public function widget($args, $instance)
{
$title = !empty($instance['title']) ? sanitize_text_field($instance['title']) : __('Spam', WPSS_PLUGIN_NAME);
$style = !empty($instance['style']) ? sanitize_text_field($instance['style']) : '6';
global $wpss_wid_inst;
if (!isset($wpss_wid_inst)) {
$wpss_wid_inst = 0;
}
++$wpss_wid_inst;
$style_max = 10;
$style_min = 1;
if (empty($style) || $style > $style_max || $style < $style_min) {
$style = 1;
}
if ($style > 5) {
$size = 's';
$imgn = $style - 5;
$ht_x_diff = 7;
} else {
$size = 'lg';
$imgn = $style;
$ht_x_diff = 0;
}
$count = rs_wpss_number_format(rs_wpss_count());
//$count = rs_wpss_number_format( 1000000 ); /* FOR TESTING & SCREEN SHOTS ONLY */
$byline = WPSS_Promo_Links::promo_text(1);
$sip1c = substr(WPSS_SERVER_ADDR, 0, 1);
$ht_x = $sip1c > '5' ? 2 + $ht_x_diff : 3 + $ht_x_diff;
$hreftitle_txt = WPSS_Promo_Links::promo_text($ht_x);
$blocked_txt = rs_wpss_blocked_txt();
$blocked_txt_len = rs_wpss_strlen($blocked_txt);
echo $args['before_widget'];
echo $args['before_title'] . $title . $args['after_title'];
if ($size == 's') {
/* Small */
/* Set dynamic CSS values */
$l1_let_spac = '1';
$l2_let_spac = '1';
/* Default Letter Spacing */
$l1_fnt_sz = '18';
$l2_fnt_sz = '10';
/* Default Font Size */
/* Check string length so we can adjust letter spacing and font size to make everything fit nicely, without JS */
if ($blocked_txt_len > 18) {
$blocked_txt = 'SPAM BLOCKED';
} elseif ($blocked_txt_len > 16) {
$l2_fnt_sz = '7';
} elseif ($blocked_txt_len > 14) {
$l2_fnt_sz = '8';
} elseif ($blocked_txt_len > 13) {
$l2_fnt_sz = '9';
}
?>
<style type="text/css">
.wpsslstatssm_<?php
echo $wpss_wid_inst;
?>
{ width: 120px; height: 50px; overflow: hidden; }
.wpsslstatssm_<?php
echo $wpss_wid_inst;
?>
a { background: transparent; background:url(<?php
echo WPSS_PLUGIN_COUNTER_URL;
?>
/spamshield-counter-<?php
echo $size;
?>
-bg-<?php
echo $imgn;
?>
.png) no-repeat top left; background-position: 0px 0px; border-style: none; color: #FFF !important; cursor: pointer; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; padding: none; text-align: center; text-decoration: none; width: 120px; height: 50px; padding: 8px 0 0 0; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; }
.wpsslstatssm_<?php
echo $wpss_wid_inst;
?>
a:hover { text-decoration: none; background:url(<?php
echo WPSS_PLUGIN_COUNTER_URL;
?>
/spamshield-counter-<?php
echo $size;
?>
-bg-<?php
echo $imgn;
?>
.png) no-repeat top left; background-position: 0px -50px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; }
.wpsslstatssm_<?php
echo $wpss_wid_inst;
?>
a:active { text-decoration: none; background:url(<?php
echo WPSS_PLUGIN_COUNTER_URL;
?>
/spamshield-counter-<?php
echo $size;
?>
-bg-<?php
echo $imgn;
?>
.png) no-repeat top left; background-position: 0px -100px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; }
.wpsslstatssm_<?php
echo $wpss_wid_inst;
?>
.wpsslcountsm_<?php
echo $wpss_wid_inst;
?>
{ color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php
echo $l1_fnt_sz;
?>
px; line-height: 140% !important; letter-spacing: <?php
echo $l1_let_spac;
?>
px !important; padding: 0 0 0 0; white-space: nowrap; }
.wpsslstatssm_<?php
echo $wpss_wid_inst;
?>
.wpsslcountsm2_<?php
echo $wpss_wid_inst;
?>
{ color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php
echo $l2_fnt_sz;
?>
px; line-height: 70% !important; letter-spacing: <?php
echo $l2_let_spac;
?>
px !important; padding: 0 0 0 0; white-space: nowrap; }
</style>
<div class="wpsslstatssm_<?php
echo $wpss_wid_inst;
?>
">
<a href="<?php
echo WPSS_HOME_URL;
?>
" target="_blank" rel="external" title="<?php
echo $hreftitle_txt;
?>
"><?php
printf(__('<strong class="wpsslcountsm_%1$s">%2$s</strong> <strong class="wpsslcountsm2_%3$s">%4$s</strong>', WPSS_PLUGIN_NAME), $wpss_wid_inst, $count, $wpss_wid_inst, $blocked_txt);
?>
</a>
</div>
<?php
} else {
/* Large */
/* Set dynamic CSS values */
$l1_let_spac = '2';
$l2_let_spac = '1';
$l3_let_spac = '1';
/* Default Letter Spacing */
$l1_fnt_sz = '19';
$l2_fnt_sz = '12';
$l3_fnt_sz = '9';
/* Default Font Size */
/* Check string length so we can adjust letter spacing and font size to make everything fit nicely, without JS */
if ($blocked_txt_len > 18) {
$blocked_txt = 'SPAM BLOCKED';
$byline = 'BY WP-SPAMSHIELD';
} elseif ($blocked_txt_len > 16) {
$l2_let_spac = 1;
$l3_let_spac = 1;
$l2_fnt_sz = '9';
$l3_fnt_sz = '7';
