diff --git a/anti-spam-functions.php b/anti-spam-functions.php index 742e2b2..803c6a3 100644 --- a/anti-spam-functions.php +++ b/anti-spam-functions.php @@ -7,58 +7,42 @@ exit; } -function antispam_default_settings() { - $settings = array( + +function antispamrel_get_settings() { + $default_settings = array( 'save_spam_comments' => 0 ); - return $settings; -} + $antispam_settings = (array) get_option('antispamrel_settings'); - -function antispam_get_settings() { - $antispam_settings = (array) get_option('antispam_settings'); - $default_settings = antispam_default_settings(); - $antispam_settings = array_merge($default_settings, $antispam_settings); // set empty options with default values - return $antispam_settings; + return array_merge($default_settings, $antispam_settings); // set empty options with default values; } -function antispam_counter_stats() { - $antispam_stats = get_option('antispam_stats', array()); +function antispamrel_counter_stats() { + $antispam_stats = get_option('antispamrel_stats', array()); if (array_key_exists('blocked_total', $antispam_stats)){ $antispam_stats['blocked_total']++; } else { $antispam_stats['blocked_total'] = 1; } - update_option('antispam_stats', $antispam_stats); + update_option('antispamrel_stats', $antispam_stats); } -function antispam_check_for_spam() { +function antispamrel_check_for_spam() { $spam_flag = false; - $antspm_q = ''; - if (isset($_POST['antspm-q'])) { - $antspm_q = trim($_POST['antspm-q']); - } - - $antspm_d = ''; - if (isset($_POST['antspm-d'])) { - $antspm_d = trim($_POST['antspm-d']); - } - - $antspm_e = ''; - if (isset($_POST['antspm-e-email-url-website'])) { - $antspm_e = trim($_POST['antspm-e-email-url-website']); - } + $antspmrl_q = (isset($_POST['antspmrl-q'])) ? trim($_POST['antspmrl-q']) : ''; // Unsafe value + $antspmrl_d = (isset($_POST['antspmrl-d'])) ? trim($_POST['antspmrl-d']) : ''; // Unsafe value + $antspmrl_e = (isset($_POST['antspmrl-e-email-url-website'])) ? trim($_POST['antspmrl-e-email-url-website']) : ''; // Unsafe value - if ( $antspm_q != date('Y') ) { // year-answer is wrong - it is spam - if ( $antspm_d != date('Y') ) { // extra js-only check: there is no js added input - it is spam + if ( $antspmrl_q != date('Y') ) { // year-answer is wrong - it is spam + if ( $antspmrl_d != date('Y') ) { // extra js-only check: there is no js added input - it is spam $spam_flag = true; } } - if ( ! empty($antspm_e)) { // trap field is not empty - it is spam + if ( ! empty($antspmrl_e)) { // trap field is not empty - it is spam $spam_flag = true; } @@ -66,7 +50,7 @@ function antispam_check_for_spam() { } -function antispam_store_comment($commentdata) { +function antispamrel_store_comment($commentdata) { global $wpdb; if ( isset( $commentdata['user_ID'] ) ) { diff --git a/anti-spam-info.php b/anti-spam-info.php index c9a7682..6c55b30 100644 --- a/anti-spam-info.php +++ b/anti-spam-info.php @@ -7,16 +7,16 @@ exit; } -function antispam_admin_notice() { +function antispamrel_admin_notice() { global $pagenow; - if ($pagenow == 'edit-comments.php'): + if ($pagenow == 'edit-comments.php') { $user_id = get_current_user_id(); - $antispam_info_visibility = get_user_meta($user_id, 'antispam_info_visibility', true); - if ($antispam_info_visibility == 1 OR $antispam_info_visibility == ''): + $antispam_info_visibility = get_user_meta($user_id, 'antispamrel_info_visibility', true); + if ($antispam_info_visibility == 1 OR $antispam_info_visibility == '') { $blocked_total = 0; // show 0 by default - $antispam_stats = get_option('antispam_stats', array()); + $antispam_stats = get_option('antispamrel_stats', array()); if (isset($antispam_stats['blocked_total'])) { - $blocked_total = $antispam_stats['blocked_total']; + $blocked_total = esc_html($antispam_stats['blocked_total']); } ?>
@@ -25,17 +25,17 @@ function antispam_admin_notice() {

-
- + +
'; - echo ' Save spam comments into spam section'; - echo '

Useful for testing how the plugin works. View spam section.

