FrmEntryValidate::get_fields_to_validate() - Code Metrics - Inspection of "Save value as array when single box is checked" - Strategy11/formidable-forms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 3bc623...b7947d )

by Stephanie

created 2020-03-30 21:40 UTC

FrmEntryValidate::get_fields_to_validate() A

↳ Parent: FrmEntryValidate

Complexity

Conditions	2
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
nc	2
nop	2
dl	0
loc	13
rs	9.8333
c	0
b	0
f	0

<?php

class FrmEntryValidate {
	public static function validate( $values, $exclude = false ) {
		FrmEntry::sanitize_entry_post( $values );
		$errors = array();

		if ( ! isset( $values['form_id'] ) || ! isset( $values['item_meta'] ) ) {
			$errors['form'] = __( 'There was a problem with your submission. Please try again.', 'formidable' );

			return $errors;
		}

		if ( FrmAppHelper::is_admin() && is_user_logged_in() && ( ! isset( $values[ 'frm_submit_entry_' . $values['form_id'] ] ) || ! wp_verify_nonce( $values[ 'frm_submit_entry_' . $values['form_id'] ], 'frm_submit_entry_nonce' ) ) ) {
			$errors['form'] = __( 'You do not have permission to do that', 'formidable' );
		}

		self::set_item_key( $values );

		$posted_fields = self::get_fields_to_validate( $values, $exclude );

		// Pass exclude value to validate_field function so it can be used for repeating sections
		$args = array( 'exclude' => $exclude );

		foreach ( $posted_fields as $posted_field ) {
			self::validate_field( $posted_field, $errors, $values, $args );
			unset( $posted_field );
		}

		if ( empty( $errors ) ) {
			self::spam_check( $exclude, $values, $errors );
		}

		$errors = apply_filters( 'frm_validate_entry', $errors, $values, compact( 'exclude' ) );

		return $errors;
	}

	private static function set_item_key( &$values ) {
		if ( ! isset( $values['item_key'] ) || $values['item_key'] == '' ) {
			global $wpdb;
			$values['item_key'] = FrmAppHelper::get_unique_key( '', $wpdb->prefix . 'frm_items', 'item_key' );
			$_POST['item_key']  = $values['item_key'];
		}
	}

	private static function get_fields_to_validate( $values, $exclude ) {
		$where = apply_filters( 'frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) );

		// Don't get subfields
		$where['fr.parent_form_id'] = array( null, 0 );

		// Don't get excluded fields (like file upload fields in the ajax validation)
		if ( ! empty( $exclude ) ) {
			$where['fi.type not'] = $exclude;
		}

		return FrmField::getAll( $where, 'field_order' );
	}

	public static function validate_field( $posted_field, &$errors, $values, $args = array() ) {
		$defaults = array(
			'id'              => $posted_field->id,
			'parent_field_id' => '', // the id of the repeat or embed form
			'key_pointer'     => '', // the pointer in the posted array
			'exclude'         => array(), // exclude these field types from validation
		);
		$args     = wp_parse_args( $args, $defaults );

		if ( empty( $args['parent_field_id'] ) ) {
			$value = isset( $values['item_meta'][ $args['id'] ] ) ? $values['item_meta'][ $args['id'] ] : '';
		} else {
			// value is from a nested form
			$value = $values;
		}

		// Check for values in "Other" fields
		FrmEntriesHelper::maybe_set_other_validation( $posted_field, $value, $args );

		self::maybe_clear_value_for_default_blank_setting( $posted_field, $value );

		if ( ! is_array( $value ) ) {
			$value = trim( $value );
		}

		if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
			$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
		} elseif ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { // WPCS: CSRF ok.
			$_POST['item_name'] = $value;
		}

		FrmEntriesHelper::set_posted_value( $posted_field, $value, $args );

		self::validate_field_types( $errors, $posted_field, $value, $args );

		// Field might want to modify value before other parts of the system
		// e.g. trim off excess values like in the case of fields with limit.
		$value = apply_filters( 'frm_modify_posted_field_value', $value, $errors, $posted_field, $args );

		if ( $value != '' ) {
			self::validate_phone_field( $errors, $posted_field, $value, $args );
		}

