/**
* Handles the admin_action_blacklist call
*
* @WordPress Action admin_action_blacklist
*/
public function actionHandleBlacklistUrl()
{
if (!(isset($_REQUEST['action']) && 'blacklist' == $_REQUEST['action'])) {
return;
}
$ip = $_REQUEST['i'];
if (!(false === AVH_Security::verifyNonce($_REQUEST['_avhnonce'], $ip))) {
$blacklist = $this->_core->getDataElement('lists', 'blacklist');
if (!empty($blacklist)) {
$b = explode("\r\n", $blacklist);
} else {
$b = array();
}
if (!in_array($ip, $b)) {
array_push($b, $ip);
$this->_setBlacklistOption($b);
wp_redirect(admin_url('admin.php?page=' . AVH_FDAS_Define::MENU_SLUG_GENERAL . '&m=' . AVH_FDAS_Define::ADDED_BLACKLIST . '&i=' . $ip));
} else {
wp_redirect(admin_url('admin.php?page=' . AVH_FDAS_Define::MENU_SLUG_GENERAL . '&m=' . AVH_FDAS_Define::ERROR_EXISTS_IN_BLACKLIST . '&i=' . $ip));
}
} else {
wp_redirect(admin_url('admin.php?page=' . AVH_FDAS_Define::MENU_SLUG_GENERAL . '&m=' . AVH_FDAS_Define::ERROR_INVALID_REQUEST));
}
}
/**
* Check the nonce field set with a comment.
*
* @WordPress Filter preprocess_comment
*
* @param mixed $commentdata
*
* @return mixed
* @since 1.2
*
*/
public function filterCheckNonceFieldToComment($commentdata)
{
// When we're in Admin no need to check the nonce.
if (!defined('WP_ADMIN') && !defined('XMLRPC_REQUEST')) {
if (empty($commentdata['comment_type'])) {
// If it's a trackback or pingback this has a value
$nonce = wp_create_nonce('avh-first-defense-against-spam_' . $commentdata['comment_post_ID']);
if (!wp_verify_nonce($_POST['_avh_first_defense_against_spam'], 'avh-first-defense-against-spam_' . $commentdata['comment_post_ID'])) {
if (1 == $this->_core->getOptionElement('general', 'emailsecuritycheck')) {
$to = get_option('admin_email');
$ip = AVH_Visitor::getUserIp();
$sfs_apikey = $this->_core->getOptionElement('sfs', 'sfsapikey');
$commentdata['comment_author_email'] = empty($commentdata['comment_author_email']) ? '*****@*****.**' : $commentdata['comment_author_email'];
$subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Comment security check failed', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES));
if (isset($_POST['_avh_first_defense_against_spam'])) {
$message[] = __('Reason: The nonce check failed.', 'avh-fdas');
} else {
$message[] = __('Reason: An attempt was made to directly access wp-comment-post.php', 'avh-fdas');
}
$message[] = sprintf(__('Username: %s', 'avh-fdas'), $commentdata['comment_author']);
$message[] = sprintf(__('Email: %s', 'avh-fdas'), $commentdata['comment_author_email']);
$message[] = sprintf(__('IP: %s', 'avh-fdas'), $ip);
$message[] = '';
$message[] = __('Comment trying to post:', 'avh-fdas');
$message[] = __('--- START OF COMMENT ---', 'avh-fdas');
$message[] = $commentdata['comment_content'];
$message[] = __('--- END OF COMMENT ---', 'avh-fdas');
$message[] = '';
if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) {
$q['action'] = 'emailreportspammer';
$q['a'] = $commentdata['comment_author'];
$q['e'] = $commentdata['comment_author_email'];
$q['i'] = $ip;
$q['_avhnonce'] = AVH_Security::createNonce($q['a'] . $q['e'] . $q['i']);
$query = $this->_core->BuildQuery($q);
$report_url = admin_url('admin.php?' . $query);
$message[] = sprintf(__('Report spammer: %s'), $report_url);
}
$message[] = sprintf(__('For more information: http://www.stopforumspam.com/search?q=%s'), $ip);
$blacklisturl = admin_url('admin.php?action=blacklist&i=') . $ip . '&_avhnonce=' . AVH_Security::createNonce($ip);
$message[] = sprintf(__('Add to the local blacklist: %s'), $blacklisturl);
AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer'));
}
// Only keep track if we have the ability to report add Stop Forum Spam
if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) {
// Prevent a spam attack to overflow the database.
if (!$this->_checkDbNonces($q['_avhnonce'])) {
$option = get_option($this->_core->getDbNonces());
$option[$q['_avhnonce']] = $q['a'] . $q['e'] . $q['i'];
update_option($this->_core->getDbNonces(), $option);
}
}
$m = __('<p>Cheating huh</p>', 'avh-fdas');
$m .= __('<p>Protected by: AVH First Defense Against Spam</p>', 'avh-fdas');
if ($this->_core->getOptionElement('php', 'usehoneypot')) {
$m .= $this->_spamcheck->getHtmlHoneyPotUrl();
}
wp_die($m);
}
}
}
return $commentdata;
}
/**
* Handle a spammer found in the IP cache
*
*/
private function _handleSpammerCache()
{
if ($this->_core_options['ipcache']['email']) {
// General part of the email
$to = get_option('admin_email');
$subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Spammer detected [%s]', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES), $this->_visiting_ip);
$message = array();
$message[] = sprintf(__('Spam IP: %s', 'avh-fdas'), $this->_visiting_ip);
$message[] = $this->_accessing;
$message[] = '';
$message[] = __('IP exists in the cache', 'avh-fdas');
$message[] = ' ' . sprintf(__('Check took: %s', 'avh-fdas'), $this->_spaminfo['cache']['time']);
$message[] = '';
// General End
$blacklisturl = admin_url('admin.php?action=blacklist&i=') . $this->_visiting_ip . '&_avhnonce=' . AVH_Security::createNonce($this->_visiting_ip);
$message[] = sprintf(__('Add to the local blacklist: %s'), $blacklisturl);
AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer'));
}
// Update the counter
$this->_updateSpamCounter();
// Update Last seen value
$this->_ipcachedb->updateIpCache(array('ip' => $this->_visiting_ip, 'lastseen' => current_time('mysql')));
// Terminate the connection
$this->_doTerminateConnection();
}