Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
1273add
Fix. SFW. Modules die pages fixed.
Glomberg Jun 26, 2026
4e956ba
Fix. Code. Copilot comment https://github.com/CleanTalk/wordpress-ant…
Glomberg Jul 7, 2026
c1fd9d8
Fix. Code. Copilot comment https://github.com/CleanTalk/wordpress-ant…
Glomberg Jul 7, 2026
c56bae8
Fix. Code. Copilot comment https://github.com/CleanTalk/wordpress-ant…
Glomberg Jul 7, 2026
5348093
Fix. Code. Copilot comment https://github.com/CleanTalk/wordpress-ant…
Glomberg Jul 7, 2026
a82a1c5
Fix. Code. Copilot comment https://github.com/CleanTalk/wordpress-ant…
Glomberg Jul 7, 2026
97bb548
Fix. Code. Copilot comment https://github.com/CleanTalk/wordpress-ant…
Glomberg Jul 7, 2026
49bdd82
Fix. Code. Copilot comment https://github.com/CleanTalk/wordpress-ant…
Glomberg Jul 7, 2026
2a69499
Fix. Code. Copilot notice https://github.com/CleanTalk/wordpress-anti…
Glomberg Jul 7, 2026
1563703
Fix. SFW. RSS exclusion fixed.
Glomberg Jun 26, 2026
c99b0fc
Fix. SFW. Update SFW fix
AntonV1211 Jun 29, 2026
d89417e
fix test error
AntonV1211 Jun 29, 2026
df9dfe2
fix review copilot
AntonV1211 Jun 29, 2026
7c2929d
Fix. SFW. Update SFW fix
AntonV1211 Jun 29, 2026
c6b1e29
New. RateLimit. Enabled the RateLimit shared library
AntonV1211 Jun 26, 2026
93ecb67
Fix. RemoteCalls. Editing multiple calls
AntonV1211 Jun 29, 2026
9bda341
Fixs review copilot
AntonV1211 Jun 30, 2026
c9bb862
Upd rate limit common lib
AntonV1211 Jun 30, 2026
625bf79
Upd. Settings. Implement honey test. (#823)
svfcode Jul 1, 2026
b339b63
Mod. LinkConstructor. Translation of all links on the settings page t…
AntonV1211 Jul 1, 2026
ab92780
Unittests
AntonV1211 Jul 1, 2026
a20131d
Potential fix for pull request finding
AntonV1211 Jul 2, 2026
8cf708c
Potential fix for pull request finding
AntonV1211 Jul 2, 2026
7222e40
Potential fix for pull request finding
AntonV1211 Jul 2, 2026
264bf8b
fix esc
AntonV1211 Jul 2, 2026
cf4b99c
fix esc
AntonV1211 Jul 2, 2026
f0c4500
Code. Proxy
datorik Jun 11, 2026
16ffabf
Code. Proxy
datorik Jun 15, 2026
8269d7e
Code. Proxy. Code review
datorik Jun 22, 2026
a9fc6a6
Code. Code review
datorik Jul 1, 2026
8e7cc33
Code. Code review
datorik Jul 1, 2026
62fff6b
Code. Code review
datorik Jul 2, 2026
7daa26c
Code. Code review
datorik Jul 2, 2026
f0f2472
Fix. Code. Copilot notice https://github.com/CleanTalk/wordpress-anti…
Glomberg Jul 7, 2026
172042b
Fix. Code. Copilot notice https://github.com/CleanTalk/wordpress-anti…
Glomberg Jul 7, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions cleantalk.php
Original file line number Diff line number Diff line change
Expand Up @@ -887,12 +887,15 @@ function apbct_sfw__check()
global $apbct, $spbc, $cleantalk_url_exclusions;