		$errors = apply_filters( 'frm_validate_' . $posted_field->type . '_field_entry', $errors, $posted_field, $value, $args );
		$errors = apply_filters( 'frm_validate_field_entry', $errors, $posted_field, $value, $args );
	}

	private static function maybe_clear_value_for_default_blank_setting( $field, &$value ) {
		$placeholder = FrmField::get_option( $field, 'placeholder' );
		$is_default  = ( ! empty( $placeholder ) && $value == $placeholder );
		$is_label    = false;

		if ( ! $is_default ) {
			$position = FrmField::get_option( $field, 'label' );
			if ( empty( $position ) ) {
				$position = FrmStylesController::get_style_val( 'position', $field->form_id );
			}

			$is_label = ( $position == 'inside' && FrmFieldsHelper::is_placeholder_field_type( $field->type ) && $value == $field->name );
		}

		if ( $is_label || $is_default ) {
			$value = '';
		}
	}

	public static function validate_field_types( &$errors, $posted_field, $value, $args ) {
		$field_obj      = FrmFieldFactory::get_field_object( $posted_field );
		$args['value']  = $value;
		$args['errors'] = $errors;

		$new_errors = $field_obj->validate( $args );
		if ( ! empty( $new_errors ) ) {
			$errors = array_merge( $errors, $new_errors );
		}
	}

	public static function validate_phone_field( &$errors, $field, $value, $args ) {
		if ( $field->type == 'phone' || ( $field->type == 'text' && FrmField::is_option_true_in_object( $field, 'format' ) ) ) {

			$pattern = self::phone_format( $field );

			if ( ! preg_match( $pattern, $value ) ) {
				$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' );
			}
		}
	}

	public static function phone_format( $field ) {
		if ( FrmField::is_option_empty( $field, 'format' ) ) {
			$pattern = self::default_phone_format();
		} else {
			$pattern = FrmField::get_option( $field, 'format' );
		}

		$pattern = apply_filters( 'frm_phone_pattern', $pattern, $field );

		// Create a regexp if format is not already a regexp
		if ( strpos( $pattern, '^' ) !== 0 ) {
			$pattern = self::create_regular_expression_from_format( $pattern );
		}

		$pattern = '/' . $pattern . '/';

		return $pattern;
	}

	/**
	 * @since 3.01
	 */
	private static function default_phone_format() {
		return '^((\+\d{1,3}(-|.| )?\(?\d\)?(-| |.)?\d{1,5})|(\(?\d{2,6}\)?))(-|.| )?(\d{3,4})(-|.| )?(\d{4})(( x| ext)\d{1,5}){0,1}$';
	}

	/**
	 * Create a regular expression from a phone number format
	 *
	 * @since 2.02.02
	 *
	 * @param string $pattern
	 *
	 * @return string
	 */
	private static function create_regular_expression_from_format( $pattern ) {
		$pattern = preg_quote( $pattern );

		// Firefox doesn't like escaped dashes or colons
		$pattern = str_replace( array( '\-', '\:' ), array( '-', ':' ), $pattern );

		// Switch generic values out for their regular expression
		$pattern = preg_replace( '/\d/', '\d', $pattern );
		$pattern = str_replace( 'a', '[a-z]', $pattern );
		$pattern = str_replace( 'A', '[A-Z]', $pattern );
		$pattern = str_replace( '*', 'w', $pattern );
		$pattern = str_replace( '/', '\/', $pattern );

		if ( strpos( $pattern, '\?' ) !== false ) {
			$parts   = explode( '\?', $pattern );
			$pattern = '';
			foreach ( $parts as $part ) {
				if ( empty( $pattern ) ) {
					$pattern .= $part;
				} else {
					$pattern .= '(' . $part . ')?';
				}
			}
		}
		$pattern = '^' . $pattern . '$';

		return $pattern;
	}

	/**
	 * Check for spam
	 *
	 * @param boolean $exclude
	 * @param array $values
	 * @param array $errors by reference
	 */
	public static function spam_check( $exclude, $values, &$errors ) {
		if ( ! empty( $exclude ) || ! isset( $values['item_meta'] ) || empty( $values['item_meta'] ) || ! empty( $errors ) ) {
			// only check spam if there are no other errors
			return;
		}

		if ( self::is_honeypot_spam() || self::is_spam_bot() ) {
			$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
		}

		if ( self::blacklist_check( $values ) ) {
			$errors['spam'] = __( 'Your entry appears to be blacklist spam!', 'formidable' );
		}

		if ( self::is_akismet_spam( $values ) ) {
			if ( self::is_akismet_enabled_for_user( $values['form_id'] ) ) {
				$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
			}
		}
	}

