WordPress Zero Spam - Version 5.2.8

Version Description

Download this release

Release Info

Developer bmarshall511
Plugin Icon 128x128 WordPress Zero Spam
Version 5.2.8
Comparing to
See all releases

Code changes from version 5.2.7 to 5.2.8

Files changed (12) hide show
  1. assets/css/admin.css +4 -2
  2. core/admin/class-admin.php +1 -1
  3. core/admin/class-dashboard.php +1 -4
  4. core/admin/class-settings.php +115 -59
  5. core/admin/tables/class-logtable.php +1 -1
  6. core/class-settings.php +16 -16
  7. includes/templates/settings/errors.php +6 -1
  8. modules/davidwalsh/assets/js/davidwalsh.js +1 -1
  9. modules/davidwalsh/class-davidwalsh.php +4 -2
  10. modules/memberpress/class-memberpress.php +171 -18
  11. readme.txt +7 -1
  12. wordpress-zero-spam.php +2 -2
assets/css/admin.css CHANGED
@@ -256,6 +256,7 @@
256
  .zerospam-type-contactform7::before,
257
  .zerospam-type-givewp::before,
258
  .zerospam-type-memberpress_registration::before,
 
259
  .zerospam-type-mailchimp4wp::before {
260
  background-position: center;
261
  background-repeat: no-repeat;
@@ -299,8 +300,9 @@
299
  background-image: url('../img/icon-cf7.png');
300
  }
301
 
302
- /* Type: memberpress_registration */
303
- .zerospam-type-memberpress_registration::before {
 
304
  background-image: url('../img/icon-memberpress.svg');
305
  }
306
 
256
  .zerospam-type-contactform7::before,
257
  .zerospam-type-givewp::before,
258
  .zerospam-type-memberpress_registration::before,
259
+ .zerospam-type-memberpress_login::before,
260
  .zerospam-type-mailchimp4wp::before {
261
  background-position: center;
262
  background-repeat: no-repeat;
300
  background-image: url('../img/icon-cf7.png');
301
  }
302
 
303
+ /* Type: memberpress_registration, memberpress_login */
304
+ .zerospam-type-memberpress_registration::before,
305
+ .zerospam-type-memberpress_login::before {
306
  background-image: url('../img/icon-memberpress.svg');
307
  }
308
 
core/admin/class-admin.php CHANGED
@@ -138,7 +138,7 @@ class Admin {
138
  )
139
  ),
140
  esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings' ) ),
141
- esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=auto-configure' ) ),
142
  esc_url( ZEROSPAM_URL . 'product/premium/' )
143
  ),
144
  );
138
  )
139
  ),
140
  esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings' ) ),
141
+ wp_nonce_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=autoconfigure' ), 'autoconfigure', 'zerospam' ),
142
  esc_url( ZEROSPAM_URL . 'product/premium/' )
143
  ),
144
  );
core/admin/class-dashboard.php CHANGED
@@ -20,10 +20,7 @@ defined( 'ABSPATH' ) || die();
20
  class Dashboard {
21
 
22
  /**
23
- * Dashboard constructor.
24
- *
25
- * @since 5.0.0
26
- * @access public
27
  */
28
  public function __construct() {
29
  add_action( 'admin_init', array( $this, 'admin_init' ) );
20
  class Dashboard {
21
 
22
  /**
23
+ * Dashboard constructor
 
 
 
24
  */
25
  public function __construct() {
26
  add_action( 'admin_init', array( $this, 'admin_init' ) );
core/admin/class-settings.php CHANGED
@@ -21,7 +21,6 @@ class Settings {
21
  public function __construct() {
22
  add_action( 'admin_menu', array( $this, 'admin_menu' ) );
23
  add_action( 'admin_init', array( $this, 'register_settings' ) );
24
- add_action( 'admin_init', array( $this, 'process_actions' ) );
25
  add_action( 'admin_action_import_settings', array( $this, 'import_settings' ) );
26
 
27
  // @codingStandardsIgnoreLine
@@ -36,56 +35,6 @@ class Settings {
36
  }
37
  }
38
 
39
- /**
40
- * Processes actions
41
- */
42
- public function process_actions() {
43
- // @codingStandardsIgnoreLine
44
- $action = ! empty( $_REQUEST['zerospam-action'] ) ? trim( sanitize_text_field( $_REQUEST['zerospam-action'] ) ) : false;
45
- $redirect = false;
46
- $message = false;
47
-
48
- switch ( $action ) {
49
- case 'auto-configure':
50
- $redirect = '&tab=settings';
51
- $message = __( 'WordPress Zero Spam has successfully been auto-configured with the recommended settings.', 'zerospam' );
52
- \ZeroSpam\Core\Settings::auto_configure();
53
- break;
54
- case 'regenerate-honeypot':
55
- $redirect = '&tab=settings';
56
- $message = __( 'WordPress Zero Spam\'s honeypot ID has been successfully reset.', 'zerospam' );
57
- self::regenerate_honeypot();
58
- break;
59
- case 'update-blocked-email-domains':
60
- $redirect = '&tab=settings';
61
- $message = __( 'WordPress Zero Spam\'s blocked email domains have been successfully updated to the recommended.', 'zerospam' );
62
- \ZeroSpam\Core\Settings::update_blocked_email_domains();
63
- break;
64
- case 'update-disallowed-words':
65
- $redirect = '&tab=settings';
66
- $message = __( 'WordPress\'s disallowed words list has been successfully updated to the recommended.', 'zerospam' );
67
- \ZeroSpam\Core\Settings::update_disallowed_words();
68
- break;
69
- case 'delete-error-log':
70
- $redirect = '&tab=error';
71
- $message = __( 'WordPress Zero Spam\'s error log has been successfully deleted.', 'zerospam' );
72
- \ZeroSpam\Core\Utilities::delete_error_log();
73
- break;
74
- }
75
-
76
- if ( $redirect ) {
77
- $redirect_url = 'options-general.php?page=wordpress-zero-spam-settings';
78
- $redirect_url .= $redirect;
79
-
80
- if ( $message ) {
81
- $redirect_url .= '&zerospam-msg=' . $message;
82
- }
83
-
84
- wp_safe_redirect( admin_url( $redirect_url ) );
85
- exit;
86
- }
87
- }
88
-
89
  /**
90
  * Imports settings
91
  */
@@ -115,7 +64,7 @@ class Settings {
115
  exit;
116
  } else {
117
  wp_safe_redirect( $redirect . '&zerospam-error=1' );
118
- exit;
119
  }
120
  }
121
  } else {
@@ -131,10 +80,79 @@ class Settings {
131
  \ZeroSpam\Core\Utilities::get_honeypot( true );
132
  }
133
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
134
  /**
135
  * Admin menu
136
  */
137
  public function admin_menu() {
 
