FrmEntryValidate::get_disallowed_words() - Code Metrics - Inspection of "Merge pull request #198 from Strategy11/develop" - Strategy11/formidable-forms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( b5bee3...18e7f5 )

by Stephanie

created 2020-07-24 13:23 UTC

FrmEntryValidate::get_disallowed_words() A

↳ Parent: FrmEntryValidate

Complexity

Conditions	2
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
nc	2
nop	0
dl	0
loc	8
rs	10
c	0
b	0
f	0

<?php

class FrmEntryValidate {
	public static function validate( $values, $exclude = false ) {
		FrmEntry::sanitize_entry_post( $values );
		$errors = array();

		if ( ! isset( $values['form_id'] ) || ! isset( $values['item_meta'] ) ) {
			$errors['form'] = __( 'There was a problem with your submission. Please try again.', 'formidable' );

			return $errors;
		}

		if ( FrmAppHelper::is_admin() && is_user_logged_in() && ( ! isset( $values[ 'frm_submit_entry_' . $values['form_id'] ] ) || ! wp_verify_nonce( $values[ 'frm_submit_entry_' . $values['form_id'] ], 'frm_submit_entry_nonce' ) ) ) {
			$errors['form'] = __( 'You do not have permission to do that', 'formidable' );
		}

		self::set_item_key( $values );

		$posted_fields = self::get_fields_to_validate( $values, $exclude );

		// Pass exclude value to validate_field function so it can be used for repeating sections
		$args = array( 'exclude' => $exclude );

		foreach ( $posted_fields as $posted_field ) {
			self::validate_field( $posted_field, $errors, $values, $args );
			unset( $posted_field );
		}

		if ( empty( $errors ) ) {
			self::spam_check( $exclude, $values, $errors );
		}

		$errors = apply_filters( 'frm_validate_entry', $errors, $values, compact( 'exclude' ) );

		return $errors;
	}

	private static function set_item_key( &$values ) {
		if ( ! isset( $values['item_key'] ) || $values['item_key'] == '' ) {
			global $wpdb;
			$values['item_key'] = FrmAppHelper::get_unique_key( '', $wpdb->prefix . 'frm_items', 'item_key' );
			$_POST['item_key']  = $values['item_key'];
		}
	}

	private static function get_fields_to_validate( $values, $exclude ) {
		$where = apply_filters( 'frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) );

		// Don't get subfields
		$where['fr.parent_form_id'] = array( null, 0 );

		// Don't get excluded fields (like file upload fields in the ajax validation)
		if ( ! empty( $exclude ) ) {
			$where['fi.type not'] = $exclude;
		}

		return FrmField::getAll( $where, 'field_order' );
	}

	public static function validate_field( $posted_field, &$errors, $values, $args = array() ) {
		$defaults = array(
			'id'              => $posted_field->id,
			'parent_field_id' => '', // the id of the repeat or embed form
			'key_pointer'     => '', // the pointer in the posted array
			'exclude'         => array(), // exclude these field types from validation
		);
		$args     = wp_parse_args( $args, $defaults );

		if ( empty( $args['parent_field_id'] ) ) {
			$value = isset( $values['item_meta'][ $args['id'] ] ) ? $values['item_meta'][ $args['id'] ] : '';
		} else {
			// value is from a nested form
			$value = $values;
		}

		// Check for values in "Other" fields
		FrmEntriesHelper::maybe_set_other_validation( $posted_field, $value, $args );

		self::maybe_clear_value_for_default_blank_setting( $posted_field, $value );

		$should_trim = is_array( $value ) && count( $value ) == 1 && isset( $value[0] ) && $posted_field->type !== 'checkbox';
		if ( $should_trim ) {
			$value = reset( $value );
		}

		if ( ! is_array( $value ) ) {
			$value = trim( $value );
		}

		if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
			$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
		} elseif ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { // WPCS: CSRF ok.
			$_POST['item_name'] = $value;
		}

		FrmEntriesHelper::set_posted_value( $posted_field, $value, $args );

		self::validate_field_types( $errors, $posted_field, $value, $args );

		// Field might want to modify value before other parts of the system
		// e.g. trim off excess values like in the case of fields with limit.
		$value = apply_filters( 'frm_modify_posted_field_value', $value, $errors, $posted_field, $args );

		if ( $value != '' ) {
			self::validate_phone_field( $errors, $posted_field, $value, $args );
		}

