Esempio n. 1
0
function rs_wpss_comment_content_filter($commentdata, $spamshield_options)
{
    /***
     * Content Filter aka "The Algorithmic Layer"
     * Blocking the Obvious to Improve Human/Pingback/Trackback Defense
     ***/
    /* Timer Start  - Content Filter */
    if (empty($commentdata['start_time_content_filter'])) {
        $wpss_start_time_content_filter = microtime(TRUE);
        $commentdata['start_time_content_filter'] = $wpss_start_time_content_filter;
    }
    $content_filter_status = $wpss_error_code = '';
    /* Must go before tests */
    rs_wpss_update_session_data($spamshield_options);
    /* TEST 0 - See if user has already been blacklisted this session */
    if (!is_user_logged_in() && rs_wpss_ubl_cache()) {
        if (empty($content_filter_status)) {
            $content_filter_status = '3';
        }
        /* 1.8 - Changed from '2' to '3' */
        $wpss_error_code .= ' 0-BL';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
    $post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
    /* CONTENT FILTERING - BEGIN */
    $commentdata_comment_post_id = $commentdata['comment_post_ID'];
    $commentdata_comment_post_title = $commentdata['comment_post_title'];
    $commentdata_comment_post_title_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_title);
    $commentdata_comment_post_title_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_title_lc);
    $commentdata_comment_post_url = $commentdata['comment_post_url'];
    $commentdata_comment_post_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_url);
    $commentdata_comment_post_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_url_lc);
    $commentdata_comment_post_type = $commentdata['comment_post_type'];
    /* Possible results: 'post', 'page', 'attachment', 'revision', 'nav_menu_item' */
    /* Next two are boolean */
    $commentdata_comment_post_comments_open = $commentdata['comment_post_comments_open'];
    $commentdata_comment_post_pings_open = $commentdata['comment_post_pings_open'];
    $commentdata_comment_author = $commentdata['comment_author'];
    $commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author);
    $commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author);
    $commentdata_comment_author_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_lc);
    $commentdata_comment_author_lc_words = rs_wpss_count_words($commentdata_comment_author_lc);
    $commentdata_comment_author_lc_space = ' ' . $commentdata_comment_author_lc . ' ';
    $commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc);
    $commentdata_comment_author_lc_deslashed_regex = rs_wpss_preg_quote($commentdata_comment_author_lc_deslashed);
    $commentdata_comment_author_lc_deslashed_words = rs_wpss_count_words($commentdata_comment_author_lc_deslashed);
    $commentdata_comment_author_lc_deslashed_space = ' ' . $commentdata_comment_author_lc_deslashed . ' ';
    $commentdata_comment_author_email = $commentdata['comment_author_email'];
    $commentdata_comment_author_email_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_email);
    $commentdata_comment_author_email_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_email_lc);
    $commentdata_comment_author_url = $commentdata['comment_author_url'];
    $commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url);
    $commentdata_comment_author_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_url_lc);
    $commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc);
    $commentdata_comment_content = $commentdata['comment_content'];
    $commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content);
    $commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc);
    $commentdata_comment_content_extracted_urls = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url');
    /* Parse comment content for all URLs */
    $commentdata_comment_content_extracted_urls_at = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url_at');
    /* Parse comment content for Anchor Text Link URLs */
    $commentdata_comment_content_num_links = count($commentdata_comment_content_extracted_urls);
    /* Count extracted URLS from body content - Added 1.8.4 */
    $commentdata_comment_content_num_limit = 3;
    /* Max number of links in comment body content */
    $replace_apostrophes = array('’', '`', '´', '`', ''', '`', 'e', '‘', '’', 'ž', '´', 'Ï', 'Ð', '‘', '’');
    $commentdata_comment_content_lc_norm_apost = str_replace($replace_apostrophes, "'", $commentdata_comment_content_lc_deslashed);
    $commentdata_comment_type = $commentdata['comment_type'];
    /*
    if( $commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback' ) {
    	$commentdata_comment_type = 'comment';
    }
    */
    $commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE);