 
138
  add_submenu_page(
139
  'options-general.php',
140
  __( 'Zero Spam Settings', 'zerospam' ),
@@ -147,6 +165,8 @@ class Settings {
147
 
148
  /**
149
  * Validates plugin settings before save
 
 
150
  */
151
  public function settings_validation( $input ) {
152
  update_option( 'zerospam_configured', 1 );
@@ -250,11 +270,43 @@ class Settings {
250
 
251
  /**
252
  * Settings field
 
 
253
  */
254
  public function settings_field( $args ) {
255
  switch ( $args['type'] ) {
256
  case 'html':
257
- echo $args['html'];
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
258
  break;
259
  case 'textarea':
260
  ?>
@@ -268,7 +320,11 @@ class Settings {
268
  <?php if ( ! empty( $args['placeholder'] ) ) : ?>
269
  placeholder="<?php echo esc_attr( $args['placeholder'] ); ?>"
270
  <?php endif; ?>
271
- ><?php if( ! empty( $args['value'] ) ) : ?><?php echo esc_attr( $args['value'] ); ?><?php endif; ?></textarea>
 
 
 
 
272
  <?php
273
  break;
274
  case 'url':
@@ -281,7 +337,7 @@ class Settings {
281
  id="<?php echo esc_attr( $args['label_for'] ); ?>"
282
  name="wpzerospam[<?php echo esc_attr( $args['label_for'] ); ?>]"
283
  type="<?php echo esc_attr( $args['type'] ); ?>"
284
- <?php if( ! empty( $args['value'] ) ) : ?>
285
  value="<?php echo esc_attr( $args['value'] ); ?>"
286
  <?php endif; ?>
287
  <?php if ( ! empty( $args['field_class'] ) ) : ?>
@@ -290,13 +346,13 @@ class Settings {
290
  <?php if ( ! empty( $args['placeholder'] ) ) : ?>
291
  placeholder="<?php echo esc_attr( $args['placeholder'] ); ?>"
292
  <?php endif; ?>
293
- <?php if( ! empty( $args['min'] ) ) : ?>
294
  min="<?php echo esc_attr( $args['min'] ); ?>"
295
  <?php endif; ?>
296
- <?php if( ! empty( $args['max'] ) ) : ?>
297
  max="<?php echo esc_attr( $args['max'] ); ?>"
298
  <?php endif; ?>
299
- <?php if( ! empty( $args['step'] ) ) : ?>
300
  step="<?php echo esc_attr( $args['step'] ); ?>"
301
  <?php endif; ?>
302
  />
@@ -341,7 +397,7 @@ class Settings {
341
  selected="selected"
342
  <?php endif; ?>
343
  >
344
- <?php esc_html_e( $label ); ?>
345
  </option>
346
  <?php endforeach; ?>
347
  </select>
21
  public function __construct() {
22
  add_action( 'admin_menu', array( $this, 'admin_menu' ) );
23
  add_action( 'admin_init', array( $this, 'register_settings' ) );
 
24
  add_action( 'admin_action_import_settings', array( $this, 'import_settings' ) );
25
 
26
  // @codingStandardsIgnoreLine
35
  }
36
  }
37
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
38
  /**
39
  * Imports settings
40
  */
64
  exit;
65
  } else {
66
  wp_safe_redirect( $redirect . '&zerospam-error=1' );
67
+ exit;
68
  }
69
  }
70
  } else {
80
  \ZeroSpam\Core\Utilities::get_honeypot( true );
81
  }
82
 