} elseif ($blocked_txt_len > 14) {
$l2_let_spac = 1;
$l3_let_spac = 1;
$l2_fnt_sz = '10';
$l3_fnt_sz = '8';
} elseif ($blocked_txt_len > 13) {
$l2_let_spac = 1;
$l3_let_spac = 1;
$l2_fnt_sz = '11';
}
?>
<style type="text/css">
.wpsslstats_<?php
echo $wpss_wid_inst;
?>
{ width: 140px; height: 66px; overflow: hidden; }
.wpsslstats_<?php
echo $wpss_wid_inst;
?>
a { background: transparent; background:url(<?php
echo WPSS_PLUGIN_COUNTER_URL;
?>
/spamshield-counter-<?php
echo $size;
?>
-bg-<?php
echo $imgn;
?>
.png) no-repeat top left; background-position: 0px 0px; border-style: none; color: #FFF !important; cursor: pointer; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; padding: none; text-align: center; text-decoration: none; width: 140px; height: 66px; padding: 8px 0 0 0; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; }
.wpsslstats_<?php
echo $wpss_wid_inst;
?>
a:hover { text-decoration: none; background:url(<?php
echo WPSS_PLUGIN_COUNTER_URL;
?>
/spamshield-counter-<?php
echo $size;
?>
-bg-<?php
echo $imgn;
?>
.png) no-repeat top left; background-position: 0px -66px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important;}
.wpsslstats_<?php
echo $wpss_wid_inst;
?>
a:active { text-decoration: none; background:url(<?php
echo WPSS_PLUGIN_COUNTER_URL;
?>
/spamshield-counter-<?php
echo $size;
?>
-bg-<?php
echo $imgn;
?>
.png) no-repeat top left; background-position: 0px -132px; transition: none !important; -moz-transition: none !important; -webkit-transition: none !important; }
.wpsslstats_<?php
echo $wpss_wid_inst;
?>
.wpsslcount_<?php
echo $wpss_wid_inst;
?>
{ color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php
echo $l1_fnt_sz;
?>
px; line-height: 140% !important; letter-spacing: <?php
echo $l1_let_spac;
?>
px !important; padding: 0 0 0 0; white-space: nowrap; }
.wpsslstats_<?php
echo $wpss_wid_inst;
?>
.wpsslcount2_<?php
echo $wpss_wid_inst;
?>
{ color: #FFF !important; display: block; font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php
echo $l2_fnt_sz;
?>
px; line-height: 80% !important; letter-spacing: <?php
echo $l2_let_spac;
?>
px !important; padding: 1px 0 0 0; white-space: nowrap; }
.wpsslstats_<?php
echo $wpss_wid_inst;
?>
.wpsslcount3_<?php
echo $wpss_wid_inst;
?>
{ font-family: Arial, Helvetica, sans-serif !important; font-weight: bold !important; font-size: <?php
echo $l3_fnt_sz;
?>
px; line-height: 70% !important; letter-spacing: <?php
echo $l3_let_spac;
?>
px !important; padding: 0 0 0 0; white-space: nowrap; position: relative; top: -2px; }
</style>
<div class="wpsslstats_<?php
echo $wpss_wid_inst;
?>
">
<a href="<?php
echo WPSS_HOME_URL;
?>
" target="_blank" rel="external" title="<?php
echo $hreftitle_txt;
?>
"><?php
printf(__('<strong class="wpsslcount_%1$s">%2$s</strong> <strong class="wpsslcount2_%3$s">%4$s</strong> <span class="wpsslcount3_%5$s">%6$s</span>', WPSS_PLUGIN_NAME), $wpss_wid_inst, $count, $wpss_wid_inst, $blocked_txt, $wpss_wid_inst, $byline);
?>
</a>
</div>
<?php
}
echo $args['after_widget'];
}
function rs_wpss_comment_content_filter($commentdata, $spamshield_options)
{
/***
* Content Filter aka "The Algorithmic Layer"
* Blocking the Obvious to Improve Human/Pingback/Trackback Defense
***/
/* Timer Start - Content Filter */
if (empty($commentdata['start_time_content_filter'])) {
$wpss_start_time_content_filter = microtime(TRUE);
$commentdata['start_time_content_filter'] = $wpss_start_time_content_filter;
}
$content_filter_status = $wpss_error_code = '';
/* Must go before tests */
rs_wpss_update_session_data($spamshield_options);
/* TEST 0 - See if user has already been blacklisted this session */
if (!is_user_logged_in() && rs_wpss_ubl_cache()) {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
/* 1.8 - Changed from '2' to '3' */
$wpss_error_code .= ' 0-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
$post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
$post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
/* CONTENT FILTERING - BEGIN */
$commentdata_comment_post_id = $commentdata['comment_post_ID'];
$commentdata_comment_post_title = $commentdata['comment_post_title'];
$commentdata_comment_post_title_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_title);
$commentdata_comment_post_title_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_title_lc);
$commentdata_comment_post_url = $commentdata['comment_post_url'];