    $commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent);
    $user_http_accept = rs_wpss_get_http_accept(TRUE, TRUE);
    $user_http_accept_language = rs_wpss_get_http_accept(TRUE, TRUE, TRUE);
    $commentdata_remote_addr = rs_wpss_get_ip_addr();
    $commentdata_remote_addr_regex = rs_wpss_preg_quote($commentdata_remote_addr);
    $commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr);
    $commentdata_remote_addr_lc_regex = rs_wpss_preg_quote($commentdata_remote_addr_lc);
    $commentdata_referrer = rs_wpss_get_referrer();
    $commentdata_referrer_lc = rs_wpss_casetrans('lower', $commentdata_referrer);
    $commentdata_php_self = $_SERVER['PHP_SELF'];
    $commentdata_php_self_lc = rs_wpss_casetrans('lower', $commentdata_php_self);
    $blog_server_ip = WPSS_SERVER_ADDR;
    $blog_server_name = WPSS_SERVER_NAME;
    /* IP / PROXY INFO - BEGIN */
    global $wpss_ip_proxy_info;
    if (empty($wpss_ip_proxy_info)) {
        $wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
    }
    extract($wpss_ip_proxy_info);
    /* IP / PROXY INFO - END */
    /***
     * Post Type Filter - INVALTY
     * Removed V 1.1.7 - Found Exception
     ***/
    /* Simple Filters */
    /* BEING DEPRECATED... */
    $blacklist_word_combo_total_limit = 10;
    /* you may increase to 30+ if blog's topic is adult in nature - DEPRECATED */
    $blacklist_word_combo_total = 0;
    /* Body Content - Check for excessive number of links in message ( body_content ) - 1.8.4 */
    if ($commentdata_comment_content_num_links > $commentdata_comment_content_num_limit) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 1-HT';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /***
     * Authors Only - Non-Trackback
     * Removed Filters 300-423 and replaced with Regex
     ***/
    /* Author Blacklist Check - Invalid Author Names - Stopping Human Spam */
    if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' && rs_wpss_anchortxt_blacklist_chk($commentdata_comment_author_lc_deslashed, '', 'author', $commentdata_comment_author_url_lc)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 10500A-BL';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - BEGIN */
    /* 10500-13000 - Complex Test for terms in Comment Author/URL - $commentdata_comment_author_lc_deslashed/$commentdata_comment_author_url_domain_lc */
    /* Blacklisted Domains Check */
    if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 10500AU-BL';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
    if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 10510AU-BL';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Testing for a unique identifying string from the comment content in the Author URL Domain */
    preg_match("~\\s+([a-z0-9]{6,})\$~i", $commentdata_comment_content_lc_deslashed, $wpss_str_matches);
    if (!empty($wpss_str_matches[1])) {
        $wpss_spammer_id_string = $wpss_str_matches[1];
    } else {
        $wpss_spammer_id_string = '';
    }
    $commentdata_comment_author_url_domain_lc_elements = explode('.', $commentdata_comment_author_url_domain_lc);
    $commentdata_comment_author_url_domain_lc_elements_count = count($commentdata_comment_author_url_domain_lc_elements) - 1;
    if (!empty($wpss_spammer_id_string)) {
        $i = 0;
        /* The following line to prevent exploitation: */
        $i_max = 20;
        while ($i < $commentdata_comment_author_url_domain_lc_elements_count && $i < $i_max) {
            if (!empty($commentdata_comment_author_url_domain_lc_elements[$i])) {
                if ($commentdata_comment_author_url_domain_lc_elements[$i] === $wpss_spammer_id_string) {
                    if (empty($content_filter_status)) {
                        $content_filter_status = '1';
                    }
                    $wpss_error_code .= ' 10511AUA';
                    return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
                }
            }
            ++$i;
        }
    }
    /***
     * Potential Exploits
     * Includes protection for Trackbacks and Pingbacks
     ***/
    /* Check Author URL for Exploits */
    if (rs_wpss_exploit_url_chk($commentdata_comment_author_url_lc)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 15000AU-XPL';
        /* Added in 1.4 - Replacing 15001AU-XPL and 15002AU-XPL, and adds additional protection */
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - END */
    $blacklist_word_combo_limit = 7;
    $blacklist_word_combo = 0;
    $i = 0;
    /* Regular Expression Tests - 2nd Gen - Comment Content - BEGIN */
    /* Miscellaneous Patterns that Keep Repeating */
    if (preg_match("~^([0-9]{6})\\s([0-9]{6})(.*)\\s([0-9]{6})\$~i", $commentdata_comment_content_lc_deslashed)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 10401C';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Blacklisted Anchor Text Check - Links in Content - Stopping Human Spam */
