Strategy11 /
formidable-forms
@@ -11,7 +11,7 @@ discard block |
||
| 11 | 11 | |
| 12 | 12 | /* Check if logged in */ |
| 13 | 13 | if ( is_user_logged_in() ) { |
| 14 | - return $response; |
|
| 14 | + return $response; |
|
| 15 | 15 | } |
| 16 | 16 | |
| 17 | 17 | /* Honeypot */ |
@@ -65,10 +65,10 @@ discard block |
||
| 65 | 65 | } |
| 66 | 66 | |
| 67 | 67 | /** |
| 68 | - * Check for form submission time |
|
| 69 | - * |
|
| 70 | - * @return boolean TRUE if the action time is less than 5 seconds |
|
| 71 | - */ |
|
| 68 | + * Check for form submission time |
|
| 69 | + * |
|
| 70 | + * @return boolean TRUE if the action time is less than 5 seconds |
|
| 71 | + */ |
|
| 72 | 72 | |
| 73 | 73 | private static function _is_shortest_time() { |
| 74 | 74 | $too_short = false; |
@@ -124,11 +124,11 @@ discard block |
||
| 124 | 124 | } |
| 125 | 125 | |
| 126 | 126 | /** |
| 127 | - * Check for an IPv6 address |
|
| 128 | - * |
|
| 129 | - * @param string $ip IP to validate |
|
| 130 | - * @return boolean TRUE if IPv6 |
|
| 131 | - */ |
|
| 127 | + * Check for an IPv6 address |
|
| 128 | + * |
|
| 129 | + * @param string $ip IP to validate |
|
| 130 | + * @return boolean TRUE if IPv6 |
|
| 131 | + */ |
|
| 132 | 132 | |
| 133 | 133 | private static function _is_ipv6( $ip ) { |
| 134 | 134 | if ( function_exists('filter_var') ) { |
@@ -98,6 +98,9 @@ discard block |
||
| 98 | 98 | return (bool) preg_match( '/\[url[=\]].*\[\/url\]/is', $body ); |
| 99 | 99 | } |
| 100 | 100 | |
| 101 | + /** |
|
| 102 | + * @param string $client_ip |
|
| 103 | + */ |
|
| 101 | 104 | private static function _is_fake_ip( $client_ip, $client_host = false ) { |
| 102 | 105 | /* Remote Host */ |
| 103 | 106 | $host_by_ip = gethostbyaddr( $client_ip ); |
@@ -159,6 +162,9 @@ discard block |
||
| 159 | 162 | } |
| 160 | 163 | } |
| 161 | 164 | |
| 165 | + /** |
|
| 166 | + * @param string $ip |
|
| 167 | + */ |
|
| 162 | 168 | private static function _cut_ip( $ip, $cut_end = true ) { |
| 163 | 169 | $separator = ( self::_is_ipv4( $ip ) ? '.' : ':' ); |
| 164 | 170 | $part = ( $cut_end ? strrchr( $ip, $separator ) : strstr( $ip, $separator ) ); |
@@ -252,6 +258,9 @@ discard block |
||
| 252 | 258 | return false; |
| 253 | 259 | } |
| 254 | 260 | |
| 261 | + /** |
|
| 262 | + * @param string $ip |
|
| 263 | + */ |
|
| 255 | 264 | private static function _is_dnsbl_spam( $ip ) { |
| 256 | 265 | |
| 257 | 266 | $response = wp_safe_remote_request( |
@@ -138,7 +138,7 @@ discard block |
||
| 138 | 138 | */ |
| 139 | 139 | |
| 140 | 140 | private static function _is_ipv6( $ip ) { |
| 141 | - if ( function_exists('filter_var') ) { |
|
| 141 | + if ( function_exists( 'filter_var' ) ) { |
|
| 142 | 142 | return filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) !== false; |
| 143 | 143 | } else { |
| 144 | 144 | return ! self::_is_ipv4( $ip ); |
@@ -152,7 +152,7 @@ discard block |
||
| 152 | 152 | * @return integer TRUE if IPv4 |
| 153 | 153 | */ |
| 154 | 154 | private static function _is_ipv4( $ip ) { |
| 155 | - if ( function_exists('filter_var') ) { |
|
| 155 | + if ( function_exists( 'filter_var' ) ) { |
|
| 156 | 156 | return filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) !== false; |
| 157 | 157 | } else { |
| 158 | 158 | return preg_match( '/^\d{1,3}(\.\d{1,3}){3,3}$/', $ip ); |
@@ -232,15 +232,15 @@ discard block |
||
| 232 | 232 | } |
| 233 | 233 | |
| 234 | 234 | /* Ignore non utf-8 chars */ |
| 235 | - $comment[ $field ] = ( function_exists('iconv') ? iconv( 'utf-8', 'utf-8//TRANSLIT', $comment[ $field ] ) : $comment[ $field ] ); |
|
| 235 | + $comment[$field] = ( function_exists( 'iconv' ) ? iconv( 'utf-8', 'utf-8//TRANSLIT', $comment[$field] ) : $comment[$field] ); |
|
| 236 | 236 | |
| 237 | - if ( empty( $comment[ $field ] ) ) { |
|
| 237 | + if ( empty( $comment[$field] ) ) { |
|
| 238 | 238 | continue; |
| 239 | 239 | } |
| 240 | 240 | |
| 241 | 241 | /* Perform regex */ |
| 242 | - if ( preg_match( '/' .$regexp. '/isu', $comment[ $field ] ) ) { |
|
| 243 | - $hits[ $field ] = true; |
|
| 242 | + if ( preg_match( '/' . $regexp . '/isu', $comment[$field] ) ) { |
|
| 243 | + $hits[$field] = true; |
|
| 244 | 244 | } |
| 245 | 245 | } |
| 246 | 246 | |
@@ -1,26 +1,26 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | class FrmEntryValidate { |
| 4 | - public static function validate( $values, $exclude = false ) { |
|
| 5 | - global $wpdb; |
|
| 4 | + public static function validate( $values, $exclude = false ) { |
|
| 5 | + global $wpdb; |
|
| 6 | 6 | |
| 7 | - FrmEntry::sanitize_entry_post( $values ); |
|
| 8 | - $errors = array(); |