'; +function antispamrel_field_save_spam_comments_callback() { + $settings = antispamrel_get_settings(); + echo '', + '

Useful for testing how the plugin works. View spam section.

'; } -function antispam_settings() { - $antispam_stats = get_option('antispam_stats', array()); - $blocked_total = $antispam_stats['blocked_total']; - if (empty($blocked_total)) { - $blocked_total = 0; +function antispamrel_settings() { + $blocked_total = 0; // show 0 by default + $antispam_stats = get_option('antispamrel_stats', array()); + if (isset($antispam_stats['blocked_total'])) { + $blocked_total = esc_html($antispam_stats['blocked_total']); } ?>
-

Anti-spam Reloaded

-

- spam comments were blocked by Anti-spam Reloaded + spam comments were blocked by Anti-spam Reloaded

-
- -
- -
- +
-
'.$rn; - echo '

- - - -

'.$rn; // question (hidden with js) - echo ' '.$rn; // empty field (hidden with css); trap for spammers because many bots will try to put email or url here + echo ' + +

+ + + +

+ + '; // empty field (hidden with css); trap for spammers because many bots will try to put email or url here } } -add_action('comment_form', 'antispam_form_part'); // add anti-spam inputs to the comment form +add_action('comment_form', 'antispamrel_form_part'); // add anti-spam inputs to the comment form -function antispam_check_comment($commentdata) { - $antispam_settings = antispam_get_settings(); +function antispamrel_check_comment($commentdata) { + $antispam_settings = antispamrel_get_settings(); extract($commentdata); if ( ! is_user_logged_in() && $comment_type != 'pingback' && $comment_type != 'trackback') { // logged in user is not a spammer - if( antispam_check_for_spam() ) { + if( antispamrel_check_for_spam() ) { if( $antispam_settings['save_spam_comments'] ) { - antispam_store_comment($commentdata); + antispamrel_store_comment($commentdata); } - antispam_counter_stats(); + antispamrel_counter_stats(); wp_die('Comment is a spam.'); // die - do not send comment and show error message } } if ($comment_type == 'trackback') { if( $antispam_settings['save_spam_comments'] ) { - antispam_store_comment($commentdata); + antispamrel_store_comment($commentdata); } - antispam_counter_stats(); + antispamrel_counter_stats(); wp_die('Trackbacks are disabled.'); // die - do not send trackback and show error message } return $commentdata; // if comment does not looks like spam } - if ( ! is_admin()) { // without this check it is not possible to add comment in admin section - add_filter('preprocess_comment', 'antispam_check_comment', 1); + add_filter('preprocess_comment', 'antispamrel_check_comment', 1); } -function antispam_plugin_meta($links, $file) { // add some links to plugin meta row +function antispamrel_plugin_meta($links, $file) { // add some links to plugin meta row if ( $file == plugin_basename( __FILE__ ) ) { $row_meta = array( 'github' => '' . __( 'Github', 'github' ) . '' @@ -89,4 +88,4 @@ function antispam_plugin_meta($links, $file) { // add some links to plugin meta } return (array) $links; } -add_filter('plugin_row_meta', 'antispam_plugin_meta', 10, 2); +add_filter('plugin_row_meta', 'antispamrel_plugin_meta', 10, 2); diff --git a/js/anti-spam-5.6.js b/js/anti-spam-5.6.js deleted file mode 100644 index 3b99a61..0000000 --- a/js/anti-spam-5.6.js +++ /dev/null @@ -1,70 +0,0 @@ -/* -Anti-spam Reloaded plugin -*/ - -"use strict"; -(function() { - function anti_spam_init() { - - var i, - len, - elements, - answer = '', - current_year = new Date().getFullYear(), - dynamic_control; - - elements = document.querySelectorAll('.antispam-group'); - len = elements.length; - for (i = 0; i < len; i++) { // hide inputs from users - elements[i].style.display = 'none'; - } - - elements = document.querySelectorAll('.antispam-control-a'); - if ((elements) && (elements.length > 0)) { // get the answer - answer = elements[0].value; - } - - elements = document.querySelectorAll('.antispam-control-q'); - len = elements.length; - for (i = 0; i < len; i++) { // set answer