    if (rs_wpss_anchortxt_blacklist_chk($commentdata_comment_content_lc_deslashed, '', 'content') && $commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 10500CAT-BL';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Blacklisted Domains Check - Links in Content */
    if (rs_wpss_link_blacklist_chk($commentdata_comment_content_lc_deslashed)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 10500CU-BL';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Check Anchor Text Links for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
    if (rs_wpss_at_link_spam_url_chk($commentdata_comment_content_extracted_urls_at)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 10510CU-BL';
        /* Replacing 10510CU-MSC */
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Check all URL's in Comment Content for Exploits */
    if (rs_wpss_exploit_url_chk($commentdata_comment_content_extracted_urls)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 15000CU-XPL';
        /* Added in 1.4 */
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* Regular Expression Tests - 2nd Gen - Comment Content - END */
    /***
     * Test Comment Author
     * Words in Comment Author Repeated in Content - With Keyword Density
     ***/
    $repeated_terms_filters = array('.', '-', ':');
    $repeated_terms_temp_phrase = str_replace($repeated_terms_filters, '', $commentdata_comment_author_lc_deslashed);
    $repeated_terms_test = explode(' ', $repeated_terms_temp_phrase);
    $repeated_terms_test_count = count($repeated_terms_test);
    $comment_content_total_words = rs_wpss_count_words($commentdata_comment_content_lc_deslashed);
    $i = 0;
    while ($i < $repeated_terms_test_count) {
        if (!empty($repeated_terms_test[$i])) {
            $repeated_terms_in_content_count = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, $repeated_terms_test[$i]);
            $repeated_terms_in_content_str_len = rs_wpss_strlen($repeated_terms_test[$i]);
            if ($repeated_terms_in_content_count > 1 && $comment_content_total_words < $repeated_terms_in_content_count) {
                $repeated_terms_in_content_count = 1;
            }
            $repeated_terms_in_content_density = $repeated_terms_in_content_count / $comment_content_total_words * 100;
            if ($repeated_terms_in_content_count >= 5 && $repeated_terms_in_content_str_len >= 4 && $repeated_terms_in_content_density > 40) {
                if (empty($content_filter_status)) {
                    $content_filter_status = '1';
                }
                $wpss_error_code .= ' 9000-' . $i;
                return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
            }
        }
        ++$i;
    }
    /* Comment Author and URL Tests */
    if (!empty($commentdata_comment_author_url_lc) && !empty($commentdata_comment_author_lc_deslashed)) {
        /* Comment Author and Comment Author URL appearing in Content - REGEX VERSION */
        if (preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*{$commentdata_comment_author_url_lc_regex}([a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]*)(['\"])?(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
            if (empty($content_filter_status)) {
                $content_filter_status = '1';
            }
            $wpss_error_code .= ' 9100-1';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)\\s*(['\"])?\\s*(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
            if (empty($content_filter_status)) {
                $content_filter_status = '1';
            }
            $wpss_error_code .= ' 9101';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        if (preg_match("~^((ww[w0-9]|m)\\.)?{$commentdata_comment_author_lc_deslashed_regex}\$~i", $commentdata_comment_author_url_domain_lc) && !preg_match("~https?\\:/+~i", $commentdata_comment_author_lc_deslashed)) {
            /* Changed to include Trackbacks and Pingbacks in 1.1.4.4 */
            if (empty($content_filter_status)) {
                $content_filter_status = '1';
            }
            $wpss_error_code .= ' 9102';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)~i", $commentdata_comment_content_lc_deslashed)) {
            if (empty($content_filter_status)) {
                $content_filter_status = '1';
            }
            $wpss_error_code .= ' 9103';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
    }
    /***
     * Email Filters
     * New Test with Blacklists
     ***/
    if (rs_wpss_email_blacklist_chk($commentdata_comment_author_email_lc)) {
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' 9200E-BL';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* TEST REFERRERS 1 - TO THE COMMENT PROCESSOR */