|
| 7 | + FrmEntry::sanitize_entry_post( $values ); |
|
| 8 | + $errors = array(); |
|
| 9 | 9 | |
| 10 | - if ( ! isset($values['form_id']) || ! isset($values['item_meta']) ) { |
|
| 11 | - $errors['form'] = __( 'There was a problem with your submission. Please try again.', 'formidable' ); |
|
| 12 | - return $errors; |
|
| 13 | - } |
|
| 10 | + if ( ! isset($values['form_id']) || ! isset($values['item_meta']) ) { |
|
| 11 | + $errors['form'] = __( 'There was a problem with your submission. Please try again.', 'formidable' ); |
|
| 12 | + return $errors; |
|
| 13 | + } |
|
| 14 | 14 | |
| 15 | 15 | if ( FrmAppHelper::is_admin() && is_user_logged_in() && ( ! isset( $values[ 'frm_submit_entry_' . $values['form_id'] ] ) || ! wp_verify_nonce( $values[ 'frm_submit_entry_' . $values['form_id'] ], 'frm_submit_entry_nonce' ) ) ) { |
| 16 | - $errors['form'] = __( 'You do not have permission to do that', 'formidable' ); |
|
| 17 | - } |
|
| 16 | + $errors['form'] = __( 'You do not have permission to do that', 'formidable' ); |
|
| 17 | + } |
|
| 18 | 18 | |
| 19 | - if ( ! isset($values['item_key']) || $values['item_key'] == '' ) { |
|
| 19 | + if ( ! isset($values['item_key']) || $values['item_key'] == '' ) { |
|
| 20 | 20 | $_POST['item_key'] = $values['item_key'] = FrmAppHelper::get_unique_key( '', $wpdb->prefix . 'frm_items', 'item_key' ); |
| 21 | - } |
|
| 21 | + } |
|
| 22 | 22 | |
| 23 | - $where = apply_filters('frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) ); |
|
| 23 | + $where = apply_filters('frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) ); |
|
| 24 | 24 | // Don't get subfields |
| 25 | 25 | $where['fr.parent_form_id'] = array( null, 0 ); |
| 26 | 26 | // Don't get excluded fields (like file upload fields in the ajax validation) |
@@ -28,42 +28,42 @@ discard block |
||
| 28 | 28 | $where['fi.type not'] = $exclude; |
| 29 | 29 | } |
| 30 | 30 | |
| 31 | - $posted_fields = FrmField::getAll($where, 'field_order'); |
|
| 31 | + $posted_fields = FrmField::getAll($where, 'field_order'); |
|
| 32 | 32 | |
| 33 | - // Pass exclude value to validate_field function so it can be used for repeating sections |
|
| 34 | - $args = array( 'exclude' => $exclude ); |
|
| 33 | + // Pass exclude value to validate_field function so it can be used for repeating sections |
|
| 34 | + $args = array( 'exclude' => $exclude ); |
|
| 35 | 35 | |
| 36 | - foreach ( $posted_fields as $posted_field ) { |
|
| 37 | - self::validate_field($posted_field, $errors, $values, $args); |
|
| 38 | - unset($posted_field); |
|
| 39 | - } |
|
| 36 | + foreach ( $posted_fields as $posted_field ) { |
|
| 37 | + self::validate_field($posted_field, $errors, $values, $args); |
|
| 38 | + unset($posted_field); |
|
| 39 | + } |
|
| 40 | 40 | |
| 41 | - // check for spam |
|
| 42 | - self::spam_check( $exclude, $values, $errors ); |
|
| 41 | + // check for spam |
|
| 42 | + self::spam_check( $exclude, $values, $errors ); |
|
| 43 | 43 | |
| 44 | - $errors = apply_filters( 'frm_validate_entry', $errors, $values, compact('exclude') ); |
|
| 44 | + $errors = apply_filters( 'frm_validate_entry', $errors, $values, compact('exclude') ); |
|
| 45 | 45 | |
| 46 | - return $errors; |
|
| 47 | - } |
|
| 46 | + return $errors; |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - public static function validate_field( $posted_field, &$errors, $values, $args = array() ) { |
|
| 50 | - $defaults = array( |
|
| 51 | - 'id' => $posted_field->id, |
|
| 52 | - 'parent_field_id' => '', // the id of the repeat or embed form |
|
| 53 | - 'key_pointer' => '', // the pointer in the posted array |
|
| 54 | - 'exclude' => array(), // exclude these field types from validation |
|
| 55 | - ); |
|
| 56 | - $args = wp_parse_args( $args, $defaults ); |
|
| 49 | + public static function validate_field( $posted_field, &$errors, $values, $args = array() ) { |
|
| 50 | + $defaults = array( |
|
| 51 | + 'id' => $posted_field->id, |
|
| 52 | + 'parent_field_id' => '', // the id of the repeat or embed form |
|
| 53 | + 'key_pointer' => '', // the pointer in the posted array |
|
| 54 | + 'exclude' => array(), // exclude these field types from validation |
|
| 55 | + ); |
|
| 56 | + $args = wp_parse_args( $args, $defaults ); |
|
| 57 | 57 | |
| 58 | - if ( empty($args['parent_field_id']) ) { |
|
| 58 | + if ( empty($args['parent_field_id']) ) { |
|
| 59 | 59 | $value = isset( $values['item_meta'][ $args['id'] ] ) ? $values['item_meta'][ $args['id'] ] : ''; |
| 60 | - } else { |
|
| 61 | - // value is from a nested form |
|
| 62 | - $value = $values; |
|
| 63 | - } |