into other input instead of user - elements[i].value = answer; - } - - // clear value of the empty input because some themes are adding some value for all inputs - elements = document.querySelectorAll('.antispam-control-e'); - len = elements.length; - for (i = 0; i < len; i++) { - elements[i].value = ''; - } - - //dynamic_control = ''; - dynamic_control = document.createElement('input'); - dynamic_control.setAttribute('type', 'hidden'); - dynamic_control.setAttribute('name', 'antspm-d'); - dynamic_control.setAttribute('class', 'antispam-control antispam-control-d'); - dynamic_control.setAttribute('value', current_year); - - // add input for every comment form if there are more than 1 form with IDs: comments, respond or commentform - elements = document.querySelectorAll('form'); - len = elements.length; - for (i = 0; i < len; i++) { - if ( (elements[i].id === 'comments') || (elements[i].id === 'respond') || (elements[i].id === 'commentform') ) { - var class_index = elements[i].className.indexOf('anti-spam-form-processed'); - if ( class_index == -1 ) { // form is not yet js processed - elements[i].appendChild(dynamic_control); - elements[i].className = elements[i].className + ' anti-spam-form-processed'; - } - } - } - } - - if (document.addEventListener) { - document.addEventListener('DOMContentLoaded', anti_spam_init, false); - } - - // set 1 second timeout for having form loaded and adding support for browsers which does not support 'DOMContentLoaded' listener - setTimeout(function () { - anti_spam_init(); - }, 1000); - -})(); \ No newline at end of file diff --git a/js/anti-spam-6.0.js b/js/anti-spam-6.0.js new file mode 100644 index 0000000..dcfe847 --- /dev/null +++ b/js/anti-spam-6.0.js @@ -0,0 +1,61 @@ +/* +Anti-spam Reloaded plugin +*/ + +"use strict"; +(function() { + function anti_spam_reloaded_init() { + + let answer = ''; + + let elements = document.querySelectorAll('.antispamrel-group'); + for (let i = 0; i < elements.length; i++) { // hide inputs from users + elements[i].style.display = 'none'; + } + + elements = document.querySelectorAll('.antispamrel-control-a'); + if ((elements) && (elements.length > 0)) { // get the answer + answer = elements[0].value; + } + + elements = document.querySelectorAll('.antispamrel-control-q'); + for (let i = 0; i < elements.length; i++) { // set answer into other input instead of user + elements[i].value = answer; + } + + // clear value of the empty input because some themes are adding some value for all inputs + elements = document.querySelectorAll('.antispamrel-control-e'); + for (let i = 0; i < elements.length; i++) { + elements[i].value = ''; + } + + //dynamic_control = ''; + let dynamic_control = document.createElement('input'); + dynamic_control.setAttribute('type', 'hidden'); + dynamic_control.setAttribute('name', 'antspmrl-d'); + dynamic_control.setAttribute('class', 'antispamrel-control-d'); + dynamic_control.setAttribute('value', new Date().getFullYear()); + + // add input for every comment form if there are more than 1 form with IDs: comments, respond or commentform + elements = document.querySelectorAll('form'); + for (let i = 0; i < elements.length; i++) { + if ( (elements[i].id === 'comments') || (elements[i].id === 'respond') || (elements[i].id === 'commentform') ) { + let class_index = elements[i].className.indexOf('anti-spam-reloaded-form-processed'); + if ( class_index == -1 ) { // form is not yet js processed + elements[i].appendChild(dynamic_control); + elements[i].className = elements[i].className + ' anti-spam-reloaded-form-processed'; + } + } + } + } + + if (document.addEventListener) { + document.addEventListener('DOMContentLoaded', anti_spam_reloaded_init, false); + } + + // set 1 second timeout for having form loaded and adding support for browsers which does not support 'DOMContentLoaded' listener + setTimeout(function () { + anti_spam_reloaded_init(); + }, 1000); + +})(); diff --git a/readme.txt b/readme.txt index 455fdb2..a2e50cc 100644 --- a/readme.txt +++ b/readme.txt @@ -1,9 +1,9 @@ === Anti-spam Reloaded === -Contributors: webvitaly, kudlav +Contributors: kudlav, webvitaly Tags: spam, spammer, comment, comments, comment-spam, antispam, anti-spam, block-spam, spam-free, spambot, spam-bot, bot Requires at least: 3.3 Tested up to: 5.4 -Stable tag: 5.6 +Stable tag: 6.0 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl.html @@ -11,63 +11,67 @@ No spam in comments. No captcha. == Description == -* **[GitHub](https://github.com/kudlav/anti-spam/ "Fork")** +This is fork of successful Anti-spam plugin v5.5 written by webvitalii, for more info visit [GitHub Fork](https://github.com/kudlav/anti-spam/). +From version 5.6 maintained by kudlav. -Anti-spam plugin blocks automatic spam in comments section. No captcha. +* **[GitHub Fork](https://github.com/kudlav/anti-spam/)** -Plugin is easy to use: just install it and it just works. +Anti-spam Reloaded plugin blocks 100% of automatic spam messages in comments section and also blocks all trackbacks. No captcha required. -Blocked comments can be stored in the Spam area if needed. This can be enabled/disabled via Settings page. This is useful for testing and debug purpose. Blocked spam comments can be easily converted to regular comments if needed. +Plugin is simple and easy to use: just install it and it just works. -Anti-spam plugin is GDPR compliant and does not store any other user data except of the behavior mentioned above. +Blocked comments can be stored in the Spam area and converted to regular comments if needed. -**Plugin blocks spam only in comments section**. +Anti-spam Reloaded plugin is GDPR compliant and does not store any other user data except of the behaviour mentioned above. - - -After installing the Anti-spam plugin **try to submit a comment on your site being logged out**. -If you get an error - you may check the solution in the [Support section](http://wordpress.org/support/plugin/anti-spam-reloaded) or submit a new topic with detailed description of your problem. +**Plugin blocks spam only in comments section.**. +Plugin does not block manual spam (submitted by spammers manually via browser). == Installation == 1. Install and activate the plugin on the Plugins page -2. Enjoy life without spam in comments +2. Try to submit a comment on your site being logged out +3. Enjoy life without spam in comments -== Frequently Asked Questions == -= How to test what spam comments were blocked? = += Settings (optional) = -You can visit Anti-spam settings page and enable saving blocked comments as spam in the spam section. -To enabled that you need to go to: WordPress admin dashboard => Settings section => Anti-spam -Saving blocked comments into spam section is disabled by default. -Saving spam comments can help you to keep all the comments saved and review them in future if needed. You can easily mark comment as "not spam" if some of the comments were blocked by mistake. +In "Settings => Anti-spam Reloaded" you can enable saving blocked comments as spam in the spam section (disabled by default). +Saving blocked comments is useful for testing and debug purpose. You can easily mark comment as "not spam" if some of the comments were blocked by mistake. -= What is the percentage of spam blocked? = +You hide the info block with total spam blocked counter in the admin comments section in the "Screen Options" section of comments page. +The visibility option for this info block is saved per user (enabled by default). -Anti-spam plugin blocks 100% of automatic spam messages (sent by spam-bots via post requests). -Plugin does not block manual spam (submitted by spammers manually via browser). -= Incompatible with: = +== Compatibility == +All modern browsers and IE11+ are supported. +Anti-spam Reloaded plugin works with disabled JavaScript. Users with disabled JavaScript should manually fill current year before submitting the comment. + +Plugin is incompatible with: * Disqus * Jetpack Comments * AJAX Comment Form * bbPress -= How does Anti-spam