public static function misc_form_bypass()
{
/**
* Miscellaneous Form Spam Check Bypass
*/
/* Setup necessary variables */
$url = rs_wpss_get_url();
$url_lc = rs_wpss_casetrans('lower', $url);
$req_uri = $_SERVER['REQUEST_URI'];
$req_uri_lc = rs_wpss_casetrans('lower', $req_uri);
$post_count = count($_POST);
$ip = rs_wpss_get_ip_addr();
$user_agent = rs_wpss_get_user_agent();
$referer = rs_wpss_get_referrer();
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
/* GEOLOCATION */
if ($post_count == 6 && isset($_POST['updatemylocation'], $_POST['log'], $_POST['lat'], $_POST['country'], $_POST['zip'], $_POST['myaddress'])) {
return TRUE;
}
/* WP Remote */
if (defined('WPRP_PLUGIN_SLUG') && !empty($_POST['wpr_verify_key']) && preg_match("~\\ WP\\-Remote\$~", $user_agent) && preg_match("~\\.amazonaws\\.com\$~", $reverse_dns)) {
return TRUE;
}
/* Ecommerce Plugins */
if ((rs_wpss_is_ssl() || !empty($_POST['add-to-cart']) || !empty($_POST['add_to_cart']) || !empty($_POST['addtocart']) || !empty($_POST['product-id']) || !empty($_POST['product_id']) || !empty($_POST['productid']) || $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') && self::is_ecom_enabled()) {
return TRUE;
}
if ((rs_wpss_is_ssl() || self::is_ecom_enabled()) && $fcrdns === '[Verified]') {
/* PayPal, Stripe, Authorize.net, Worldpay, etc */
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) || $reverse_dns === 'api.stripe.com' || preg_match("~(^|\\.)(authorize\\.net|worldpay\\.com|payfast\\.co\\.za|api\\.mollie\\.nl|api\\.simplifycommerce\\.com|wepayapi\\.com|2checkout\\.com|paylane\\.com)\$~", $reverse_dns)) {
return TRUE;
}
}
/* WooCommerce Payment Gateways */
if (self::is_woocom_enabled()) {
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || strpos($req_uri, 'WC_Gateway_Paypal') !== FALSE) {
return TRUE;
}
if (preg_match("~(^|\\.)payfast\\.co\\.za\$~", $reverse_dns) || strpos($req_uri, 'wc-api') !== FALSE && strpos($req_uri, 'WC_Gateway_PayFast') !== FALSE) {
return TRUE;
}
/* Plugin: 'woocommerce-gateway-payfast/gateway-payfast.php' */
if (preg_match("~((\\?|\\&)wc\\-api\\=WC_(Addons_)?Gateway_|/wc\\-api/.*WC_(Addons_)?Gateway_)~", $req_uri)) {
return TRUE;
}
/* $wc_gateways = array( 'WC_Gateway_BACS', 'WC_Gateway_Cheque', 'WC_Gateway_COD', 'WC_Gateway_Paypal', 'WC_Addons_Gateway_Simplify_Commerce', 'WC_Gateway_Simplify_Commerce' ); */
}
/* Easy Digital Downloads Payment Gateways */
if (defined('EDD_VERSION')) {
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || !empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'IPN' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'IPN') !== FALSE) {
return TRUE;
}
if (!empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'amazon' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'amazon') !== FALSE) {
return TRUE;
}
if (!empty($_GET['edd-listener']) || strpos($req_uri, 'edd-listener') !== FALSE) {
return TRUE;
}
}
/* Gravity Forms PayPal Payments Standard Add-On ( http://www.gravityforms.com/add-ons/paypal/ ) */
if (defined('GF_MIN_WP_VERSION') && defined('GF_PAYPAL_VERSION') || class_exists('GFForms') && class_exists('GF_PayPal_Bootstrap')) {
if ($url === WPSS_SITE_URL . '/?page=gf_paypal_ipn' && isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign'])) {
return TRUE;
}
}
/* PayPal IPN */
if (isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['payment_type'], $_POST['payment_status'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign']) && FALSE !== strpos($req_uri_lc, 'paypal') && $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') {
return TRUE;
}
/* Clef */
if (defined('CLEF_VERSION')) {
if (preg_match("~^Clef/[0-9](\\.[0-9]+)+\\ \\(https\\://getclef\\.com\\)\$~", $user_agent) && preg_match("~((^|\\.)clef\\.io|\\.amazonaws\\.com)\$~", $reverse_dns)) {
return TRUE;
}
}
/* OA Social Login */
if (defined('OA_SOCIAL_LOGIN_VERSION')) {
$ref_dom_rev = strrev(rs_wpss_get_domain($referer));
$oa_dom_rev = strrev('api.oneall.com');
if ($post_count >= 4 && isset($_GET['oa_social_login_source'], $_POST['oa_action'], $_POST['oa_social_login_token'], $_POST['connection_token'], $_POST['identity_vault_key']) && $_POST['oa_action'] === 'social_login' && strpos($ref_dom_rev, $oa_dom_rev) === 0) {
return TRUE;
}
}
/* Nothing was triggered */
return FALSE;
}
/**
* Does comment or contact form contain blacklisted characters, words, IP addresses, or email addresses.