    if (strpos(WPSS_COMMENTS_POST_URL, $commentdata_php_self_lc) !== FALSE && $commentdata_referrer_lc === WPSS_COMMENTS_POST_URL) {
        /* Often spammers send the referrer as the URL for the wp-comments-post.php page. */
        if (empty($content_filter_status)) {
            $content_filter_status = '1';
        }
        $wpss_error_code .= ' REF-1-1011';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* TEST REFERRERS 2 - SPAMMERS SEARCHING FOR PAGES TO COMMENT ON */
    if (!empty($post_ref2xjs)) {
        $ref2xJS = addslashes(urldecode($post_ref2xjs));
        $ref2xJS = str_replace('%3A', ':', $ref2xJS);
        $ref2xJS = str_replace(' ', '+', $ref2xJS);
        $ref2xJS = esc_url_raw($ref2xJS);
        $ref2xJS_lc = rs_wpss_casetrans('lower', $ref2xJS);
        if (preg_match("~\\.google\\.co(m|\\.[a-z]{2})~i", $ref2xJS) && strpos($ref2xJS_lc, 'leave a comment') !== FALSE) {
            /* make test more robust for other versions of google & search query */
            if (empty($content_filter_status)) {
                $content_filter_status = '1';
            }
            $wpss_error_code .= ' REF-2-1021';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        /* add Keyword Script Here */
    }
    /***
     * TEST REFERRERS 3 - TO THE PAGE BEING COMMENTED ON
     * DISABLED IN V1.5.9
     ***/
    /* Spam Network - BEGIN */
    /***
     * PART OF BAD ROBOTS TEST - BEGIN
     * Test User-Agents
     ***/
    if (empty($commentdata_user_agent_lc)) {
        /* There is no reason for a blank UA String, unless it's been altered or a bot. */
        $content_filter_status = '3';
        /* Was 1, changed to 3 - V1.8.4 */
        $wpss_error_code .= ' UA1001';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    $commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc);
    if (!empty($commentdata_user_agent_lc) && $commentdata_user_agent_lc_word_count < 3) {
        if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' || strpos($commentdata_user_agent_lc, 'movabletype') === FALSE && $commentdata_comment_type === 'trackback') {
            /* Another test for altered UA's. */
            $content_filter_status = '3';
            /* Was 1, changed to 3 - V1.8.4 */
            $wpss_error_code .= ' UA1003';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
    }
    if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) {
        /* There is no reason for a human to use one of these UA strings. Commonly used to attack/spam WP. */
        $content_filter_status = '3';
        /* Was 1, changed to 3 - V1.8.4 */
        $wpss_error_code .= ' UA1004';
        return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
    }
    /* PART OF BAD ROBOTS TEST - END */
    if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
        /***
         * PART OF BAD ROBOTS TEST - BEGIN
         * Test HTTP_ACCEPT
         ***/
        if (empty($user_http_accept)) {
            $content_filter_status = '3';
            /* Was 1, changed to 3 - V1.8.4 */
            $wpss_error_code .= ' HA1001';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        /* HA1002 removed in 1.9.0.3 */
        if ($user_http_accept === '*') {
            $content_filter_status = '3';
            /* Was 1, changed to 3 - V1.8.4 */
            $wpss_error_code .= ' HA1003';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        /* More complex test for invalid 'HTTP_ACCEPT' */
        $user_http_accept_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept);
        $user_http_accept_elements = explode(',', $user_http_accept_mod_1);
        $user_http_accept_elements_count = count($user_http_accept_elements);
        $i = 0;
        /* The following line to prevent exploitation: */
        $i_max = 20;
        while ($i < $user_http_accept_elements_count && $i < $i_max) {
            if (!empty($user_http_accept_elements[$i])) {
                if ($user_http_accept_elements[$i] === '*') {
                    $content_filter_status = '3';
                    /* Was 1, changed to 3 - V1.8.4 */
                    $wpss_error_code .= ' HA1004';
                    return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
                }
            }
            ++$i;
        }
        /* Test HTTP_ACCEPT_LANGUAGE */
        if (empty($user_http_accept_language)) {
            $content_filter_status = '3';
            /* Was 1, changed to 3 - V1.8.4 */
            $wpss_error_code .= ' HAL1001';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        if ($user_http_accept_language === '*') {
            $content_filter_status = '3';
            /* Was 1, changed to 3 - V1.8.4 */