	private static function is_honeypot_spam() {
		$honeypot_value = FrmAppHelper::get_param( 'frm_verify', '', 'get', 'sanitize_text_field' );

		return ( $honeypot_value !== '' );
	}

	private static function is_spam_bot() {
		$ip = FrmAppHelper::get_ip_address();

		return empty( $ip );
	}

	private static function is_akismet_spam( $values ) {
		global $wpcom_api_key;

		return ( is_callable( 'Akismet::http_post' ) && ( get_option( 'wordpress_api_key' ) || $wpcom_api_key ) && self::akismet( $values ) );
	}

	private static function is_akismet_enabled_for_user( $form_id ) {
		$form = FrmForm::getOne( $form_id );

		return ( isset( $form->options['akismet'] ) && ! empty( $form->options['akismet'] ) && ( $form->options['akismet'] != 'logged' || ! is_user_logged_in() ) );
	}

	public static function blacklist_check( $values ) {
		if ( ! apply_filters( 'frm_check_blacklist', true, $values ) ) {
			return false;
		}

		$mod_keys = trim( get_option( 'blacklist_keys' ) );
		if ( empty( $mod_keys ) ) {
			return false;
		}

		$content = FrmEntriesHelper::entry_array_to_string( $values );
		if ( empty( $content ) ) {
			return false;
		}

		$ip         = FrmAppHelper::get_ip_address();
		$user_agent = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
		$user_info  = self::get_spam_check_user_info( $values );

		return wp_blacklist_check( $user_info['comment_author'], $user_info['comment_author_email'], $user_info['comment_author_url'], $content, $ip, $user_agent );
	}

	/**
	 * Check entries for Akismet spam
	 *
	 * @return boolean true if is spam
	 */
	public static function akismet( $values ) {
		$content = FrmEntriesHelper::entry_array_to_string( $values );
		if ( empty( $content ) ) {
			return false;
		}

		$datas = array(
			'comment_type'    => 'formidable',
			'comment_content' => $content,
		);
		self::parse_akismet_array( $datas, $values );

		$query_string = _http_build_query( $datas, '', '&' );
		$response     = Akismet::http_post( $query_string, 'comment-check' );

		return ( is_array( $response ) && $response[1] == 'true' );
	}

	/**
	 * @since 2.0
	 */
	private static function parse_akismet_array( &$datas, $values ) {
		self::add_site_info_to_akismet( $datas );
		self::add_user_info_to_akismet( $datas, $values );
		self::add_server_values_to_akismet( $datas );
	}

	private static function add_site_info_to_akismet( &$datas ) {
		$datas['blog']         = FrmAppHelper::site_url();
		$datas['user_ip']      = preg_replace( '/[^0-9., ]/', '', FrmAppHelper::get_ip_address() );
		$datas['user_agent']   = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
		$datas['referrer']     = isset( $_SERVER['HTTP_REFERER'] ) ? FrmAppHelper::get_server_value( 'HTTP_REFERER' ) : false;
		$datas['blog_lang']    = get_locale();
		$datas['blog_charset'] = get_option( 'blog_charset' );

		if ( akismet_test_mode() ) {
			$datas['is_test'] = 'true';
		}
	}

	private static function add_user_info_to_akismet( &$datas, $values ) {
		$user_info = self::get_spam_check_user_info( $values );
		$datas     = $datas + $user_info;

		if ( isset( $user_info['user_ID'] ) ) {
			$datas['user_role'] = Akismet::get_user_roles( $user_info['user_ID'] );
		}
	}

	private static function get_spam_check_user_info( $values ) {
		$datas = array();

		if ( is_user_logged_in() ) {
			$user = wp_get_current_user();

			$datas['user_ID']              = $user->ID;
			$datas['user_id']              = $user->ID;
			$datas['comment_author']       = $user->display_name;
			$datas['comment_author_email'] = $user->user_email;
			$datas['comment_author_url']   = $user->user_url;
		} else {
			$datas['comment_author']       = '';
			$datas['comment_author_email'] = '';
			$datas['comment_author_url']   = '';