|
| 60 | + } else { |
|
| 61 | + // value is from a nested form |
|
| 62 | + $value = $values; |
|
| 63 | + } |
|
| 64 | 64 | |
| 65 | - // Check for values in "Other" fields |
|
| 66 | - FrmEntriesHelper::maybe_set_other_validation( $posted_field, $value, $args ); |
|
| 65 | + // Check for values in "Other" fields |
|
| 66 | + FrmEntriesHelper::maybe_set_other_validation( $posted_field, $value, $args ); |
|
| 67 | 67 | |
| 68 | 68 | self::maybe_clear_value_for_default_blank_setting( $posted_field, $value ); |
| 69 | 69 | |
@@ -72,11 +72,11 @@ discard block |
||
| 72 | 72 | $value = reset($value); |
| 73 | 73 | } |
| 74 | 74 | |
| 75 | - if ( $posted_field->required == '1' && ! is_array( $value ) && trim( $value ) == '' ) { |
|
| 75 | + if ( $posted_field->required == '1' && ! is_array( $value ) && trim( $value ) == '' ) { |
|
| 76 | 76 | $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' ); |
| 77 | - } else if ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { |
|
| 78 | - $_POST['item_name'] = $value; |
|
| 79 | - } |
|
| 77 | + } else if ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { |
|
| 78 | + $_POST['item_name'] = $value; |
|
| 79 | + } |
|
| 80 | 80 | |
| 81 | 81 | if ( $value != '' ) { |
| 82 | 82 | self::validate_url_field( $errors, $posted_field, $value, $args ); |
@@ -85,13 +85,13 @@ discard block |
||
| 85 | 85 | self::validate_phone_field( $errors, $posted_field, $value, $args ); |
| 86 | 86 | } |
| 87 | 87 | |
| 88 | - FrmEntriesHelper::set_posted_value($posted_field, $value, $args); |
|
| 88 | + FrmEntriesHelper::set_posted_value($posted_field, $value, $args); |
|
| 89 | 89 | |
| 90 | - self::validate_recaptcha($errors, $posted_field, $args); |
|
| 90 | + self::validate_recaptcha($errors, $posted_field, $args); |
|
| 91 | 91 | |
| 92 | 92 | $errors = apply_filters( 'frm_validate_' . $posted_field->type . '_field_entry', $errors, $posted_field, $value, $args ); |
| 93 | 93 | $errors = apply_filters( 'frm_validate_field_entry', $errors, $posted_field, $value, $args ); |
| 94 | - } |
|
| 94 | + } |
|
| 95 | 95 | |
| 96 | 96 | private static function maybe_clear_value_for_default_blank_setting( $field, &$value ) { |
| 97 | 97 | if ( FrmField::is_option_true_in_object( $field, 'default_blank' ) && $value == $field->default_value ) { |
@@ -101,32 +101,32 @@ discard block |
||
| 101 | 101 | |
| 102 | 102 | public static function validate_url_field( &$errors, $field, &$value, $args ) { |
| 103 | 103 | if ( $value == '' || ! in_array( $field->type, array( 'website', 'url', 'image' ) ) ) { |
| 104 | - return; |
|
| 105 | - } |
|
| 104 | + return; |
|
| 105 | + } |
|
| 106 | 106 | |
| 107 | - if ( trim($value) == 'http://' ) { |
|
| 108 | - $value = ''; |
|
| 109 | - } else { |
|
| 110 | - $value = esc_url_raw( $value ); |
|
| 107 | + if ( trim($value) == 'http://' ) { |
|
| 108 | + $value = ''; |
|
| 109 | + } else { |
|
| 110 | + $value = esc_url_raw( $value ); |
|
| 111 | 111 | $value = preg_match( '/^(https?|ftps?|mailto|news|feed|telnet):/is', $value ) ? $value : 'http://' . $value; |
| 112 | - } |
|
| 112 | + } |
|
| 113 | 113 | |
| 114 | - // validate the url format |
|
| 114 | + // validate the url format |
|
| 115 | 115 | if ( ! preg_match('/^http(s)?:\/\/(?:localhost|(?:[\da-z\.-]+\.[\da-z\.-]+))/i', $value) ) { |
| 116 | 116 | $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
| 117 | 117 | } |
| 118 | - } |
|
| 118 | + } |
|
| 119 | 119 | |
| 120 | 120 | public static function validate_email_field( &$errors, $field, $value, $args ) { |
| 121 | - if ( $value == '' || $field->type != 'email' ) { |
|
| 122 | - return; |
|
| 123 | - } |
|
| 121 | + if ( $value == '' || $field->type != 'email' ) { |
|
| 122 | + return; |
|
| 123 | + } |
|
| 124 | 124 | |
| 125 | - //validate the email format |
|
| 126 | - if ( ! is_email($value) ) { |
|
| 125 | + //validate the email format |
|
| 126 | + if ( ! is_email($value) ) { |
|
| 127 | 127 | $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
| 128 | - } |
|
| 129 | - } |
|
| 128 | + } |
|
| 129 | + } |
|
| 130 | 130 | |
| 131 | 131 | public static function validate_number_field( &$errors, $field, $value, $args ) { |
| 132 | 132 | //validate the number format |
@@ -220,9 +220,9 @@ discard block |
||
| 220 | 220 | } |
| 221 | 221 | |
| 222 | 222 | public static function validate_recaptcha( &$errors, $field, $args ) { |
| 223 | - if ( $field->type != 'captcha' || FrmAppHelper::is_admin() || apply_filters( 'frm_is_field_hidden', false, $field, stripslashes_deep( $_POST ) ) ) { |
|
| 224 | - return; |
|
| 225 | - } |
|