		$errors = apply_filters( 'frm_validate_' . $posted_field->type . '_field_entry', $errors, $posted_field, $value, $args );
		$errors = apply_filters( 'frm_validate_field_entry', $errors, $posted_field, $value, $args );
	}

	private static function maybe_clear_value_for_default_blank_setting( $field, &$value ) {
		$placeholder = FrmField::get_option( $field, 'placeholder' );
		$is_default  = ( ! empty( $placeholder ) && $value == $placeholder );
		$is_label    = false;

		if ( ! $is_default ) {
			$position = FrmField::get_option( $field, 'label' );
			if ( empty( $position ) ) {
				$position = FrmStylesController::get_style_val( 'position', $field->form_id );
			}

			$is_label = ( $position == 'inside' && FrmFieldsHelper::is_placeholder_field_type( $field->type ) && $value == $field->name );
		}

		if ( $is_label || $is_default ) {
			$value = '';
		}
	}

	public static function validate_field_types( &$errors, $posted_field, $value, $args ) {
		$field_obj      = FrmFieldFactory::get_field_object( $posted_field );
		$args['value']  = $value;
		$args['errors'] = $errors;

		$new_errors = $field_obj->validate( $args );
		if ( ! empty( $new_errors ) ) {
			$errors = array_merge( $errors, $new_errors );
		}
	}

	public static function validate_phone_field( &$errors, $field, $value, $args ) {
		if ( $field->type == 'phone' || ( $field->type == 'text' && FrmField::is_option_true_in_object( $field, 'format' ) ) ) {

			$pattern = self::phone_format( $field );

			if ( ! preg_match( $pattern, $value ) ) {
				$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' );
			}
		}
	}

	public static function phone_format( $field ) {
		if ( FrmField::is_option_empty( $field, 'format' ) ) {
			$pattern = self::default_phone_format();
		} else {
			$pattern = FrmField::get_option( $field, 'format' );
		}

		$pattern = apply_filters( 'frm_phone_pattern', $pattern, $field );

		// Create a regexp if format is not already a regexp
		if ( strpos( $pattern, '^' ) !== 0 ) {
			$pattern = self::create_regular_expression_from_format( $pattern );
		}

		$pattern = '/' . $pattern . '/';

		return $pattern;
	}

	/**
	 * @since 3.01
	 */
	private static function default_phone_format() {
		return '^((\+\d{1,3}(-|.| )?\(?\d\)?(-| |.)?\d{1,5})|(\(?\d{2,6}\)?))(-|.| )?(\d{3,4})(-|.| )?(\d{4})(( x| ext)\d{1,5}){0,1}$';
	}

	/**
	 * Create a regular expression from a phone number format
	 *
	 * @since 2.02.02
	 *
	 * @param string $pattern
	 *
	 * @return string
	 */
	private static function create_regular_expression_from_format( $pattern ) {
		$pattern = preg_quote( $pattern );

		// Firefox doesn't like escaped dashes or colons
		$pattern = str_replace( array( '\-', '\:' ), array( '-', ':' ), $pattern );

		// Switch generic values out for their regular expression
		$pattern = preg_replace( '/\d/', '\d', $pattern );
		$pattern = str_replace( 'A', '[A-Z]', $pattern );
		$pattern = str_replace( 'a', '[a-zA-Z]', $pattern );
		$pattern = str_replace( '*', 'w', $pattern );
		$pattern = str_replace( '/', '\/', $pattern );

		if ( strpos( $pattern, '\?' ) !== false ) {
			$parts   = explode( '\?', $pattern );
			$pattern = '';
			foreach ( $parts as $part ) {
				if ( empty( $pattern ) ) {
					$pattern .= $part;
				} else {
					$pattern .= '(' . $part . ')?';
				}
			}
		}
		$pattern = '^' . $pattern . '$';

		return $pattern;
	}

	/**
	 * Check for spam
	 *
	 * @param boolean $exclude
	 * @param array $values
	 * @param array $errors by reference
	 */
	public static function spam_check( $exclude, $values, &$errors ) {
		if ( ! empty( $exclude ) || ! isset( $values['item_meta'] ) || empty( $values['item_meta'] ) || ! empty( $errors ) ) {
			// only check spam if there are no other errors
			return;
		}

		if ( self::is_honeypot_spam() || self::is_spam_bot() ) {
			$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
		}

