public static function misc_form_bypass()
{
/**
* Miscellaneous Form Spam Check Bypass
*/
/* Setup necessary variables */
$url = rs_wpss_get_url();
$url_lc = rs_wpss_casetrans('lower', $url);
$req_uri = $_SERVER['REQUEST_URI'];
$req_uri_lc = rs_wpss_casetrans('lower', $req_uri);
$post_count = count($_POST);
$ip = rs_wpss_get_ip_addr();
$user_agent = rs_wpss_get_user_agent();
$referer = rs_wpss_get_referrer();
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
/* GEOLOCATION */
if ($post_count == 6 && isset($_POST['updatemylocation'], $_POST['log'], $_POST['lat'], $_POST['country'], $_POST['zip'], $_POST['myaddress'])) {
return TRUE;
}
/* WP Remote */
if (defined('WPRP_PLUGIN_SLUG') && !empty($_POST['wpr_verify_key']) && preg_match("~\\ WP\\-Remote\$~", $user_agent) && preg_match("~\\.amazonaws\\.com\$~", $reverse_dns)) {
return TRUE;
}
/* Ecommerce Plugins */
if ((rs_wpss_is_ssl() || !empty($_POST['add-to-cart']) || !empty($_POST['add_to_cart']) || !empty($_POST['addtocart']) || !empty($_POST['product-id']) || !empty($_POST['product_id']) || !empty($_POST['productid']) || $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') && self::is_ecom_enabled()) {
return TRUE;
}
if ((rs_wpss_is_ssl() || self::is_ecom_enabled()) && $fcrdns === '[Verified]') {
/* PayPal, Stripe, Authorize.net, Worldpay, etc */
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) || $reverse_dns === 'api.stripe.com' || preg_match("~(^|\\.)(authorize\\.net|worldpay\\.com|payfast\\.co\\.za|api\\.mollie\\.nl|api\\.simplifycommerce\\.com|wepayapi\\.com|2checkout\\.com|paylane\\.com)\$~", $reverse_dns)) {
return TRUE;
}
}
/* WooCommerce Payment Gateways */
if (self::is_woocom_enabled()) {
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || strpos($req_uri, 'WC_Gateway_Paypal') !== FALSE) {
return TRUE;
}
if (preg_match("~(^|\\.)payfast\\.co\\.za\$~", $reverse_dns) || strpos($req_uri, 'wc-api') !== FALSE && strpos($req_uri, 'WC_Gateway_PayFast') !== FALSE) {
return TRUE;
}
/* Plugin: 'woocommerce-gateway-payfast/gateway-payfast.php' */
if (preg_match("~((\\?|\\&)wc\\-api\\=WC_(Addons_)?Gateway_|/wc\\-api/.*WC_(Addons_)?Gateway_)~", $req_uri)) {
return TRUE;
}
/* $wc_gateways = array( 'WC_Gateway_BACS', 'WC_Gateway_Cheque', 'WC_Gateway_COD', 'WC_Gateway_Paypal', 'WC_Addons_Gateway_Simplify_Commerce', 'WC_Gateway_Simplify_Commerce' ); */
}
/* Easy Digital Downloads Payment Gateways */
if (defined('EDD_VERSION')) {
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || !empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'IPN' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'IPN') !== FALSE) {
return TRUE;
}
if (!empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'amazon' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'amazon') !== FALSE) {
return TRUE;
}
if (!empty($_GET['edd-listener']) || strpos($req_uri, 'edd-listener') !== FALSE) {
return TRUE;
}
}
/* Gravity Forms PayPal Payments Standard Add-On ( http://www.gravityforms.com/add-ons/paypal/ ) */
if (defined('GF_MIN_WP_VERSION') && defined('GF_PAYPAL_VERSION') || class_exists('GFForms') && class_exists('GF_PayPal_Bootstrap')) {