// Turn off the SpamFireWall if current url in the exceptions list and WordPress core pages
$core_page_to_skip_check = array('/feed');
if ( ! empty($cleantalk_url_exclusions) && is_array($cleantalk_url_exclusions) ) {
$core_page_to_skip_check = array('/feed');
foreach ( array_merge($cleantalk_url_exclusions, $core_page_to_skip_check) as $v ) {
if ( apbct_is_in_uri($v) ) {
return;
}
$cleantalk_url_exclusions = array_merge($cleantalk_url_exclusions, $core_page_to_skip_check);
} else {
$cleantalk_url_exclusions = $core_page_to_skip_check;
}
foreach ( $cleantalk_url_exclusions as $v ) {
if ( apbct_is_in_uri($v) ) {
return;
}
}

Expand Down
3 changes: 3 additions & 0 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@
"email": "plugins@cleantalk.org"
}
],
"require": {
"cleantalk/rate-limiter": "*"
},
"require-dev": {
"vimeo/psalm": "^4.8",
"phpunit/phpunit": "^8.5.52",
Expand Down
81 changes: 38 additions & 43 deletions inc/cleantalk-settings.php

Large diffs are not rendered by default.

22 changes: 20 additions & 2 deletions lib/Cleantalk/Antispam/IntegrationsByClass/Woocommerce.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Cleantalk\ApbctWP\Variables\Cookie;
use Cleantalk\ApbctWP\Variables\Get;
use Cleantalk\ApbctWP\Variables\Post;
use Cleantalk\ApbctWP\WcFieldSwapHoneypot;
use Cleantalk\ApbctWP\WcSpamOrdersFunctions;
use Cleantalk\ApbctWP\Variables\Request;
use Cleantalk\ApbctWP\Variables\Server;
Expand Down Expand Up @@ -46,6 +47,7 @@ public function doPublicWork()

// honeypot
add_filter('woocommerce_checkout_fields', [$this, 'addHoneypotField']);
WcFieldSwapHoneypot::registerHooks();

// add to cart hooks if cart works with non-ajax requests
$this->addCartActions();
Expand Down Expand Up @@ -174,7 +176,10 @@ public function checkoutCheck($_data, $errors)
{
global $apbct, $cleantalk_executed;

if ( count($errors->errors) ) {
$swap_hp = WcFieldSwapHoneypot::getCheckoutResult();
$honeypot_triggered = $swap_hp['status'] === 0;

if ( count($errors->errors) && ! $honeypot_triggered ) {
return;
}

Expand All @@ -188,6 +193,7 @@ public function checkoutCheck($_data, $errors)
* Filter for POST
*/
$input_array = apply_filters('apbct__filter_post', $_POST);
$input_array = WcFieldSwapHoneypot::enrichInputArrayForCleanTalk($input_array);

//Getting request params
$ct_temp_msg_data = ct_get_fields_any($input_array);
Expand All @@ -198,6 +204,10 @@ public function checkoutCheck($_data, $errors)
$subject = isset($ct_temp_msg_data['subject']) ? $ct_temp_msg_data['subject'] : '';
$message = isset($ct_temp_msg_data['message']) ? $ct_temp_msg_data['message'] : array();

if ( $honeypot_triggered && $sender_email === '' && ! empty($swap_hp['value']) ) {
$sender_email = $swap_hp['value'];
}

if ( $subject != '' ) {
$message = array_merge(array('subject' => $subject), $message);
}
Expand All @@ -206,12 +216,20 @@ public function checkoutCheck($_data, $errors)
$post_info['comment_type'] = 'order';
$post_info['post_url'] = Server::get('HTTP_REFERER');

$sender_info = array(
'sender_url' => null,
'sender_emails_array' => $sender_emails_array,
'wc_field_swap_honeypot' => $swap_hp['status'],
'wc_field_swap_honeypot_value' => $swap_hp['value'],
'wc_field_swap_honeypot_source' => $swap_hp['source'],
);

$base_call_data = array(
'message' => $message,
'sender_email' => $sender_email,
'sender_nickname' => $sender_nickname,
'post_info' => $post_info,
'sender_info' => array('sender_url' => null, 'sender_emails_array' => $sender_emails_array)
'sender_info' => $sender_info,
);

