Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/366 Cloudflare Caching #373

Merged
merged 2 commits into from
Mar 7, 2024
Merged

Fix/366 Cloudflare Caching #373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
649bf3b
fix(cloudflare): fix for cloudflare caching spam detections
bmarshall511 Mar 7, 2024
d07c9d0
fix(cloudflare): fixing bad calls to some methods
bmarshall511 Mar 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 49 additions & 17 deletions core/class-access.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,12 @@ public function __construct() {
}

/**
* Fires after WordPress has finished loading but before any headers are sent.
* Initializes the class by setting up hooks and actions.
*
* This method is called during the WordPress initialization process. It
* registers the 'template_redirect' action to perform access checks and
* adds a filter for 'zerospam_access_checks' to determine if the current
* request should be blocked.
*/
public function init() {
if ( ! is_admin() && is_main_query() && self::process() ) {
Expand All @@ -33,23 +38,59 @@ public function init() {
}
}

/**
* Terminates execution with a custom error message and HTTP status code.
*
* Registers an action to prevent caching on error conditions by setting
* appropriate HTTP headers before leveraging WordPress's wp_die() function
* to produce an error page with a specified message, title, and HTTP status
* code.
*
* @param string $title The text to be used as the page title for the error message.
* This content will be sanitized to remove unwanted HTML.
* @param string $message The error message to display. This content will be escaped
* to ensure only safe HTML is included.
* @param int $code Optional. The HTTP status code to be sent in the header.
* Defaults to 403 to indicate a Forbidden error.
*/
public static function terminate_execution( $title, $message, $code = 403 ) {
header( 'Cache-Control: no-store, no-cache, must-revalidate, max-age=0' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );

wp_die(
wp_kses_post( $message ),
esc_html( $title ),
[
'response' => $code,
]
);
}

/**
* Determines is security checks need to be triggers.
*
* @param boolean $ignore_ajax True if AJAX shouldn't be checked.
*/
public static function process( $ignore_ajax = false ) {
$user_ip = \ZeroSpam\Core\User::get_ip();
if ( empty( $_SERVER['REQUEST_URI'] ) ) {
return false;
}

$user_ip = \ZeroSpam\Core\User::get_ip();

// Sanitize the REQUEST_URI before further processing.
$request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );

// Check for .ico requests.
$path = parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH );
$path = wp_parse_url( $request_uri, PHP_URL_PATH );
if ( substr( $path, -4 ) === '.ico' ) {
return false;
}

if ( $ignore_ajax && is_admin() || is_user_logged_in() || \ZeroSpam\Core\Utilities::is_whitelisted( $user_ip ) ) {
if ( ( $ignore_ajax && is_admin() ) || is_user_logged_in() || \ZeroSpam\Core\Utilities::is_whitelisted( $user_ip ) ) {
return false;
} elseif ( ! $ignore_ajax && ( is_admin() && ! wp_doing_ajax() ) || is_user_logged_in() ) {
} elseif ( ! $ignore_ajax && ( ( is_admin() && ! wp_doing_ajax() ) || is_user_logged_in() ) ) {
return false;
}

Expand Down Expand Up @@ -82,21 +123,12 @@ public function access_check() {
if ( ! empty( $settings['block_handler']['value'] ) ) {
switch ( $settings['block_handler']['value'] ) {
case 403:
header( 'Cache-Control: no-cache, no-store, must-revalidate' );
header( 'Pragma: no-cache' );
header( 'Expires: 0' );

$message = __( 'Your IP address has been blocked due to detected spam/malicious activity.', 'zero-spam' );
if ( ! empty( $settings['blocked_message']['value'] ) ) {
$message = $settings['blocked_message']['value'];
}
wp_die(
$message,
__( 'Blocked', 'zero-spam' ),
array(
'response' => 403,
)
);

self::terminate_execution( __( 'Blocked', 'zero-spam' ), $message );
break;
case 'redirect':
$url = 'https://wordpress.org/plugins/zero-spam/';
Expand Down Expand Up @@ -153,7 +185,7 @@ public static function get_blocked_details( $blocked_record, $failed = false ) {
}

if ( $blocked ) {
$access_check['blocked'] = true;
$access_check['blocked'] = true;
$access_check['type'] = 'blocked';
$access_check['details'] = $blocked_record;
$access_check['details']['failed'] = $failed;
Expand Down
21 changes: 4 additions & 17 deletions modules/comments/class-comments.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public function types( $types ) {
*/
public function add_scripts() {
// Only add scripts to the appropriate pages.
if (
if (
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'verify_comments' ) &&
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'davidwalsh' )
) {
Expand Down Expand Up @@ -171,22 +171,9 @@ public function preprocess_comments( $commentdata ) {
}
}

wp_die(
wp_kses(
$error_message,
array(
'a' => array(
'target' => array(),
'href' => array(),
'rel' => array(),
),
'strong' => array(),
)
),
esc_html( \ZeroSpam\Core\Utilities::detection_title( 'comment_spam_message' ) ),
array(
'response' => 403,
)
\ZeroSpam\Core\Access::terminate_execution(
\ZeroSpam\Core\Utilities::detection_title( 'comment_spam_message' ),
$error_message
);
}

Expand Down
Loading