			$values = array_filter( $values );
			foreach ( $values as $value ) {
				if ( ! is_array( $value ) ) {
					if ( $datas['comment_author_email'] == '' && strpos( $value, '@' ) && is_email( $value ) ) {
						$datas['comment_author_email'] = $value;
					} elseif ( $datas['comment_author_url'] == '' && strpos( $value, 'http' ) === 0 ) {
						$datas['comment_author_url'] = $value;
					} elseif ( $datas['comment_author'] == '' && ! is_numeric( $value ) && strlen( $value ) < 200 ) {
						$datas['comment_author'] = $value;
					}
				}
			}
		}

		return $datas;
	}

	private static function add_server_values_to_akismet( &$datas ) {
		foreach ( $_SERVER as $key => $value ) {
			$include_value = is_string( $value ) && ! preg_match( '/^HTTP_COOKIE/', $key ) && preg_match( '/^(HTTP_|REMOTE_ADDR|REQUEST_URI|DOCUMENT_URI)/', $key );

			// Send any potentially useful $_SERVER vars, but avoid sending junk we don't need.
			if ( $include_value ) {
				$datas[ $key ] = $value;
			}
			unset( $key, $value );
		}
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_url_field( &$errors, $field, $value, $args ) {
		FrmDeprecated::validate_url_field( $errors, $field, $value, $args );
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_email_field( &$errors, $field, $value, $args ) {
		FrmDeprecated::validate_email_field( $errors, $field, $value, $args );
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_number_field( &$errors, $field, $value, $args ) {
		FrmDeprecated::validate_number_field( $errors, $field, $value, $args );
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_recaptcha( &$errors, $field, $args ) {
		FrmDeprecated::validate_recaptcha( $errors, $field, $args );
	}
}


