function rs_wpss_comment_content_filter($commentdata, $spamshield_options)
{
/***
* Content Filter aka "The Algorithmic Layer"
* Blocking the Obvious to Improve Human/Pingback/Trackback Defense
***/
/* Timer Start - Content Filter */
if (empty($commentdata['start_time_content_filter'])) {
$wpss_start_time_content_filter = microtime(TRUE);
$commentdata['start_time_content_filter'] = $wpss_start_time_content_filter;
}
$content_filter_status = $wpss_error_code = '';
/* Must go before tests */
rs_wpss_update_session_data($spamshield_options);
/* TEST 0 - See if user has already been blacklisted this session */
if (!is_user_logged_in() && rs_wpss_ubl_cache()) {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
/* 1.8 - Changed from '2' to '3' */
$wpss_error_code .= ' 0-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
$post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
$post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
/* CONTENT FILTERING - BEGIN */
$commentdata_comment_post_id = $commentdata['comment_post_ID'];
$commentdata_comment_post_title = $commentdata['comment_post_title'];
$commentdata_comment_post_title_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_title);
$commentdata_comment_post_title_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_title_lc);
$commentdata_comment_post_url = $commentdata['comment_post_url'];
$commentdata_comment_post_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_url);
$commentdata_comment_post_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_url_lc);
$commentdata_comment_post_type = $commentdata['comment_post_type'];
/* Possible results: 'post', 'page', 'attachment', 'revision', 'nav_menu_item' */
/* Next two are boolean */
$commentdata_comment_post_comments_open = $commentdata['comment_post_comments_open'];
$commentdata_comment_post_pings_open = $commentdata['comment_post_pings_open'];
$commentdata_comment_author = $commentdata['comment_author'];
$commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author);
$commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author);
$commentdata_comment_author_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_lc);
$commentdata_comment_author_lc_words = rs_wpss_count_words($commentdata_comment_author_lc);
$commentdata_comment_author_lc_space = ' ' . $commentdata_comment_author_lc . ' ';
$commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc);
$commentdata_comment_author_lc_deslashed_regex = rs_wpss_preg_quote($commentdata_comment_author_lc_deslashed);
$commentdata_comment_author_lc_deslashed_words = rs_wpss_count_words($commentdata_comment_author_lc_deslashed);
$commentdata_comment_author_lc_deslashed_space = ' ' . $commentdata_comment_author_lc_deslashed . ' ';
$commentdata_comment_author_email = $commentdata['comment_author_email'];
$commentdata_comment_author_email_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_email);
$commentdata_comment_author_email_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_email_lc);
$commentdata_comment_author_url = $commentdata['comment_author_url'];
$commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url);
$commentdata_comment_author_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_url_lc);
$commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc);
$commentdata_comment_content = $commentdata['comment_content'];
$commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content);
$commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc);
$commentdata_comment_content_extracted_urls = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url');
/* Parse comment content for all URLs */
$commentdata_comment_content_extracted_urls_at = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url_at');
/* Parse comment content for Anchor Text Link URLs */
$commentdata_comment_content_num_links = count($commentdata_comment_content_extracted_urls);
/* Count extracted URLS from body content - Added 1.8.4 */
$commentdata_comment_content_num_limit = 3;
/* Max number of links in comment body content */
$replace_apostrophes = array('’', '`', '´', '`', ''', '`', 'e', '‘', '’', 'ž', '´', 'Ï', 'Ð', '‘', '’');
$commentdata_comment_content_lc_norm_apost = str_replace($replace_apostrophes, "'", $commentdata_comment_content_lc_deslashed);
$commentdata_comment_type = $commentdata['comment_type'];
/*
if( $commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback' ) {
$commentdata_comment_type = 'comment';
}
*/
$commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE);
$commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent);
$user_http_accept = rs_wpss_get_http_accept(TRUE, TRUE);
$user_http_accept_language = rs_wpss_get_http_accept(TRUE, TRUE, TRUE);