| 223 | + if ( $field->type != 'captcha' || FrmAppHelper::is_admin() || apply_filters( 'frm_is_field_hidden', false, $field, stripslashes_deep( $_POST ) ) ) { |
|
| 224 | + return; |
|
| 225 | + } |
|
| 226 | 226 | |
| 227 | 227 | $frm_settings = FrmAppHelper::get_settings(); |
| 228 | 228 | if ( empty( $frm_settings->pubkey ) ) { |
@@ -230,57 +230,57 @@ discard block |
||
| 230 | 230 | return; |
| 231 | 231 | } |
| 232 | 232 | |
| 233 | - if ( ! isset($_POST['g-recaptcha-response']) ) { |
|
| 234 | - // If captcha is missing, check if it was already verified |
|
| 233 | + if ( ! isset($_POST['g-recaptcha-response']) ) { |
|
| 234 | + // If captcha is missing, check if it was already verified |
|
| 235 | 235 | if ( ! isset( $_POST['recaptcha_checked'] ) || ! wp_verify_nonce( $_POST['recaptcha_checked'], 'frm_ajax' ) ) { |
| 236 | - // There was no captcha submitted |
|
| 236 | + // There was no captcha submitted |
|
| 237 | 237 | $errors[ 'field' . $args['id'] ] = __( 'The captcha is missing from this form', 'formidable' ); |
| 238 | - } |
|
| 239 | - return; |
|
| 240 | - } |
|
| 238 | + } |
|
| 239 | + return; |
|
| 240 | + } |
|
| 241 | 241 | |
| 242 | - $arg_array = array( |
|
| 243 | - 'body' => array( |
|
| 242 | + $arg_array = array( |
|
| 243 | + 'body' => array( |
|
| 244 | 244 | 'secret' => $frm_settings->privkey, |
| 245 | 245 | 'response' => $_POST['g-recaptcha-response'], |
| 246 | 246 | 'remoteip' => FrmAppHelper::get_ip_address(), |
| 247 | 247 | ), |
| 248 | 248 | ); |
| 249 | - $resp = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', $arg_array ); |
|
| 250 | - $response = json_decode(wp_remote_retrieve_body( $resp ), true); |
|
| 249 | + $resp = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', $arg_array ); |
|
| 250 | + $response = json_decode(wp_remote_retrieve_body( $resp ), true); |
|
| 251 | 251 | |
| 252 | - if ( isset( $response['success'] ) && ! $response['success'] ) { |
|
| 253 | - // What happens when the CAPTCHA was entered incorrectly |
|
| 252 | + if ( isset( $response['success'] ) && ! $response['success'] ) { |
|
| 253 | + // What happens when the CAPTCHA was entered incorrectly |
|
| 254 | 254 | $errors[ 'field' . $args['id'] ] = ( ! isset( $field->field_options['invalid'] ) || $field->field_options['invalid'] == '' ) ? $frm_settings->re_msg : $field->field_options['invalid']; |
| 255 | - } else if ( is_wp_error( $resp ) ) { |
|
| 255 | + } else if ( is_wp_error( $resp ) ) { |
|
| 256 | 256 | $error_string = $resp->get_error_message(); |
| 257 | 257 | $errors[ 'field' . $args['id'] ] = __( 'There was a problem verifying your recaptcha', 'formidable' ); |
| 258 | 258 | $errors[ 'field' . $args['id'] ] .= ' ' . $error_string; |
| 259 | - } |
|
| 260 | - } |
|
| 261 | - |
|
| 262 | - /** |
|
| 263 | - * check for spam |
|
| 264 | - * @param boolean $exclude |
|
| 265 | - * @param array $values |
|
| 266 | - * @param array $errors by reference |
|
| 267 | - */ |
|
| 268 | - public static function spam_check( $exclude, $values, &$errors ) { |
|
| 269 | - if ( ! empty( $exclude ) || ! isset( $values['item_meta'] ) || empty( $values['item_meta'] ) || ! empty( $errors ) ) { |
|
| 270 | - // only check spam if there are no other errors |
|
| 271 | - return; |
|
| 272 | - } |
|
| 273 | - |
|
| 274 | - if ( self::is_akismet_spam( $values ) ) { |
|
| 259 | + } |
|
| 260 | + } |
|
| 261 | + |
|
| 262 | + /** |
|
| 263 | + * check for spam |
|
| 264 | + * @param boolean $exclude |
|
| 265 | + * @param array $values |
|
| 266 | + * @param array $errors by reference |
|
| 267 | + */ |
|
| 268 | + public static function spam_check( $exclude, $values, &$errors ) { |
|
| 269 | + if ( ! empty( $exclude ) || ! isset( $values['item_meta'] ) || empty( $values['item_meta'] ) || ! empty( $errors ) ) { |
|
| 270 | + // only check spam if there are no other errors |
|
| 271 | + return; |
|
| 272 | + } |
|
| 273 | + |
|
| 274 | + if ( self::is_akismet_spam( $values ) ) { |
|
| 275 | 275 | if ( self::is_akismet_enabled_for_user( $values['form_id'] ) ) { |
| 276 | 276 | $errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' ); |
| 277 | 277 | } |
| 278 | - } |
|
| 278 | + } |
|
| 279 | 279 | |
| 280 | - if ( self::blacklist_check( $values ) ) { |
|
| 281 | - $errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' ); |
|
| 282 | - } |
|
| 283 | - } |
|
| 280 | + if ( self::blacklist_check( $values ) ) { |
|
| 281 | + $errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' ); |
|
| 282 | + } |
|
| 283 | + } |
|
| 284 | 284 | |
| 285 | 285 | private static function is_akismet_spam( $values ) { |
| 286 | 286 | global $wpcom_api_key; |
