Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion js/apbct-public-bundle.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/apbct-public-bundle_ext-protection.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/apbct-public-bundle_ext-protection_gathering.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/apbct-public-bundle_full-protection.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/apbct-public-bundle_full-protection_gathering.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/apbct-public-bundle_gathering.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/apbct-public-bundle_int-protection.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/apbct-public-bundle_int-protection_gathering.min.js

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions js/cleantalk-admin-settings-page.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/cleantalk-admin-settings-page.min.js.map

Large diffs are not rendered by default.

9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle_ext-protection.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle_ext-protection_gathering.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle_full-protection.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle_full-protection_gathering.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle_gathering.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle_int-protection.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
9 changes: 6 additions & 3 deletions js/prebuild/apbct-public-bundle_int-protection_gathering.js
Original file line number Diff line number Diff line change
Expand Up @@ -4013,7 +4013,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down Expand Up @@ -4044,9 +4044,12 @@ class ApbctHandler {

let cookiesArray = cleantalkStorageDataArray;

// if honeypot data provided add the fields to the parsed data
// if honeypot data provided store it in a short-lived native cookie to read on the search request.
// The search form is GET and the field is stripped from the URL, so the value travels in a cookie.
// The expiry keeps it bound to the imminent submit so it can't go stale on search-result reloads.
if ( hpValue !== null ) {
cookiesArray.apbct_search_form__honeypot_value = hpValue;
const hpExpires = new Date(Date.now() + 30000).toUTCString();
ctSetCookie('apbct_search_form__honeypot_value', hpValue, hpExpires);
}

// set event token
Expand Down
2 changes: 1 addition & 1 deletion js/src/public-1-main.js
Original file line number Diff line number Diff line change
Expand Up @@ -1426,7 +1426,7 @@ class ApbctHandler {
searchFormHandler(e, targetForm) {
try {
// get honeypot field and it's value
const honeyPotField = targetForm.querySelector('[name*="apbct_email_id__"]');
const honeyPotField = targetForm.querySelector('[name*="apbct__email_id__"]');
let hpValue = null;
if (
honeyPotField !== null &&
Expand Down
15 changes: 15 additions & 0 deletions lib/Cleantalk/Antispam/IntegrationsByClass/WPSearchForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace Cleantalk\Antispam\IntegrationsByClass;

use Cleantalk\ApbctWP\Honeypot;
use Cleantalk\ApbctWP\Variables\AltSessions;
use DOMDocument;

/**
Expand All @@ -27,6 +28,9 @@ public function doPublicWork()
global $apbct;
if ($apbct->settings['forms__search_test']) {
add_filter('get_search_form', array($this, 'apbctFormSearchAddFields'), 999);
// The block search form (core/search) is rendered by render_block_core_search()
// and does not fire get_search_form, so it is handled on its dedicated render hook.
add_filter('render_block_core/search', array($this, 'apbctFormSearchAddFields'), 999);
}
if ($this->isNativeSearchFormRequest()) {
// Default search
Expand Down Expand Up @@ -127,6 +131,17 @@ public function testSpam($search)
'exception_action' => 0,
);

// Honeypot, same approach as CF7 (see apbct_form__contactForm7__testSpam): when the honeypot field is
// enabled the search form always renders it, so read its value and set the status directly -
// empty is clean (1), filled is spam (0). With JS the value travels via alt-sessions (the field is
// stripped from the GET URL); without JS the field stays in the GET request.
if ( $apbct->settings['data__honeypot_field'] ) {
$honeypot_value = isset($_GET['apbct__email_id__search_form'])
? $_GET['apbct__email_id__search_form']
: AltSessions::get('apbct_search_form__honeypot_value');
$data['honeypot_field'] = ( $honeypot_value === '' ) ? 1 : 0;
}

$base_call_result = apbct_base_call($data);

if ( isset($base_call_result['ct_result']) ) {
Expand Down
13 changes: 1 addition & 12 deletions lib/Cleantalk/ApbctWP/Honeypot.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

namespace Cleantalk\ApbctWP;

use Cleantalk\ApbctWP\Variables\AltSessions;
use Cleantalk\Common\TT;

class Honeypot
Expand Down Expand Up @@ -112,14 +111,13 @@ public static function check()
*/
private static function getHoneypotFilledFields()
{
global $apbct;
$hp_exists = false;
$result = array();
$honeypot_potential_values = array();

if ( ! empty($_POST) ) {
$honeypot_potential_values = array_filter($_POST, function ($key) use (&$hp_exists) {
$result = strpos($key, 'apbct_email_id') !== false;
$result = strpos($key, 'apbct__email_id') !== false;
if ($result) {
$hp_exists = true;
}
Expand All @@ -128,15 +126,6 @@ private static function getHoneypotFilledFields()
}, ARRAY_FILTER_USE_KEY);
}

// AltSessions way to collect search forms honeypot
if ( $apbct->settings['forms__search_test'] ) {
$alt_session_data = AltSessions::get("apbct_search_form__honeypot_value");
if (!empty($alt_session_data)) {
$honeypot_potential_values['apbct__email_id__search_form'] = $alt_session_data;
$hp_exists = true;
}
}

// if source is filled then pass them to params as additional fields
if ( ! empty($honeypot_potential_values) ) {
foreach ( $honeypot_potential_values as $source_name => $source_value ) {
Expand Down
1 change: 1 addition & 0 deletions lib/Cleantalk/ApbctWP/Variables/AltSessions.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ class AltSessions
'ct_sfw_pass_key' => 'string',
'ct_sfw_passed' => 'int',
'ct_gathering_loaded' => 'bool',
'apbct_search_form__honeypot_value' => 'string',
];

public static function getID()
Expand Down