if ($url === WPSS_SITE_URL . '/?page=gf_paypal_ipn' && isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign'])) {
return TRUE;
}
}
/* PayPal IPN */
if (isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['payment_type'], $_POST['payment_status'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign']) && FALSE !== strpos($req_uri_lc, 'paypal') && $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') {
return TRUE;
}
/* Clef */
if (defined('CLEF_VERSION')) {
if (preg_match("~^Clef/[0-9](\\.[0-9]+)+\\ \\(https\\://getclef\\.com\\)\$~", $user_agent) && preg_match("~((^|\\.)clef\\.io|\\.amazonaws\\.com)\$~", $reverse_dns)) {
return TRUE;
}
}
/* OA Social Login */
if (defined('OA_SOCIAL_LOGIN_VERSION')) {
$ref_dom_rev = strrev(rs_wpss_get_domain($referer));
$oa_dom_rev = strrev('api.oneall.com');
if ($post_count >= 4 && isset($_GET['oa_social_login_source'], $_POST['oa_action'], $_POST['oa_social_login_token'], $_POST['connection_token'], $_POST['identity_vault_key']) && $_POST['oa_action'] === 'social_login' && strpos($ref_dom_rev, $oa_dom_rev) === 0) {
return TRUE;
}
}
/* Nothing was triggered */
return FALSE;
}
function rs_wpss_gf_spam_check($form)
{
/***
* Checks Gravity Forms submissions for spam
* Added 1.8.9.9, Modified 1.9.5
***/
if (rs_wpss_is_user_admin()) {
return $form;
}
global $spamshield_options;
if (empty($spamshield_options)) {
$spamshield_options = get_option('spamshield_options');
}
rs_wpss_update_session_data($spamshield_options);
if (!empty($spamshield_options['disable_gf_shield'])) {
return $form;
}
/* BYPASS - HOOK */
$gfsc_bypass = apply_filters('wpss_gf_spam_check_bypass', FALSE);
if (!empty($gfsc_bypass)) {
return $form;
}
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
$user_agent = rs_wpss_get_user_agent();
/* BYPASS - Ecommerce Plugins */
if ((rs_wpss_is_ssl() || !empty($_POST['add-to-cart']) || !empty($_POST['add_to_cart']) || !empty($_POST['addtocart']) || !empty($_POST['product-id']) || !empty($_POST['product_id']) || !empty($_POST['productid']) || preg_match("~^PayPal\\ IPN~", $user_agent) && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns)) && rs_wpss_is_ecom_enabled()) {
return $form;
}
$gf_filter_status = $wpss_error_code = '';
$gf_jsck_error = $gf_badrobot_error = FALSE;
$form_type = 'gravity forms';
$pref = 'GF-';
$errors_3p = array();
$error_txt = rs_wpss_error_txt();
$server_name = WPSS_SERVER_NAME;
$server_email_domain = rs_wpss_get_email_domain($server_name);
$gf_serial_post = serialize($_POST);
$form_auth_dat = array('comment_author' => '', 'comment_author_email' => '', 'comment_author_url' => '');
/* JS/JQUERY CHECK */
$wpss_key_values = rs_wpss_get_key_values();
$wpss_jq_key = $wpss_key_values['wpss_jq_key'];
$wpss_jq_val = $wpss_key_values['wpss_jq_val'];
if (TRUE === WPSS_COMPAT_MODE || defined('WPSS_SOFT_COMPAT_MODE')) {
/* Fall back to FVFJS Keys instead of jQuery keys from jscripts.php */
$wpss_jq_key = $wpss_key_values['wpss_js_key'];
$wpss_jq_val = $wpss_key_values['wpss_js_val'];
}
$wpss_jsck_jquery_val = !empty($_POST[$wpss_jq_key]) ? $_POST[$wpss_jq_key] : '';
