Merge pull request #11 from CleanTalk/dev

Dev

README.md

@@ -2,7 +2,7 @@ php-uni
 =======
 [![Build Status](https://travis-ci.org/CleanTalk/php-uni.svg)](https://travis-ci.org/CleanTalk/php-uni)
 
-# Version 2.5.2
+# Version 2.5.4
 
 Module for any CMS
 ## Installation

cleantalk/cleantalk.php

@@ -8,9 +8,9 @@
 		return;
 	}
 
-	$apbct_checkjs_val = md5($apikey);
-	global $apbct_checkjs_val;
-	global $antispam_activity_status;
+    global $apbct_salt, $apbct_checkjs_val, $antispam_activity_status, $general_postdata_test, $detected_cms;
+    $apbct_checkjs_val = apbct_checkjs_hash($apikey, $apbct_salt);
+
 	if ($spam_firewall == 1) {
 		$is_sfw_check  = true;
 		$sfw           = new \Cleantalk\ApbctUni\SFW();
@@ -105,6 +105,16 @@ function ct_attach_js($buffer){
 		}
     }
 
+    // Test for search form cscart
+    if (
+        $detected_cms === 'cscart' &&
+            $general_postdata_test &&
+            isset($_GET['dispatch']) &&
+            $_GET['dispatch'] === 'products.search'
+    ) {
+        apbct_spam_test($_GET);
+    }
+
 	// General spam test
 	if(!empty($_POST)){
 		apbct_spam_test($_POST);

cleantalk/inc/admin.php

@@ -41,7 +41,7 @@ function install( $files, $api_key, $cms, $exclusions ){
 					// Addition to index.php Bottom (JavaScript test)
 					File::inject__code(
 						$file,
-						"\tob_end_flush();\n"
+						"\t\nif(ob_get_contents()){\nob_end_flush();\n}\n"
 						."\tif(isset(\$_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower(\$_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'){\n"
 						."\t\tdie();\n"
 						."\t}",
@@ -70,7 +70,7 @@ function install( $files, $api_key, $cms, $exclusions ){
 function install_config( $modified_files, $api_key, $cms, $exclusions ){
 
     $path_to_config = CLEANTALK_ROOT . 'config.php';
-    $salt = str_pad(rand(0, getrandmax()), 6, '0').str_pad(rand(0, getrandmax()), 6, '0');
+    $apbct_salt = str_pad(rand(0, getrandmax()), 6, '0').str_pad(rand(0, getrandmax()), 6, '0');
     // Attention. Backwards order because inserting it step by step
 
     $pass = 'NO PASS';
@@ -119,8 +119,8 @@ function install_config( $modified_files, $api_key, $cms, $exclusions ){
         );
     }
 
-    File::inject__variable( $path_to_config, 'salt', $salt );
-    File::inject__variable( $path_to_config, 'security', hash( 'sha256', '0(o_O)0' . $salt ) );
+    File::inject__variable( $path_to_config, 'salt', $apbct_salt );
+    File::inject__variable( $path_to_config, 'security', hash( 'sha256', '0(o_O)0' . $apbct_salt ) );
     File::inject__variable( $path_to_config, 'modified_files', $modified_files, true );
     if( $exclusions )
         File::inject__variable( $path_to_config, 'exclusions', $exclusions, true );
@@ -215,6 +215,9 @@ function detect_cms( $path_to_index, $out = 'Unknown' ){
             $out = 'ShopScript';
         if (preg_match('/(DATALIFEENGINE.*?)/', $index_file))
             $out = 'DLE';
+        // CsCart
+        if (preg_match('/(Kalynyak.*?)/', $index_file))
+            $out = 'cscart';
     }
 
