wordpress-zero-spam.php +3 -3
core/class-user.php CHANGED
@@ -22,6 +22,7 @@ class User {
22
  */
23
  public static function get_ip() {
24
  $settings = Settings::get_settings();
 
25
 
26
  // Check if a debugging IP is enabled.
27
  if (
@@ -29,37 +30,36 @@ class User {
29
  'enabled' === $settings['debug']['value'] &&
30
  ! empty( $settings['debug_ip']['value'] )
31
  ) {
32
- return $settings['debug_ip']['value'];
33
- }
34
-
35
- // Check against Cloudflare IPs.
36
- if ( ! empty( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ) {
37
- $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
38
  } else {
39
-
40
  // Handle all other IPs.
41
  if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
42
- $ip = $_SERVER['HTTP_CLIENT_IP'];
43
  } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
44
- $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
45
  } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED'] ) ) {
46
- $ip = $_SERVER['HTTP_X_FORWARDED'];
47
  } elseif ( ! empty( $_SERVER['HTTP_FORWARDED_FOR'] ) ) {
48
- $ip = $_SERVER['HTTP_FORWARDED_FOR'];
49
  } elseif ( ! empty( $_SERVER['HTTP_FORWARDED'] ) ) {
50
- $ip = $_SERVER['HTTP_FORWARDED'];
51
- } else {
52
- $ip = $_SERVER['REMOTE_ADDR'];
53
  }
54
  }
55
 
56
- $ip = explode( ',', $ip );
57
- $ip = trim( $ip[0] );
 
58
 
59
- if ( ! rest_is_ip_address( $ip ) ) {
60
- return false;
 
61
  }
62
 
63
- return $ip;
64
  }
65
  }
22
  */
23
  public static function get_ip() {
24
  $settings = Settings::get_settings();
25
+ $ip = false;
26
 
27
  // Check if a debugging IP is enabled.
28
  if (
30
  'enabled' === $settings['debug']['value'] &&
31
  ! empty( $settings['debug_ip']['value'] )
32
  ) {
33
+ $ip = $settings['debug_ip']['value'];
34
+ } elseif ( ! empty( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ) {
35
+ // Check against Cloudflare's reported IP address.
36
+ $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_CF_CONNECTING_IP'] ) );
 
 
37
  } else {
 
38
  // Handle all other IPs.
39
  if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
40
+ $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ) );
41
  } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
42
+ $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) );
43
  } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED'] ) ) {
44
+ $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED'] ) );
45
  } elseif ( ! empty( $_SERVER['HTTP_FORWARDED_FOR'] ) ) {
46
+ $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_FORWARDED_FOR'] ) );
47
  } elseif ( ! empty( $_SERVER['HTTP_FORWARDED'] ) ) {
48
+ $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_FORWARDED'] ) );
49
+ } elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) {
50
+ $ip = sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) );
51
  }
52
  }
53
 
54
+ if ( $ip ) {
55
+ $ip = explode( ',', $ip );
56
+ $ip = trim( $ip[0] );
57
 
58
+ if ( ! rest_is_ip_address( $ip ) ) {
59
+ $ip = false;
60
+ }
61
  }
62
 
63
+ return apply_filters( 'zerospam_get_ip', $ip );
64
  }
65
  }
includes/class-plugin.php CHANGED
@@ -21,6 +21,7 @@ use ZeroSpam\Modules\Comments\Comments;
21
  use ZeroSpam\Modules\ContactForm7\ContactForm7;
22
  use ZeroSpam\Modules\WooCommerce\WooCommerce;
23
  use ZeroSpam\Modules\WPForms\WPForms;
 
24
 
25
  // Security Note: Blocks direct access to the plugin PHP files.
26
  defined( 'ABSPATH' ) || die();
@@ -94,9 +95,9 @@ class Plugin {
94
  self::$instance = new self();
95
 
96
  /**
97
- * Elementor loaded.
98
  *
99
- * Fires when Elementor was fully loaded and instantiated.
100
  *
101
  * @since 1.0.0
102
  */
@@ -145,6 +146,7 @@ class Plugin {
145
  new Comments();
146
 
147
  include_once ABSPATH . 'wp-admin/includes/plugin.php';
 
148
  if ( is_plugin_active( 'contact-form-7/wp-contact-form-7.php' ) ) {
149
  new ContactForm7();
150
  }
@@ -160,6 +162,10 @@ class Plugin {
160
  new WPForms();
161
  }
162
 
 
 
 
 
163
  //= new BotScout();
164
  new StopForumSpam();
165
  new ipstack();
21
  use ZeroSpam\Modules\ContactForm7\ContactForm7;
22
  use ZeroSpam\Modules\WooCommerce\WooCommerce;
23
  use ZeroSpam\Modules\WPForms\WPForms;
24
+ use ZeroSpam\Modules\Formidable\Formidable;
25
 