83
+ /**
84
+ * Processes nonce actions
85
+ */
86
+ public function process_nonce_actions() {
87
+ if (
88
+ ! empty( $_REQUEST['zerospam-action'] ) &&
89
+ 'autoconfigure' === $_REQUEST['zerospam-action'] &&
90
+ check_admin_referer( 'autoconfigure', 'zerospam' )
91
+ ) {
92
+ \ZeroSpam\Core\Settings::auto_configure();
93
+
94
+ $message = __( 'WordPress Zero Spam has successfully been auto-configured with the recommended settings.', 'zerospam' );
95
+ $redirect_url = 'options-general.php?page=wordpress-zero-spam-settings&tab=settings&zerospam-msg=' . $message;
96
+
97
+ wp_safe_redirect( $redirect_url );
98
+ exit;
99
+ } elseif (
100
+ ! empty( $_REQUEST['zerospam-action'] ) &&
101
+ 'update-blocked-emails' === $_REQUEST['zerospam-action'] &&
102
+ check_admin_referer( 'update-blocked-emails', 'zerospam' )
103
+ ) {
104
+ \ZeroSpam\Core\Settings::update_blocked_email_domains();
105
+
106
+ $message = __( 'WordPress Zero Spam\'s blocked email domains have been successfully updated to the recommended.', 'zerospam' );
107
+ $redirect_url = 'options-general.php?page=wordpress-zero-spam-settings&tab=settings&zerospam-msg=' . $message;
108
+
109
+ wp_safe_redirect( $redirect_url );
110
+ exit;
111
+ } elseif (
112
+ ! empty( $_REQUEST['zerospam-action'] ) &&
113
+ 'regenerate-honeypot' === $_REQUEST['zerospam-action'] &&
114
+ check_admin_referer( 'regenerate-honeypot', 'zerospam' )
115
+ ) {
116
+ self::regenerate_honeypot();
117
+
118
+ $message = __( 'WordPress Zero Spam\'s honeypot ID has been successfully reset.', 'zerospam' );
119
+ $redirect_url = 'options-general.php?page=wordpress-zero-spam-settings&tab=settings&zerospam-msg=' . $message;
120
+
121
+ wp_safe_redirect( $redirect_url );
122
+ exit;
123
+ } elseif (
124
+ ! empty( $_REQUEST['zerospam-action'] ) &&
125
+ 'update-disallowed-words' === $_REQUEST['zerospam-action'] &&
126
+ check_admin_referer( 'update-disallowed-words', 'zerospam' )
127
+ ) {
128
+ \ZeroSpam\Core\Settings::update_disallowed_words();
129
+
130
+ $message = __( 'WordPress\'s disallowed words list has been successfully updated to the recommended.', 'zerospam' );
131
+ $redirect_url = 'options-general.php?page=wordpress-zero-spam-settings&tab=settings&zerospam-msg=' . $message;
132
+
133
+ wp_safe_redirect( $redirect_url );
134
+ exit;
135
+ } elseif (
136
+ ! empty( $_REQUEST['zerospam-action'] ) &&
137
+ 'delete-error-log' === $_REQUEST['zerospam-action'] &&
138
+ check_admin_referer( 'delete-error-log', 'zerospam' )
139
+ ) {
140
+ \ZeroSpam\Core\Utilities::delete_error_log();
141
+
142
+ $message = __( 'WordPress Zero Spam\'s error log has been successfully deleted.', 'zerospam' );
143
+ $redirect_url = 'options-general.php?page=wordpress-zero-spam-settings&tab=error&zerospam-msg=' . $message;
144
+
145
+ wp_safe_redirect( $redirect_url );
146
+ exit;
147
+ }
148
+ }
149
+
150
  /**
151
  * Admin menu
152
  */
153
  public function admin_menu() {
154
+ $this->process_nonce_actions();
155
+
156
  add_submenu_page(
157
  'options-general.php',
158
  __( 'Zero Spam Settings', 'zerospam' ),
165
 
166
  /**
167
  * Validates plugin settings before save
168
+ *
169
+ * @param array $input Input array.
170
  */
171
  public function settings_validation( $input ) {
172
  update_option( 'zerospam_configured', 1 );
270
 
271
  /**
272
  * Settings field
273
+ *
274
+ * @param array $args Field arguments.
275
  */
276
  public function settings_field( $args ) {
277
  switch ( $args['type'] ) {
278
  case 'html':
279
+ echo wp_kses(
280
+ $args['html'],
281
+ array(
282
+ 'strong' => array(),
283
+ 'a' => array(
284
+ 'target' => array(),
285
+ 'class' => array(),
286
+ 'rel' => array(),
287
+ ),
288
+ 'em' => array(),
289
+ 'code' => array(),
290
+ 'h1' => array(
291
+ 'style' => array(),
292
+ ),
293
+ 'h2' => array(
294
+ 'style' => array(),
295
+ ),
296
+ 'h3' => array(
297
+ 'style' => array(),
298
+ ),
299
+ 'h4' => array(
300
+ 'style' => array(),
301
+ ),
302
+ 'h5' => array(
303
+ 'style' => array(),
304
+ ),
305
+ 'h6' => array(
306
+ 'style' => array(),
307
+ ),
308
+ )
309
+ );
310
  break;
311
  case 'textarea':
312
  ?>
320
  <?php if ( ! empty( $args['placeholder'] ) ) : ?>
321
  placeholder="<?php echo esc_attr( $args['placeholder'] ); ?>"
322
  <?php endif; ?>
323
+ >
324
+ <?php if ( ! empty( $args['value'] ) ) : ?>
325
+ <?php echo esc_attr( $args['value'] ); ?>
326
+ <?php endif; ?>
327
+ </textarea>
328
  <?php
329
  break;
330
  case 'url':
337
  id="<?php echo esc_attr( $args['label_for'] ); ?>"
338
  name="wpzerospam[<?php echo esc_attr( $args['label_for'] ); ?>]"
339
  type="<?php echo esc_attr( $args['type'] ); ?>"
340
+ <?php if ( ! empty( $args['value'] ) ) : ?>
341
  value="<?php echo esc_attr( $args['value'] ); ?>"
342
  <?php endif; ?>
343
  <?php if ( ! empty( $args['field_class'] ) ) : ?>
346
  <?php if ( ! empty( $args['placeholder'] ) ) : ?>
347
  placeholder="<?php echo esc_attr( $args['placeholder'] ); ?>"
348
  <?php endif; ?>
349
+ <?php if ( ! empty( $args['min'] ) ) : ?>
350
  min="<?php echo esc_attr( $args['min'] ); ?>"
351
  <?php endif; ?>
352
+ <?php if ( ! empty( $args['max'] ) ) : ?>
353
  max="<?php echo esc_attr( $args['max'] ); ?>"
354
  <?php endif; ?>
355
+ <?php if ( ! empty( $args['step'] ) ) : ?>
356
  step="<?php echo esc_attr( $args['step'] ); ?>"
357
  <?php endif; ?>
358
  />
397
  selected="selected"
398
  <?php endif; ?>
399
  >
400
+ <?php echo esc_html( $label ); ?>
401
  </option>
402
  <?php endforeach; ?>
403
  </select>
core/admin/tables/class-logtable.php CHANGED
@@ -154,7 +154,7 @@ class LogTable extends WP_List_Table {
154
  // @codingStandardsIgnoreLine
155
  $order = ! empty( $_REQUEST['order'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['order'] ) ) : 'desc';
156
  // @codingStandardsIgnoreLine
157
- $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['orderby'] ) ) : 'date_added';
158
 