$base_call_result = apbct_base_call($base_call_data);
Expand Down
17 changes: 16 additions & 1 deletion lib/Cleantalk/ApbctWP/API.php
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,27 @@ public static function sendRequest($data, $timeout = 10)
// Adding agent version to data
$data['agent'] = defined('APBCT_AGENT') ? APBCT_AGENT : '';

$options = ['timeout' => $timeout];
// Proxy settings from wp-config.php constants.
if ( defined('WP_PROXY_HOST') && WP_PROXY_HOST !== '' && defined('WP_PROXY_PORT') && WP_PROXY_PORT !== '' ) {
$proxy_port = (int) WP_PROXY_PORT;
$options['proxy'] = WP_PROXY_HOST . ':' . $proxy_port; // WP HTTP API branch
// cURL branch (avoid referencing CURLOPT_* when ext-curl is not available)
if ( function_exists('curl_init') && defined('CURLOPT_PROXY') && defined('CURLOPT_PROXYPORT') ) {
$options[CURLOPT_PROXY] = WP_PROXY_HOST;
$options[CURLOPT_PROXYPORT] = $proxy_port;
if ( defined('WP_PROXY_USERNAME') && WP_PROXY_USERNAME !== '' && defined('CURLOPT_PROXYUSERPWD') ) {
$options[CURLOPT_PROXYUSERPWD] = WP_PROXY_USERNAME . ':' . (defined('WP_PROXY_PASSWORD') ? WP_PROXY_PASSWORD : '');
}
}
}

$http = new Request();

$request = $http->setUrl($url)
->setData($data)
->setPresets(['retry_with_socket'])
->setOptions(['timeout' => $timeout]);
->setOptions($options);
if ( isset($data['method_name']) ) {
$request->addCallback(
__CLASS__ . '::checkResponse',
Expand Down
18 changes: 9 additions & 9 deletions lib/Cleantalk/ApbctWP/Firewall/AntiCrawler.php
Original file line number Diff line number Diff line change
Expand Up @@ -575,15 +575,15 @@ public function diePage($result)
3
) . '<br>'
. __('Don\'t close this page. Please, wait for 3 seconds to pass to the page.', 'cleantalk-spam-protect'),
'{CLEANTALK_TITLE}' => $apbct->data['wl_brandname'],
'{CLEANTALK_URL}' => $apbct->data['wl_url'],
'{REMOTE_ADDRESS}' => $ip,
'{SERVICE_ID}' => $this->apbct->data['service_id'] . ', ' . $net_count,
'{CLEANTALK_TITLE}' => esc_html($apbct->data['wl_brandname']),
'{CLEANTALK_URL}' => esc_url($apbct->data['wl_url']),
'{REMOTE_ADDRESS}' => esc_html($ip),
'{SERVICE_ID}' => esc_html($this->apbct->data['service_id']) . ', ' . esc_html($net_count),
'{HOST}' => get_home_url() . ', ' . APBCT_VERSION,
'{COOKIE_ANTICRAWLER}' => hash('sha256', $apbct->api_key . $apbct->data['salt']),
'{COOKIE_ANTICRAWLER_PASSED}' => '1',
'{GENERATED}' => '<p>The page was generated at&nbsp;' . date('D, d M Y H:i:s') . "</p>",
'{SCRIPT_URL}' => $js_url,
'{SCRIPT_URL}' => esc_url($js_url),