26
  // Security Note: Blocks direct access to the plugin PHP files.
27
  defined( 'ABSPATH' ) || die();
95
  self::$instance = new self();
96
 
97
  /**
98
+ * WordPress Zero Spam loaded.
99
  *
100
+ * Fires when WordPress Zero Spam was fully loaded and instantiated.
101
  *
102
  * @since 1.0.0
103
  */
146
  new Comments();
147
 
148
  include_once ABSPATH . 'wp-admin/includes/plugin.php';
149
+
150
  if ( is_plugin_active( 'contact-form-7/wp-contact-form-7.php' ) ) {
151
  new ContactForm7();
152
  }
162
  new WPForms();
163
  }
164
 
165
+ if ( is_plugin_active( 'formidable/formidable.php' ) ) {
166
+ new Formidable();
167
+ }
168
+
169
  //= new BotScout();
170
  new StopForumSpam();
171
  new ipstack();
modules/class-stopforumspam.php CHANGED
@@ -320,13 +320,6 @@ class StopForumSpam {
320
  ! empty( $response['ip']['appears'] )
321
  ) {
322
 
323
- $blacklisted = array(
324
- 'user_ip' => $user_ip,
325
- 'blacklist_service' => 'stop_forum_spam',
326
- 'blacklist_data' => wp_json_encode( $response['ip'] ),
327
- );
328
- ZeroSpam\Includes\DB::blacklisted( $blacklisted );
329
-
330
  if (
331
  ! empty( $response['ip']['confidence'] ) &&
332
  ! empty( $settings['stop_forum_spam_confidence_min']['value'] ) &&
320
  ! empty( $response['ip']['appears'] )
321
  ) {
322
 
 
 
 
 
 
 