159
  // @codingStandardsIgnoreLine
160
  $log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['type'] ) ) : false;
154
  // @codingStandardsIgnoreLine
155
  $order = ! empty( $_REQUEST['order'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['order'] ) ) : 'desc';
156
  // @codingStandardsIgnoreLine
157
+ $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['orderby'] ) ) : 'date_recorded';
158
 
159
  // @codingStandardsIgnoreLine
160
  $log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['type'] ) ) : false;
core/class-settings.php CHANGED
@@ -120,15 +120,15 @@ class Settings {
120
  'html' => sprintf(
121
  wp_kses(
122
  /* translators: %s: url */
123
- __( '<a href="%s" class="button button-primary">Override &amp; Update Settings</a>', 'zerospam' ),
124
  array(
125
- 'a' => array(
126
  'href' => array(),
127
  'class' => array(),
128
  ),
129
  )
130
  ),
131
- esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=auto-configure' ) )
132
  ),
133
  );
134
 
@@ -142,7 +142,7 @@ class Settings {
142
  /* translators: %s: url */
143
  __( 'Join <a href="%1$s" target="_blank" rel="noreferrer noopener">Zero Spam\'s global community</a> &amp; report detections by opting in to share non-sensitive data. <a href="%2$s" target="_blank" rel="noreferrer noopener">Learn more</a>.', 'zerospam' ),
144
  array(
145
- 'a' => array(
146
  'target' => array(),
147
  'href' => array(),
148
  'rel' => array(),
@@ -207,11 +207,11 @@ class Settings {
207
  'title' => __( 'IP Block Method', 'zerospam' ),
208
  'desc' => sprintf(
209
  wp_kses(
210
- /* translators: %s: url */
211
- __( '.htaccess is preferred for performance, however <strong>choosing the wrong Apache version or adding <a href="%s" target="_blank" rel="noreferrer noopener">more than 8190 characters</a> could cause the website to crash</strong> and require a manual fix to the .htaccess file. If this happens &amp; you\'re unsure how to fix, contact <a href="%s" target="_blank" rel="noreferrer noopener">Highfivery</a> for a rapid response and resolution.', 'zerospam' ),
212
  array(
213
  'strong' => array(),
214
- 'a' => array(
215
  'target' => array(),
216
  'href' => array(),
217
  'rel' => array(),
@@ -314,15 +314,15 @@ class Settings {
314
  'html' => sprintf(
315
  wp_kses(
316
  /* translators: %s: url */
317
- __( '<a href="%s" class="button button-primary">Override &amp; Update Blocked Email Domains</a>', 'zerospam' ),
318
  array(
319
- 'a' => array(
320
  'href' => array(),
321
  'class' => array(),
322
  ),
323
  )
324
  ),
325
- esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=update-blocked-email-domains' ) )
326
  ),
327
  );
328
 
@@ -343,15 +343,15 @@ class Settings {
343
  'html' => sprintf(
344
  wp_kses(
345
  /* translators: %s: url */
346
- __( '<a href="%s" class="button button-primary">Regenerate Honeypot ID</a>', 'zerospam' ),
347
  array(
348
- 'a' => array(
349
  'href' => array(),
350
  'class' => array(),
351
  ),
352
  )
353
  ),
354
- esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=regenerate-honeypot' ) )
355
  ),
356
  );
357
 
@@ -363,15 +363,15 @@ class Settings {
363
  'html' => sprintf(
364
  wp_kses(
365
  /* translators: %s: url */
366
- __( '<a href="%s" class="button button-primary">Override &amp; Update Core Disallowed Words</a>', 'zerospam' ),
367
  array(
368
- 'a' => array(
369
  'href' => array(),
370
  'class' => array(),
371
  ),
372
  )
373
  ),
374
- esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=update-disallowed-words' ) )
375
  ),
376
  );
377
 
120
  'html' => sprintf(
121
  wp_kses(
122
  /* translators: %s: url */
123
+ __( '<a href="%s" class="button">Override &amp; Update Settings</a>', 'zerospam' ),
124
  array(
125
+ 'a' => array(
126
  'href' => array(),
127
  'class' => array(),
128
  ),
129
  )
130
  ),
131
+ wp_nonce_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=autoconfigure' ), 'autoconfigure', 'zerospam' )
132
  ),
133
  );
134
 
