function spamshield_comment_content_filter($commentdata, $spamshield_options) { /*** * Content Filter aka "The Algorithmic Layer" * Blocking the Obvious to Improve Human/Pingback/Trackback Defense ***/ /* Timer Start - Content Filter */ if (empty($commentdata['start_time_content_filter'])) { $wpss_start_time_content_filter = spamshield_microtime(); $commentdata['start_time_content_filter'] = $wpss_start_time_content_filter; } $content_filter_status = $wpss_error_code = ''; /* Must go before tests */ spamshield_update_session_data($spamshield_options); /* TEST 0 - See if user has already been blacklisted this session */ if (!is_user_logged_in() && spamshield_ubl_cache()) { if (empty($content_filter_status)) { $content_filter_status = '3'; } /* 1.8 - Changed from '2' to '3' */ $wpss_error_code .= ' 0-BL'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : ''; $post_ref2xjs_lc = spamshield_casetrans('lower', $post_ref2xjs); /* CONTENT FILTERING - BEGIN */ $commentdata_comment_post_id = $commentdata['comment_post_ID']; $commentdata_comment_post_title = $commentdata['comment_post_title']; $commentdata_comment_post_title_lc = spamshield_casetrans('lower', $commentdata_comment_post_title); $commentdata_comment_post_title_lc_regex = spamshield_preg_quote($commentdata_comment_post_title_lc); $commentdata_comment_post_url = $commentdata['comment_post_url']; $commentdata_comment_post_url_lc = spamshield_casetrans('lower', $commentdata_comment_post_url); $commentdata_comment_post_url_lc_regex = spamshield_preg_quote($commentdata_comment_post_url_lc); $commentdata_comment_post_type = $commentdata['comment_post_type']; /* Possible results: 'post', 'page', 'attachment', 'revision', 'nav_menu_item' */ /* Next two are boolean */ $commentdata_comment_post_comments_open = $commentdata['comment_post_comments_open']; $commentdata_comment_post_pings_open = $commentdata['comment_post_pings_open']; $commentdata_comment_author = $commentdata['comment_author']; $commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author); $commentdata_comment_author_lc = spamshield_casetrans('lower', $commentdata_comment_author); $commentdata_comment_author_lc_regex = spamshield_preg_quote($commentdata_comment_author_lc); $commentdata_comment_author_lc_words = spamshield_count_words($commentdata_comment_author_lc); $commentdata_comment_author_lc_space = ' ' . $commentdata_comment_author_lc . ' '; $commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc); $commentdata_comment_author_lc_deslashed_regex = spamshield_preg_quote($commentdata_comment_author_lc_deslashed); $commentdata_comment_author_lc_deslashed_words = spamshield_count_words($commentdata_comment_author_lc_deslashed); $commentdata_comment_author_lc_deslashed_space = ' ' . $commentdata_comment_author_lc_deslashed . ' '; $commentdata_comment_author_email = $commentdata['comment_author_email']; $commentdata_comment_author_email_lc = spamshield_casetrans('lower', $commentdata_comment_author_email); $commentdata_comment_author_email_lc_regex = spamshield_preg_quote($commentdata_comment_author_email_lc); $commentdata_comment_author_url = $commentdata['comment_author_url']; $commentdata_comment_author_url_lc = spamshield_casetrans('lower', $commentdata_comment_author_url); $commentdata_comment_author_url_lc_regex = spamshield_preg_quote($commentdata_comment_author_url_lc); $commentdata_comment_author_url_domain_lc = spamshield_get_domain($commentdata_comment_author_url_lc); $commentdata_comment_content = $commentdata['comment_content']; $commentdata_comment_content_lc = spamshield_casetrans('lower', $commentdata_comment_content); $commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc); $commentdata_comment_content_extracted_urls = spamshield_parse_links($commentdata_comment_content_lc_deslashed, 'url'); /* Parse comment content for all URLs */ $commentdata_comment_content_extracted_urls_at = spamshield_parse_links($commentdata_comment_content_lc_deslashed, 'url_at'); /* Parse comment content for Anchor Text Link URLs */ $commentdata_comment_content_num_links = count($commentdata_comment_content_extracted_urls); /* Count extracted URLS from body content - Added 1.8.4 */ $commentdata_comment_content_num_limit = 3; /* Max number of links in comment body content */ $replace_apostrophes = array('’', '`', '´', '`', ''', '`', 'e', '‘', '’', 'ž', '´', 'Ï', 'Ð', '‘', '’'); $commentdata_comment_content_lc_norm_apost = str_replace($replace_apostrophes, "'", $commentdata_comment_content_lc_deslashed); $commentdata_comment_type = $commentdata['comment_type']; /* if ( $commentdata_comment_type != 'pingback' && $commentdata_comment_type != 'trackback' ) { $commentdata_comment_type = 'comment'; } */ $commentdata_user_agent = spamshield_get_user_agent(TRUE, FALSE); $commentdata_user_agent_lc = spamshield_casetrans('lower', $commentdata_user_agent); $user_http_accept = spamshield_get_http_accept(TRUE, TRUE); $user_http_accept_language = spamshield_get_http_accept(TRUE, TRUE, TRUE); $commentdata_remote_addr = spamshield_get_ip_addr(); $commentdata_remote_addr_regex = spamshield_preg_quote($commentdata_remote_addr); $commentdata_remote_addr_lc = spamshield_casetrans('lower', $commentdata_remote_addr); $commentdata_remote_addr_lc_regex = spamshield_preg_quote($commentdata_remote_addr_lc); $commentdata_referrer = spamshield_get_referrer(); $commentdata_referrer_lc = spamshield_casetrans('lower', $commentdata_referrer); $commentdata_blog = RSMP_SITE_URL; $commentdata_blog_lc = spamshield_casetrans('lower', $commentdata_blog); $commentdata_php_self = $_SERVER['PHP_SELF']; $commentdata_php_self_lc = spamshield_casetrans('lower', $commentdata_php_self); $wp_comments_post_url = $commentdata_blog_lc . '/wp-comments-post.php'; $blog_server_ip = RSMP_SERVER_ADDR; $blog_server_name = RSMP_SERVER_NAME; /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = spamshield_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ /*** * Post Type Filter - INVALTY * Removed V 1.1.7 - Found Exception ***/ /* Simple Filters */ /* BEING DEPRECATED... */ $blacklist_word_combo_total_limit = 10; /* you may increase to 30+ if blog's topic is adult in nature - DEPRECATED */ $blacklist_word_combo_total = 0; /* Body Content - Check for excessive number of links in message ( body_content ) - 1.8.4 */ if ($commentdata_comment_content_num_links > $commentdata_comment_content_num_limit) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 1-HT'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /*** * Authors Only - Non-Trackback * Removed Filters 300-423 and replaced with Regex ***/ /* Author Blacklist Check - Invalid Author Names - Stopping Human Spam */ if ($commentdata_comment_type != 'trackback' && $commentdata_comment_type != 'pingback' && spamshield_anchortxt_blacklist_chk($commentdata_comment_author_lc_deslashed, '', 'author', $commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500A-BL'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - BEGIN */ /* 10500-13000 - Complex Test for terms in Comment Author/URL - $commentdata_comment_author_lc_deslashed/$commentdata_comment_author_url_domain_lc */ /* Blacklisted Domains Check */ if (spamshield_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500AU-BL'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */ if (spamshield_at_link_spam_url_chk($commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10510AU-BL'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Testing for a unique identifying string from the comment content in the Author URL Domain */ preg_match("~\\s+([a-z0-9]{6,})\$~i", $commentdata_comment_content_lc_deslashed, $wpss_str_matches); if (!empty($wpss_str_matches[1])) { $wpss_spammer_id_string = $wpss_str_matches[1]; } else { $wpss_spammer_id_string = ''; } $commentdata_comment_author_url_domain_lc_elements = explode('.', $commentdata_comment_author_url_domain_lc); $commentdata_comment_author_url_domain_lc_elements_count = count($commentdata_comment_author_url_domain_lc_elements) - 1; if (!empty($wpss_spammer_id_string)) { $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $commentdata_comment_author_url_domain_lc_elements_count && $i < $i_max) { if (!empty($commentdata_comment_author_url_domain_lc_elements[$i])) { if ($commentdata_comment_author_url_domain_lc_elements[$i] == $wpss_spammer_id_string) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10511AUA'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } $i++; } } /*** * Potential Exploits * Includes protection for Trackbacks and Pingbacks ***/ /* Check Author URL for Exploits */ if (spamshield_exploit_url_chk($commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 15000AU-XPL'; /* Added in 1.4 - Replacing 15001AU-XPL and 15002AU-XPL, and adds additional protection */ return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - END */ $blacklist_word_combo_limit = 7; $blacklist_word_combo = 0; $i = 0; /* Regular Expression Tests - 2nd Gen - Comment Content - BEGIN */ /* Miscellaneous Patterns that Keep Repeating */ if (preg_match("~^([0-9]{6})\\s([0-9]{6})(.*)\\s([0-9]{6})\$~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10401C'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Blacklisted Anchor Text Check - Links in Content - Stopping Human Spam */ if (spamshield_anchortxt_blacklist_chk($commentdata_comment_content_lc_deslashed, '', 'content') && $commentdata_comment_type != 'trackback' && $commentdata_comment_type != 'pingback') { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500CAT-BL'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Blacklisted Domains Check - Links in Content */ if (spamshield_link_blacklist_chk($commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500CU-BL'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check Anchor Text Links for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */ if (spamshield_at_link_spam_url_chk($commentdata_comment_content_extracted_urls_at)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10510CU-BL'; /* Replacing 10510CU-MSC */ return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check all URL's in Comment Content for Exploits */ if (spamshield_exploit_url_chk($commentdata_comment_content_extracted_urls)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 15000CU-XPL'; /* Added in 1.4 */ return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Content - END */ /*** * Test Comment Author * Words in Comment Author Repeated in Content - With Keyword Density ***/ $repeated_terms_filters = array('.', '-', ':'); $repeated_terms_temp_phrase = str_replace($repeated_terms_filters, '', $commentdata_comment_author_lc_deslashed); $repeated_terms_test = explode(' ', $repeated_terms_temp_phrase); $repeated_terms_test_count = count($repeated_terms_test); $comment_content_total_words = spamshield_count_words($commentdata_comment_content_lc_deslashed); $i = 0; while ($i < $repeated_terms_test_count) { if (!empty($repeated_terms_test[$i])) { $repeated_terms_in_content_count = spamshield_substr_count($commentdata_comment_content_lc_deslashed, $repeated_terms_test[$i]); $repeated_terms_in_content_str_len = spamshield_strlen($repeated_terms_test[$i]); if ($repeated_terms_in_content_count > 1 && $comment_content_total_words < $repeated_terms_in_content_count) { $repeated_terms_in_content_count = 1; } $repeated_terms_in_content_density = $repeated_terms_in_content_count / $comment_content_total_words * 100; if ($repeated_terms_in_content_count >= 5 && $repeated_terms_in_content_str_len >= 4 && $repeated_terms_in_content_density > 40) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9000-' . $i; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } $i++; } /* Comment Author and URL Tests */ if (!empty($commentdata_comment_author_url_lc) && !empty($commentdata_comment_author_lc_deslashed)) { /* Comment Author and Comment Author URL appearing in Content - REGEX VERSION */ if (preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*{$commentdata_comment_author_url_lc_regex}([a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]*)(['\"])?