1			<?php
2
3			class FrmEntryValidate {
4			public static function validate( $values, $exclude = false ) {
5			FrmEntry::sanitize_entry_post( $values );
6			$errors = array();
7
8			if ( ! isset( $values['form_id'] ) \|\| ! isset( $values['item_meta'] ) ) {
9			$errors['form'] = __( 'There was a problem with your submission. Please try again.', 'formidable' );
10
11			return $errors;
12			}
13
14			if ( FrmAppHelper::is_admin() && is_user_logged_in() && ( ! isset( $values[ 'frm_submit_entry_' . $values['form_id'] ] ) \|\| ! wp_verify_nonce( $values[ 'frm_submit_entry_' . $values['form_id'] ], 'frm_submit_entry_nonce' ) ) ) {
15			$errors['form'] = __( 'You do not have permission to do that', 'formidable' );
16			}
17
18			self::set_item_key( $values );
19
20			$posted_fields = self::get_fields_to_validate( $values, $exclude );
21
22			// Pass exclude value to validate_field function so it can be used for repeating sections
23			$args = array( 'exclude' => $exclude );
24
25			foreach ( $posted_fields as $posted_field ) {
26			self::validate_field( $posted_field, $errors, $values, $args );
27			unset( $posted_field );
28			}
29
30			if ( empty( $errors ) ) {
31			self::spam_check( $exclude, $values, $errors );
32			}
33
34			$errors = apply_filters( 'frm_validate_entry', $errors, $values, compact( 'exclude' ) );
35
36			return $errors;
37			}
38
39			private static function set_item_key( &$values ) {
40			if ( ! isset( $values['item_key'] ) \|\| $values['item_key'] == '' ) {
41			global $wpdb;
42			$values['item_key'] = FrmAppHelper::get_unique_key( '', $wpdb->prefix . 'frm_items', 'item_key' );
43			$_POST['item_key'] = $values['item_key'];
44			}
45			}
46
47			private static function get_fields_to_validate( $values, $exclude ) {
48			$where = apply_filters( 'frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) );
49
50			// Don't get subfields
51			$where['fr.parent_form_id'] = array( null, 0 );
52
53			// Don't get excluded fields (like file upload fields in the ajax validation)
54			if ( ! empty( $exclude ) ) {
55			$where['fi.type not'] = $exclude;
56			}
57
58			return FrmField::getAll( $where, 'field_order' );
59			}
60
61			public static function validate_field( $posted_field, &$errors, $values, $args = array() ) {
62			$defaults = array(
63			'id' => $posted_field->id,
64			'parent_field_id' => '', // the id of the repeat or embed form
65			'key_pointer' => '', // the pointer in the posted array
66			'exclude' => array(), // exclude these field types from validation
67			);
68			$args = wp_parse_args( $args, $defaults );
69
70			if ( empty( $args['parent_field_id'] ) ) {
71			$value = isset( $values['item_meta'][ $args['id'] ] ) ? $values['item_meta'][ $args['id'] ] : '';
72			} else {
73			// value is from a nested form
74			$value = $values;
75			}
76
77			// Check for values in "Other" fields
78			FrmEntriesHelper::maybe_set_other_validation( $posted_field, $value, $args );
79
80			self::maybe_clear_value_for_default_blank_setting( $posted_field, $value );
81
82			if ( ! is_array( $value ) ) {
83			$value = trim( $value );
84			}
85
86			if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
87			$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
88			} elseif ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { // WPCS: CSRF ok.
89			$_POST['item_name'] = $value;
90			}
91
92			FrmEntriesHelper::set_posted_value( $posted_field, $value, $args );
93
94			self::validate_field_types( $errors, $posted_field, $value, $args );
95
96			// Field might want to modify value before other parts of the system
97			// e.g. trim off excess values like in the case of fields with limit.
98			$value = apply_filters( 'frm_modify_posted_field_value', $value, $errors, $posted_field, $args );
99
100			if ( $value != '' ) {
101			self::validate_phone_field( $errors, $posted_field, $value, $args );
102			}
103
104			$errors = apply_filters( 'frm_validate_' . $posted_field->type . '_field_entry', $errors, $posted_field, $value, $args );
105			$errors = apply_filters( 'frm_validate_field_entry', $errors, $posted_field, $value, $args );
106			}
107
108			private static function maybe_clear_value_for_default_blank_setting( $field, &$value ) {
109			$placeholder = FrmField::get_option( $field, 'placeholder' );
110			$is_default = ( ! empty( $placeholder ) && $value == $placeholder );
111			$is_label = false;
112
113			if ( ! $is_default ) {
114			$position = FrmField::get_option( $field, 'label' );
115			if ( empty( $position ) ) {
116			$position = FrmStylesController::get_style_val( 'position', $field->form_id );
117			}
118
119			$is_label = ( $position == 'inside' && FrmFieldsHelper::is_placeholder_field_type( $field->type ) && $value == $field->name );
120			}
121
122			if ( $is_label \|\| $is_default ) {
123			$value = '';
124			}
125			}
126
127			public static function validate_field_types( &$errors, $posted_field, $value, $args ) {
128			$field_obj = FrmFieldFactory::get_field_object( $posted_field );