$commentdata_remote_addr = rs_wpss_get_ip_addr();
$commentdata_remote_addr_regex = rs_wpss_preg_quote($commentdata_remote_addr);
$commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr);
$commentdata_remote_addr_lc_regex = rs_wpss_preg_quote($commentdata_remote_addr_lc);
$commentdata_referrer = rs_wpss_get_referrer();
$commentdata_referrer_lc = rs_wpss_casetrans('lower', $commentdata_referrer);
$commentdata_php_self = $_SERVER['PHP_SELF'];
$commentdata_php_self_lc = rs_wpss_casetrans('lower', $commentdata_php_self);
$blog_server_ip = WPSS_SERVER_ADDR;
$blog_server_name = WPSS_SERVER_NAME;
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
/***
* Post Type Filter - INVALTY
* Removed V 1.1.7 - Found Exception
***/
/* Simple Filters */
/* BEING DEPRECATED... */
$blacklist_word_combo_total_limit = 10;
/* you may increase to 30+ if blog's topic is adult in nature - DEPRECATED */
$blacklist_word_combo_total = 0;
/* Body Content - Check for excessive number of links in message ( body_content ) - 1.8.4 */
if ($commentdata_comment_content_num_links > $commentdata_comment_content_num_limit) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 1-HT';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/***
* Authors Only - Non-Trackback
* Removed Filters 300-423 and replaced with Regex
***/
/* Author Blacklist Check - Invalid Author Names - Stopping Human Spam */
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' && rs_wpss_anchortxt_blacklist_chk($commentdata_comment_author_lc_deslashed, '', 'author', $commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500A-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - BEGIN */
/* 10500-13000 - Complex Test for terms in Comment Author/URL - $commentdata_comment_author_lc_deslashed/$commentdata_comment_author_url_domain_lc */
/* Blacklisted Domains Check */
if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10510AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Testing for a unique identifying string from the comment content in the Author URL Domain */
preg_match("~\\s+([a-z0-9]{6,})\$~i", $commentdata_comment_content_lc_deslashed, $wpss_str_matches);
if (!empty($wpss_str_matches[1])) {
$wpss_spammer_id_string = $wpss_str_matches[1];
} else {
$wpss_spammer_id_string = '';
}
$commentdata_comment_author_url_domain_lc_elements = explode('.', $commentdata_comment_author_url_domain_lc);
$commentdata_comment_author_url_domain_lc_elements_count = count($commentdata_comment_author_url_domain_lc_elements) - 1;
if (!empty($wpss_spammer_id_string)) {
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $commentdata_comment_author_url_domain_lc_elements_count && $i < $i_max) {
if (!empty($commentdata_comment_author_url_domain_lc_elements[$i])) {
if ($commentdata_comment_author_url_domain_lc_elements[$i] === $wpss_spammer_id_string) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10511AUA';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
}
/***
* Potential Exploits
* Includes protection for Trackbacks and Pingbacks
***/
/* Check Author URL for Exploits */
if (rs_wpss_exploit_url_chk($commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 15000AU-XPL';
/* Added in 1.4 - Replacing 15001AU-XPL and 15002AU-XPL, and adds additional protection */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - END */
$blacklist_word_combo_limit = 7;
$blacklist_word_combo = 0;
$i = 0;
/* Regular Expression Tests - 2nd Gen - Comment Content - BEGIN */
/* Miscellaneous Patterns that Keep Repeating */
if (preg_match("~^([0-9]{6})\\s([0-9]{6})(.*)\\s([0-9]{6})\$~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10401C';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Blacklisted Anchor Text Check - Links in Content - Stopping Human Spam */
if (rs_wpss_anchortxt_blacklist_chk($commentdata_comment_content_lc_deslashed, '', 'content') && $commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500CAT-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Blacklisted Domains Check - Links in Content */
if (rs_wpss_link_blacklist_chk($commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500CU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check Anchor Text Links for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
if (rs_wpss_at_link_spam_url_chk($commentdata_comment_content_extracted_urls_at)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10510CU-BL';
/* Replacing 10510CU-MSC */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check all URL's in Comment Content for Exploits */
if (rs_wpss_exploit_url_chk($commentdata_comment_content_extracted_urls)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 15000CU-XPL';