		if ( self::blacklist_check( $values ) ) {
			$errors['spam'] = __( 'Your entry appears to be blocked spam!', 'formidable' );
		}

		if ( self::is_akismet_spam( $values ) ) {
			if ( self::is_akismet_enabled_for_user( $values['form_id'] ) ) {
				$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
			}
		}
	}

	private static function is_honeypot_spam() {
		$honeypot_value = FrmAppHelper::get_param( 'frm_verify', '', 'get', 'sanitize_text_field' );

		return ( $honeypot_value !== '' );
	}

	private static function is_spam_bot() {
		$ip = FrmAppHelper::get_ip_address();

		return empty( $ip );
	}

	private static function is_akismet_spam( $values ) {
		global $wpcom_api_key;

		return ( is_callable( 'Akismet::http_post' ) && ( get_option( 'wordpress_api_key' ) || $wpcom_api_key ) && self::akismet( $values ) );
	}

	private static function is_akismet_enabled_for_user( $form_id ) {
		$form = FrmForm::getOne( $form_id );

		return ( isset( $form->options['akismet'] ) && ! empty( $form->options['akismet'] ) && ( $form->options['akismet'] != 'logged' || ! is_user_logged_in() ) );
	}

	public static function blacklist_check( $values ) {
		if ( ! apply_filters( 'frm_check_blacklist', true, $values ) ) {
			return false;
		}

		$mod_keys = trim( self::get_disallowed_words() );
		if ( empty( $mod_keys ) ) {
			return false;
		}

		$content = FrmEntriesHelper::entry_array_to_string( $values );
		if ( empty( $content ) ) {
			return false;
		}

		$ip         = FrmAppHelper::get_ip_address();
		$user_agent = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
		$user_info  = self::get_spam_check_user_info( $values );

		return self::check_disallowed_words( $user_info['comment_author'], $user_info['comment_author_email'], $user_info['comment_author_url'], $content, $ip, $user_agent );
	}

	/**
	 * For WP 5.5 compatibility.
	 *
	 * @since 4.06.02
	 */
	private static function check_disallowed_words( $author, $email, $url, $content, $ip, $user_agent ) {
		if ( function_exists( 'wp_check_comment_disallowed_list' ) ) {
			return wp_check_comment_disallowed_list( $author, $email, $url, $content, $ip, $user_agent );
		} else {
			return wp_blacklist_check( $author, $email, $url, $content, $ip, $user_agent );
		}
	}

	/**
	 * For WP 5.5 compatibility.
	 *
	 * @since 4.06.02
	 */
	private static function get_disallowed_words() {
		$keys = get_option( 'disallowed_keys' );
		if ( false === $keys ) {
			// Fallback for WP < 5.5.
			$keys = get_option( 'blacklist_keys' );
		}
		return $keys;
	}

	/**
	 * Check entries for Akismet spam
	 *
	 * @return boolean true if is spam
	 */
	public static function akismet( $values ) {
		$content = FrmEntriesHelper::entry_array_to_string( $values );
		if ( empty( $content ) ) {
			return false;
		}

		$datas = array(
			'comment_type'    => 'formidable',
			'comment_content' => $content,
		);
		self::parse_akismet_array( $datas, $values );

		$query_string = _http_build_query( $datas, '', '&' );
		$response     = Akismet::http_post( $query_string, 'comment-check' );

		return ( is_array( $response ) && $response[1] == 'true' );
	}

	/**
	 * @since 2.0
	 */
	private static function parse_akismet_array( &$datas, $values ) {
		self::add_site_info_to_akismet( $datas );
		self::add_user_info_to_akismet( $datas, $values );
		self::add_server_values_to_akismet( $datas );
	}

	private static function add_site_info_to_akismet( &$datas ) {
		$datas['blog']         = FrmAppHelper::site_url();
		$datas['user_ip']      = preg_replace( '/[^0-9., ]/', '', FrmAppHelper::get_ip_address() );
		$datas['user_agent']   = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
		$datas['referrer']     = isset( $_SERVER['HTTP_REFERER'] ) ? FrmAppHelper::get_server_value( 'HTTP_REFERER' ) : false;
		$datas['blog_lang']    = get_locale();
		$datas['blog_charset'] = get_option( 'blog_charset' );

		if ( akismet_test_mode() ) {
			$datas['is_test'] = 'true';
		}
	}

	private static function add_user_info_to_akismet( &$datas, $values ) {
		$user_info = self::get_spam_check_user_info( $values );
		$datas     = $datas + $user_info;

		if ( isset( $user_info['user_ID'] ) ) {
			$datas['user_role'] = Akismet::get_user_roles( $user_info['user_ID'] );
		}
	}

	private static function get_spam_check_user_info( $values ) {
		$datas = array();

		if ( is_user_logged_in() ) {
			$user = wp_get_current_user();