*
* @since 1.5.4
*
* @param string $author The author name of the submitter
* @param string $email The email of the submitter
* @param string $url The url used in the submission
* @param string $content The submitted content
* @param string $user_ip The submitter IP address
* @param string $user_agent The submitter's browser / user agent
* @param string $user_server The submitter's server (reverse DNS of IP)
* @return bool TRUE if submission contains blacklisted content, FALSE if submission does not
*/
function rs_wpss_blacklist_check($author, $email, $url, $content, $user_ip, $user_agent, $user_server)
{
/**
* Fires at end of contact form and comment content filters.
* Upgrade from WordPress' built-in and flawed wp_blacklist_check() function.
* Removed User-Agent filter from wp_blacklist_check() - Not a good idea to let users play with User-Agent filtering, most people don't realize this will be tested, leading to false-positives.
* Also, it's not in the documentation...nowhere in the WP Dashboard does it mention testing against User-Agents.
*
* @since 1.5.4
*
* @param string $author Comment or Contact Form author name.
* @param string $email Comment or Contact Form author's email.
* @param string $url Comment or Contact Form author's URL.
* @param string $content Comment or Contact Form content.
* @param string $user_ip Comment or Contact Form author's IP address.
* @param string $user_agent Comment or Contact Form author's browser / user agent.
* @param string $user_server Comment or Contact Form author's server (reverse DNS of IP).
*/
$blacklist_keys = trim(stripslashes(get_option('blacklist_keys')));
if (empty($blacklist_keys)) {
return FALSE;
}
/* If blacklist keys are empty */
if (strpos($blacklist_keys, '[WPSS-ECBL][COUNTRY]') !== FALSE) {
global $wpss_geoiploc_data;
if (empty($wpss_geoiploc_data)) {
$wpss_geoiploc_data = rs_wpss_wf_geoiploc($user_ip);
}
if (!empty($wpss_geoiploc_data)) {
extract($wpss_geoiploc_data);
}
}
$blacklist_keys_arr = explode(WPSS_EOL, $blacklist_keys);
foreach ((array) $blacklist_keys_arr as $key) {
$key = trim($key);
/* Skip empty lines */
if (empty($key)) {
continue;
}
/* Do some escaping magic so that '~' chars in the spam words don't break things: */
$key_pq = rs_wpss_preg_quote($key);
$pattern_regex = "~{$key_pq}~i";
if (strpos($key, '[WPSS-ECBL]') === 0) {
/* Advanced flags work on contact form only, for now */
$key = str_replace('[WPSS-ECBL]', '', $key);
if (strpos($key, '[SERVER]') === 0 && !empty($user_server)) {
$key = str_replace('[SERVER]', '', $key);
$referrer = rs_wpss_get_referrer(FALSE, TRUE, TRUE);
$ref_domain = rs_wpss_get_domain($referrer);
if (strpos($key, '[REF]') === 0 && !empty($ref_domain)) {
/* Added 1.8.1 */
$key = str_replace('[REF]', '', $key);
$key_pq = rs_wpss_preg_quote($key);
if (preg_match("~{$key_pq}\$~i", $ref_domain)) {
return TRUE;
}
} elseif (strpos($key, '.') === 0 || strpos($key, '-') === 0) {
$key_pq = rs_wpss_preg_quote($key);
if (preg_match("~{$key_pq}\$~i", $user_server)) {
return TRUE;
}
} elseif ($key === $user_server) {
return TRUE;
}
} elseif (strpos($key, '[COUNTRY]') === 0 && !empty($countryCode)) {
/***
* Country Blocking - Ex: '[WPSS-ECBL][COUNTRY]AA,BB,CC'
* Added 1.9.5.2
* Full list of ISO Country codes:
* https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
* http://www.nationsonline.org/oneworld/country_code_list.htm
***/
$key = str_replace(array('[COUNTRY]', ' '), array('', ''), $key);
if (preg_match("~([A-Z]{2},?)+~", $key)) {
$key_arr = explode(',', $key);
if ($key === $countryCode || in_array($countryCode, $key_arr, TRUE)) {
return TRUE;
}
}
}
} elseif (is_email($key)) {
if (!empty($email) && rs_wpss_sanitize_gmail($key) === rs_wpss_sanitize_gmail($email)) {
return TRUE;
}
} elseif (rs_wpss_is_valid_ip($key, '', TRUE)) {
/* IP C-block */
if (!empty($user_ip) && strpos($user_ip, $key) === 0) {
return TRUE;
}
} elseif (rs_wpss_is_valid_ip($key)) {
/* Complete IP Address */
if (!empty($user_ip) && $key === $user_ip) {
return TRUE;
}
} elseif (!empty($author) && preg_match($pattern_regex, $author) || !empty($url) && preg_match($pattern_regex, $url) || !empty($content) && preg_match($pattern_regex, $content)) {
return TRUE;
}
}
return FALSE;
}