(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9100-1'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($commentdata_comment_author_url_lc == $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)\\s*(['\"])?\\s*(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9101'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if (preg_match("~^((ww[w0-9]|m)\\.)?{$commentdata_comment_author_lc_deslashed_regex}\$~i", $commentdata_comment_author_url_domain_lc) && !preg_match("~https?\\:/+~i", $commentdata_comment_author_lc_deslashed)) { /* Changed to include Trackbacks and Pingbacks in 1.1.4.4 */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9102'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($commentdata_comment_author_url_lc == $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9103'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /*** * Email Filters * New Test with Blacklists ***/ if (spamshield_email_blacklist_chk($commentdata_comment_author_email_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9200E-BL'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TEST REFERRERS 1 - TO THE COMMENT PROCESSOR */ if (strpos($wp_comments_post_url, $commentdata_php_self_lc) !== FALSE && $commentdata_referrer_lc == $wp_comments_post_url) { /* Often spammers send the referrer as the URL for the wp-comments-post.php page. */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' REF-1-1011'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TEST REFERRERS 2 - SPAMMERS SEARCHING FOR PAGES TO COMMENT ON */ if (!empty($post_ref2xjs)) { $ref2xJS = addslashes(urldecode($post_ref2xjs)); $ref2xJS = str_replace('%3A', ':', $ref2xJS); $ref2xJS = str_replace(' ', '+', $ref2xJS); $ref2xJS = esc_url_raw($ref2xJS); $ref2xJS_lc = spamshield_casetrans('lower', $ref2xJS); if (preg_match("~\\.google\\.co(m|\\.[a-z]{2})~i", $ref2xJS) && strpos($ref2xJS_lc, 'leave a comment') !== FALSE) { /* make test more robust for other versions of google & search query */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' REF-2-1021'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* add Keyword Script Here */ } /*** * TEST REFERRERS 3 - TO THE PAGE BEING COMMENTED ON * DISABLED IN V1.5.9 ***/ /* Spam Network - BEGIN */ /*** * PART OF BAD ROBOTS TEST - BEGIN * Test User-Agents ***/ if (empty($commentdata_user_agent_lc)) { /* There is no reason for a blank UA String, unless it's been altered or a bot. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1001'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } $commentdata_user_agent_lc_word_count = spamshield_count_words($commentdata_user_agent_lc); if (!empty($commentdata_user_agent_lc) && $commentdata_user_agent_lc_word_count < 3) { if ($commentdata_comment_type != 'trackback' && $commentdata_comment_type != 'pingback' || strpos($commentdata_user_agent_lc, 'movabletype') === FALSE && $commentdata_comment_type == 'trackback') { /* Another test for altered UA's. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1003'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } if (spamshield_skiddie_ua_check($commentdata_user_agent_lc)) { /* There is no reason for a human to use one of these UA strings. Commonly used to attack/spam WP. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1004'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* PART OF BAD ROBOTS TEST - END */ if ($commentdata_comment_type != 'trackback' && $commentdata_comment_type != 'pingback') { /*** * PART OF BAD ROBOTS TEST - BEGIN * Test HTTP_ACCEPT ***/ if (empty($user_http_accept)) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1001'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* HA1002 removed in 1.9.0.3 */ if ($user_http_accept == '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1003'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* More complex test for invalid 'HTTP_ACCEPT' */ $user_http_accept_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept); $user_http_accept_elements = explode(',', $user_http_accept_mod_1); $user_http_accept_elements_count = count($user_http_accept_elements); $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $user_http_accept_elements_count && $i < $i_max) { if (!empty($user_http_accept_elements[$i])) { if ($user_http_accept_elements[$i] == '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1004'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } $i++; } /* Test HTTP_ACCEPT_LANGUAGE */ if (empty($user_http_accept_language)) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1001'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($user_http_accept_language == '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1002'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* More complex test for invalid 'HTTP_ACCEPT_LANGUAGE' */ $user_http_accept_language_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept_language); $user_http_accept_language_elements = explode(',', $user_http_accept_language_mod_1); $user_http_accept_language_elements_count = count($user_http_accept_language_elements); $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $user_http_accept_language_elements_count && $i < $i_max) { if (!empty($user_http_accept_language_elements[$i])) { if ($user_http_accept_language_elements[$i] == '*' && strpos($commentdata_user_agent_lc, 'links (') !== 0) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1004'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } $i++; } /*** * HAL1005 - NOT IMPLEMENTED * PART OF BAD ROBOTS TEST - END ***/ /*** * Test PROXY STATUS if option * Google Chrome Compression Proxy Bypass ***/ if ($ip_proxy == 'PROXY DETECTED' && $ip_proxy_chrome_compression != 'TRUE' && empty($spamshield_options['allow_proxy_users'])) { $content_filter_status = '10'; $wpss_error_code .= ' PROXY1001'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /*** * Test IPs - was here * IP1003 - Removed in 1.8 ***/ /* Reverse DNS Server Tests - BEGIN */ if ($commentdata_comment_type != 'pingback' && $commentdata_comment_type != 'trackback') { /* Test Reverse DNS Hosts - Do all with Reverse DNS not Remote Host */ $rev_dns_filter_data = spamshield_revdns_filter('comment', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc); $revdns_blacklisted = $rev_dns_filter_data['blacklisted']; if (!empty($revdns_blacklisted)) { $content_filter_status = $rev_dns_filter_data['status']; $wpss_error_code .= $rev_dns_filter_data['error_code']; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* Reverse DNS Server Tests - END */ /* Spam Network - END */ /* Test Pingbacks and Trackbacks - OLD LOCATION */ /* Miscellaneous Preg Match Tests - Changed to regex in V1.8.4 */ $wpss_misc_spam_phrases_to_check = array('5000' => "~\\[\\.+\\]\\s+\\[\\.+\\]~", '5001' => "~^<new\\s+comment>\$~i", '5003' => "~^([a-z0-9\\s\\.,!]{0,12})?((he.a?|h([ily]{1,2}))(\\s+there)?|howdy|hello|bonjour|good\\s+day)([\\.,!])?\\s+(([ily]{1,2})\\s+know\\s+)?th([ily]{1,2})s\\s+([ily]{1,2})s\\s+([a-z\\s]{3,12}|somewhat|k([ily]{1,2})nd\\s*of)?(of{1,2}\\s+)?of{1,2}\\s+top([ily]{1,2})c\\s+(but|however)\\s+([ily]{1,2})\\s+(was\\s+wonder([ily]{1,2})nn?g?|need\\s+some\\s+adv([ily]{1,2})ce)~i", '5004' => "~^th([ily]{1,2})s\\s+([ily]{1,2})s\\s+k([ily]{1,2})nd\\s+of\\s+off\\s+top([ily]{1,2})c\\s+but~i"); /* 5002 - Removed in V1.8.4 */ foreach ($wpss_misc_spam_phrases_to_check as $ec => $rgx_phrase) { if (preg_match($rgx_phrase, $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' ' . $ec; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* BOILERPLATE: Add common boilerplate/template spam phrases... Add Blacklist functions */ /* WP Blacklist Check - BEGIN */ /* Test WP Blacklist if option set */ if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($content_filter_status)) { if (spamshield_blacklist_check($commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc, $commentdata_comment_author_url_lc, $commentdata_comment_content_lc_deslashed, $ip, $commentdata_user_agent_lc, '')) { if (empty($content_filter_status)) { $content_filter_status = '100'; } $wpss_error_code .