142
  /* translators: %s: url */
143
  __( 'Join <a href="%1$s" target="_blank" rel="noreferrer noopener">Zero Spam\'s global community</a> &amp; report detections by opting in to share non-sensitive data. <a href="%2$s" target="_blank" rel="noreferrer noopener">Learn more</a>.', 'zerospam' ),
144
  array(
145
+ 'a' => array(
146
  'target' => array(),
147
  'href' => array(),
148
  'rel' => array(),
207
  'title' => __( 'IP Block Method', 'zerospam' ),
208
  'desc' => sprintf(
209
  wp_kses(
210
+ /* translators: %1$s: Replaced with the apache docs URL, %2$s: Replaced with Highfivery's website URL */
211
+ __( '.htaccess is preferred for performance, however <strong>choosing the wrong Apache version or adding <a href="%1$s" target="_blank" rel="noreferrer noopener">more than 8190 characters</a> could cause the website to crash</strong> and require a manual fix to the .htaccess file. If this happens &amp; you\'re unsure how to fix, contact <a href="%2$s" target="_blank" rel="noreferrer noopener">Highfivery</a> for a rapid response and resolution.', 'zerospam' ),
212
  array(
213
  'strong' => array(),
214
+ 'a' => array(
215
  'target' => array(),
216
  'href' => array(),
217
  'rel' => array(),
314
  'html' => sprintf(
315
  wp_kses(
316
  /* translators: %s: url */
317
+ __( '<a href="%s" class="button">Override &amp; Update Blocked Email Domains</a>', 'zerospam' ),
318
  array(
319
+ 'a' => array(
320
  'href' => array(),
321
  'class' => array(),
322
  ),
323
  )
324
  ),
325
+ wp_nonce_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=update-blocked-emails' ), 'update-blocked-emails', 'zerospam' )
326
  ),
327
  );
328
 
343
  'html' => sprintf(
344
  wp_kses(
345
  /* translators: %s: url */
346
+ __( '<a href="%s" class="button">Regenerate Honeypot ID</a>', 'zerospam' ),
347
  array(
348
+ 'a' => array(
349
  'href' => array(),
350
  'class' => array(),
351
  ),
352
  )
353
  ),
354
+ wp_nonce_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=regenerate-honeypot' ), 'regenerate-honeypot', 'zerospam' )
355
  ),
356
  );
357
 
363
  'html' => sprintf(
364
  wp_kses(
365
  /* translators: %s: url */
366
+ __( '<a href="%s" class="button">Override &amp; Update Core Disallowed Words</a>', 'zerospam' ),
367
  array(
368
+ 'a' => array(
369
  'href' => array(),
370
  'class' => array(),
371
  ),
372
  )
373
  ),
374
+ wp_nonce_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=update-disallowed-words' ), 'update-disallowed-words', 'zerospam' )
375
  ),
376
  );
377
 
includes/templates/settings/errors.php CHANGED
@@ -13,4 +13,9 @@ if ( ! $log ) {
13
  ?>
14
 
15
  <textarea readonly class="large-text code" rows="30"><?php echo esc_html( $log ); ?></textarea>
16
- <a href="<?php echo esc_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&amp;tab=error&amp;zerospam-action=delete-error-log' ) ); ?>" class="button button-primary"><?php esc_html_e( 'Clear Error Log' ); ?></a>
 
 
 
 
 
13
  ?>
14
 
15
  <textarea readonly class="large-text code" rows="30"><?php echo esc_html( $log ); ?></textarea>
16
+ <a
17
+ href="<?php echo esc_url( wp_nonce_url( admin_url( 'options-general.php?page=wordpress-zero-spam-settings&zerospam-action=delete-error-log' ), 'delete-error-log', 'zerospam' ) ); ?>"
18
+ class="button button-primary"
19
+ >
20
+ <?php esc_html_e( 'Clear Error Log', 'zerospam' ); ?>
21
+ </a>
modules/davidwalsh/assets/js/davidwalsh.js CHANGED
@@ -33,7 +33,7 @@
33
  };
34
 
35
  $(function() {
36
- var selectors = '#commentform, #registerform, .wpforms-form, .wpcf7-form, .frm-fluent-form, #loginform, .woocommerce-form-login, .mepr-signup-form, .mc4wp-form';
37
  if (typeof ZeroSpamDavidWalsh.selectors != "undefined" && ZeroSpamDavidWalsh.selectors ) {
38
  selectors += ',' + ZeroSpamDavidWalsh.selectors
39
  }
33
  };
34
 
35
  $(function() {
36
+ var selectors = '#commentform, #registerform, .wpforms-form, .wpcf7-form, .frm-fluent-form, #loginform, .woocommerce-form-login, .mepr-signup-form, .mc4wp-form, #mepr_loginform';
37
  if (typeof ZeroSpamDavidWalsh.selectors != "undefined" && ZeroSpamDavidWalsh.selectors ) {
38
  selectors += ',' + ZeroSpamDavidWalsh.selectors
39
  }
modules/davidwalsh/class-davidwalsh.php CHANGED
@@ -20,7 +20,7 @@ class DavidWalsh {
20
  * Constructor
21
  */
22
  public function __construct() {
23
- add_action( 'init', array( $this, 'init' ) );
24
  }
25
 
26
  /**
@@ -46,8 +46,9 @@ class DavidWalsh {
46
  add_action( 'zerospam_fluentforms_scripts', array( $this, 'enqueue_script' ) );
47
  add_action( 'zerospam_login_scripts', array( $this, 'enqueue_script' ) );
48
  add_action( 'zerospam_mailchimp4wp_scripts', array( $this, 'enqueue_script' ) );
 
49
  add_filter(
50
- 'zerospam_memberpress_scripts',
51
  function( $scripts ) {
52
  $scripts[] = 'zerospam-davidwalsh';
53
 
@@ -64,6 +65,7 @@ class DavidWalsh {
64
  add_filter( 'zerospam_preprocess_fluentform_submission', array( $this, 'validate_post' ), 10, 3 );
65
  add_filter( 'zerospam_preprocess_login_attempt', array( $this, 'validate_post' ), 10, 3 );
66
  add_filter( 'zerospam_preprocess_memberpress_registration', array( $this, 'validate_post' ), 10, 3 );
 
67
  add_filter( 'zerospam_preprocess_mailchimp4wp', array( $this, 'validate_post' ), 10, 3 );
68
  }
69
  }
20
  * Constructor
21
  */
22
  public function __construct() {
23
+ add_action( 'init', array( $this, 'init' ), 0 );
24
  }
25
 