            $wpss_error_code .= ' HAL1002';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
        /* More complex test for invalid 'HTTP_ACCEPT_LANGUAGE' */
        $user_http_accept_language_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept_language);
        $user_http_accept_language_elements = explode(',', $user_http_accept_language_mod_1);
        $user_http_accept_language_elements_count = count($user_http_accept_language_elements);
        $i = 0;
        /* The following line to prevent exploitation: */
        $i_max = 20;
        while ($i < $user_http_accept_language_elements_count && $i < $i_max) {
            if (!empty($user_http_accept_language_elements[$i])) {
                if ($user_http_accept_language_elements[$i] === '*' && strpos($commentdata_user_agent_lc, 'links (') !== 0) {
                    $content_filter_status = '3';
                    /* Was 1, changed to 3 - V1.8.4 */
                    $wpss_error_code .= ' HAL1004';
                    return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
                }
            }
            ++$i;
        }
        /***
         * HAL1005 - NOT IMPLEMENTED
         * PART OF BAD ROBOTS TEST - END
         ***/
        /***
         * Test PROXY STATUS if option
         * Google Chrome Compression Proxy Bypass
         ***/
        if ($ip_proxy === 'PROXY DETECTED' && $ip_proxy_chrome_compression !== 'TRUE' && empty($spamshield_options['allow_proxy_users'])) {
            $content_filter_status = '10';
            $wpss_error_code .= ' PROXY1001';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
    }
    /***
     * Test IPs - was here
     * IP1003 - Removed in 1.8
     ***/
    /* Reverse DNS Server Tests - BEGIN */
    if ($commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback') {
        /* Test Reverse DNS Hosts - Do all with Reverse DNS not Remote Host */
        $rev_dns_filter_data = rs_wpss_revdns_filter('comment', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc);
        $revdns_blacklisted = $rev_dns_filter_data['blacklisted'];
        if (!empty($revdns_blacklisted)) {
            $content_filter_status = $rev_dns_filter_data['status'];
            $wpss_error_code .= $rev_dns_filter_data['error_code'];
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
    }
    /* Reverse DNS Server Tests - END */
    /* Spam Network - END */
    /* Test Pingbacks and Trackbacks - OLD LOCATION */
    /* Miscellaneous Preg Match Tests - Changed to regex in V1.8.4 */
    $wpss_misc_spam_phrases_to_check = array('5000' => "~\\[\\.+\\]\\s+\\[\\.+\\]~", '5001' => "~^<new\\s+comment>\$~i", '5003' => "~^([a-z0-9\\s\\.,!]{0,12})?((he.a?|h([ily]{1,2}))(\\s+there)?|howdy|hello|bonjour|good\\s+day)([\\.,!])?\\s+(([ily]{1,2})\\s+know\\s+)?th([ily]{1,2})s\\s+([ily]{1,2})s\\s+([a-z\\s]{3,12}|somewhat|k([ily]{1,2})nd\\s*of)?(of{1,2}\\s+)?of{1,2}\\s+top([ily]{1,2})c\\s+(but|however)\\s+([ily]{1,2})\\s+(was\\s+wonder([ily]{1,2})nn?g?|need\\s+some\\s+adv([ily]{1,2})ce)~i", '5004' => "~^th([ily]{1,2})s\\s+([ily]{1,2})s\\s+k([ily]{1,2})nd\\s+of\\s+off\\s+top([ily]{1,2})c\\s+but~i");
    /* 5002 - Removed in V1.8.4 */
    foreach ($wpss_misc_spam_phrases_to_check as $ec => $rgx_phrase) {
        if (preg_match($rgx_phrase, $commentdata_comment_content_lc_deslashed)) {
            if (empty($content_filter_status)) {
                $content_filter_status = '1';
            }
            $wpss_error_code .= ' ' . $ec;
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
    }
    /* BOILERPLATE: Add common boilerplate/template spam phrases... Add Blacklist functions */
    /* WP Blacklist Check - BEGIN */
    /* Test WP Blacklist if option set */
    if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($content_filter_status)) {
        if (rs_wpss_blacklist_check($commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc, $commentdata_comment_author_url_lc, $commentdata_comment_content_lc_deslashed, $ip, $commentdata_user_agent_lc, '')) {
            if (empty($content_filter_status)) {
                $content_filter_status = '100';
            }
            $wpss_error_code .= ' WP-BLACKLIST';
            return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
        }
    }
    /* WP Blacklist Check - END */
    /* Timer End - Content Filter */
    $wpss_end_time_content_filter = microtime(TRUE);
    $wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE);
    $commentdata['total_time_content_filter'] = $wpss_total_time_content_filter;
    if (empty($wpss_error_code)) {
        $wpss_error_code = 'No Error';
    } else {
        $wpss_error_code = trim($wpss_error_code);
    }
    /***
     * $spamshield_error_data = array( $wpss_error_code, $blacklist_word_combo, $blacklist_word_combo_total );
     */
    $commentdata['wpss_error_code'] = trim($wpss_error_code);