@@ -292,21 +292,21 @@ discard block |
||
| 292 | 292 | return ( isset( $form->options['akismet'] ) && ! empty( $form->options['akismet'] ) && ( $form->options['akismet'] != 'logged' || ! is_user_logged_in() ) ); |
| 293 | 293 | } |
| 294 | 294 | |
| 295 | - public static function blacklist_check( $values ) { |
|
| 296 | - if ( ! apply_filters('frm_check_blacklist', true, $values) ) { |
|
| 297 | - return false; |
|
| 298 | - } |
|
| 295 | + public static function blacklist_check( $values ) { |
|
| 296 | + if ( ! apply_filters('frm_check_blacklist', true, $values) ) { |
|
| 297 | + return false; |
|
| 298 | + } |
|
| 299 | 299 | |
| 300 | - $mod_keys = trim( get_option( 'blacklist_keys' ) ); |
|
| 300 | + $mod_keys = trim( get_option( 'blacklist_keys' ) ); |
|
| 301 | 301 | |
| 302 | - if ( empty( $mod_keys ) ) { |
|
| 303 | - return false; |
|
| 304 | - } |
|
| 302 | + if ( empty( $mod_keys ) ) { |
|
| 303 | + return false; |
|
| 304 | + } |
|
| 305 | 305 | |
| 306 | - $content = FrmEntriesHelper::entry_array_to_string($values); |
|
| 306 | + $content = FrmEntriesHelper::entry_array_to_string($values); |
|
| 307 | 307 | |
| 308 | 308 | if ( empty($content) ) { |
| 309 | - return false; |
|
| 309 | + return false; |
|
| 310 | 310 | } |
| 311 | 311 | |
| 312 | 312 | $content = strtolower( $content ); |
@@ -314,10 +314,10 @@ discard block |
||
| 314 | 314 | $ip = FrmAppHelper::get_ip_address(); |
| 315 | 315 | $user_agent = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' ); |
| 316 | 316 | |
| 317 | - $words = explode( "\n", $mod_keys ); |
|
| 317 | + $words = explode( "\n", $mod_keys ); |
|
| 318 | 318 | |
| 319 | - foreach ( (array) $words as $word ) { |
|
| 320 | - $word = trim( $word ); |
|
| 319 | + foreach ( (array) $words as $word ) { |
|
| 320 | + $word = trim( $word ); |
|
| 321 | 321 | |
| 322 | 322 | if ( empty( $word ) ) { |
| 323 | 323 | continue; |
@@ -332,27 +332,27 @@ discard block |
||
| 332 | 332 | $in_content = preg_match( $pattern, $content ) || preg_match( $pattern, $content_without_html ); |
| 333 | 333 | $blacklist_user = preg_match( $pattern, $ip ) || preg_match( $pattern, $user_agent ); |
| 334 | 334 | if ( $in_content || $blacklist_user ) { |
| 335 | - return true; |
|
| 336 | - } |
|
| 337 | - } |
|
| 335 | + return true; |
|
| 336 | + } |
|
| 337 | + } |
|
| 338 | 338 | |
| 339 | - return false; |
|
| 340 | - } |
|
| 339 | + return false; |
|
| 340 | + } |
|
| 341 | 341 | |
| 342 | - /** |
|
| 343 | - * Check entries for spam |
|
| 344 | - * |
|
| 345 | - * @return boolean true if is spam |
|
| 346 | - */ |
|
| 347 | - public static function akismet( $values ) { |
|
| 348 | - $content = FrmEntriesHelper::entry_array_to_string( $values ); |
|
| 342 | + /** |
|
| 343 | + * Check entries for spam |
|
| 344 | + * |
|
| 345 | + * @return boolean true if is spam |
|
| 346 | + */ |
|
| 347 | + public static function akismet( $values ) { |
|
| 348 | + $content = FrmEntriesHelper::entry_array_to_string( $values ); |
|
| 349 | 349 | |
| 350 | 350 | if ( empty( $content ) ) { |
| 351 | - return false; |
|
| 351 | + return false; |
|
| 352 | 352 | } |
| 353 | 353 | |
| 354 | - $datas = array(); |
|
| 355 | - self::parse_akismet_array( $datas, $content ); |
|
| 354 | + $datas = array(); |
|
| 355 | + self::parse_akismet_array( $datas, $content ); |
|
| 356 | 356 | |
| 357 | 357 | $query_string = ''; |
| 358 | 358 | foreach ( $datas as $key => $data ) { |
@@ -360,35 +360,35 @@ discard block |
||
| 360 | 360 | unset( $key, $data ); |
| 361 | 361 | } |
| 362 | 362 | |
| 363 | - $response = Akismet::http_post($query_string, 'comment-check'); |
|
| 363 | + $response = Akismet::http_post($query_string, 'comment-check'); |
|
| 364 | 364 | |
| 365 | 365 | return ( is_array( $response ) && $response[1] == 'true' ); |
| 366 | - } |
|
| 367 | - |
|
| 368 | - /** |
|
| 369 | - * @since 2.0 |
|
| 370 | - * @param string $content |
|
| 371 | - */ |
|
| 372 | - private static function parse_akismet_array( &$datas, $content ) { |
|
| 373 | - $datas['blog'] = FrmAppHelper::site_url(); |
|
| 374 | - $datas['user_ip'] = preg_replace( '/[^0-9., ]/', '', FrmAppHelper::get_ip_address() ); |
|
| 366 | + } |
|
| 367 | + |
|
| 368 | + /** |
|
| 369 | + * @since 2.0 |
|
| 370 | + * @param string $content |
|
| 371 | + */ |
|
| 372 | + private static function parse_akismet_array( &$datas, $content ) { |
|
| 373 | + $datas['blog'] = FrmAppHelper::site_url(); |
|
| 374 | + $datas['user_ip'] = preg_replace( '/[^0-9., ]/', '', FrmAppHelper::get_ip_address() ); |
|
| 375 | 375 | $datas['user_agent'] = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' ); |