26
  /**
46
  add_action( 'zerospam_fluentforms_scripts', array( $this, 'enqueue_script' ) );
47
  add_action( 'zerospam_login_scripts', array( $this, 'enqueue_script' ) );
48
  add_action( 'zerospam_mailchimp4wp_scripts', array( $this, 'enqueue_script' ) );
49
+ add_action( 'zerospam_memberpress_login_scripts', array( $this, 'enqueue_script' ) );
50
  add_filter(
51
+ 'zerospam_memberpress_registration_scripts',
52
  function( $scripts ) {
53
  $scripts[] = 'zerospam-davidwalsh';
54
 
65
  add_filter( 'zerospam_preprocess_fluentform_submission', array( $this, 'validate_post' ), 10, 3 );
66
  add_filter( 'zerospam_preprocess_login_attempt', array( $this, 'validate_post' ), 10, 3 );
67
  add_filter( 'zerospam_preprocess_memberpress_registration', array( $this, 'validate_post' ), 10, 3 );
68
+ add_filter( 'zerospam_preprocess_memberpress_login', array( $this, 'validate_post' ), 10, 3 );
69
  add_filter( 'zerospam_preprocess_mailchimp4wp', array( $this, 'validate_post' ), 10, 3 );
70
  }
71
  }
modules/memberpress/class-memberpress.php CHANGED
@@ -18,29 +18,52 @@ class MemberPress {
18
  * Constructor
19
  */
20
  public function __construct() {
21
- add_action( 'init', array( $this, 'init' ) );
22
  }
23
 
24
  /**
25
  * Fires after WordPress has finished loading but before any headers are sent.
26
  */
27
  public function init() {
 
 
28
  add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
29
  add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 2 );
30
  add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
31
 
32
- if (
33
- 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_memberpress_registration' ) &&
34
- \ZeroSpam\Core\Access::process()
35
- ) {
36
- // Add Zero Spam's honeypot field to the registration form.
37
- add_action( 'mepr-checkout-before-submit', array( $this, 'add_honeypot' ) );
38
 
39
- // Preprocess registration form submissions.
40
- add_filter( 'mepr-validate-signup', array( $this, 'process_form' ) );
41
 
42
- // Add scripts.
43
- add_filter( 'mepr-signup-scripts', array( $this, 'scripts' ), 10, 1 );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
44
  }
45
  }
46
 
@@ -50,7 +73,7 @@ class MemberPress {
50
  * @param array $prereqs Script keys.
51
  */
52
  public function scripts( $prereqs ) {
53
- $scripts = apply_filters( 'zerospam_memberpress_scripts', $prereqs );
54
 
55
  return $scripts;
56
  }
@@ -68,7 +91,7 @@ class MemberPress {
68
  *
69
  * @param array $errors Array of errors.
70
  */
71
- public function process_form( $errors ) {
72
  // @codingStandardsIgnoreLine
73
  $post = \ZeroSpam\Core\Utilities::sanitize_array( $_POST );
74
 
@@ -133,6 +156,66 @@ class MemberPress {
133
  return $errors;
134
  }
135
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
136
  /**
137
  * Add to the types array
138
  *
@@ -140,6 +223,7 @@ class MemberPress {
140
  */
141
  public function types( $types ) {
142
  $types['memberpress_registration'] = __( 'MemberPress Registration', 'zerospam' );
 
143
 
144
  return $types;
145
  }
@@ -164,6 +248,24 @@ class MemberPress {
164
  * @param array $options Array of saved database options.
165
  */
166
  public function settings( $settings, $options ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
167
  $settings['verify_memberpress_registration'] = array(
168
  'title' => __( 'Protect Registration Forms', 'zerospam' ),
169
  'section' => 'memberpress',
@@ -175,17 +277,15 @@ class MemberPress {
175
  'recommended' => 'enabled',
176
  );
177
 
178
- $message = __( 'Your IP has been flagged as spam/malicious.', 'zerospam' );
179
-
180
  $settings['memberpress_regsitration_spam_message'] = array(
181
  'title' => __( 'Registration Spam/Malicious Message', 'zerospam' ),
182
  'desc' => __( 'When registration protection is enabled, the message displayed to the user when a submission has been detected as spam/malicious.', 'zerospam' ),
183
  'section' => 'memberpress',
184
  'type' => 'text',
185
  'field_class' => 'large-text',
186
- 'placeholder' => $message,
187
- 'value' => ! empty( $options['memberpress_regsitration_spam_message'] ) ? $options['memberpress_regsitration_spam_message'] : $message,
188
- 'recommended' => $message,
189
  );
190
 
191
  $settings['log_blocked_memberpress_registrations'] = array(
@@ -203,6 +303,59 @@ class MemberPress {
203
  'recommended' => 'enabled',
204
  );
205
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
206
  return $settings;
207
  }
208
  }
18
  * Constructor
19
  */
20
  public function __construct() {
21
+ add_action( 'init', array( $this, 'init' ), 0 );
22
  }
23
 
24
  /**
25
  * Fires after WordPress has finished loading but before any headers are sent.
26
  */
27
  public function init() {
28
+ global $wp_query;
29
+
30
  add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
31
  add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 2 );
32
  add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
33
 
34
+ if ( \ZeroSpam\Core\Access::process() ) {
35
+ if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_memberpress_registration' ) ) {
36
+ // Add Zero Spam's honeypot field to the registration form.
37
+ add_action( 'mepr-checkout-before-submit', array( $this, 'add_honeypot' ) );
 