			$datas['user_ID']              = $user->ID;
			$datas['user_id']              = $user->ID;
			$datas['comment_author']       = $user->display_name;
			$datas['comment_author_email'] = $user->user_email;
			$datas['comment_author_url']   = $user->user_url;
		} else {
			$datas['comment_author']       = '';
			$datas['comment_author_email'] = '';
			$datas['comment_author_url']   = '';

			$values = array_filter( $values );
			foreach ( $values as $value ) {
				if ( ! is_array( $value ) ) {
					if ( $datas['comment_author_email'] == '' && strpos( $value, '@' ) && is_email( $value ) ) {
						$datas['comment_author_email'] = $value;
					} elseif ( $datas['comment_author_url'] == '' && strpos( $value, 'http' ) === 0 ) {
						$datas['comment_author_url'] = $value;
					} elseif ( $datas['comment_author'] == '' && ! is_numeric( $value ) && strlen( $value ) < 200 ) {
						$datas['comment_author'] = $value;
					}
				}
			}
		}

		return $datas;
	}

	private static function add_server_values_to_akismet( &$datas ) {
		foreach ( $_SERVER as $key => $value ) {
			$include_value = is_string( $value ) && ! preg_match( '/^HTTP_COOKIE/', $key ) && preg_match( '/^(HTTP_|REMOTE_ADDR|REQUEST_URI|DOCUMENT_URI)/', $key );

			// Send any potentially useful $_SERVER vars, but avoid sending junk we don't need.
			if ( $include_value ) {
				$datas[ $key ] = $value;
			}
			unset( $key, $value );
		}
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_url_field( &$errors, $field, $value, $args ) {
		FrmDeprecated::validate_url_field( $errors, $field, $value, $args );
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_email_field( &$errors, $field, $value, $args ) {
		FrmDeprecated::validate_email_field( $errors, $field, $value, $args );
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_number_field( &$errors, $field, $value, $args ) {
		FrmDeprecated::validate_number_field( $errors, $field, $value, $args );
	}

	/**
	 * @deprecated 3.0
	 * @codeCoverageIgnore
	 */
	public static function validate_recaptcha( &$errors, $field, $args ) {
		FrmDeprecated::validate_recaptcha( $errors, $field, $args );
	}
}