if ($wpss_jsck_jquery_val !== $wpss_jq_val) {
$wpss_error_code .= ' ' . $pref . 'JQHFT-7';
$gf_jsck_error = TRUE;
$err_cod = 'jsck_error';
$err_msg = __('Sorry, there was an error. Please be sure JavaScript and Cookies are enabled in your browser and try again.', WPSS_PLUGIN_NAME);
$errors_3p[$err_cod] = $err_msg;
}
/* EMAIL BLACKLIST */
foreach ($_POST as $k => $v) {
if (!is_string($v)) {
continue;
}
$k_lc = rs_wpss_casetrans('lower', $k);
$v_lc = rs_wpss_casetrans('lower', trim(stripslashes($v)));
if (is_email($v_lc)) {
$email_domain = rs_wpss_parse_email($v_lc, 'domain');
if ($email_domain === $server_email_domain) {
continue;
}
if (rs_wpss_email_blacklist_chk($v_lc)) {
$wpss_error_code .= ' ' . $pref . '9200E-BL';
if ($gf_jsck_error !== TRUE) {
$err_cod = 'blacklist_email_error';
$err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.');
$errors_3p[$err_cod] = $err_msg;
}
break;
}
}
}
/* CONTACT FORM CONTENT BLACKLIST */
foreach ($_POST as $k => $v) {
if (!is_string($v)) {
continue;
}
/* $k_lc = rs_wpss_casetrans('lower',$k); */
$v_lc = rs_wpss_casetrans('lower', trim(stripslashes($v)));
if (rs_wpss_cf_content_blacklist_chk($v_lc)) {
$wpss_error_code .= ' ' . $pref . '10400C-BL';
if ($gf_jsck_error !== TRUE) {
$err_cod = 'blacklist_content_error';
$err_msg = __('Message appears to be spam.', WPSS_PLUGIN_NAME);
$errors_3p[$err_cod] = $err_msg;
}
break;
}
}
/* BAD ROBOT BLACKLIST */
$bad_robot_filter_data = rs_wpss_bad_robot_blacklist_chk($form_type, $gf_filter_status);
$gf_filter_status = $bad_robot_filter_data['status'];
$bad_robot_blacklisted = $bad_robot_filter_data['blacklisted'];
if (!empty($bad_robot_blacklisted)) {
$wpss_error_code .= $bad_robot_filter_data['error_code'];
$gf_badrobot_error = TRUE;
if ($gf_jsck_error !== TRUE) {
$err_cod = 'badrobot_error';
$err_msg = __('That action is currently not allowed.');
$errors_3p[$err_cod] = $err_msg;
}
}
/* BLACKLISTED USER */
if (empty($wpss_error_code) && rs_wpss_ubl_cache()) {
$wpss_error_code .= ' ' . $pref . '0-BL';
$err_cod = 'blacklisted_user_error';
$err_msg = __('That action is currently not allowed.');
/* TO DO: TRANSLATE */
$errors_3p[$err_cod] = $err_msg;
}
$wpss_error_code = trim($wpss_error_code);
if (strpos($wpss_error_code, '0-BL') !== FALSE) {
rs_wpss_append_log_data('Blacklisted user detected. Gravity Forms have been temporarily disabled to prevent spam. ERROR CODE: ' . $wpss_error_code, FALSE);
}
if (!empty($wpss_error_code)) {
$spam = TRUE;
rs_wpss_update_accept_status($form_auth_dat, 'r', 'Line: ' . __LINE__, $wpss_error_code);
if (!empty($spamshield_options['comment_logging'])) {
rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $gf_serial_post);
}
} else {
rs_wpss_update_accept_status($form_auth_dat, 'a', 'Line: ' . __LINE__);
if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) {
rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $gf_serial_post);
}
}
/* Now output error message */
if (!empty($wpss_error_code)) {
$error_msg = '';
foreach ($errors_3p as $c => $m) {
$error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL;
}
$args = array('response' => '403');
wp_die($error_msg, '', $args);
}
}