 
323
  if (
324
  ! empty( $response['ip']['confidence'] ) &&
325
  ! empty( $settings['stop_forum_spam_confidence_min']['value'] ) &&
modules/formidable/class-formidable.php ADDED
@@ -0,0 +1,136 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Formidable class.
4
+ *
5
+ * @package ZeroSpam
6
+ */
7
+
8
+ namespace ZeroSpam\Modules\Formidable;
9
+
10
+ use ZeroSpam;
11
+
12
+ // Security Note: Blocks direct access to the plugin PHP files.
13
+ defined( 'ABSPATH' ) || die();
14
+
15
+ /**
16
+ * Formidable.
17
+ */
18
+ class Formidable {
19
+ /**
20
+ * Formidable constructor.
21
+ */
22
+ public function __construct() {
23
+ add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
24
+ add_filter( 'zerospam_settings', array( $this, 'settings' ) );
25
+ add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
26
+
27
+ if ( 'enabled' === ZeroSpam\Core\Settings::get_settings( 'verify_formidable' ) ) {
28
+ add_action( 'frm_entry_form', array( $this, 'honeypot' ), 10, 1 );
29
+ add_filter( 'frm_validate_entry', array( $this, 'preprocess_submission' ), 10, 2 );
30
+ }
31
+ }
32
+
33
+ /**
34
+ * Add to the types array.
35
+ */
36
+ public function types( $types ) {
37
+ $types['formidable'] = __( 'Formidable', 'zerospam' );
38
+
39
+ return $types;
40
+ }
41
+
42
+ /**
43
+ * Formidable sections.
44
+ */
45
+ public function sections( $sections ) {
46
+ $sections['formidable'] = array(
47
+ 'title' => __( 'Formidable Settings', 'zerospam' ),
48
+ );
49
+
50
+ return $sections;
51
+ }
52
+
53
+ /**
54
+ * Formidable settings.
55
+ *
56
+ * Registers Formidable setting fields.
57
+ *
58
+ * @param array $settings Array of WordPress Zero Spam settings.
59
+ */
60
+ public function settings( $settings ) {
61
+ $options = get_option( 'wpzerospam' );
62
+
63
+ $settings['verify_formidable'] = array(
64
+ 'title' => __( 'Protect Formidable Submissions', 'zerospam' ),
65
+ 'section' => 'formidable',
66
+ 'type' => 'checkbox',
67
+ 'options' => array(
68
+ 'enabled' => __( 'Monitor Formidable submissions for malicious or automated spambots.', 'zerospam' ),
69
+ ),
70
+ 'value' => ! empty( $options['verify_formidable'] ) ? $options['verify_formidable'] : false,
71
+ );
72
+
73
+ if ( ! empty( $options['verify_formidable'] ) && 'enabled' === $options['verify_formidable'] ) {
74
+ $message = __( 'You have been flagged as spam/malicious by WordPress Zero Spam.', 'zerospam' );
75
+ $settings['formidable_spam_message'] = array(
76
+ 'title' => __( 'Formidable Spam/Malicious Message', 'zerospam' ),
77
+ 'desc' => __( 'Displayed to the user when a submission is detected as spam/malicious.', 'zerospam' ),
78
+ 'section' => 'formidable',
79
+ 'type' => 'text',
80
+ 'field_class' => 'large-text',
81
+ 'placeholder' => $message,
82
+ 'value' => ! empty( $options['formidable_spam_message'] ) ? $options['formidable_spam_message'] : $message,
83
+ );
84
+ }
85
+
86
+ $settings['log_blocked_formidable'] = array(
87
+ 'title' => __( 'Log Blocked Formidable Submissions', 'zerospam' ),
88
+ 'section' => 'formidable',
89
+ 'type' => 'checkbox',
90
+ 'desc' => __( 'Enables logging blocked Formidable submissions. High traffic sites should leave this disabled.', 'zerospam' ),
91
+ 'options' => array(
92
+ 'enabled' => __( 'Enabled', 'zerospam' ),
93
+ ),
94
+ 'value' => ! empty( $options['log_blocked_formidable'] ) ? $options['log_blocked_formidable'] : false,
95
+ );
96
+
97
+ return $settings;
98
+ }
99
+
100
+ /**
101
+ * Add a 'honeypot' field to the form.
102
+ *
103
+ * @param array $form_data Form data and settings.
104
+ */
105
+ public function honeypot( $form_data ) {
106
+ echo ZeroSpam\Core\Utilities::honeypot_field();
107
+ }
108
+
109
+ /**
110
+ * Preprocess submission.
111
+ */
112
+ public function preprocess_submission( $errors, $values ) {
113
+ $settings = ZeroSpam\Core\Settings::get_settings();
114
+ $honeypot = ZeroSpam\Core\Utilities::get_honeypot();
115
+
116
+ // Check honeypot.
117
+ if (
118
+ ! empty( $_REQUEST[ $honeypot ] )
119
+ ) {
120
+ $message = __( 'You have been flagged as spam/malicious by WordPress Zero Spam.', 'zerospam' );
121
+ if ( ! empty( $settings['formidable_spam_message']['value'] ) ) {
122
+ $message = $settings['formidable_spam_message']['value'];
123
+ }
124
+
125
+ $errors['zerospam_honeypot'] = $message;
126
+
127
+ if ( ! empty( $settings['log_blocked_formidable']['value'] ) && 'enabled' === $settings['log_blocked_formidable']['value'] ) {
128
+ $details = $values;
129
+ $details['failed'] = 'honeypot';
130
+ ZeroSpam\Includes\DB::log( 'formidable', $details );
131
+ }
132
+ }
133
+
134
+ return $errors;
135
+ }
136
+ }
modules/wpforms/class-wpforms.php CHANGED
@@ -17,7 +17,7 @@ defined( 'ABSPATH' ) || die();
17
  */
18
  class WPForms {
19
  /**
20
- * WooCommerce constructor.
21
  */
22
  public function __construct() {
23
  add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
@@ -40,7 +40,7 @@ class WPForms {
40
  }
41
 
42
  /**
43
- * Registration sections.
44
  */
45
  public function sections( $sections ) {
46
  $sections['wpforms'] = array(
17
  */
18
  class WPForms {
19
  /**
20
+ * WPForms constructor.
21
  */
22
  public function __construct() {
23
  add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
40
  }
41
 
42
  /**
43
+ * WPForms sections.
44
  */
45
  public function sections( $sections ) {
46
  $sections['wpforms'] = array(
readme.txt CHANGED
@@ -5,7 +5,7 @@ Donate link: https://www.benmarshall.me/donate/?utm_source=wordpress_zero_spam&u
5
  Requires at least: 5.2
6
  Tested up to: 5.6.2
7
  Requires PHP: 7.3
8
- Stable tag: 5.0.2
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
@@ -21,15 +21,13 @@ Quit forcing people to answer questions or confusing captchas to prove they're n
21
 
22
  = WordPress Zero Spam features =
23
 
24
- * Blocks 99.9% of spam &amp; malicious visitors
25
  * No captcha, spam isn't a users' problem
26
  * No moderation queues, spam isn't a administrators' problem
27
- * IP blacklist spam checks ([Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/))
28
  * Automatically & manually block IPs temporarily or permanently
29
  * Geolocate IP addresses to see where offenders are coming from
30
  * Block entire countries, regions, zip/postal codes & cities
31
  * Detailed logging to catch, investigate & block recurring offenders
32
- * Developer-friendly, integrate with any theme, plugin or form
33
 
34
  = WordPress Zero Spam also protects =
35
 
@@ -37,13 +35,14 @@ Quit forcing people to answer questions or confusing captchas to prove they're n
37
  * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/) submissions
38
  * [WooCommerce](https://woocommerce.com/) registration forms
39
  * [WPForms](https://wordpress.org/plugins/wpforms-lite/) submissions
 