= ' WP-BLACKLIST'; return spamshield_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* WP Blacklist Check - END */ /* Timer End - Content Filter */ $wpss_end_time_content_filter = spamshield_microtime(); $wpss_total_time_content_filter = spamshield_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE); $commentdata['total_time_content_filter'] = $wpss_total_time_content_filter; if (empty($wpss_error_code)) { $wpss_error_code = 'No Error'; } else { $wpss_error_code = trim($wpss_error_code); } /*** * $spamshield_error_data = array( $wpss_error_code, $blacklist_word_combo, $blacklist_word_combo_total ); */ $commentdata['wpss_error_code'] = trim($wpss_error_code); $commentdata['content_filter_status'] = $content_filter_status; return $commentdata; /* CONTENT FILTERING - END */ }
public function widget($args, $instance) { $title = !empty($instance['title']) ? sanitize_text_field($instance['title']) : __('Spam', WPSS_PLUGIN_NAME); $style = !empty($instance['style']) ? sanitize_text_field($instance['style']) : '6'; global $wpss_wid_inst; if (!isset($wpss_wid_inst)) { $wpss_wid_inst = 0; } ++$wpss_wid_inst; $style_max = 10; $style_min = 1; if (empty($style) || $style > $style_max || $style < $style_min) { $style = 1; } if ($style > 5) { $size = 's'; $imgn = $style - 5; $ht_x_diff = 7; } else { $size = 'lg'; $imgn = $style; $ht_x_diff = 0; } $count = spamshield_number_format(spamshield_count()); //$count = spamshield_number_format( 1000000 ); /* FOR TESTING & SCREEN SHOTS ONLY */ $byline = spamshield_promo_text(1); $sip1c = substr(RSMP_SERVER_ADDR, 0, 1); $ht_x = $sip1c > '5' ? 2 + $ht_x_diff : 3 + $ht_x_diff; $hreftitle_txt = spamshield_promo_text($ht_x); $blocked_txt = spamshield_blocked_txt(); $blocked_txt_len = spamshield_strlen($blocked_txt); echo $args['before_widget']; echo $args['before_title'] . $title . $args['after_title']; if ($size == 's') { /* Small */ /* Set dynamic CSS values */ $l1_let_spac = '1'; $l2_let_spac = '1'; /* Default Letter Spacing */ $l1_fnt_sz = '18'; $l2_fnt_sz = '10'; /* Default Font Size */ /* Check string length so we can adjust letter spacing and font size to make everything fit nicely, without JS */ if ($blocked_txt_len > 18) { $blocked_txt = 'SPAM BLOCKED'; } elseif ($blocked_txt_len > 16) { $l2_fnt_sz = '7'; } elseif ($blocked_txt_len > 14) { $l2_fnt_sz = '8'; } elseif ($blocked_txt_len > 13) { $l2_fnt_sz = '9'; } ?> <style type="text/css"> .wpsslstatssm_<?php echo $wpss_wid_inst; ?> { width: 120px; height: 50px; overflow: hidden; } .wpsslstatssm_<?php echo $wpss_wid_inst; ?> a { background: transparent; background:url(<?php echo WPSS_PLUGIN_COUNTER_URL; ?> /spamshield-counter-<?php echo $size; ?> -bg-<?php echo $imgn; ?> .png) no-repeat top left; background-position: 0px 0px; border-style: none; color: #FFF !important; cursor: pointer; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; padding: none; text-align: center; text-decoration: none; width: 120px; height: 50px; padding: 8px 0 0 0; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; } .wpsslstatssm_<?php echo $wpss_wid_inst; ?> a:hover { text-decoration: none; background:url(<?php echo WPSS_PLUGIN_COUNTER_URL; ?> /spamshield-counter-<?php echo $size; ?> -bg-<?php echo $imgn; ?> .png) no-repeat top left; background-position: 0px -50px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; } .wpsslstatssm_<?php echo $wpss_wid_inst; ?> a:active { text-decoration: none; background:url(<?php echo WPSS_PLUGIN_COUNTER_URL; ?> /spamshield-counter-<?php echo $size; ?> -bg-<?php echo $imgn; ?> .png) no-repeat top left; background-position: 0px -100px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; } .wpsslstatssm_<?php echo $wpss_wid_inst; ?> .wpsslcountsm_<?php echo $wpss_wid_inst; ?> { color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php echo $l1_fnt_sz; ?> px; line-height: 140% !important; letter-spacing: <?php echo $l1_let_spac; ?> px !important; padding: 0 0 0 0; white-space: nowrap; } .wpsslstatssm_<?php echo $wpss_wid_inst; ?> .wpsslcountsm2_<?php echo $wpss_wid_inst; ?