    $commentdata['content_filter_status'] = $content_filter_status;
    return $commentdata;
    /* CONTENT FILTERING - END */
}
function rs_wpss_check_new_user($errors = NULL, $user_login = NULL, $user_email = NULL)
{
    /* Error checking for new user registration */
    global $spamshield_options, $wpss_reg_err_chk_complete, $wpss_wc_reg_inprog;
    if (is_user_logged_in() || !empty($wpss_reg_err_chk_complete)) {
        return $errors;
    }
    if (!empty($wpss_wc_reg_inprog) || WPSS_Compatibility::is_woocom_enabled()) {
        /* Check if we're on a WooCommerce Checkout Page */
        if (isset($_GET['action']) && $_GET['action'] === 'woocommerce_checkout') {
            return $errors;
        }
        $ecom_urls = unserialize(WPSS_ECOM_URLS);
        foreach ($ecom_urls as $k => $u) {
            if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) {
                return $errors;
            }
        }
    } elseif (WPSS_Compatibility::is_ecom_enabled()) {
        /* Check if we're on another e-commerce Checkout or Shopping Cart Page */
        $ecom_urls = unserialize(WPSS_ECOM_URLS);
        foreach ($ecom_urls as $k => $u) {
            if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) {
                return $errors;
            }
        }
    }
    if (empty($spamshield_options)) {
        $spamshield_options = get_option('spamshield_options');
    }
    if (!empty($spamshield_options['registration_shield_disable'])) {
        return $errors;
    }
    /* BYPASS - HOOK */
    $reg_check_bypass = apply_filters('wpss_registration_check_bypass', FALSE);
    if (!empty($reg_check_bypass)) {
        return $errors;
    }
    /* BYPASS CHECKS COMPLETE - NOW START */
    if (empty($errors) || !is_object($errors)) {
        $errors = new WP_Error();
    }
    $reg_filter_status = $wpss_error_code = $log_pref = '';
    $reg_jsck_error = $reg_badrobot_error = $wpss_reg_err_chk_complete = $buddypress_status = $wc_status = $s2member_status = $wpmembers_status = $affiliates_status = FALSE;
    $ns_val = 'NS3';
    $pref = 'R-';
    $errors_3p = array();
    /* Error array for 3rd party plugins that don't follow WordPress standards for registration processing: BuddyPress, ... */
    $error_txt = rs_wpss_error_txt();
    if (class_exists('BuddyPress')) {
        if (empty($user_login) && isset($_POST['signup_username'])) {
            $user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['signup_username'])));
            $buddypress_status = TRUE;
            $log_pref = 'bp-';
        }
        if (empty($user_email) && isset($_POST['signup_email'])) {
            $user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['signup_email'])));
            $buddypress_status = TRUE;
            $log_pref = 'bp-';
        }
    }
    if (!empty($wpss_wc_reg_inprog)) {
        $wc_status = TRUE;
        $log_pref = 'wc-';
    }
    if (defined('WS_PLUGIN__S2MEMBER_VERSION')) {
        $s2member_status = TRUE;
        $log_pref = 's2-';
    }
    if (defined('AFFILIATES_CORE_VERSION')) {
        $affiliates_status = TRUE;
        $log_pref = 'aff-';
    }
    if (defined('WPMEM_VERSION')) {
        $wpmembers_status = TRUE;
        $log_pref = 'wpm-';
    }
    if (TRUE === $wc_status) {
        $user_login = '';
        if (empty($user_login) && isset($_POST['username'])) {
            $user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['username'])));
        }
        if (empty($user_email) && isset($_POST['email'])) {
            $user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['email'])));
        }
    }
    if (TRUE === $affiliates_status) {
        if (empty($user_login) && isset($_POST['user_login'])) {
            $user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['user_login'])));
        }
        if (empty($user_email) && isset($_POST['user_email'])) {
            $user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['user_email'])));
        }
    }
    if (!rs_wpss_is_lang_en_us()) {
        $locale = get_locale();
        @load_textdomain('default', WP_LANG_DIR . "/admin-{$locale}.mo");
    }
    $new_fields = array('first_name' => rs_wpss_first_name_txt(), 'last_name' => rs_wpss_last_name_txt(), 'disp_name' => rs_wpss_disp_name_txt());
    $user_data = array();
    foreach ($new_fields as $k => $v) {
        if (isset($_POST[$k])) {
            $user_data[$k] = sanitize_text_field(wp_unslash($_POST[$k]));
        } else {
            $user_data[$k] = '';
        }
    }
    if (FALSE === $buddypress_status && FALSE === $wc_status && FALSE === $s2member_status && FALSE === $affiliates_status) {
        /* Check New Fields for Blanks */
        $enter_your_x_txt = rs_wpss_enter_your_x_txt();
        foreach ($new_fields as $k => $v) {