 	return $out;
@@ -235,3 +238,29 @@ function apbct__plugin_update_message() {
         echo '<p class="text-center">You are using the latest version '. APBCT_VERSION . '</p>';
     }
 }
+
+/**
+ * Print Block with CSCart Js Snippet
+ */
+function apbct__cscart_js_snippet() {
+    global $apikey, $apbct_salt, $detected_cms;
+
+    // Only for CsCart
+    if ($detected_cms != 'cscart') return;
+
+    $apbct_checkjs_hash = apbct_checkjs_hash($apikey, $apbct_salt);
+    ?>
+
+    <div class="highlight">
+        <h4>Add this code to all pages of the site (use the basic template). Detailed instruction is <a href="https://blog.cleantalk.org/protecting-cs-cart-website-from-spam/">here</a></h4>
+        <pre tabindex="0" class="chroma">
+            <code class="language-html" data-lang="html">
+                &lt;script&gt;var apbct_checkjs_val="<?= $apbct_checkjs_hash; ?>";&lt;/script&gt;
+                &lt;script src="/cleantalk/js/ct_js_test.js"&gt;&lt;/script&gt;
+                &lt;script src="/cleantalk/js/ct_js_test.js"&gt;&lt;/script&gt;
+            </code>
+        </pre>
+    </div>
+
+    <?php
+}

cleantalk/inc/common.php

@@ -1,8 +1,7 @@
 <?php
 
-define( 'CLEANTALK_INITIAL_INCLUDE_PATH', get_include_path() );
 define('APBCT_PLUGIN', 'uni');
-define('APBCT_VERSION', '2.5.2');
+define('APBCT_VERSION', '2.5.4');
 define('APBCT_AGENT', APBCT_PLUGIN . '-' . str_replace( '.', '', APBCT_VERSION ) );
 define('APBCT_USER_AGENT', 'Cleantalk-Antispam-Universal-Plugin/' . APBCT_VERSION);
 
@@ -11,7 +10,7 @@ function apbct_set_include_path(){
 }
 
 function apbct_restore_include_path(){
-	set_include_path( CLEANTALK_INITIAL_INCLUDE_PATH );
+	set_include_path( get_include_path() );
 }
 
 $ds = DIRECTORY_SEPARATOR;
@@ -37,3 +36,10 @@ function apbct_restore_include_path(){
 	require_once CLEANTALK_ROOT . 'inc' . DS . 'cron_functions.php'; // File with cron wrappers
 	$cron->runTasks();
 unset( $cron );
+
+/**
+ * Generate value for checking JS
+ */
+function apbct_checkjs_hash($apikey, $salt) {
+    return hash('sha256', $apikey . $salt);
+}

cleantalk/inc/functions.php

@@ -32,7 +32,15 @@ function apbct_spam_test($data){
 		// Flags
 		$registration    = isset($msg_data['reg'])      ? $msg_data['reg']      : false;
 		$skip            = isset($msg_data['skip'])     ? $msg_data['skip']     : false;
-
+
+        // Check registration for CsCart
+        if (
+            $detected_cms === 'cscart' && 
+            isset($data['user_data']['password1'], $data['user_data']['password2'])
+        ) {
+            $registration = true;
+        }
+
 		// Skip check if
 		if(
 		    $skip || // Skip flag set by apbct_get_fields_any()
@@ -70,7 +78,7 @@ function apbct_spam_test($data){
 
 			$comment_type = 'feedback';
 
-			if (strpos($_SERVER['HTTP_REFERER'], 'checkout') !== false) {
+			if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'checkout') !== false) {
 				$comment_type = 'order';
 			}
 
@@ -113,7 +121,7 @@ function apbct_get_sender_info($data)
 			// Common
 			'remote_addr'     => $_SERVER['REMOTE_ADDR'],
 			'USER_AGENT'      => htmlspecialchars($_SERVER['HTTP_USER_AGENT']),
-			'REFFERRER'       => htmlspecialchars($_SERVER['HTTP_REFERER']),
+			'REFFERRER'       => isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : '',
 			'page_url'        => isset($_SERVER['SERVER_NAME'], $_SERVER['REQUEST_URI']) ? htmlspecialchars($_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']) : null,
 			// 'cms_lang'        => substr(locale_get_default(), 0, 2),
 