$commentdata_comment_post_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_url);
$commentdata_comment_post_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_url_lc);
$commentdata_comment_post_type = $commentdata['comment_post_type'];
/* Possible results: 'post', 'page', 'attachment', 'revision', 'nav_menu_item' */
/* Next two are boolean */
$commentdata_comment_post_comments_open = $commentdata['comment_post_comments_open'];
$commentdata_comment_post_pings_open = $commentdata['comment_post_pings_open'];
$commentdata_comment_author = $commentdata['comment_author'];
$commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author);
$commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author);
$commentdata_comment_author_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_lc);
$commentdata_comment_author_lc_words = rs_wpss_count_words($commentdata_comment_author_lc);
$commentdata_comment_author_lc_space = ' ' . $commentdata_comment_author_lc . ' ';
$commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc);
$commentdata_comment_author_lc_deslashed_regex = rs_wpss_preg_quote($commentdata_comment_author_lc_deslashed);
$commentdata_comment_author_lc_deslashed_words = rs_wpss_count_words($commentdata_comment_author_lc_deslashed);
$commentdata_comment_author_lc_deslashed_space = ' ' . $commentdata_comment_author_lc_deslashed . ' ';
$commentdata_comment_author_email = $commentdata['comment_author_email'];
$commentdata_comment_author_email_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_email);
$commentdata_comment_author_email_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_email_lc);
$commentdata_comment_author_url = $commentdata['comment_author_url'];
$commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url);
$commentdata_comment_author_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_url_lc);
$commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc);
$commentdata_comment_content = $commentdata['comment_content'];
$commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content);
$commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc);
$commentdata_comment_content_extracted_urls = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url');
/* Parse comment content for all URLs */
$commentdata_comment_content_extracted_urls_at = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url_at');
/* Parse comment content for Anchor Text Link URLs */
$commentdata_comment_content_num_links = count($commentdata_comment_content_extracted_urls);
/* Count extracted URLS from body content - Added 1.8.4 */
$commentdata_comment_content_num_limit = 3;
/* Max number of links in comment body content */
$replace_apostrophes = array('’', '`', '´', '`', ''', '`', 'e', '‘', '’', 'ž', '´', 'Ï', 'Ð', '‘', '’');
$commentdata_comment_content_lc_norm_apost = str_replace($replace_apostrophes, "'", $commentdata_comment_content_lc_deslashed);
$commentdata_comment_type = $commentdata['comment_type'];
/*
if( $commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback' ) {
$commentdata_comment_type = 'comment';
}
*/
$commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE);
$commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent);
$user_http_accept = rs_wpss_get_http_accept(TRUE, TRUE);
$user_http_accept_language = rs_wpss_get_http_accept(TRUE, TRUE, TRUE);
$commentdata_remote_addr = rs_wpss_get_ip_addr();
$commentdata_remote_addr_regex = rs_wpss_preg_quote($commentdata_remote_addr);
$commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr);
$commentdata_remote_addr_lc_regex = rs_wpss_preg_quote($commentdata_remote_addr_lc);
$commentdata_referrer = rs_wpss_get_referrer();
$commentdata_referrer_lc = rs_wpss_casetrans('lower', $commentdata_referrer);
$commentdata_php_self = $_SERVER['PHP_SELF'];
$commentdata_php_self_lc = rs_wpss_casetrans('lower', $commentdata_php_self);
$blog_server_ip = WPSS_SERVER_ADDR;
$blog_server_name = WPSS_SERVER_NAME;
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
/***
* Post Type Filter - INVALTY
* Removed V 1.1.7 - Found Exception
***/
/* Simple Filters */
/* BEING DEPRECATED... */
$blacklist_word_combo_total_limit = 10;
/* you may increase to 30+ if blog's topic is adult in nature - DEPRECATED */
$blacklist_word_combo_total = 0;
/* Body Content - Check for excessive number of links in message ( body_content ) - 1.8.4 */