            $k_uc = rs_wpss_casetrans('upper', $k);
            if (empty($_POST[$k])) {
                $errors->add('empty_' . $k, '<strong>' . $error_txt . ':</strong> ' . sprintf($enter_your_x_txt . '.', $v));
                $wpss_error_code .= ' R-BLANK-' . $k_uc;
            }
        }
    }
    /* BAD ROBOT TEST - BEGIN */
    $bad_robot_filter_data = rs_wpss_bad_robot_blacklist_chk('register', $reg_filter_status, '', '', $user_data['disp_name'], $user_email);
    $reg_filter_status = $bad_robot_filter_data['status'];
    $bad_robot_blacklisted = $bad_robot_filter_data['blacklisted'];
    if (!empty($bad_robot_blacklisted)) {
        $wpss_error_code .= $bad_robot_filter_data['error_code'];
        $reg_badrobot_error = TRUE;
    }
    /* BAD ROBOT TEST - END */
    /* BAD ROBOTS */
    if ($reg_badrobot_error !== FALSE) {
        $err_cod = 'badrobot_error';
        $err_msg = __('User registration is currently not allowed.');
        if (TRUE === $buddypress_status) {
            $errors_3p[$err_cod] = $err_msg;
        } else {
            $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
        }
    }
    /* JS/COOKIES CHECK */
    $wpss_ck_key_bypass = $wpss_js_key_bypass = FALSE;
    $wpss_key_values = rs_wpss_get_key_values();
    extract($wpss_key_values);
    $wpss_jsck_cookie_val = !empty($_COOKIE[$wpss_ck_key]) ? $_COOKIE[$wpss_ck_key] : '';
    $wpss_jsck_field_val = !empty($_POST[$wpss_js_key]) ? $_POST[$wpss_js_key] : '';
    $wpss_jsck_jquery_val = !empty($_POST[$wpss_jq_key]) ? $_POST[$wpss_jq_key] : '';
    if (TRUE === WPSS_COMPAT_MODE || defined('WPSS_SOFT_COMPAT_MODE')) {
        /* 1.9.1 */
        $wpss_ck_key_bypass = TRUE;
    }
    if (FALSE === $wpss_ck_key_bypass) {
        /* 1.8.9 */
        /* If jscripts.php is disabled, these would be skipped - Compatibility Mode */
        if ($wpss_jsck_cookie_val !== $wpss_ck_val) {
            $wpss_error_code .= ' ' . $pref . 'COOKIE-3';
            $reg_jsck_error = TRUE;
        }
        if ($wpss_jsck_jquery_val !== $wpss_jq_val) {
            $wpss_error_code .= ' ' . $pref . 'JQHFT-3';
            $reg_jsck_error = TRUE;
        }
    }
    if (FALSE === $wpss_js_key_bypass) {
        if ($wpss_jsck_field_val !== $wpss_js_val) {
            $wpss_error_code .= ' ' . $pref . 'FVFJS-3';
            $reg_jsck_error = TRUE;
        }
    }
    $post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : '';
    $post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst);
    if (FALSE === $buddypress_status) {
        if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') {
            $wpss_error_code .= ' ' . $pref . 'JSONST-1000-3';
            $reg_jsck_error = TRUE;
        }
    }
    if ($reg_jsck_error !== FALSE && $reg_badrobot_error !== TRUE) {
        $err_cod = 'jsck_error';
        $err_msg = __('JavaScript and Cookies are required in order to register. Please be sure JavaScript and Cookies are enabled in your browser, and reload the page.', 'wp-spamshield');
        /* NEEDS TRANSLATION */
        if (TRUE === $buddypress_status) {
            $errors_3p[$err_cod] = $err_msg;
        } else {
            $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
        }
    }
    if (FALSE === $wc_status) {
        /* EMAIL BLACKLIST */
        if (rs_wpss_email_blacklist_chk($user_email)) {
            $wpss_error_code .= ' ' . $pref . '9200E-BL';
            if ($reg_badrobot_error !== TRUE && $reg_jsck_error !== TRUE) {
                $err_cod = 'blacklist_email_error';
                $err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.');
                if (TRUE === $buddypress_status) {
                    $errors_3p[$err_cod] = $err_msg;
                } else {
                    $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
                }
            }
        }
    }
    if (FALSE === $buddypress_status && FALSE === $wc_status && FALSE === $s2member_status && FALSE === $affiliates_status) {
        /* AUTHOR KEYPHRASE BLACKLIST */
        foreach ($user_data as $k => $v) {
            $k_uc = rs_wpss_casetrans('upper', $k);
            if (($k === 'user_login' || $k === 'first_name' || $k === 'last_name' || $k === 'disp_name') && rs_wpss_anchortxt_blacklist_chk($v)) {
                $wpss_error_code .= ' ' . $pref . '10500A-BL-' . $k_uc;
                if ($reg_badrobot_error !== TRUE && $reg_jsck_error !== TRUE) {
                    $nfk = $new_fields[$k];
                    $errors->add('blacklist_' . $k . '_error', '<strong>' . $error_txt . ':</strong> ' . sprintf(__('"%1$s" appears to be spam. Please enter a different value in the <strong> %2$s </strong> field.', 'wp-spamshield'), sanitize_text_field($v), $nfk));
                }
            }
        }