/* Added in 1.4 */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Content - END */
/***
* Test Comment Author
* Words in Comment Author Repeated in Content - With Keyword Density
***/
$repeated_terms_filters = array('.', '-', ':');
$repeated_terms_temp_phrase = str_replace($repeated_terms_filters, '', $commentdata_comment_author_lc_deslashed);
$repeated_terms_test = explode(' ', $repeated_terms_temp_phrase);
$repeated_terms_test_count = count($repeated_terms_test);
$comment_content_total_words = rs_wpss_count_words($commentdata_comment_content_lc_deslashed);
$i = 0;
while ($i < $repeated_terms_test_count) {
if (!empty($repeated_terms_test[$i])) {
$repeated_terms_in_content_count = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, $repeated_terms_test[$i]);
$repeated_terms_in_content_str_len = rs_wpss_strlen($repeated_terms_test[$i]);
if ($repeated_terms_in_content_count > 1 && $comment_content_total_words < $repeated_terms_in_content_count) {
$repeated_terms_in_content_count = 1;
}
$repeated_terms_in_content_density = $repeated_terms_in_content_count / $comment_content_total_words * 100;
if ($repeated_terms_in_content_count >= 5 && $repeated_terms_in_content_str_len >= 4 && $repeated_terms_in_content_density > 40) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9000-' . $i;
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/* Comment Author and URL Tests */
if (!empty($commentdata_comment_author_url_lc) && !empty($commentdata_comment_author_lc_deslashed)) {
/* Comment Author and Comment Author URL appearing in Content - REGEX VERSION */
if (preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*{$commentdata_comment_author_url_lc_regex}([a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]*)(['\"])?(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9100-1';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)\\s*(['\"])?\\s*(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9101';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if (preg_match("~^((ww[w0-9]|m)\\.)?{$commentdata_comment_author_lc_deslashed_regex}\$~i", $commentdata_comment_author_url_domain_lc) && !preg_match("~https?\\:/+~i", $commentdata_comment_author_lc_deslashed)) {
/* Changed to include Trackbacks and Pingbacks in 1.1.4.4 */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9102';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9103';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/***
* Email Filters
* New Test with Blacklists
***/
if (rs_wpss_email_blacklist_chk($commentdata_comment_author_email_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9200E-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TEST REFERRERS 1 - TO THE COMMENT PROCESSOR */
if (strpos(WPSS_COMMENTS_POST_URL, $commentdata_php_self_lc) !== FALSE && $commentdata_referrer_lc === WPSS_COMMENTS_POST_URL) {
/* Often spammers send the referrer as the URL for the wp-comments-post.php page. */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' REF-1-1011';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TEST REFERRERS 2 - SPAMMERS SEARCHING FOR PAGES TO COMMENT ON */
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$ref2xJS_lc = rs_wpss_casetrans('lower', $ref2xJS);
if (preg_match("~\\.google\\.co(m|\\.[a-z]{2})~i", $ref2xJS) && strpos($ref2xJS_lc, 'leave a comment') !== FALSE) {
/* make test more robust for other versions of google & search query */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' REF-2-1021';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* add Keyword Script Here */
}
/***
* TEST REFERRERS 3 - TO THE PAGE BEING COMMENTED ON
* DISABLED IN V1.5.9
***/
/* Spam Network - BEGIN */
/***
* PART OF BAD ROBOTS TEST - BEGIN
* Test User-Agents
***/
if (empty($commentdata_user_agent_lc)) {
/* There is no reason for a blank UA String, unless it's been altered or a bot. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
$commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc);
if (!empty($commentdata_user_agent_lc) && $commentdata_user_agent_lc_word_count < 3) {
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' || strpos($commentdata_user_agent_lc, 'movabletype') === FALSE && $commentdata_comment_type === 'trackback') {
/* Another test for altered UA's. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1003';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) {
/* There is no reason for a human to use one of these UA strings. Commonly used to attack/spam WP. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* PART OF BAD ROBOTS TEST - END */
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
/***
* PART OF BAD ROBOTS TEST - BEGIN
* Test HTTP_ACCEPT
***/
if (empty($user_http_accept)) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* HA1002 removed in 1.9.0.3 */