129			$args['value'] = $value;
130			$args['errors'] = $errors;
131
132			$new_errors = $field_obj->validate( $args );
133			if ( ! empty( $new_errors ) ) {
134			$errors = array_merge( $errors, $new_errors );
135			}
136			}
137
138			public static function validate_phone_field( &$errors, $field, $value, $args ) {
139			if ( $field->type == 'phone' \|\| ( $field->type == 'text' && FrmField::is_option_true_in_object( $field, 'format' ) ) ) {
140
141			$pattern = self::phone_format( $field );
142
143			if ( ! preg_match( $pattern, $value ) ) {
144			$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' );
145			}
146			}
147			}
148
149			public static function phone_format( $field ) {
150			if ( FrmField::is_option_empty( $field, 'format' ) ) {
151			$pattern = self::default_phone_format();
152			} else {
153			$pattern = FrmField::get_option( $field, 'format' );
154			}
155
156			$pattern = apply_filters( 'frm_phone_pattern', $pattern, $field );
157
158			// Create a regexp if format is not already a regexp
159			if ( strpos( $pattern, '^' ) !== 0 ) {
160			$pattern = self::create_regular_expression_from_format( $pattern );
161			}
162
163			$pattern = '/' . $pattern . '/';
164
165			return $pattern;
166			}
167
168			/**
169			* @since 3.01
170			*/
171			private static function default_phone_format() {
172			return '^((\+\d{1,3}(-\|.\| )?\(?\d\)?(-\| \|.)?\d{1,5})\|(\(?\d{2,6}\)?))(-\|.\| )?(\d{3,4})(-\|.\| )?(\d{4})(( x\| ext)\d{1,5}){0,1}$';
173			}
174
175			/**
176			* Create a regular expression from a phone number format
177			*
178			* @since 2.02.02
179			*
180			* @param string $pattern
181			*
182			* @return string
183			*/
184			private static function create_regular_expression_from_format( $pattern ) {
185			$pattern = preg_quote( $pattern );
186
187			// Firefox doesn't like escaped dashes or colons
188			$pattern = str_replace( array( '\-', '\:' ), array( '-', ':' ), $pattern );
189
190			// Switch generic values out for their regular expression
191			$pattern = preg_replace( '/\d/', '\d', $pattern );
192			$pattern = str_replace( 'a', '[a-z]', $pattern );
193			$pattern = str_replace( 'A', '[A-Z]', $pattern );
194			$pattern = str_replace( '*', 'w', $pattern );
195			$pattern = str_replace( '/', '\/', $pattern );
196
197			if ( strpos( $pattern, '\?' ) !== false ) {
198			$parts = explode( '\?', $pattern );
199			$pattern = '';
200			foreach ( $parts as $part ) {
201			if ( empty( $pattern ) ) {
202			$pattern .= $part;
203			} else {
204			$pattern .= '(' . $part . ')?';
205			}
206			}
207			}
208			$pattern = '^' . $pattern . '$';
209
210			return $pattern;
211			}
212
213			/**
214			* Check for spam
215			*
216			* @param boolean $exclude
217			* @param array $values
218			* @param array $errors by reference
219			*/
220			public static function spam_check( $exclude, $values, &$errors ) {
221			if ( ! empty( $exclude ) \|\| ! isset( $values['item_meta'] ) \|\| empty( $values['item_meta'] ) \|\| ! empty( $errors ) ) {
222			// only check spam if there are no other errors
223			return;
224			}
225
226			if ( self::is_honeypot_spam() \|\| self::is_spam_bot() ) {
227			$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
228			}
229
230			if ( self::blacklist_check( $values ) ) {
231			$errors['spam'] = __( 'Your entry appears to be blacklist spam!', 'formidable' );
232			}
233
234			if ( self::is_akismet_spam( $values ) ) {
235			if ( self::is_akismet_enabled_for_user( $values['form_id'] ) ) {
236			$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
237			}
238			}
239			}
240
241			private static function is_honeypot_spam() {
242			$honeypot_value = FrmAppHelper::get_param( 'frm_verify', '', 'get', 'sanitize_text_field' );
243
244			return ( $honeypot_value !== '' );
245			}
246
247			private static function is_spam_bot() {
248			$ip = FrmAppHelper::get_ip_address();
249
250			return empty( $ip );
251			}
252
253			private static function is_akismet_spam( $values ) {
254			global $wpcom_api_key;
255
256			return ( is_callable( 'Akismet::http_post' ) && ( get_option( 'wordpress_api_key' ) \|\| $wpcom_api_key ) && self::akismet( $values ) );
257			}
258
259			private static function is_akismet_enabled_for_user( $form_id ) {
260			$form = FrmForm::getOne( $form_id );
261
262			return ( isset( $form->options['akismet'] ) && ! empty( $form->options['akismet'] ) && ( $form->options['akismet'] != 'logged' \|\| ! is_user_logged_in() ) );
263			}
264
265			public static function blacklist_check( $values ) {
266			if ( ! apply_filters( 'frm_check_blacklist', true, $values ) ) {
267			return false;
268			}
269
270			$mod_keys = trim( get_option( 'blacklist_keys' ) );
271			if ( empty( $mod_keys ) ) {
272			return false;
273			}
274
275			$content = FrmEntriesHelper::entry_array_to_string( $values );
276			if ( empty( $content ) ) {
277			return false;
278			}
279
280			$ip = FrmAppHelper::get_ip_address();