 
38
 
39
+ // Preprocess registration form submissions.
40
+ add_filter( 'mepr-validate-signup', array( $this, 'process_registration_form' ), 10, 1 );
41
 
42
+ // Add registration scripts.
43
+ add_filter( 'mepr-signup-scripts', array( $this, 'scripts' ), 10, 1 );
44
+ }
45
+
46
+ if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_memberpress_login' ) ) {
47
+ // Add Zero Spam's honeypot field to the login form.
48
+ add_action( 'mepr-login-form-before-submit', array( $this, 'add_honeypot' ) );
49
+
50
+ // Preprocess login form submissions.
51
+ add_filter( 'mepr-validate-login', array( $this, 'process_login_form' ), 10, 1 );
52
+
53
+ // Add login scripts.
54
+ add_action(
55
+ 'the_post',
56
+ function() {
57
+ $mepr_options = \MeprOptions::fetch();
58
+ $login_page_id = ( ! empty( $mepr_options->login_page_id ) && $mepr_options->login_page_id > 0 ) ? $mepr_options->login_page_id : 0;
59
+ $is_login_page = is_page( $login_page_id );
60
+
61
+ if ( $is_login_page ) {
62
+ do_action( 'zerospam_memberpress_login_scripts' );
63
+ }
64
+ }
65
+ );
66
+ }
67
  }
68
  }
69
 
73
  * @param array $prereqs Script keys.
74
  */
75
  public function scripts( $prereqs ) {
76
+ $scripts = apply_filters( 'zerospam_memberpress_registration_scripts', $prereqs );
77
 
78
  return $scripts;
79
  }
91
  *
92
  * @param array $errors Array of errors.
93
  */
94
+ public function process_registration_form( $errors ) {
95
  // @codingStandardsIgnoreLine
96
  $post = \ZeroSpam\Core\Utilities::sanitize_array( $_POST );
97
 
156
  return $errors;
157
  }
158
 
159
+ /**
160
+ * Processes a login submission.
161
+ *
162
+ * @param array $errors Array of errors.
163
+ */
164
+ public function process_login_form( $errors ) {
165
+ // @codingStandardsIgnoreLine
166
+ $post = \ZeroSpam\Core\Utilities::sanitize_array( $_POST );
167
+
168
+ // Get the error message.
169
+ $error_message = \ZeroSpam\Core\Utilities::detection_message( 'memberpress_login_spam_message' );
170
+
171
+ // Create the details array for logging & sharing data.
172
+ $details = array(
173
+ 'post' => $post,
174
+ 'type' => 'memberpress_login',
175
+ );
176
+
177
+ // Check Zero Spam's honeypot field.
178
+ $honeypot_field_name = \ZeroSpam\Core\Utilities::get_honeypot();
179
+
180
+ // Begin validation checks.
181
+ $validation_errors = array();
182
+
183
+ if ( isset( $post[ $honeypot_field_name ] ) && ! empty( $post[ $honeypot_field_name ] ) ) {
184
+ // Failed the honeypot check.
185
+ $validation_errors[] = 'honeypot';
186
+ }
187
+
188
+ // Fire hook for additional validation (ex. David Walsh script).
189
+ // @codingStandardsIgnoreLine
190
+ $filtered_errors = apply_filters( 'zerospam_preprocess_memberpress_login', array(), $post, 'memberpress_login_spam_message' );
191
+ if ( ! empty( $filtered_errors ) ) {
192
+ foreach ( $filtered_errors as $key => $message ) {
193
+ $validation_errors[] = str_replace( 'zerospam_', '', $key );
194
+ }
195
+ }
196
+
197
+ if ( ! empty( $validation_errors ) ) {
198
+ // Failed validations, log & send details if enabled.
199
+ foreach ( $validation_errors as $key => $fail ) {
200
+ $details['failed'] = $fail;
201
+
202
+ // Log the detection if enabled.
203
+ if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'log_blocked_memberpress_logins' ) ) {
204
+ \ZeroSpam\Includes\DB::log( 'memberpress_login', $details );
205
+ }
206
+
207
+ // Share the detection if enabled.
208
+ if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'share_data' ) ) {
209
+ do_action( 'zerospam_share_detection', $details );
210
+ }
211
+ }
212
+
213
+ $errors[] = $error_message;
214
+ }
215
+
216
+ return $errors;
217
+ }
218
+
219
  /**
220
  * Add to the types array
221
  *
223
  */
224
  public function types( $types ) {
225
  $types['memberpress_registration'] = __( 'MemberPress Registration', 'zerospam' );
226
+ $types['memberpress_login'] = __( 'MemberPress Login', 'zerospam' );
227
 
228
  return $types;
229
  }
248
  * @param array $options Array of saved database options.
249
  */
250
  public function settings( $settings, $options ) {
251
+ $default_spam_message = __( 'Your IP has been flagged as spam/malicious.', 'zerospam' );
252
+
253
+ // Registration protection.
254
+ $settings['memberpress_registration_info'] = array(
255
+ 'section' => 'memberpress',
256
+ 'type' => 'html',
257
+ 'html' => sprintf(
258
+ wp_kses(
259
+ __( '<h3 style="margin: 0">Registration Protection</h3>', 'zerospam' ),
260
+ array(
261
+ 'h3' => array(
262
+ 'style' => array(),
263
+ ),
264
+ )
265
+ )
266
+ ),
267
+ );
268
+
269
  $settings['verify_memberpress_registration'] = array(
270
  'title' => __( 'Protect Registration Forms', 'zerospam' ),
271
  'section' => 'memberpress',
277
  'recommended' => 'enabled',
278
  );
279
 
 
 