if ($user_http_accept === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1003';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* More complex test for invalid 'HTTP_ACCEPT' */
$user_http_accept_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept);
$user_http_accept_elements = explode(',', $user_http_accept_mod_1);
$user_http_accept_elements_count = count($user_http_accept_elements);
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $user_http_accept_elements_count && $i < $i_max) {
if (!empty($user_http_accept_elements[$i])) {
if ($user_http_accept_elements[$i] === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/* Test HTTP_ACCEPT_LANGUAGE */
if (empty($user_http_accept_language)) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($user_http_accept_language === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1002';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* More complex test for invalid 'HTTP_ACCEPT_LANGUAGE' */
$user_http_accept_language_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept_language);
$user_http_accept_language_elements = explode(',', $user_http_accept_language_mod_1);
$user_http_accept_language_elements_count = count($user_http_accept_language_elements);
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $user_http_accept_language_elements_count && $i < $i_max) {
if (!empty($user_http_accept_language_elements[$i])) {
if ($user_http_accept_language_elements[$i] === '*' && strpos($commentdata_user_agent_lc, 'links (') !== 0) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/***
* HAL1005 - NOT IMPLEMENTED
* PART OF BAD ROBOTS TEST - END
***/
/***
* Test PROXY STATUS if option
* Google Chrome Compression Proxy Bypass
***/
if ($ip_proxy === 'PROXY DETECTED' && $ip_proxy_chrome_compression !== 'TRUE' && empty($spamshield_options['allow_proxy_users'])) {
$content_filter_status = '10';
$wpss_error_code .= ' PROXY1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/***
* Test IPs - was here
* IP1003 - Removed in 1.8
***/
/* Reverse DNS Server Tests - BEGIN */
if ($commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback') {
/* Test Reverse DNS Hosts - Do all with Reverse DNS not Remote Host */
$rev_dns_filter_data = rs_wpss_revdns_filter('comment', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc);
$revdns_blacklisted = $rev_dns_filter_data['blacklisted'];
if (!empty($revdns_blacklisted)) {
$content_filter_status = $rev_dns_filter_data['status'];
$wpss_error_code .= $rev_dns_filter_data['error_code'];
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* Reverse DNS Server Tests - END */
/* Spam Network - END */
/* Test Pingbacks and Trackbacks - OLD LOCATION */
/* Miscellaneous Preg Match Tests - Changed to regex in V1.8.4 */
$wpss_misc_spam_phrases_to_check = array('5000' => "~\\[\\.+\\]\\s+\\[\\.+\\]~", '5001' => "~^<new\\s+comment>\$~i", '5003' => "~^([a-z0-9\\s\\.,!]{0,12})?((he.a?|h([ily]{1,2}))(\\s+there)?|howdy|hello|bonjour|good\\s+day)([\\.,!])?\\s+(([ily]{1,2})\\s+know\\s+)?th([ily]{1,2})s\\s+([ily]{1,2})s\\s+([a-z\\s]{3,12}|somewhat|k([ily]{1,2})nd\\s*of)?(of{1,2}\\s+)?of{1,2}\\s+top([ily]{1,2})c\\s+(but|however)\\s+([ily]{1,2})\\s+(was\\s+wonder([ily]{1,2})nn?g?|need\\s+some\\s+adv([ily]{1,2})ce)~i", '5004' => "~^th([ily]{1,2})s\\s+([ily]{1,2})s\\s+k([ily]{1,2})nd\\s+of\\s+off\\s+top([ily]{1,2})c\\s+but~i");
/* 5002 - Removed in V1.8.4 */
foreach ($wpss_misc_spam_phrases_to_check as $ec => $rgx_phrase) {
if (preg_match($rgx_phrase, $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' ' . $ec;
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* BOILERPLATE: Add common boilerplate/template spam phrases... Add Blacklist functions */
/* WP Blacklist Check - BEGIN */
/* Test WP Blacklist if option set */
if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($content_filter_status)) {
if (rs_wpss_blacklist_check($commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc, $commentdata_comment_author_url_lc, $commentdata_comment_content_lc_deslashed, $ip, $commentdata_user_agent_lc, '')) {
if (empty($content_filter_status)) {
$content_filter_status = '100';
}
$wpss_error_code .= ' WP-BLACKLIST';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* WP Blacklist Check - END */
/* Timer End - Content Filter */
$wpss_end_time_content_filter = microtime(TRUE);
$wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE);
$commentdata['total_time_content_filter'] = $wpss_total_time_content_filter;
if (empty($wpss_error_code)) {
$wpss_error_code = 'No Error';
} else {
$wpss_error_code = trim($wpss_error_code);
}
/***
* $spamshield_error_data = array( $wpss_error_code, $blacklist_word_combo, $blacklist_word_combo_total );
