/** * Contact Akismet to check if this is spam or ham * * Props to WordPress core Akismet plugin for alot of this * * @global string $akismet_api_host * @global string $akismet_api_port * @param array $activity_data Packet of information to submit to Akismet * @param string $check "check" or "submit" * @param string $spam "spam" or "ham" * @since BuddyPress (1.6) */ public function send_akismet_request($activity_data, $check = 'check', $spam = 'spam') { global $akismet_api_host, $akismet_api_port; // Check that host and port are set, if not, set them if (function_exists('akismet_init') && (empty($akismet_api_host) || empty($akismet_api_port))) { akismet_init(); } $query_string = $path = $response = ''; $activity_data['blog'] = bp_get_option('home'); $activity_data['blog_charset'] = bp_get_option('blog_charset'); $activity_data['blog_lang'] = get_locale(); $activity_data['referrer'] = $_SERVER['HTTP_REFERER']; $activity_data['user_agent'] = bp_core_current_user_ua(); $activity_data['user_ip'] = bp_core_current_user_ip(); if (akismet_test_mode()) { $activity_data['is_test'] = 'true'; } // Loop through _POST args and rekey strings foreach ($_POST as $key => $value) { if (is_string($value) && 'cookie' != $key) { $activity_data['POST_' . $key] = $value; } } // Keys to ignore $ignore = array('HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW'); // Loop through _SERVER args and remove whitelisted keys foreach ($_SERVER as $key => $value) { // Key should not be ignored if (!in_array($key, $ignore) && is_string($value)) { $activity_data[$key] = $value; // Key should be ignored } else { $activity_data[$key] = ''; } } foreach ($activity_data as $key => $data) { $query_string .= $key . '=' . urlencode(stripslashes($data)) . '&'; } if ('check' == $check) { $path = '/1.1/comment-check'; } elseif ('submit' == $check) { $path = '/1.1/submit-' . $spam; } // Send to Akismet add_filter('akismet_ua', array($this, 'buddypress_ua')); $response = akismet_http_post($query_string, $akismet_api_host, $path, $akismet_api_port); remove_filter('akismet_ua', array($this, 'buddypress_ua')); // Get the response if (!empty($response[1]) && !is_wp_error($response[1])) { $activity_data['bp_as_result'] = $response[1]; } else { $activity_data['bp_as_result'] = false; } // Perform a daily tidy up if (!wp_next_scheduled('bp_activity_akismet_delete_old_metadata')) { wp_schedule_event(time(), 'daily', 'bp_activity_akismet_delete_old_metadata'); } return $activity_data; }
/** * Check for blocked keys. * * @since 1.6.0 * * @uses bp_current_author_ip() To get current user IP address. * @uses bp_current_author_ua() To get current user agent. * @uses bp_current_user_can() Allow super admins to bypass blacklist. * * @param int $user_id Topic or reply author ID. * @param string $title The title of the content. * @param string $content The content being posted. * @return bool True if test is passed, false if fail. */ function bp_core_check_for_blacklist($user_id = 0, $title = '', $content = '') { /** * Filters whether or not to bypass checking for blocked keys. * * @since 2.2.0 * * @param bool $value Whether or not to bypass checking. Default false. * @param int $user_id Topic of reply author ID. * @param string $title The title of the content. * @param string $content $the content being posted. */ if (apply_filters('bp_bypass_check_for_blacklist', false, $user_id, $title, $content)) { return true; } // Bail if super admin is author. if (is_super_admin($user_id)) { return true; } // Define local variable. $_post = array(); /** Blacklist ************************************************************ */ // Get the moderation keys. $blacklist = trim(get_option('blacklist_keys')); // Bail if blacklist is empty. if (empty($blacklist)) { return true; } /** User Data ************************************************************ */ // Map current user data. if (!empty($user_id)) { // Get author data. $user = get_userdata($user_id); // If data exists, map it. if (!empty($user)) { $_post['author'] = $user->display_name; $_post['email'] = $user->user_email; $_post['url'] = $user->user_url; } } // Current user IP and user agent. $_post['user_ip'] = bp_core_current_user_ip(); $_post['user_ua'] = bp_core_current_user_ua(); // Post title and content. $_post['title'] = $title; $_post['content'] = $content; /** Words **************************************************************** */ // Get words separated by new lines. $words = explode("\n", $blacklist); // Loop through words. foreach ((array) $words as $word) { // Trim the whitespace from the word. $word = trim($word); // Skip empty lines. if (empty($word)) { continue; } // Do some escaping magic so that '#' chars in the // spam words don't break things. $word = preg_quote($word, '#'); $pattern = "#{$word}#i"; // Loop through post data. foreach ($_post as $post_data) { // Check each user data for current word. if (preg_match($pattern, $post_data)) { // Post does not pass. return false; } } } // Check passed successfully. return true; }
/** * Check for blocked keys. * * @since BuddyPress (1.6.0) * * @uses bp_current_author_ip() To get current user IP address. * @uses bp_current_author_ua() To get current user agent. * @uses bp_current_user_can() Allow super admins to bypass blacklist. * * @param int $user_id Topic or reply author ID. * @param string $title The title of the content. * @param string $content The content being posted. * @return bool True if test is passed, false if fail. */ function bp_core_check_for_blacklist($user_id = 0, $title = '', $content = '') { // Bail if super admin is author if (is_super_admin($user_id)) { return true; } // Define local variable $post = array(); /** Blacklist *************************************************************/ // Get the moderation keys $blacklist = trim(get_option('blacklist_keys')); // Bail if blacklist is empty if (empty($blacklist)) { return true; } /** User Data *************************************************************/ // Map current user data if (!empty($user_id)) { // Get author data $user = get_userdata($user_id); // If data exists, map it if (!empty($user)) { $post['author'] = $user->display_name; $post['email'] = $user->user_email; $post['url'] = $user->user_url; } } // Current user IP and user agent $post['user_ip'] = bp_core_current_user_ip(); $post['user_ua'] = bp_core_current_user_ua(); // Post title and content $post['title'] = $title; $post['content'] = $content; /** Words *****************************************************************/ // Get words separated by new lines $words = explode("\n", $blacklist); // Loop through words foreach ((array) $words as $word) { // Trim the whitespace from the word $word = trim($word); // Skip empty lines if (empty($word)) { continue; } // Do some escaping magic so that '#' chars in the spam words don't break things: $word = preg_quote($word, '#'); $pattern = "#{$word}#i"; // Loop through post data foreach ($post as $post_data) { // Check each user data for current word if (preg_match($pattern, $post_data)) { // Post does not pass return false; } } } // Check passed successfully return true; }