if ($commentdata_comment_content_num_links > $commentdata_comment_content_num_limit) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 1-HT';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/***
* Authors Only - Non-Trackback
* Removed Filters 300-423 and replaced with Regex
***/
/* Author Blacklist Check - Invalid Author Names - Stopping Human Spam */
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' && rs_wpss_anchortxt_blacklist_chk($commentdata_comment_author_lc_deslashed, '', 'author', $commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500A-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - BEGIN */
/* 10500-13000 - Complex Test for terms in Comment Author/URL - $commentdata_comment_author_lc_deslashed/$commentdata_comment_author_url_domain_lc */
/* Blacklisted Domains Check */
if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10510AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Testing for a unique identifying string from the comment content in the Author URL Domain */
preg_match("~\\s+([a-z0-9]{6,})\$~i", $commentdata_comment_content_lc_deslashed, $wpss_str_matches);
if (!empty($wpss_str_matches[1])) {
$wpss_spammer_id_string = $wpss_str_matches[1];
} else {
$wpss_spammer_id_string = '';
}
$commentdata_comment_author_url_domain_lc_elements = explode('.', $commentdata_comment_author_url_domain_lc);
$commentdata_comment_author_url_domain_lc_elements_count = count($commentdata_comment_author_url_domain_lc_elements) - 1;
if (!empty($wpss_spammer_id_string)) {
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $commentdata_comment_author_url_domain_lc_elements_count && $i < $i_max) {
if (!empty($commentdata_comment_author_url_domain_lc_elements[$i])) {
if ($commentdata_comment_author_url_domain_lc_elements[$i] === $wpss_spammer_id_string) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10511AUA';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
}
/***
* Potential Exploits
* Includes protection for Trackbacks and Pingbacks
***/
/* Check Author URL for Exploits */
if (rs_wpss_exploit_url_chk($commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 15000AU-XPL';
/* Added in 1.4 - Replacing 15001AU-XPL and 15002AU-XPL, and adds additional protection */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - END */
$blacklist_word_combo_limit = 7;
$blacklist_word_combo = 0;
$i = 0;
/* Regular Expression Tests - 2nd Gen - Comment Content - BEGIN */
/* Miscellaneous Patterns that Keep Repeating */
if (preg_match("~^([0-9]{6})\\s([0-9]{6})(.*)\\s([0-9]{6})\$~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10401C';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Blacklisted Anchor Text Check - Links in Content - Stopping Human Spam */
if (rs_wpss_anchortxt_blacklist_chk($commentdata_comment_content_lc_deslashed, '', 'content') && $commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500CAT-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Blacklisted Domains Check - Links in Content */
if (rs_wpss_link_blacklist_chk($commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500CU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check Anchor Text Links for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
if (rs_wpss_at_link_spam_url_chk($commentdata_comment_content_extracted_urls_at)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10510CU-BL';
/* Replacing 10510CU-MSC */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check all URL's in Comment Content for Exploits */
if (rs_wpss_exploit_url_chk($commentdata_comment_content_extracted_urls)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 15000CU-XPL';
/* Added in 1.4 */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Content - END */
/***
* Test Comment Author
* Words in Comment Author Repeated in Content - With Keyword Density
***/
$repeated_terms_filters = array('.', '-', ':');
$repeated_terms_temp_phrase = str_replace($repeated_terms_filters, '', $commentdata_comment_author_lc_deslashed);
$repeated_terms_test = explode(' ', $repeated_terms_temp_phrase);
$repeated_terms_test_count = count($repeated_terms_test);
$comment_content_total_words = rs_wpss_count_words($commentdata_comment_content_lc_deslashed);
$i = 0;
while ($i < $repeated_terms_test_count) {
if (!empty($repeated_terms_test[$i])) {
$repeated_terms_in_content_count = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, $repeated_terms_test[$i]);
$repeated_terms_in_content_str_len = rs_wpss_strlen($repeated_terms_test[$i]);