@@ -382,7 +390,7 @@ function apbct_get_fields_any($arr, $message=array(), $email = null, $nickname =
 						$message[$prev_key.$key] = $value;					
 					}
 
-				}else if(!is_object($value)&&@get_class($value)!='WP_User'){
+				}else if(!is_object($value)){
 
 					$prev_key_original = $prev_key;
 					$prev_key = ($prev_key === '' ? $key.'_' : $prev_key.$key.'_');
@@ -446,9 +454,12 @@ function apbct_obfuscate_param($value = null)
 	 * return null|0|1;
 	 */
 	 function apbct_js_test(){
-		 global $apikey;
+		 global $apikey, $apbct_salt, $detected_cms;
 		 if(isset($_COOKIE['apbct_checkjs'])){
-			if($_COOKIE['apbct_checkjs'] == md5($apikey))
+			if(
+                $_COOKIE['apbct_checkjs'] == apbct_checkjs_hash($apikey, $apbct_salt) ||
+                ($detected_cms === 'cscart' && $_COOKIE['apbct_checkjs'] == md5($apikey))
+            )
 				return 1;
 			else
 				return 0;
@@ -615,5 +626,37 @@ function apbct_check__exclusions() {
             return true;
         }
 
+        # Exclude unnecessary requests when filling out an order
+        if(
+            $detected_cms === 'cscart' &&
+            apbct_check__exclusions_in_post(
+                array(
+                    'dispatch' => 'products.quick_view'
+                )
+            ) ||
+            apbct_check__exclusions_in_post(
+                array(
+                    'dispatch' => 'checkout.customer_info'
+                )
+            ) ||
+            apbct_check__exclusions_in_post(
+                array(
+                    'dispatch' => 'checkout.update_steps'
+                )
+            ) ||
+            apbct_check__exclusions_in_post(
+                array(
+                    'dispatch' => 'products.view'
+                )
+            )  ||
+            apbct_check__exclusions_in_post(
+                array(
+                    'dispatch' => 'categories.view'
+                )
+            )
+        ) {
+            return true;
+        }
+
         return false;
     }

cleantalk/lib/Cleantalk/ApbctUni/SFW.php

@@ -79,10 +79,10 @@ public function logs__update($ip, $result) {
 		if($ip === NULL || $result === NULL)
 			return;
 
-		global $salt;
+		global $apbct_salt;
 
 		$time = time();
-		$log_path = CLEANTALK_ROOT . 'data/sfw_logs/'. hash('sha256', $ip . $salt) .'.log';
+		$log_path = CLEANTALK_ROOT . 'data/sfw_logs/'. hash('sha256', $ip . $apbct_salt) .'.log';
 
 		if( file_exists( $log_path ) ){
 

cleantalk/lib/Cleantalk/Updater/Updater.php

@@ -308,4 +308,15 @@ private function rollback(){
 		}else
 			return false;
 	}
+
+    /**
+     * Update 2.5.3
+     */
+    function update_to_2_5_3()
+    {
+        global $apikey, $apbct_salt;
+
+        File::clean__variable(CLEANTALK_CONFIG_FILE, 'apbct_salt');
+        File::inject__variable(CLEANTALK_CONFIG_FILE, 'apbct_salt', apbct_checkjs_hash($apikey, $apbct_salt));
+    }
 }

cleantalk/settings.php

@@ -290,6 +290,11 @@
         </form>
 
         <?php
+        /**
+         * CsCart JS Snippet
+         */
+        apbct__cscart_js_snippet();
+
         /**
          * Plugin version section
          */
@@ -315,7 +320,7 @@
 <script src="js/custom.js?v=<?php echo APBCT_VERSION; ?>"></script>
 <script src="js/overhang.min.js"></script>
 <script type='text/javascript'>
-    var security = '<?php echo $security ?>';
+    var security = '<?php if (isset($security)) echo $security ?>';
     var ajax_url = location.href;
 </script>