| 376 | 376 | $datas['referrer'] = isset( $_SERVER['HTTP_REFERER'] ) ? FrmAppHelper::get_server_value( 'HTTP_REFERER' ) : false; |
| 377 | - $datas['comment_type'] = 'formidable'; |
|
| 378 | - $datas['comment_content'] = $content; |
|
| 377 | + $datas['comment_type'] = 'formidable'; |
|
| 378 | + $datas['comment_content'] = $content; |
|
| 379 | 379 | |
| 380 | - if ( $permalink = get_permalink() ) { |
|
| 381 | - $datas['permalink'] = $permalink; |
|
| 382 | - } |
|
| 380 | + if ( $permalink = get_permalink() ) { |
|
| 381 | + $datas['permalink'] = $permalink; |
|
| 382 | + } |
|
| 383 | 383 | |
| 384 | - foreach ( $_SERVER as $key => $value ) { |
|
| 384 | + foreach ( $_SERVER as $key => $value ) { |
|
| 385 | 385 | if ( ! in_array( $key, array( 'HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW' ) ) && is_string( $value ) ) { |
| 386 | 386 | $datas[ $key ] = wp_strip_all_tags( $value ); |
| 387 | - } else { |
|
| 387 | + } else { |
|
| 388 | 388 | $datas[ $key ] = ''; |
| 389 | - } |
|
| 389 | + } |
|
| 390 | 390 | |
| 391 | - unset($key, $value); |
|
| 392 | - } |
|
| 393 | - } |
|
| 391 | + unset($key, $value); |
|
| 392 | + } |
|
| 393 | + } |
|
| 394 | 394 | } |
@@ -7,20 +7,20 @@ discard block |
||
| 7 | 7 | FrmEntry::sanitize_entry_post( $values ); |
| 8 | 8 | $errors = array(); |
| 9 | 9 | |
| 10 | - if ( ! isset($values['form_id']) || ! isset($values['item_meta']) ) { |
|
| 10 | + if ( ! isset( $values['form_id'] ) || ! isset( $values['item_meta'] ) ) { |
|
| 11 | 11 | $errors['form'] = __( 'There was a problem with your submission. Please try again.', 'formidable' ); |
| 12 | 12 | return $errors; |
| 13 | 13 | } |
| 14 | 14 | |
| 15 | - if ( FrmAppHelper::is_admin() && is_user_logged_in() && ( ! isset( $values[ 'frm_submit_entry_' . $values['form_id'] ] ) || ! wp_verify_nonce( $values[ 'frm_submit_entry_' . $values['form_id'] ], 'frm_submit_entry_nonce' ) ) ) { |
|
| 15 | + if ( FrmAppHelper::is_admin() && is_user_logged_in() && ( ! isset( $values['frm_submit_entry_' . $values['form_id']] ) || ! wp_verify_nonce( $values['frm_submit_entry_' . $values['form_id']], 'frm_submit_entry_nonce' ) ) ) { |
|
| 16 | 16 | $errors['form'] = __( 'You do not have permission to do that', 'formidable' ); |
| 17 | 17 | } |
| 18 | 18 | |
| 19 | - if ( ! isset($values['item_key']) || $values['item_key'] == '' ) { |
|
| 19 | + if ( ! isset( $values['item_key'] ) || $values['item_key'] == '' ) { |
|
| 20 | 20 | $_POST['item_key'] = $values['item_key'] = FrmAppHelper::get_unique_key( '', $wpdb->prefix . 'frm_items', 'item_key' ); |
| 21 | 21 | } |
| 22 | 22 | |
| 23 | - $where = apply_filters('frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) ); |
|
| 23 | + $where = apply_filters( 'frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) ); |
|
| 24 | 24 | // Don't get subfields |
| 25 | 25 | $where['fr.parent_form_id'] = array( null, 0 ); |
| 26 | 26 | // Don't get excluded fields (like file upload fields in the ajax validation) |
@@ -28,20 +28,20 @@ discard block |
||
| 28 | 28 | $where['fi.type not'] = $exclude; |
| 29 | 29 | } |
| 30 | 30 | |
| 31 | - $posted_fields = FrmField::getAll($where, 'field_order'); |
|
| 31 | + $posted_fields = FrmField::getAll( $where, 'field_order' ); |
|
| 32 | 32 | |
| 33 | 33 | // Pass exclude value to validate_field function so it can be used for repeating sections |
| 34 | 34 | $args = array( 'exclude' => $exclude ); |
| 35 | 35 | |
| 36 | 36 | foreach ( $posted_fields as $posted_field ) { |
| 37 | - self::validate_field($posted_field, $errors, $values, $args); |
|
| 38 | - unset($posted_field); |
|
| 37 | + self::validate_field( $posted_field, $errors, $values, $args ); |
|
| 38 | + unset( $posted_field ); |
|
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | // check for spam |
| 42 | 42 | self::spam_check( $exclude, $values, $errors ); |
| 43 | 43 | |
| 44 | - $errors = apply_filters( 'frm_validate_entry', $errors, $values, compact('exclude') ); |
|
| 44 | + $errors = apply_filters( 'frm_validate_entry', $errors, $values, compact( 'exclude' ) ); |
|
| 45 | 45 | |
| 46 | 46 | return $errors; |
| 47 | 47 | } |
@@ -55,8 +55,8 @@ discard block |
||
| 55 | 55 | ); |
| 56 | 56 | $args = wp_parse_args( $args, $defaults ); |
| 57 | 57 | |
| 58 | - if ( empty($args['parent_field_id']) ) { |
|
| 59 | - $value = isset( $values['item_meta'][ $args['id'] ] ) ? $values['item_meta'][ $args['id'] ] : ''; |
|
| 58 | + if ( empty( $args['parent_field_id'] ) ) { |
|
| 59 | + $value = isset( $values['item_meta'][$args['id']] ) ? $values['item_meta'][$args['id']] : ''; |