if ($repeated_terms_in_content_count > 1 && $comment_content_total_words < $repeated_terms_in_content_count) {
$repeated_terms_in_content_count = 1;
}
$repeated_terms_in_content_density = $repeated_terms_in_content_count / $comment_content_total_words * 100;
if ($repeated_terms_in_content_count >= 5 && $repeated_terms_in_content_str_len >= 4 && $repeated_terms_in_content_density > 40) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9000-' . $i;
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/* Comment Author and URL Tests */
if (!empty($commentdata_comment_author_url_lc) && !empty($commentdata_comment_author_lc_deslashed)) {
/* Comment Author and Comment Author URL appearing in Content - REGEX VERSION */
if (preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*{$commentdata_comment_author_url_lc_regex}([a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]*)(['\"])?(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9100-1';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)\\s*(['\"])?\\s*(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9101';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if (preg_match("~^((ww[w0-9]|m)\\.)?{$commentdata_comment_author_lc_deslashed_regex}\$~i", $commentdata_comment_author_url_domain_lc) && !preg_match("~https?\\:/+~i", $commentdata_comment_author_lc_deslashed)) {
/* Changed to include Trackbacks and Pingbacks in 1.1.4.4 */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9102';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9103';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/***
* Email Filters
* New Test with Blacklists
***/
if (rs_wpss_email_blacklist_chk($commentdata_comment_author_email_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9200E-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TEST REFERRERS 1 - TO THE COMMENT PROCESSOR */
if (strpos(WPSS_COMMENTS_POST_URL, $commentdata_php_self_lc) !== FALSE && $commentdata_referrer_lc === WPSS_COMMENTS_POST_URL) {
/* Often spammers send the referrer as the URL for the wp-comments-post.php page. */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' REF-1-1011';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TEST REFERRERS 2 - SPAMMERS SEARCHING FOR PAGES TO COMMENT ON */
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$ref2xJS_lc = rs_wpss_casetrans('lower', $ref2xJS);
if (preg_match("~\\.google\\.co(m|\\.[a-z]{2})~i", $ref2xJS) && strpos($ref2xJS_lc, 'leave a comment') !== FALSE) {
/* make test more robust for other versions of google & search query */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' REF-2-1021';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* add Keyword Script Here */
}
/***
* TEST REFERRERS 3 - TO THE PAGE BEING COMMENTED ON
* DISABLED IN V1.5.9
***/
/* Spam Network - BEGIN */
/***
* PART OF BAD ROBOTS TEST - BEGIN
* Test User-Agents
***/
if (empty($commentdata_user_agent_lc)) {
/* There is no reason for a blank UA String, unless it's been altered or a bot. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
$commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc);
if (!empty($commentdata_user_agent_lc) && $commentdata_user_agent_lc_word_count < 3) {
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' || strpos($commentdata_user_agent_lc, 'movabletype') === FALSE && $commentdata_comment_type === 'trackback') {
/* Another test for altered UA's. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1003';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) {
/* There is no reason for a human to use one of these UA strings. Commonly used to attack/spam WP. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* PART OF BAD ROBOTS TEST - END */
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
/***
* PART OF BAD ROBOTS TEST - BEGIN
* Test HTTP_ACCEPT
***/
if (empty($user_http_accept)) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* HA1002 removed in 1.9.0.3 */
if ($user_http_accept === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1003';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* More complex test for invalid 'HTTP_ACCEPT' */
$user_http_accept_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept);
$user_http_accept_elements = explode(',', $user_http_accept_mod_1);
$user_http_accept_elements_count = count($user_http_accept_elements);
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $user_http_accept_elements_count && $i < $i_max) {
if (!empty($user_http_accept_elements[$i])) {
if ($user_http_accept_elements[$i] === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/* Test HTTP_ACCEPT_LANGUAGE */
if (empty($user_http_accept_language)) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($user_http_accept_language === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1002';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* More complex test for invalid 'HTTP_ACCEPT_LANGUAGE' */
$user_http_accept_language_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept_language);
$user_http_accept_language_elements = explode(',', $user_http_accept_language_mod_1);
$user_http_accept_language_elements_count = count($user_http_accept_language_elements);
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $user_http_accept_language_elements_count && $i < $i_max) {
if (!empty($user_http_accept_language_elements[$i])) {
if ($user_http_accept_language_elements[$i] === '*' && strpos($commentdata_user_agent_lc, 'links (') !== 0) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/***
* HAL1005 - NOT IMPLEMENTED
* PART OF BAD ROBOTS TEST - END
***/
/***
* Test PROXY STATUS if option
* Google Chrome Compression Proxy Bypass
***/
if ($ip_proxy === 'PROXY DETECTED' && $ip_proxy_chrome_compression !== 'TRUE' && empty($spamshield_options['allow_proxy_users'])) {
$content_filter_status = '10';
$wpss_error_code .= ' PROXY1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/***
* Test IPs - was here
* IP1003 - Removed in 1.8
***/
/* Reverse DNS Server Tests - BEGIN */
if ($commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback') {
/* Test Reverse DNS Hosts - Do all with Reverse DNS not Remote Host */
$rev_dns_filter_data = rs_wpss_revdns_filter('comment', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc);
$revdns_blacklisted = $rev_dns_filter_data['blacklisted'];
if (!empty($revdns_blacklisted)) {
$content_filter_status = $rev_dns_filter_data['status'];
$wpss_error_code .= $rev_dns_filter_data['error_code'];
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* Reverse DNS Server Tests - END */
/* Spam Network - END */
/* Test Pingbacks and Trackbacks - OLD LOCATION */
/* Miscellaneous Preg Match Tests - Changed to regex in V1.8.4 */
$wpss_misc_spam_phrases_to_check = array('5000' => "~\\[\\.+\\]\\s+\\[\\.+\\]~", '5001' => "~^<new\\s+comment>\$~i", '5003' => "~^([a-z0-9\\s\\.,!]{0,12})?((he.a?|h([ily]{1,2}))(\\s+there)?|howdy|hello|bonjour|good\\s+day)([\\.,!])?\\s+(([ily]{1,2})\\s+know\\s+)?th([ily]{1,2})s\\s+([ily]{1,2})s\\s+([a-z\\s]{3,12}|somewhat|k([ily]{1,2})nd\\s*of)?(of{1,2}\\s+)?of{1,2}\\s+top([ily]{1,2})c\\s+(but|however)\\s+([ily]{1,2})\\s+(was\\s+wonder([ily]{1,2})nn?g?|need\\s+some\\s+adv([ily]{1,2})ce)~i", '5004' => "~^th([ily]{1,2})s\\s+([ily]{1,2})s\\s+k([ily]{1,2})nd\\s+of\\s+off\\s+top([ily]{1,2})c\\s+but~i");
/* 5002 - Removed in V1.8.4 */
foreach ($wpss_misc_spam_phrases_to_check as $ec => $rgx_phrase) {
if (preg_match($rgx_phrase, $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' ' . $ec;
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* BOILERPLATE: Add common boilerplate/template spam phrases... Add Blacklist functions */
/* WP Blacklist Check - BEGIN */
/* Test WP Blacklist if option set */
if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($content_filter_status)) {
if (rs_wpss_blacklist_check($commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc, $commentdata_comment_author_url_lc, $commentdata_comment_content_lc_deslashed, $ip, $commentdata_user_agent_lc, '')) {
if (empty($content_filter_status)) {
$content_filter_status = '100';
}
$wpss_error_code .= ' WP-BLACKLIST';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* WP Blacklist Check - END */
/* Timer End - Content Filter */
$wpss_end_time_content_filter = microtime(TRUE);
$wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE);
$commentdata['total_time_content_filter'] = $wpss_total_time_content_filter;
if (empty($wpss_error_code)) {
$wpss_error_code = 'No Error';
} else {
$wpss_error_code = trim($wpss_error_code);
}
/***
* $spamshield_error_data = array( $wpss_error_code, $blacklist_word_combo, $blacklist_word_combo_total );
*/
$commentdata['wpss_error_code'] = trim($wpss_error_code);
$commentdata['content_filter_status'] = $content_filter_status;
return $commentdata;
/* CONTENT FILTERING - END */
}