281			$user_agent = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
282			$user_info = self::get_spam_check_user_info( $values );
283
284			return wp_blacklist_check( $user_info['comment_author'], $user_info['comment_author_email'], $user_info['comment_author_url'], $content, $ip, $user_agent );
285			}
286
287			/**
288			* Check entries for Akismet spam
289			*
290			* @return boolean true if is spam
291			*/
292			public static function akismet( $values ) {
293			$content = FrmEntriesHelper::entry_array_to_string( $values );
294			if ( empty( $content ) ) {
295			return false;
296			}
297
298			$datas = array(
299			'comment_type' => 'formidable',
300			'comment_content' => $content,
301			);
302			self::parse_akismet_array( $datas, $values );
303
304			$query_string = _http_build_query( $datas, '', '&' );
305			$response = Akismet::http_post( $query_string, 'comment-check' );
306
307			return ( is_array( $response ) && $response[1] == 'true' );
308			}
309
310			/**
311			* @since 2.0
312			*/
313			private static function parse_akismet_array( &$datas, $values ) {
314			self::add_site_info_to_akismet( $datas );
315			self::add_user_info_to_akismet( $datas, $values );
316			self::add_server_values_to_akismet( $datas );
317			}
318
319			private static function add_site_info_to_akismet( &$datas ) {
320			$datas['blog'] = FrmAppHelper::site_url();
321			$datas['user_ip'] = preg_replace( '/[^0-9., ]/', '', FrmAppHelper::get_ip_address() );
322			$datas['user_agent'] = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
323			$datas['referrer'] = isset( $_SERVER['HTTP_REFERER'] ) ? FrmAppHelper::get_server_value( 'HTTP_REFERER' ) : false;
324			$datas['blog_lang'] = get_locale();
325			$datas['blog_charset'] = get_option( 'blog_charset' );
326
327			if ( akismet_test_mode() ) {
328			$datas['is_test'] = 'true';
329			}
330			}
331
332			private static function add_user_info_to_akismet( &$datas, $values ) {
333			$user_info = self::get_spam_check_user_info( $values );
334			$datas = $datas + $user_info;
335
336			if ( isset( $user_info['user_ID'] ) ) {
337			$datas['user_role'] = Akismet::get_user_roles( $user_info['user_ID'] );
338			}
339			}
340
341			private static function get_spam_check_user_info( $values ) {
342			$datas = array();
343
344			if ( is_user_logged_in() ) {
345			$user = wp_get_current_user();
346
347			$datas['user_ID'] = $user->ID;
348			$datas['user_id'] = $user->ID;
349			$datas['comment_author'] = $user->display_name;
350			$datas['comment_author_email'] = $user->user_email;
351			$datas['comment_author_url'] = $user->user_url;
352			} else {
353			$datas['comment_author'] = '';
354			$datas['comment_author_email'] = '';
355			$datas['comment_author_url'] = '';
356
357			$values = array_filter( $values );
358			foreach ( $values as $value ) {
359			if ( ! is_array( $value ) ) {
360			if ( $datas['comment_author_email'] == '' && strpos( $value, '@' ) && is_email( $value ) ) {
361			$datas['comment_author_email'] = $value;
362			} elseif ( $datas['comment_author_url'] == '' && strpos( $value, 'http' ) === 0 ) {
363			$datas['comment_author_url'] = $value;
364			} elseif ( $datas['comment_author'] == '' && ! is_numeric( $value ) && strlen( $value ) < 200 ) {
365			$datas['comment_author'] = $value;
366			}
367			}
368			}
369			}
370
371			return $datas;
372			}
373
374			private static function add_server_values_to_akismet( &$datas ) {
375			foreach ( $_SERVER as $key => $value ) {
376			$include_value = is_string( $value ) && ! preg_match( '/^HTTP_COOKIE/', $key ) && preg_match( '/^(HTTP_\|REMOTE_ADDR\|REQUEST_URI\|DOCUMENT_URI)/', $key );
377
378			// Send any potentially useful $_SERVER vars, but avoid sending junk we don't need.
379			if ( $include_value ) {
380			$datas[ $key ] = $value;
381			}
382			unset( $key, $value );
383			}
384			}
385
386			/**
387			* @deprecated 3.0
388			* @codeCoverageIgnore
389			*/
390			public static function validate_url_field( &$errors, $field, $value, $args ) {
391			FrmDeprecated::validate_url_field( $errors, $field, $value, $args );
392			}
393
394			/**
395			* @deprecated 3.0
396			* @codeCoverageIgnore
397			*/
398			public static function validate_email_field( &$errors, $field, $value, $args ) {
399			FrmDeprecated::validate_email_field( $errors, $field, $value, $args );
400			}
401
402			/**
403			* @deprecated 3.0
404			* @codeCoverageIgnore
405			*/
406			public static function validate_number_field( &$errors, $field, $value, $args ) {
407			FrmDeprecated::validate_number_field( $errors, $field, $value, $args );
408			}
409
410			/**
411			* @deprecated 3.0
412			* @codeCoverageIgnore
413			*/
414			public static function validate_recaptcha( &$errors, $field, $args ) {
415			FrmDeprecated::validate_recaptcha( $errors, $field, $args );
416			}
417			}
418

Strategy11 / formidable-forms

Push — master ( 3bc623...b7947d )

FrmEntryValidate::get_fields_to_validate() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like