Skip to content

Commit

Permalink
fix(cloudflare): fix for cloudflare caching spam detections
Browse files Browse the repository at this point in the history
  • Loading branch information
bmarshall511 committed Mar 7, 2024
1 parent 1ddd762 commit 649bf3b
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 25 deletions.
50 changes: 42 additions & 8 deletions core/class-access.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,23 +33,59 @@ public function init() {
}
}

/**
* Terminates execution with a custom error message and HTTP status code.
*
* Registers an action to prevent caching on error conditions by setting
* appropriate HTTP headers before leveraging WordPress's wp_die() function
* to produce an error page with a specified message, title, and HTTP status
* code.
*
* @param string $title The text to be used as the page title for the error message.
* This content will be sanitized to remove unwanted HTML.
* @param string $message The error message to display. This content will be escaped
* to ensure only safe HTML is included.
* @param int $code Optional. The HTTP status code to be sent in the header.
* Defaults to 403 to indicate a Forbidden error.
*/
public static function die( $title, $message, $code = 403 ) {
header( 'Cache-Control: no-store, no-cache, must-revalidate, max-age=0' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );

wp_die(
wp_kses_post( $message ),
esc_html( $title ),
[
'response' => $code,
]
);
}

/**
* Determines is security checks need to be triggers.
*
* @param boolean $ignore_ajax True if AJAX shouldn't be checked.
*/
public static function process( $ignore_ajax = false ) {
$user_ip = \ZeroSpam\Core\User::get_ip();
if ( empty( $_SERVER['REQUEST_URI'] ) ) {
return false;
}

$user_ip = \ZeroSpam\Core\User::get_ip();

// Sanitize the REQUEST_URI before further processing.
$request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );

// Check for .ico requests.
$path = parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH );
$path = wp_parse_url( $request_uri, PHP_URL_PATH );
if ( substr( $path, -4 ) === '.ico' ) {
return false;
}

if ( $ignore_ajax && is_admin() || is_user_logged_in() || \ZeroSpam\Core\Utilities::is_whitelisted( $user_ip ) ) {
if ( ( $ignore_ajax && is_admin() ) || is_user_logged_in() || \ZeroSpam\Core\Utilities::is_whitelisted( $user_ip ) ) {
return false;
} elseif ( ! $ignore_ajax && ( is_admin() && ! wp_doing_ajax() ) || is_user_logged_in() ) {
} elseif ( ! $ignore_ajax && ( ( is_admin() && ! wp_doing_ajax() ) || is_user_logged_in() ) ) {
return false;
}

Expand Down Expand Up @@ -82,9 +118,7 @@ public function access_check() {
if ( ! empty( $settings['block_handler']['value'] ) ) {
switch ( $settings['block_handler']['value'] ) {
case 403:
header( 'Cache-Control: no-cache, no-store, must-revalidate' );
header( 'Pragma: no-cache' );
header( 'Expires: 0' );
add_action( 'send_headers', [ $this, 'prevent_cache_on_error_condition' ] );

$message = __( 'Your IP address has been blocked due to detected spam/malicious activity.', 'zero-spam' );
if ( ! empty( $settings['blocked_message']['value'] ) ) {
Expand Down Expand Up @@ -153,7 +187,7 @@ public static function get_blocked_details( $blocked_record, $failed = false ) {
}

if ( $blocked ) {
$access_check['blocked'] = true;
$access_check['blocked'] = true;
$access_check['type'] = 'blocked';
$access_check['details'] = $blocked_record;
$access_check['details']['failed'] = $failed;
Expand Down
21 changes: 4 additions & 17 deletions modules/comments/class-comments.php
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public function types( $types ) {
*/
public function add_scripts() {
// Only add scripts to the appropriate pages.
if (
if (
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_comments' ) &&
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'davidwalsh' )
) {
Expand Down Expand Up @@ -171,22 +171,9 @@ public function preprocess_comments( $commentdata ) {
}
}

wp_die(
wp_kses(
$error_message,
array(
'a' => array(
'target' => array(),
'href' => array(),
'rel' => array(),
),
'strong' => array(),
)
),
esc_html( \ZeroSpam\Core\Utilities::detection_title( 'comment_spam_message' ) ),
array(
'response' => 403,
)
\ZeroSpam\Core\Access::die(
\ZeroSpam\Core\Utilities::detection_title( 'comment_spam_message' ),
$error_message
);
}

Expand Down

0 comments on commit 649bf3b

Please sign in to comment.