plugin work? = +If site has caching plugin enabled and cache is not cleared or if theme does not use 'comment_form' action +and there is no plugin inputs in comments form - plugin tries to add hidden fields automatically using JavaScript. + + +== How does it work? == The blocking algorithm is based on 2 methods: 'invisible js-captcha' and 'invisible input trap' (aka honeypot technique). -= How does 'invisible js-captcha' method (aka honeypot) work? = += 'invisible js-captcha' = -The 'invisible js-captcha' method is based on fact that bots does not have javascript on their user-agents. +The 'invisible js-captcha' method is based on fact that bots does not have JavaScript on their user-agents. Extra hidden field is added to comments form. It is the question about the current year. -If the user visits site, than this field is answered automatically with javascript, is hidden by javascript and css and invisible for the user. +If the user visits site, than this field is answered automatically with JavaScript, is hidden by JavaScript and CSS and invisible for the user. If the spammer will fill year-field incorrectly - the comment will be blocked because it is spam. -= How does 'invisible input trap' (aka honeypot technique) method work? = += 'invisible input trap' = The 'invisible input trap' method is based on fact that almost all the bots will fill inputs with name 'email' or 'url'. Extra hidden field is added to comments form. @@ -75,175 +79,19 @@ This field is hidden for the user and user will not fill it. But this field is visible for the spammer. If the spammer will fill this trap-field with anything - the comment will be blocked because it is spam. -= How to know the counter of blocked spam comments? = - -You can find the info block with total spam blocked counter in the admin comments section. -You can hide or show this info block in the "Screen Options" section. -The visibility option for this info block is saved per user. - -= Does plugin block spam from Contact or other forms? = - -Plugin blocks spam only in comments form section and does not block spam from any other forms on site. -If you installed and activated the plugin and you still receiving spam - probably this could be because of some other forms on your site (for example feedback form). - -= What about trackback spam? = - -Users rarely use trackbacks because it is manual and requires extra input. Spammers uses trackbacks because it is easy to cheat here. -Users use pingbacks very often because they work automatically. Spammers does not use pingbacks because backlinks are checked. -So trackbacks are blocked but pingbacks are enabled. -You may read more about the [difference between trackbacks and pingbacks](http://web-profile.net/web/trackback-vs-pingback/) - -= What browsers are supported? = - -All modern browsers and IE8+ are supported. - -= Unobtrusive JavaScript = - -Anti-spam plugin works with disabled JavaScript. JavaScript is disabled on less than 1% of devices. -Users with disabled JavaScript should manually fill catcha-like input before submitting the comment. - -= And one more extra note... = - -If site has caching plugin enabled and cache is not cleared or if theme does not use 'comment_form' action -and there is no plugin inputs in comments form - plugin tries to add hidden fields automatically using JavaScript. - -= Not enough information about the plugin? = - -You may check out the [source code of the plugin](http://plugins.trac.wordpress.org/browser/anti-spam-reloaded/trunk/anti-spam.php). -The plugin is pretty small and easy to read. - == Changelog == -= 5.6 = += 6.0 - 2020-04-20 = +* New maintainer kudlav - updated links and docs +* Sanitizing and cleaner HTML output +* Changed prefixes +* Code + Readme simplified +* Use let instead of var in JS + += 5.6 - 2020-04-17 = * New maintainer kudlav - updated links and docs * Removed links to paid version * Stat info is no longer warning -= 5.5 = -* Code cleanup -* Removed dismissible notice - -= 5.4 = -* Updated dismissible notice - -= 5.3 = -* Fixed the typo in the readme -* Readme cleanup -* Code cleanup -* Added dismissible notice - -= 5.2 = -* Disable trackbacks - -= 5.1 = -* Disable check for comments from logged in users - -= 5.0 = -* Rewriting/refactoring a lot of the code -* Adding Settings page -* Storing blocked comments into the Spam section -* Working on GDPR compliance - - -= 4.4 - 2017-08-30 = -* Fixed issue with showing comments on every page. Thanks to [johnh10](https://wordpress.org/support/topic/shows-the-captcha-on-archive-pages/) - -= 4.3 - 2016-11-22 = -* fixed notices - -= 4.2 - 2016-01-30 = -* removed XSS vulnerability - thanks to Kenan from [tbmnull.com](http://tbmnull.com/) - -= 4.1 - 2015-10-25 = -* added log spam to file feature - huge thanks to [Guti](http://www.javiergutierrezchamorro.com/ "Javier Gutiérrez Chamorro") -* prevent full path disclosure -* added empty index.php file -* publish plugin to GitHub -* added Text Domain for translation.wordpress.org - -= 4.0 - 2015-10-11 = -* dropped jQuery dependency (huge thanks to [Guti](http://www.javiergutierrezchamorro.com/ "Javier Gutiérrez Chamorro") for rewriting javascript code from scratch. Força Barça! ) -* fixed issue with empty blocked spam counter (showing zero instead of nothing) - -= 3.5 - 2015-01-17 = -* removed function_exists check because each function has unique prefix -* removed add_option() -* added autocomplete="off" for inputs (thanks to Feriman) - -= 3.4 - 2014-12-20 = -* added the ability to hide or show info block in the "Screen Options" section - -= 3.3 - 2014-12-15 = -* refactor code structure -* added blocked spam counter in the comments section -* clean up the docs - -= 3.2 - 2014-12-05 = -* added ANTISPAM_VERSION constant (thanks to jumbo) -* removed new spam-block algorithm because it is not needed - -= 3.1 - 2014-12-04 = -* remove log notices - -= 3.0 - 2014-12-02 = -* added new spam-block algorithm -* bugfixing -* enqueue script only for pages with comments form and in the footer (thanks to dougvdotcom) -* refactor code structure - -= 2.6 - 2014-11-30 = -* reverting to ver.2.2 state (enqueue script using 'init' hook and into the header) because users start receiving spam messages - -= 2.5 - 2014-11-26 = -* update input names - -= 2.4 - 2014-11-25 = -* update input names - -= 2.3 - 2014-11-23 = -* enqueue script only for pages with comments form and in the footer (thanks to dougvdotcom) -* clean up code - -= 2.2 - 2014-08-03 = -* clear value of the empty input because some themes are adding some value for all inputs -* updated FAQ section - -= 2.1 - 2014-02-15 = -* add support for comments forms loaded via ajax - -= 2.0 - 2014-01-04 = -* bug fixing -* updating info - -= 1.9 - 2013-10-23 = -* change the html structure - -= 1.8 - 2013-07-19 = -* removed labels from plugin markup because some themes try to get text from labels and insert it into inputs like placeholders (what cause an error) -* added info to FAQ section that Anti-spam plugin does not work with Jetpack Comments - -= 1.7 - 2013-05-31 = -* if site has caching plugin enabled and cache is not cleared or if theme does not use 'comment_form' action - Anti-spam plugin does not worked; so now whole input added via javascript if it does not exist in html - -= 1.6 - 2013-05-05 = -* add some more debug info in errors text - -= 1.5 - 2013-04-15 = -* disable trackbacks because of spam (pingbacks are enabled) - -= 1.4 - 2013-04-13 = -* code refactor -* renaming empty field to "*-email-url" to trap more spam - -= 1.3 - 2013-04-10 = -* changing the input names and add some more traps because some spammers are passing the plugin - -= 1.2 - 2012-10-28 = -* minor changes - -= 1.1 - 2012-10-14 = -* sending answer from server to client into hidden field (because client year and server year could mismatch) - -= 1.0 - 2012-09-06 = -* initial release \ No newline at end of file +Previous versions can be found in original Anti-spam [repository](https://github.com/webvitalii/anti-spam/).