    }
    /* Enhanced Comment Blacklist - R-0-ECBL*/
    if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($wpss_error_code)) {
        if (rs_wpss_blacklist_check('', $user_email)) {
            $wpss_error_code .= ' ' . $pref . '0-ECBL';
            $err_cod = 'blacklist_ecbl_error';
            $err_msg = __('User registration is currently not allowed.');
            if (TRUE === $buddypress_status) {
                $errors_3p[$err_cod] = $err_msg;
            } else {
                $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
            }
        }
    }
    if (FALSE === $wc_status) {
        /* BLACKLISTED USER */
        if (empty($wpss_error_code) && rs_wpss_ubl_cache()) {
            $wpss_error_code .= ' ' . $pref . '0-BL';
            $err_cod = 'blacklisted_user_error';
            $err_msg = __('User registration is currently not allowed.');
            if (TRUE === $buddypress_status) {
                $errors_3p[$err_cod] = $err_msg;
            } else {
                $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
            }
        }
    }
    /* Done with Tests */
    /* Now Log the Errors, if any */
    $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
    $post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
    if (!empty($post_ref2xjs)) {
        $ref2xJS = rs_wpss_casetrans('lower', addslashes(urldecode($post_ref2xjs)));
        $ref2xJS = str_replace('%3a', ':', $ref2xJS);
        $ref2xJS = str_replace(' ', '+', $ref2xJS);
        $wpss_javascript_page_referrer = esc_url_raw($ref2xJS);
    } else {
        $wpss_javascript_page_referrer = '[None]';
    }
    if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') {
        $wpss_jsonst = $post_jsonst;
    } else {
        $wpss_jsonst = '[None]';
    }
    $user_id = 'None';
    /* Possibly change to '' */
    $register_author_data = array('display_name' => $user_data['disp_name'], 'user_firstname' => $user_data['first_name'], 'user_lastname' => $user_data['last_name'], 'user_email' => $user_email, 'user_login' => $user_login, 'ID' => $user_id, 'comment_author' => $user_data['disp_name'], 'comment_author_email' => $user_email, 'comment_author_url' => '', 'javascript_page_referrer' => $wpss_javascript_page_referrer, 'jsonst' => $wpss_jsonst);
    if (empty($register_author_data['comment_author']) && !empty($user_login)) {
        $register_author_data['comment_author'] = $user_login;
    }
    unset($wpss_javascript_page_referrer, $wpss_jsonst);
    $wpss_error_code = trim($wpss_error_code);
    if (strpos($wpss_error_code, '0-BL') !== FALSE || strpos($wpss_error_code, '0-ECBL') !== FALSE) {
        rs_wpss_append_log_data('Blacklisted user detected. Registration has been temporarily disabled to prevent spam. ERROR CODE: ' . $wpss_error_code, FALSE);
    }
    if (!empty($wpss_error_code)) {
        if (TRUE === $buddypress_status) {
            $wpss_error_code = str_replace('R-', 'BPR-', $wpss_error_code);
        } elseif (TRUE === $wc_status) {
            $wpss_error_code = str_replace('R-', 'WCR-', $wpss_error_code);
        } elseif (TRUE === $s2member_status) {
            $wpss_error_code = str_replace('R-', 'S2R-', $wpss_error_code);
        } elseif (TRUE === $wpmembers_status) {
            $wpss_error_code = str_replace('R-', 'WPMR-', $wpss_error_code);
        } elseif (TRUE === $affiliates_status) {
            $wpss_error_code = str_replace('R-', 'AFFR-', $wpss_error_code);
        }
        rs_wpss_update_accept_status($register_author_data, 'r', 'Line: ' . __LINE__, $wpss_error_code);
        rs_wpss_increment_reg_count();
        if (!empty($spamshield_options['comment_logging'])) {
            rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
        }
    } elseif (TRUE === $buddypress_status) {
        rs_wpss_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__);
        if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) {
            rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
        }
    }
    /* Now return the error values, or output error message */
    if (TRUE === $wc_status) {
        $wpss_wc_reg_inprog = FALSE;
    }
    if (!empty($wpss_error_code)) {
        if (TRUE === $buddypress_status) {
            $error_msg = '';
            foreach ($errors_3p as $c => $m) {
                $error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL;
            }
            WP_SpamShield::wp_die($error_msg, TRUE);
        }
    } elseif (TRUE === $wc_status) {
        rs_wpss_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__);
        if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) {
            rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
        }
    }
    $wpss_reg_err_chk_complete = TRUE;
    return $errors;
}