|
| 60 | 60 | } else { |
| 61 | 61 | // value is from a nested form |
| 62 | 62 | $value = $values; |
@@ -68,12 +68,12 @@ discard block |
||
| 68 | 68 | self::maybe_clear_value_for_default_blank_setting( $posted_field, $value ); |
| 69 | 69 | |
| 70 | 70 | // Reset arrays with only one value if it's not a field where array keys need to be preserved |
| 71 | - if ( is_array($value) && count( $value ) == 1 && isset( $value[0] ) ) { |
|
| 72 | - $value = reset($value); |
|
| 71 | + if ( is_array( $value ) && count( $value ) == 1 && isset( $value[0] ) ) { |
|
| 72 | + $value = reset( $value ); |
|
| 73 | 73 | } |
| 74 | 74 | |
| 75 | 75 | if ( $posted_field->required == '1' && ! is_array( $value ) && trim( $value ) == '' ) { |
| 76 | - $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' ); |
|
| 76 | + $errors['field' . $args['id']] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' ); |
|
| 77 | 77 | } else if ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { |
| 78 | 78 | $_POST['item_name'] = $value; |
| 79 | 79 | } |
@@ -85,9 +85,9 @@ discard block |
||
| 85 | 85 | self::validate_phone_field( $errors, $posted_field, $value, $args ); |
| 86 | 86 | } |
| 87 | 87 | |
| 88 | - FrmEntriesHelper::set_posted_value($posted_field, $value, $args); |
|
| 88 | + FrmEntriesHelper::set_posted_value( $posted_field, $value, $args ); |
|
| 89 | 89 | |
| 90 | - self::validate_recaptcha($errors, $posted_field, $args); |
|
| 90 | + self::validate_recaptcha( $errors, $posted_field, $args ); |
|
| 91 | 91 | |
| 92 | 92 | $errors = apply_filters( 'frm_validate_' . $posted_field->type . '_field_entry', $errors, $posted_field, $value, $args ); |
| 93 | 93 | $errors = apply_filters( 'frm_validate_field_entry', $errors, $posted_field, $value, $args ); |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | return; |
| 105 | 105 | } |
| 106 | 106 | |
| 107 | - if ( trim($value) == 'http://' ) { |
|
| 107 | + if ( trim( $value ) == 'http://' ) { |
|
| 108 | 108 | $value = ''; |
| 109 | 109 | } else { |
| 110 | 110 | $value = esc_url_raw( $value ); |
@@ -112,8 +112,8 @@ discard block |
||
| 112 | 112 | } |
| 113 | 113 | |
| 114 | 114 | // validate the url format |
| 115 | - if ( ! preg_match('/^http(s)?:\/\/(?:localhost|(?:[\da-z\.-]+\.[\da-z\.-]+))/i', $value) ) { |
|
| 116 | - $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 115 | + if ( ! preg_match( '/^http(s)?:\/\/(?:localhost|(?:[\da-z\.-]+\.[\da-z\.-]+))/i', $value ) ) { |
|
| 116 | + $errors['field' . $args['id']] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 117 | 117 | } |
| 118 | 118 | } |
| 119 | 119 | |
@@ -123,8 +123,8 @@ discard block |
||
| 123 | 123 | } |
| 124 | 124 | |
| 125 | 125 | //validate the email format |
| 126 | - if ( ! is_email($value) ) { |
|
| 127 | - $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 126 | + if ( ! is_email( $value ) ) { |
|
| 127 | + $errors['field' . $args['id']] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 128 | 128 | } |
| 129 | 129 | } |
| 130 | 130 | |
@@ -134,8 +134,8 @@ discard block |
||
| 134 | 134 | return; |
| 135 | 135 | } |
| 136 | 136 | |
| 137 | - if ( ! is_numeric( $value) ) { |
|
| 138 | - $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 137 | + if ( ! is_numeric( $value ) ) { |
|
| 138 | + $errors['field' . $args['id']] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 139 | 139 | } |
| 140 | 140 | |
| 141 | 141 | // validate number settings |
@@ -145,9 +145,9 @@ discard block |
||
| 145 | 145 | if ( $frm_settings->use_html && isset( $field->field_options['minnum'] ) && isset( $field->field_options['maxnum'] ) ) { |
| 146 | 146 | //minnum maxnum |
| 147 | 147 | if ( (float) $value < $field->field_options['minnum'] ) { |
| 148 | - $errors[ 'field' . $args['id'] ] = __( 'Please select a higher number', 'formidable' ); |
|
| 148 | + $errors['field' . $args['id']] = __( 'Please select a higher number', 'formidable' ); |
|
| 149 | 149 | } else if ( (float) $value > $field->field_options['maxnum'] ) { |
| 150 | - $errors[ 'field' . $args['id'] ] = __( 'Please select a lower number', 'formidable' ); |
|
| 150 | + $errors['field' . $args['id']] = __( 'Please select a lower number', 'formidable' ); |
|
| 151 | 151 | } |
| 152 | 152 | } |
| 153 | 153 | } |
@@ -159,7 +159,7 @@ discard block |
||
| 159 | 159 | $pattern = self::phone_format( $field ); |
| 160 | 160 | |
| 161 | 161 | if ( ! preg_match( $pattern, $value ) ) { |
| 162 | - $errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 162 | + $errors['field' . $args['id']] = FrmFieldsHelper::get_error_msg( $field, 'invalid' ); |