// Custom Logo
'{CUSTOM_LOGO}' => $custom_logo_img
Expand All @@ -595,13 +595,13 @@ public function diePage($result)

if ( Get::get('debug') ) {
$debug = '<h1>Headers</h1>'
. str_replace("\n", "<br>", print_r(\apache_request_headers(), true))
. esc_html(str_replace("\n", "<br>", print_r(\apache_request_headers(), true)))
. '<h1>$_SERVER</h1>'
. str_replace("\n", "<br>", print_r($_SERVER, true))
. esc_html(str_replace("\n", "<br>", print_r($_SERVER, true)))
. '<h1>AC_LOG_RESULT</h1>'
. str_replace("\n", "<br>", print_r($this->ac_log_result, true))
. esc_html(str_replace("\n", "<br>", print_r($this->ac_log_result, true)))
. '<h1>IPS</h1>'
. str_replace("\n", "<br>", print_r($this->ip_array, true));
. esc_html(str_replace("\n", "<br>", print_r($this->ip_array, true)));
} else {
$debug = '';
}
Expand Down
12 changes: 6 additions & 6 deletions lib/Cleantalk/ApbctWP/Firewall/AntiFlood.php
Original file line number Diff line number Diff line change
Expand Up @@ -258,15 +258,15 @@ public function diePage($result)
),
30
),
'{CLEANTALK_TITLE}' => $apbct->data['wl_brandname'],
'{CLEANTALK_URL}' => $apbct->data['wl_url'],
'{REMOTE_ADDRESS}' => $result['ip'],
'{REQUEST_URI}' => Server::get('REQUEST_URI'),
'{SERVICE_ID}' => $this->apbct->data['service_id'] . ', ' . $net_count,
'{CLEANTALK_TITLE}' => esc_html($apbct->data['wl_brandname']),
'{CLEANTALK_URL}' => esc_url($apbct->data['wl_url']),
'{REMOTE_ADDRESS}' => esc_html($result['ip']),
'{REQUEST_URI}' => esc_html(Server::getString('REQUEST_URI')),
'{SERVICE_ID}' => esc_html($this->apbct->data['service_id']) . ', ' . esc_html($net_count),
'{HOST}' => get_home_url() . ', ' . APBCT_VERSION,
'{GENERATED}' => '<p>The page was generated at&nbsp;' . date('D, d M Y H:i:s') . "</p>",
'{COOKIE_ANTIFLOOD_PASSED}' => md5($result['ip'] . $this->api_key),
'{SCRIPT_URL}' => $js_url,
'{SCRIPT_URL}' => esc_url($js_url),

// Custom Logo
'{CUSTOM_LOGO}' => $custom_logo_img
Expand Down
32 changes: 16 additions & 16 deletions lib/Cleantalk/ApbctWP/Firewall/SFW.php
Original file line number Diff line number Diff line change
Expand Up @@ -398,7 +398,7 @@ public function diePage($result)

$block_message = sprintf(
esc_html__('SpamFireWall is checking your browser and IP %s for spam bots', 'cleantalk-spam-protect'),
'<a href="https://cleantalk.org/blacklists/' . $result['ip'] . '" target="_blank">' . $result['ip'] . '</a>'
'<a href="https://cleantalk.org/blacklists/' . esc_attr($result['ip']) . '" target="_blank">' . esc_html($result['ip']) . '</a>'
);

$request_uri = $this->server__request_uri;
Expand Down Expand Up @@ -437,16 +437,16 @@ public function diePage($result)
'This is the testing page for SpamFireWall',
'cleantalk-spam-protect'
) : ''),
'{CLEANTALK_URL}' => $apbct->data['wl_url'],
'{REMOTE_ADDRESS}' => $result['ip'],
'{SERVICE_ID}' => $apbct->data['service_id'] . ', ' . $net_count,
'{CLEANTALK_URL}' => esc_url($apbct->data['wl_url']),
'{REMOTE_ADDRESS}' => esc_html($result['ip']),
'{SERVICE_ID}' => esc_html($apbct->data['service_id']) . ', ' . esc_html($net_count),
'{HOST}' => get_home_url() . ', ' . APBCT_VERSION,
'{GENERATED}' => '<p>The page was generated at&nbsp;' . date('D, d M Y H:i:s') . '</p>',
'{REQUEST_URI}' => $request_uri,
'{REQUEST_URI}' => esc_url($request_uri),