*/
$commentdata['wpss_error_code'] = trim($wpss_error_code);
$commentdata['content_filter_status'] = $content_filter_status;
return $commentdata;
/* CONTENT FILTERING - END */
}
function rs_wpss_extra_notification_data($text, $spamshield_options = NULL, $cf7 = FALSE)
{
if (empty($spamshield_options)) {
global $spamshield_options;
if (empty($spamshield_options)) {
$spamshield_options = get_option('spamshield_options');
}
}
rs_wpss_update_session_data($spamshield_options);
$post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : '';
$post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
$post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst);
$post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
$eml_eol = "\r\n";
/* Added 1.9.7 */
if (!empty($cf7)) {
$text .= $eml_eol;
}
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
global $wpss_geolocation;
if (empty($wpss_geolocation)) {
$wpss_geolocation = rs_wpss_wf_geoiploc($ip, TRUE);
}
} else {
global $wpss_geoloc_short;
if (empty($wpss_geoloc_short)) {
$wpss_geoloc_short = rs_wpss_wf_geoiploc_short($ip);
}
}
/* Sanitized versions for output */
$wpss_http_accept_language = rs_wpss_get_http_accept(FALSE, FALSE, TRUE);
$wpss_http_accept = rs_wpss_get_http_accept();
$wpss_http_user_agent = rs_wpss_get_user_agent();
$wpss_http_browser = rs_wpss_get_browser();
$wpss_http_referer = rs_wpss_get_referrer(FALSE, TRUE, TRUE);
/* Initial referrer, aka "Referring Site" - Changed 1.7.9 */
if (empty($spamshield_options['hide_extra_data'])) {
if (!empty($cf7)) {
$text .= $eml_eol;
}
$text .= $eml_eol;
$text .= '------------------------------------------------------------------------------' . $eml_eol;
$text .= __('Additional Technical Data Added by WP-SpamShield', 'wp-spamshield') . $eml_eol;
$text .= '------------------------------------------------------------------------------' . $eml_eol;
/* DEBUG ONLY - BEGIN */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
/* CF7 Only */
if (!empty($cf7)) {
$wpss_log_session_data = rs_wpss_get_log_session_data();
extract($wpss_log_session_data);
$noda = '[No Data]';
/* Timer - BEGIN*/
$wpss_time_end = microtime(TRUE);
if (empty($wpss_time_init) && !empty($wpss_timestamp_init)) {
$wpss_time_init = $wpss_timestamp_init;
}
if (!empty($wpss_time_init)) {
$wpss_time_on_site = rs_wpss_timer($wpss_time_init, $wpss_time_end, TRUE, 2);
} else {
$wpss_time_on_site = $noda;
}
if (!empty($wpss_timestamp_init)) {
$wpss_site_entry_time = get_date_from_gmt(date('Y-m-d H:i:s', $wpss_timestamp_init), 'Y-m-d (D) H:i:s e');
/* Added 1.7.3 */
} else {
$wpss_site_entry_time = $noda;
}
/* Timer - END */
$wpss_hits_per_page = str_replace(WPSS_EOL, $eml_eol, $wpss_hits_per_page);
$text .= "Pages Visited: " . $wpss_hits_per_page;
$text .= "Time on Site: ['" . $wpss_time_on_site . "']" . $eml_eol;
}
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$text .= $eml_eol . "JS Page Referrer Check: {$ref2xJS}" . $eml_eol;
}
if (!empty($post_jsonst)) {
$JSONST = sanitize_text_field($post_jsonst);
$text .= $eml_eol . "JSONST: {$JSONST}" . $eml_eol;
}
} else {
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$text .= $eml_eol . __('Page Referrer Check.', 'wp-spamshield') . ': ' . $ref2xJS . $eml_eol;
}
}
$text .= $eml_eol;
$text .= __('Referrer', 'wp-spamshield') . ': ' . $wpss_http_referer . $eml_eol . $eml_eol;
/* Initial referrer, aka "Referring Site" - Changed 1.7.9 */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0 && !empty($_COOKIE['_referrer_og'])) {
$text .= __('Clicky Referrer', 'wp-spamshield') . ': ' . $_COOKIE['_referrer_og'] . $eml_eol . $eml_eol;
/* DEBUG ONLY - Added 1.9.7 */
}
$text .= __('User-Agent (Browser/OS)', 'wp-spamshield') . ': ' . $wpss_http_user_agent . $eml_eol;
if (!empty($wpss_http_browser)) {
$text .= __('Browser', 'wp-spamshield') . ': ' . $wpss_http_browser . $eml_eol;
}
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
if (!empty($wpss_geolocation) && rs_wpss_is_lang_en_us()) {
/* English only for now; TO DO: TRANSLATE */
$text .= __('Location', 'wp-spamshield') . ': ' . $wpss_geolocation . $eml_eol;
}
} else {
if (!empty($wpss_geoloc_short) && rs_wpss_is_lang_en_us()) {
/* English only for now; TO DO: TRANSLATE */
$text .= __('Country', 'wp-spamshield') . ': ' . $wpss_geoloc_short . $eml_eol;
}
}
$text .= __('IP Address', 'wp-spamshield') . ': ' . $ip . $eml_eol;
$text .= __('Server', 'wp-spamshield') . ': ' . $reverse_dns . $eml_eol;
$text .= __('IP Address Lookup', 'wp-spamshield') . ': http://ipaddressdata.com/' . $ip . "\r\n\r\n";
$text .= '(' . __('This data is helpful if you need to submit a spam sample.', 'wp-spamshield') . ')' . $eml_eol;
}
return $text;
}