|
| 163 | 163 | } |
| 164 | 164 | } |
| 165 | 165 | } |
@@ -230,11 +230,11 @@ discard block |
||
| 230 | 230 | return; |
| 231 | 231 | } |
| 232 | 232 | |
| 233 | - if ( ! isset($_POST['g-recaptcha-response']) ) { |
|
| 233 | + if ( ! isset( $_POST['g-recaptcha-response'] ) ) { |
|
| 234 | 234 | // If captcha is missing, check if it was already verified |
| 235 | 235 | if ( ! isset( $_POST['recaptcha_checked'] ) || ! wp_verify_nonce( $_POST['recaptcha_checked'], 'frm_ajax' ) ) { |
| 236 | 236 | // There was no captcha submitted |
| 237 | - $errors[ 'field' . $args['id'] ] = __( 'The captcha is missing from this form', 'formidable' ); |
|
| 237 | + $errors['field' . $args['id']] = __( 'The captcha is missing from this form', 'formidable' ); |
|
| 238 | 238 | } |
| 239 | 239 | return; |
| 240 | 240 | } |
@@ -247,15 +247,15 @@ discard block |
||
| 247 | 247 | ), |
| 248 | 248 | ); |
| 249 | 249 | $resp = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', $arg_array ); |
| 250 | - $response = json_decode(wp_remote_retrieve_body( $resp ), true); |
|
| 250 | + $response = json_decode( wp_remote_retrieve_body( $resp ), true ); |
|
| 251 | 251 | |
| 252 | 252 | if ( isset( $response['success'] ) && ! $response['success'] ) { |
| 253 | 253 | // What happens when the CAPTCHA was entered incorrectly |
| 254 | - $errors[ 'field' . $args['id'] ] = ( ! isset( $field->field_options['invalid'] ) || $field->field_options['invalid'] == '' ) ? $frm_settings->re_msg : $field->field_options['invalid']; |
|
| 254 | + $errors['field' . $args['id']] = ( ! isset( $field->field_options['invalid'] ) || $field->field_options['invalid'] == '' ) ? $frm_settings->re_msg : $field->field_options['invalid']; |
|
| 255 | 255 | } else if ( is_wp_error( $resp ) ) { |
| 256 | 256 | $error_string = $resp->get_error_message(); |
| 257 | - $errors[ 'field' . $args['id'] ] = __( 'There was a problem verifying your recaptcha', 'formidable' ); |
|
| 258 | - $errors[ 'field' . $args['id'] ] .= ' ' . $error_string; |
|
| 257 | + $errors['field' . $args['id']] = __( 'There was a problem verifying your recaptcha', 'formidable' ); |
|
| 258 | + $errors['field' . $args['id']] .= ' ' . $error_string; |
|
| 259 | 259 | } |
| 260 | 260 | } |
| 261 | 261 | |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | |
| 285 | 285 | private static function is_akismet_spam( $values ) { |
| 286 | 286 | global $wpcom_api_key; |
| 287 | - return ( is_callable('Akismet::http_post') && ( get_option('wordpress_api_key') || $wpcom_api_key ) && self::akismet( $values ) ); |
|
| 287 | + return ( is_callable( 'Akismet::http_post' ) && ( get_option( 'wordpress_api_key' ) || $wpcom_api_key ) && self::akismet( $values ) ); |
|
| 288 | 288 | } |
| 289 | 289 | |
| 290 | 290 | private static function is_akismet_enabled_for_user( $form_id ) { |
@@ -293,7 +293,7 @@ discard block |
||
| 293 | 293 | } |
| 294 | 294 | |
| 295 | 295 | public static function blacklist_check( $values ) { |
| 296 | - if ( ! apply_filters('frm_check_blacklist', true, $values) ) { |
|
| 296 | + if ( ! apply_filters( 'frm_check_blacklist', true, $values ) ) { |
|
| 297 | 297 | return false; |
| 298 | 298 | } |
| 299 | 299 | |
@@ -303,9 +303,9 @@ discard block |
||
| 303 | 303 | return false; |
| 304 | 304 | } |
| 305 | 305 | |
| 306 | - $content = FrmEntriesHelper::entry_array_to_string($values); |
|
| 306 | + $content = FrmEntriesHelper::entry_array_to_string( $values ); |
|
| 307 | 307 | |
| 308 | - if ( empty($content) ) { |
|
| 308 | + if ( empty( $content ) ) { |
|
| 309 | 309 | return false; |
| 310 | 310 | } |
| 311 | 311 | |
@@ -360,7 +360,7 @@ discard block |
||
| 360 | 360 | unset( $key, $data ); |
| 361 | 361 | } |
| 362 | 362 | |
| 363 | - $response = Akismet::http_post($query_string, 'comment-check'); |
|
| 363 | + $response = Akismet::http_post( $query_string, 'comment-check' ); |
|
| 364 | 364 | |
| 365 | 365 | return ( is_array( $response ) && $response[1] == 'true' ); |
| 366 | 366 | } |
@@ -383,12 +383,12 @@ discard block |
||
| 383 | 383 | |
| 384 | 384 | foreach ( $_SERVER as $key => $value ) { |
| 385 | 385 | if ( ! in_array( $key, array( 'HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW' ) ) && is_string( $value ) ) { |
| 386 | - $datas[ $key ] = wp_strip_all_tags( $value ); |
|
| 386 | + $datas[$key] = wp_strip_all_tags( $value ); |
|
| 387 | 387 | } else { |
| 388 | - $datas[ $key ] = ''; |
|
| 388 | + $datas[$key] = ''; |
|
| 389 | 389 | } |
| 390 | 390 | |
| 391 | - unset($key, $value); |
|
| 391 | + unset( $key, $value ); |
|
| 392 | 392 | } |
| 393 | 393 | } |
| 394 | 394 | } |