> { color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php echo $l2_fnt_sz; ?> px; line-height: 70% !important; letter-spacing: <?php echo $l2_let_spac; ?> px !important; padding: 0 0 0 0; white-space: nowrap; } </style> <div class="wpsslstatssm_<?php echo $wpss_wid_inst; ?> "> <a href="<?php echo WPSS_HOME_URL; ?> " target="_blank" rel="external" title="<?php echo $hreftitle_txt; ?> "><?php printf(__('<strong class="wpsslcountsm_%1$s">%2$s</strong> <strong class="wpsslcountsm2_%3$s">%4$s</strong>', WPSS_PLUGIN_NAME), $wpss_wid_inst, $count, $wpss_wid_inst, $blocked_txt); ?> </a> </div> <?php } else { /* Large */ /* Set dynamic CSS values */ $l1_let_spac = '2'; $l2_let_spac = '1'; $l3_let_spac = '1'; /* Default Letter Spacing */ $l1_fnt_sz = '19'; $l2_fnt_sz = '12'; $l3_fnt_sz = '9'; /* Default Font Size */ /* Check string length so we can adjust letter spacing and font size to make everything fit nicely, without JS */ if ($blocked_txt_len > 18) { $blocked_txt = 'SPAM BLOCKED'; $byline = 'BY WP-SPAMSHIELD'; } elseif ($blocked_txt_len > 16) { $l2_let_spac = 1; $l3_let_spac = 1; $l2_fnt_sz = '9'; $l3_fnt_sz = '7'; } elseif ($blocked_txt_len > 14) { $l2_let_spac = 1; $l3_let_spac = 1; $l2_fnt_sz = '10'; $l3_fnt_sz = '8'; } elseif ($blocked_txt_len > 13) { $l2_let_spac = 1; $l3_let_spac = 1; $l2_fnt_sz = '11'; } ?> <style type="text/css"> .wpsslstats_<?php echo $wpss_wid_inst; ?> { width: 140px; height: 66px; overflow: hidden; } .wpsslstats_<?php echo $wpss_wid_inst; ?> a { background: transparent; background:url(<?php echo WPSS_PLUGIN_COUNTER_URL; ?> /spamshield-counter-<?php echo $size; ?> -bg-<?php echo $imgn; ?> .png) no-repeat top left; background-position: 0px 0px; border-style: none; color: #FFF !important; cursor: pointer; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; padding: none; text-align: center; text-decoration: none; width: 140px; height: 66px; padding: 8px 0 0 0; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; } .wpsslstats_<?php echo $wpss_wid_inst; ?> a:hover { text-decoration: none; background:url(<?php echo WPSS_PLUGIN_COUNTER_URL; ?> /spamshield-counter-<?php echo $size; ?> -bg-<?php echo $imgn; ?> .png) no-repeat top left; background-position: 0px -66px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important;} .wpsslstats_<?php echo $wpss_wid_inst; ?> a:active { text-decoration: none; background:url(<?php echo WPSS_PLUGIN_COUNTER_URL; ?> /spamshield-counter-<?php echo $size; ?> -bg-<?php echo $imgn; ?> .png) no-repeat top left; background-position: 0px -132px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; } .wpsslstats_<?php echo $wpss_wid_inst; ?> .wpsslcount_<?php echo $wpss_wid_inst; ?> { color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php echo $l1_fnt_sz; ?> px; line-height: 140% !important; letter-spacing: <?php echo $l1_let_spac; ?> px !important; padding: 0 0 0 0; white-space: nowrap; } .wpsslstats_<?php echo $wpss_wid_inst; ?> .wpsslcount2_<?php echo $wpss_wid_inst; ?> { color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php echo $l2_fnt_sz; ?> px; line-height: 80% !important; letter-spacing: <?php echo $l2_let_spac; ?> px !important; padding: 1px 0 0 0; white-space: nowrap; } .wpsslstats_<?php echo $wpss_wid_inst; ?> .wpsslcount3_<?php echo $wpss_wid_inst; ?> { font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php echo $l3_fnt_sz; ?> px; line-height: 70% !important; letter-spacing: <?php echo $l3_let_spac; ?> px !important; padding: 0 0 0 0; white-space: nowrap; position: relative; top: -2px; } </style> <div class="wpsslstats_<?php echo $wpss_wid_inst; ?> "> <a href="<?php echo WPSS_HOME_URL; ?> " target="_blank" rel="external" title="<?php echo $hreftitle_txt; ?> "><?php printf(__('<strong class="wpsslcount_%1$s">%2$s</strong> <strong class="wpsslcount2_%3$s">%4$s</strong> <span class="wpsslcount3_%5$s">%6$s</span>', WPSS_PLUGIN_NAME), $wpss_wid_inst, $count, $wpss_wid_inst, $blocked_txt, $wpss_wid_inst, $byline); ?> </a> </div> <?php } echo $args['after_widget']; }