// Cookie
'{COOKIE_PREFIX}' => '',
'{COOKIE_DOMAIN}' => $this->cookie_domain,
'{COOKIE_DOMAIN}' => esc_html($this->cookie_domain),
'{COOKIE_SFW}' => $cookie_val,
'{COOKIE_ANTICRAWLER}' => hash('sha256', $apbct->api_key . $apbct->data['salt']),

Expand All @@ -456,13 +456,13 @@ public function diePage($result)
'{TEST_IP__HEADER}' => '',
'{TEST_IP}' => '',
'{REAL_IP}' => '',
'{SCRIPT_URL}' => $js_url,
'{SCRIPT_URL}' => esc_url($js_url),

// Message about IP status
'{MESSAGE_IP_STATUS}' => '',

// Custom Logo
'{CUSTOM_LOGO}' => $custom_logo_img
'{CUSTOM_LOGO}' => wp_kses_post($custom_logo_img)
);

/**
Expand Down Expand Up @@ -491,7 +491,7 @@ public function diePage($result)
break;
}

$replaces['{MESSAGE_IP_STATUS}'] = "<h3 style='color:$message_ip_status_color;'>$message_ip_status</h3>";
$replaces['{MESSAGE_IP_STATUS}'] = "<h3 style='color:" . esc_attr($message_ip_status_color) . "'>" . esc_html($message_ip_status) . "</h3>";
}

// Test
Expand All @@ -502,22 +502,22 @@ public function diePage($result)
);
$replaces['{REAL_IP__HEADER}'] = 'Real IP:';
$replaces['{TEST_IP__HEADER}'] = 'Test IP:';
$replaces['{TEST_IP}'] = $this->test_ip;
$replaces['{REAL_IP}'] = $this->real_ip;
$replaces['{TEST_IP}'] = esc_html($this->test_ip);
$replaces['{REAL_IP}'] = esc_html($this->real_ip);
}

// Debug
if ($this->debug) {
$debug = '<h1>Headers</h1>'
. var_export(apache_request_headers(), true)
. '<pre>' . esc_html(var_export(apache_request_headers(), true)) . '</pre>'
. '<h1>REMOTE_ADDR</h1>'
Comment thread
Copilot marked this conversation as resolved.
. $this->server__remote_addr
. esc_html($this->server__remote_addr)
. '<h1>SERVER_ADDR</h1>'
. $this->server__remote_addr
. esc_html($this->server__remote_addr)
. '<h1>IP_ARRAY</h1>'
. var_export($this->ip_array, true)
. esc_html(var_export($this->ip_array, true))
. '<h1>ADDITIONAL</h1>'
. var_export($this->debug_data, true);
. esc_html(var_export($this->debug_data, true));
}
$replaces['{DEBUG}'] = isset($debug) ? $debug : '';

Expand Down
12 changes: 6 additions & 6 deletions lib/Cleantalk/ApbctWP/HTTP/HTTPMultiRequestService.php
Original file line number Diff line number Diff line change
Expand Up @@ -131,18 +131,18 @@ public function executeMultiContract()
*/
public function fillMultiContract($http_multi_result)
{
// Handle HTTP request error
if (!empty($http_multi_result['error'])) {
$this->error_msg = __CLASS__ . ': HTTP_MULTI_RESULT ERROR' . $http_multi_result['error'];
return $this;
}

// Validate result is an array
if (!is_array($http_multi_result)) {
$this->error_msg = __CLASS__ . ': HTTP_MULTI_RESULT INVALID';
return $this;
}

// Handle HTTP request error
if (!empty($http_multi_result['error'])) {
$this->error_msg = __CLASS__ . ': HTTP_MULTI_RESULT ERROR: ' . $http_multi_result['error'];
return $this;
}

// Fill each contract with corresponding response data
foreach ($this->contracts as $contract) {
if (isset($http_multi_result[$contract->url])) {
Expand Down
Loading
Loading