280
  $settings['memberpress_regsitration_spam_message'] = array(
281
  'title' => __( 'Registration Spam/Malicious Message', 'zerospam' ),
282
  'desc' => __( 'When registration protection is enabled, the message displayed to the user when a submission has been detected as spam/malicious.', 'zerospam' ),
283
  'section' => 'memberpress',
284
  'type' => 'text',
285
  'field_class' => 'large-text',
286
+ 'placeholder' => $default_spam_message,
287
+ 'value' => ! empty( $options['memberpress_regsitration_spam_message'] ) ? $options['memberpress_regsitration_spam_message'] : $default_spam_message,
288
+ 'recommended' => $default_spam_message,
289
  );
290
 
291
  $settings['log_blocked_memberpress_registrations'] = array(
303
  'recommended' => 'enabled',
304
  );
305
 
306
+ // User login protection.
307
+ $settings['memberpress_login_info'] = array(
308
+ 'section' => 'memberpress',
309
+ 'type' => 'html',
310
+ 'html' => sprintf(
311
+ wp_kses(
312
+ __( '<h3 style="margin-bottom: 0">User Login Protection</h3>', 'zerospam' ),
313
+ array(
314
+ 'h3' => array(
315
+ 'style' => array(),
316
+ ),
317
+ )
318
+ )
319
+ ),
320
+ );
321
+
322
+ $settings['verify_memberpress_login'] = array(
323
+ 'title' => __( 'Protect Login Forms', 'zerospam' ),
324
+ 'section' => 'memberpress',
325
+ 'type' => 'checkbox',
326
+ 'options' => array(
327
+ 'enabled' => __( 'Monitor MemberPress logins for malicious or automated spambots.', 'zerospam' ),
328
+ ),
329
+ 'value' => ! empty( $options['verify_memberpress_login'] ) ? $options['verify_memberpress_login'] : false,
330
+ 'recommended' => 'enabled',
331
+ );
332
+
333
+ $settings['memberpress_login_spam_message'] = array(
334
+ 'title' => __( 'Login Spam/Malicious Message', 'zerospam' ),
335
+ 'desc' => __( 'When login protection is enabled, the message displayed to the user when a submission has been detected as spam/malicious.', 'zerospam' ),
336
+ 'section' => 'memberpress',
337
+ 'type' => 'text',
338
+ 'field_class' => 'large-text',
339
+ 'placeholder' => $default_spam_message,
340
+ 'value' => ! empty( $options['memberpress_login_spam_message'] ) ? $options['memberpress_login_spam_message'] : $default_spam_message,
341
+ 'recommended' => $default_spam_message,
342
+ );
343
+
344
+ $settings['log_blocked_memberpress_logins'] = array(
345
+ 'title' => __( 'Log Blocked Logins', 'zerospam' ),
346
+ 'section' => 'memberpress',
347
+ 'type' => 'checkbox',
348
+ 'desc' => wp_kses(
349
+ __( 'Enables logging blocked login attempts. <strong>Recommended for enhanced protection.</strong>', 'zerospam' ),
350
+ array( 'strong' => array() )
351
+ ),
352
+ 'options' => array(
353
+ 'enabled' => __( 'Enabled', 'zerospam' ),
354
+ ),
355
+ 'value' => ! empty( $options['log_blocked_memberpress_logins'] ) ? $options['log_blocked_memberpress_logins'] : false,
356
+ 'recommended' => 'enabled',
357
+ );
358
+
359
  return $settings;
360
  }
361
  }
readme.txt CHANGED
@@ -5,7 +5,7 @@ Donate link: https://www.zerospam.org/subscribe/
5
  Requires at least: 5.2
6
  Tested up to: 5.8.2
7
  Requires PHP: 7.3
8
- Stable tag: 5.2.7
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
@@ -103,6 +103,12 @@ If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs
103
 
104
  == Changelog ==
105
 
 
 
 
 
 
 
106
  = v5.2.7 =
107
 
108
  * perf(settings): performance improvement to settings being loaded
5
  Requires at least: 5.2
6
  Tested up to: 5.8.2
7
  Requires PHP: 7.3
8
+ Stable tag: 5.2.8
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
103
 
104
  == Changelog ==
105
 
106
+ = v5.2.8 =
107
+
108
+ * feat(memberpress): resolves #286, added support for the memberpress login page
109
+ * fix(memberpress): updated memberpress sign-up hook priority to ensure it runs
110
+ * refactor(admin): now using nonces to process zero spam admin actions
111
+
112
  = v5.2.7 =
113
 
114
  * perf(settings): performance improvement to settings being loaded
wordpress-zero-spam.php CHANGED
@@ -13,7 +13,7 @@
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://www.highfivery.com/projects/zero-spam/
15
  * Description: Tired of all the worthless and bloated WordPress anti-spam & security plugins? WordPress Zero Spam makes blocking spam &amp; malicious activity a cinch. <strong>Just install, activate, configure, and say goodbye to spam.</strong>
16
- * Version: 5.2.7
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.3
19
  * Author: Highfivery LLC
@@ -31,7 +31,7 @@ defined( 'ABSPATH' ) || die();
31
  define( 'ZEROSPAM', __FILE__ );
32
  define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33
  define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34
- define( 'ZEROSPAM_VERSION', '5.2.7' );
35
 
36
  if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
37
  define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://www.highfivery.com/projects/zero-spam/
15
  * Description: Tired of all the worthless and bloated WordPress anti-spam & security plugins? WordPress Zero Spam makes blocking spam &amp; malicious activity a cinch. <strong>Just install, activate, configure, and say goodbye to spam.</strong>
16
+ * Version: 5.2.8
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.3
19
  * Author: Highfivery LLC
31
  define( 'ZEROSPAM', __FILE__ );
32
  define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33
  define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34
+ define( 'ZEROSPAM_VERSION', '5.2.8' );
35
 
36
  if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
37
  define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );