Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

correct for-attribute, move secret-input down #100

Merged
merged 6 commits into from Feb 4, 2017
Merged

correct for-attribute, move secret-input down #100

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d1db032
adjust for-attribute
websupporter Feb 3, 2017
6fc8992
move secret-input down and adjust js
websupporter Feb 3, 2017
0f0ad18
replace input with filter
websupporter Feb 3, 2017
3739c2d
make get_secret-output filterable
websupporter Feb 4, 2017
993b5d1
refactor naming of method get_secret_name_for_post
websupporter Feb 4, 2017
6400c23
Merge branch 'master' into issue-99
websupporter Feb 4, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
46 changes: 35 additions & 11 deletions antispam_bee.php
View file
Open in desktop
Expand Up @@ -48,7 +48,7 @@ class Antispam_Bee {
// Init
public static $defaults;
private static $_base;
private static $_secret;
private static $_salt;
private static $_reason;


Expand Down Expand Up @@ -345,7 +345,7 @@ private static function _init_internal_vars()
self::$_base = plugin_basename(__FILE__);

$salt = defined( 'NONCE_SALT' ) ? NONCE_SALT : ABSPATH;
self::$_secret = substr( sha1( md5( $salt ) ), 0, 10 );
self::$_salt = substr( sha1( $salt ), 0, 10 );

self::$defaults = array(
'options' => array(
Expand Down Expand Up @@ -384,7 +384,6 @@ private static function _init_internal_vars()
'ignore_type' => 0,

'reasons_enable' => 0,
'secret' => self::$_secret,
'ignore_reasons' => array(),
),
'reasons' => array(
Expand Down Expand Up @@ -1102,13 +1101,13 @@ public static function precheck_incoming_request()

$post_id = (int) self::get_key( $_POST, 'comment_post_ID' );
// Form fields
$hidden_field = self::get_key($_POST, 'comment');
$plugin_field = self::get_key( $_POST, self::get_secret_for_post( $post_id ) );
$hidden_field = self::get_key( $_POST, 'comment' );
$plugin_field = self::get_key( $_POST, self::get_secret_name_for_post( $post_id ) );

// Hidden field check
if ( empty($hidden_field) && ! empty($plugin_field) ) {
$_POST['comment'] = $plugin_field;
unset( $_POST[ self::get_secret_for_post( $post_id ) ] );
unset( $_POST[ self::get_secret_name_for_post( $post_id ) ] );
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be unset( $plugin_field )?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could unset this too. But I think the general idea here is more get rid of the extra $_POST-field after the data has been transfered to $_POST['comment']

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, nevermind, I misread the code.

} else {
$_POST['ab_spam__hidden_field'] = 1;
}
Expand Down Expand Up @@ -1294,10 +1293,10 @@ public static function replace_comment_field_callback( $matches ) {
$id_script = '';
if ( ! empty( $matches['id1'] ) || ! empty( $matches['id2'] ) ) {
$output .= 'id="' . self::get_secret_id_for_post( get_the_ID() ) . '" ';
$id_script = '<script type="text/javascript">document.getElementById("comment").setAttribute( "id", "" );document.getElementById("' . esc_js( self::get_secret_id_for_post( get_the_ID() ) ) . '").setAttribute( "id", "comment" );</script>';
$id_script = '<script type="text/javascript">document.getElementById("comment").setAttribute( "id", "' . esc_js( md5( time() ) ) . '" );document.getElementById("' . esc_js( self::get_secret_id_for_post( get_the_ID() ) ) . '").setAttribute( "id", "comment" );</script>';
}

$output .= ' name="' . self::get_secret_for_post( get_the_ID() ) . '" ';
$output .= ' name="' . esc_attr( self::get_secret_name_for_post( get_the_ID() ) ) . '" ';
$output .= $matches['between1'] . $matches['between2'] . $matches['between3'];
$output .= $matches['after'] . '>';
$output .= '</textarea><textarea id="comment" aria-hidden="true" name="comment" style="width:10px !important;position:absolute !important;left:-10000000px !important"></textarea>';
Expand Down Expand Up @@ -2600,9 +2599,22 @@ private static function _update_daily_stats()
*
* @return string
*/
public static function get_secret_for_post( $post_id ) {
public static function get_secret_name_for_post( $post_id ) {

$secret = substr( sha1( md5( self::$_salt . get_the_title( (int) $post_id ) ) ), 0, 10 );

/**
* Filters the secret for a post, which is used in the textarea name attribute.
*
* @param string $secret The secret.
* @param int $post_id The post ID.
*/
return apply_filters(
'ab_get_secret_name_for_post',
$secret,
(int) $post_id
);

return substr( sha1( md5( self::$_secret . get_the_title( (int) $post_id ) ) ), 0, 10 );
}

/**
Expand All @@ -2614,7 +2626,19 @@ public static function get_secret_for_post( $post_id ) {
*/
public static function get_secret_id_for_post( $post_id ) {

return substr( sha1( md5( 'comment-id' . self::$_secret . get_the_title( (int) $post_id ) ) ), 0, 10 );
$secret = substr( sha1( md5( 'comment-id' . self::$_salt . get_the_title( (int) $post_id ) ) ), 0, 10 );

/**
* Filters the secret for a post, which is used in the textarea id attribute.
*
* @param string $secret The secret.
* @param int $post_id The post ID.
*/
return apply_filters(
'ab_get_secret_id_for_post',
$secret,
(int) $post_id
);
}
}

Expand Down
27 changes: 5 additions & 22 deletions inc/gui.class.php
View file
Open in desktop
Expand Up @@ -33,13 +33,6 @@ public static function save_changes()

// Check referer
check_admin_referer('_antispam_bee__settings_nonce');

if ( ! empty( $_POST['ab_secret'] ) ) {
$secret = sanitize_text_field( wp_unslash( $_POST['ab_secret'] ) );
} else {
$salt = defined( 'NONCE_SALT' ) ? NONCE_SALT : ABSPATH;
$secret = substr( sha1( md5( $salt ) ), 0, 10 );
}

// Determine options
$options = array(
Expand Down Expand Up @@ -69,7 +62,6 @@ public static function save_changes()
'bbcode_check' => (int)(!empty($_POST['ab_bbcode_check'])),
'gravatar_check' => (int)(!empty($_POST['ab_gravatar_check'])),
'dnsbl_check' => (int)(!empty($_POST['ab_dnsbl_check'])),
'secret' => $secret,
'country_code' => (int)(!empty($_POST['ab_country_code'])),
'country_black' => sanitize_text_field(self::get_key($_POST, 'ab_country_black')),
'country_white' => sanitize_text_field(self::get_key($_POST, 'ab_country_white')),
Expand Down Expand Up @@ -381,15 +373,6 @@ public static function options_page() { ?>
</h6>

<ul>
<li>
<label for="ab_flag_spam">
<?php esc_html_e('Secret key', 'antispam-bee') ?>
<span><?php esc_html_e('Your personal secret key.', 'antispam-bee') ?></span>
</label>
<br>
<input type="text" name="ab_secret" id="ab_secret" value="<?php echo esc_attr( $options['secret'] ); ?>" />

</li>
<li>
<input type="checkbox" name="ab_flag_spam" id="ab_flag_spam" value="1" <?php checked($options['flag_spam'], 1) ?> />
<label for="ab_flag_spam">
Expand All @@ -398,23 +381,23 @@ public static function options_page() { ?>
</label>
</li>

<li>
<li class="ab_flag_spam_child">
<input type="checkbox" name="ab_email_notify" id="ab_email_notify" value="1" <?php checked($options['email_notify'], 1) ?> />
<label for="ab_email_notify">
<?php esc_html_e( 'Notification by email', 'antispam-bee' ); ?>
<span><?php esc_html_e( 'Notify admins by e-mail about incoming spam', 'antispam-bee' ); ?></span>
</label>
</li>

<li>
<li class="ab_flag_spam_child">
<input type="checkbox" name="ab_no_notice" id="ab_no_notice" value="1" <?php checked($options['no_notice'], 1) ?> />
<label for="ab_no_notice">
<?php esc_html_e( 'Not save the spam reason', 'antispam-bee' ); ?>
<span><?php esc_html_e( 'Spam reason as table column in the spam overview', 'antispam-bee' ); ?></span>
</label>
</li>

<li>
<li class="ab_flag_spam_child">
<input type="checkbox" name="ab_cronjob_enable" id="ab_cronjob_enable" value="1" <?php checked($options['cronjob_enable'], 1) ?> />
<label>
<?php echo sprintf(
Expand All @@ -425,7 +408,7 @@ public static function options_page() { ?>
</label>
</li>

<li>
<li class="ab_flag_spam_child">
<input type="checkbox" name="ab_ignore_filter" id="ab_ignore_filter" value="1" <?php checked($options['ignore_filter'], 1) ?> />
<label>
<?php echo sprintf(
Expand All @@ -443,7 +426,7 @@ public static function options_page() { ?>
</label>
</li>

<li>
<li class="ab_flag_spam_child">
<input type="checkbox" name="ab_reasons_enable" id="ab_reasons_enable" value="1" <?php checked($options['reasons_enable'], 1) ?> />
<label for="ab_reasons_enable">
<?php esc_html_e( 'Delete comments by spam reasons', 'antispam-bee' ); ?>
Expand Down
2 changes: 1 addition & 1 deletion js/scripts.js
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@ jQuery(document).ready(
function($) {
function ab_flag_spam() {
var $$ = $('#ab_flag_spam'),
nextAll = $$.parent('li').nextAll();
nextAll = $$.parent('li').nextAll( '.ab_flag_spam_child' );

nextAll.css(
'display',
Expand Down
2 changes: 1 addition & 1 deletion js/scripts.min.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.