40
  * and can be easily integrated into any existing theme or plugin
41
 
42
  WordPress Zero Spam is great at blocking spam &mdash; as a site owner there's more you can do to [stop WordPress spam](https://www.benmarshall.me/stop-wordpress-spam/) in its tracks.
43
 
44
  = WordPress Zero Spam needs your support =
45
 
46
- **WordPress Zero Spam is free — completely free & always will be.** Development requires resources, please consider making a [donation](https://www.benmarshall.me/donate/?utm_source=wordpress.org&utm_medium=plugin&utm_campaign=wordpress_zero_spam) to help encourage and support the plugin's continued support.
47
 
48
  * Like our [Facebook Page](https://www.facebook.com/zerospamorg/)
49
  * Follow us on [Twitter](https://www.facebook.com/zerospamorg)
@@ -73,6 +72,11 @@ For more information & developer documentation, see the [plugin’s website](htt
73
 
74
  == Changelog ==
75
 
 
 
 
 
 
76
  = v5.0.2 =
77
 
78
  * Admin UI enhancements
5
  Requires at least: 5.2
6
  Tested up to: 5.6.2
7
  Requires PHP: 7.3
8
+ Stable tag: 5.0.3
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
21
 
22
  = WordPress Zero Spam features =
23
 
 
24
  * No captcha, spam isn't a users' problem
25
  * No moderation queues, spam isn't a administrators' problem
26
+ * Third-party blacklist checks ([Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/))
27
  * Automatically & manually block IPs temporarily or permanently
28
  * Geolocate IP addresses to see where offenders are coming from
29
  * Block entire countries, regions, zip/postal codes & cities
30
  * Detailed logging to catch, investigate & block recurring offenders
 
31
 
32
  = WordPress Zero Spam also protects =
33
 
35
  * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/) submissions
36
  * [WooCommerce](https://woocommerce.com/) registration forms
37
  * [WPForms](https://wordpress.org/plugins/wpforms-lite/) submissions
38
+ * [Formidable Form Builder](https://wordpress.org/plugins/formidable/) submissions
39
  * and can be easily integrated into any existing theme or plugin
40
 
41
  WordPress Zero Spam is great at blocking spam &mdash; as a site owner there's more you can do to [stop WordPress spam](https://www.benmarshall.me/stop-wordpress-spam/) in its tracks.
42
 
43
  = WordPress Zero Spam needs your support =
44
 
45
+ **WordPress Zero Spam is free & always will be.** Please consider making a [donation](https://www.benmarshall.me/donate/?utm_source=wordpress.org&utm_medium=plugin&utm_campaign=wordpress_zero_spam) to help encourage plugin's continued development.
46
 
47
  * Like our [Facebook Page](https://www.facebook.com/zerospamorg/)
48
  * Follow us on [Twitter](https://www.facebook.com/zerospamorg)
72
 
73
  == Changelog ==
74
 
75
+ = v5.0.3 =
76
+
77
+ * Added support for Formidable Form Builder
78
+ * Fixed PHP error related to a blacklist call
79
+
80
  = v5.0.2 =
81
 
82
  * Admin UI enhancements
wordpress-zero-spam.php CHANGED
@@ -12,8 +12,8 @@
12
  * @wordpress-plugin
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://benmarshall.me/wordpress-zero-spam
15
- * Description: Tired of all the useless and bloated WordPress spam plugins? The WordPress Zero Spam plugin makes blocking spam a cinch. <strong>Just install, activate and say goodbye to spam.</strong> Based on work by <a href="http://davidwalsh.name/wordpress-comment-spam" target="_blank">David Walsh</a>.
16
- * Version: 5.0.2
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.3
19
  * Author: Ben Marshall
@@ -31,7 +31,7 @@ defined( 'ABSPATH' ) || die();
31
  define( 'ZEROSPAM', __FILE__ );
32
  define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33
  define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34
- define( 'ZEROSPAM_VERSION', '5.0.2' );
35
 
36
  add_action( 'plugins_loaded', 'zerospam_load_plugin_textdomain' );
37
 
12
  * @wordpress-plugin
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://benmarshall.me/wordpress-zero-spam
15
+ * Description: Tired of all the useless and bloated WordPress spam plugins? The WordPress Zero Spam plugin makes blocking spam a cinch. <strong>Just install, activate and say goodbye to spam.</strong>.
16
+ * Version: 5.0.3
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.3
19
  * Author: Ben Marshall
31
  define( 'ZEROSPAM', __FILE__ );
32
  define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33
  define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34
+ define( 'ZEROSPAM_VERSION', '5.0.3' );
35
 
36
  add_action( 'plugins_loaded', 'zerospam_load_plugin_textdomain' );
37