1			<?php
2
3			class FrmEntryValidate {
4			public static function validate( $values, $exclude = false ) {
5			FrmEntry::sanitize_entry_post( $values );
6			$errors = array();
7
8			if ( ! isset( $values['form_id'] ) \|\| ! isset( $values['item_meta'] ) ) {
9			$errors['form'] = __( 'There was a problem with your submission. Please try again.', 'formidable' );
10
11			return $errors;
12			}
13
14			if ( FrmAppHelper::is_admin() && is_user_logged_in() && ( ! isset( $values[ 'frm_submit_entry_' . $values['form_id'] ] ) \|\| ! wp_verify_nonce( $values[ 'frm_submit_entry_' . $values['form_id'] ], 'frm_submit_entry_nonce' ) ) ) {
15			$errors['form'] = __( 'You do not have permission to do that', 'formidable' );
16			}
17
18			self::set_item_key( $values );
19
20			$posted_fields = self::get_fields_to_validate( $values, $exclude );
21
22			// Pass exclude value to validate_field function so it can be used for repeating sections
23			$args = array( 'exclude' => $exclude );
24
25			foreach ( $posted_fields as $posted_field ) {
26			self::validate_field( $posted_field, $errors, $values, $args );
27			unset( $posted_field );
28			}
29
30			if ( empty( $errors ) ) {
31			self::spam_check( $exclude, $values, $errors );
32			}
33
34			$errors = apply_filters( 'frm_validate_entry', $errors, $values, compact( 'exclude' ) );
35
36			return $errors;
37			}
38
39			private static function set_item_key( &$values ) {
40			if ( ! isset( $values['item_key'] ) \|\| $values['item_key'] == '' ) {
41			global $wpdb;
42			$values['item_key'] = FrmAppHelper::get_unique_key( '', $wpdb->prefix . 'frm_items', 'item_key' );
43			$_POST['item_key'] = $values['item_key'];
44			}
45			}
46
47			private static function get_fields_to_validate( $values, $exclude ) {
48			$where = apply_filters( 'frm_posted_field_ids', array( 'fi.form_id' => $values['form_id'] ) );
49
50			// Don't get subfields
51			$where['fr.parent_form_id'] = array( null, 0 );
52
53			// Don't get excluded fields (like file upload fields in the ajax validation)
54			if ( ! empty( $exclude ) ) {
55			$where['fi.type not'] = $exclude;
56			}
57
58			return FrmField::getAll( $where, 'field_order' );
59			}
60
61			public static function validate_field( $posted_field, &$errors, $values, $args = array() ) {
62			$defaults = array(
63			'id' => $posted_field->id,
64			'parent_field_id' => '', // the id of the repeat or embed form
65			'key_pointer' => '', // the pointer in the posted array
66			'exclude' => array(), // exclude these field types from validation
67			);
68			$args = wp_parse_args( $args, $defaults );
69
70			if ( empty( $args['parent_field_id'] ) ) {
71			$value = isset( $values['item_meta'][ $args['id'] ] ) ? $values['item_meta'][ $args['id'] ] : '';
72			} else {
73			// value is from a nested form
74			$value = $values;
75			}
76
77			// Check for values in "Other" fields
78			FrmEntriesHelper::maybe_set_other_validation( $posted_field, $value, $args );
79
80			self::maybe_clear_value_for_default_blank_setting( $posted_field, $value );
81
82			$should_trim = is_array( $value ) && count( $value ) == 1 && isset( $value[0] ) && $posted_field->type !== 'checkbox';
83			if ( $should_trim ) {
84			$value = reset( $value );
85			}
86
87			if ( ! is_array( $value ) ) {
88			$value = trim( $value );
89			}
90
91			if ( $posted_field->required == '1' && FrmAppHelper::is_empty_value( $value ) ) {
92			$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $posted_field, 'blank' );
93			} elseif ( $posted_field->type == 'text' && ! isset( $_POST['item_name'] ) ) { // WPCS: CSRF ok.
94			$_POST['item_name'] = $value;
95			}
96
97			FrmEntriesHelper::set_posted_value( $posted_field, $value, $args );
98
99			self::validate_field_types( $errors, $posted_field, $value, $args );
100
101			// Field might want to modify value before other parts of the system
102			// e.g. trim off excess values like in the case of fields with limit.
103			$value = apply_filters( 'frm_modify_posted_field_value', $value, $errors, $posted_field, $args );
104
105			if ( $value != '' ) {
106			self::validate_phone_field( $errors, $posted_field, $value, $args );
107			}
108
109			$errors = apply_filters( 'frm_validate_' . $posted_field->type . '_field_entry', $errors, $posted_field, $value, $args );
110			$errors = apply_filters( 'frm_validate_field_entry', $errors, $posted_field, $value, $args );
111			}
112
113			private static function maybe_clear_value_for_default_blank_setting( $field, &$value ) {
114			$placeholder = FrmField::get_option( $field, 'placeholder' );
115			$is_default = ( ! empty( $placeholder ) && $value == $placeholder );
116			$is_label = false;
117
118			if ( ! $is_default ) {
119			$position = FrmField::get_option( $field, 'label' );
120			if ( empty( $position ) ) {
121			$position = FrmStylesController::get_style_val( 'position', $field->form_id );
122			}
123
124			$is_label = ( $position == 'inside' && FrmFieldsHelper::is_placeholder_field_type( $field->type ) && $value == $field->name );
125			}
126
127			if ( $is_label \|\| $is_default ) {
128			$value = '';
129			}
130			}
131
132			public static function validate_field_types( &$errors, $posted_field, $value, $args ) {
133			$field_obj = FrmFieldFactory::get_field_object( $posted_field );
134			$args['value'] = $value;
135			$args['errors'] = $errors;
136
137			$new_errors = $field_obj->validate( $args );
138			if ( ! empty( $new_errors ) ) {
139			$errors = array_merge( $errors, $new_errors );
140			}
141			}
142
143			public static function validate_phone_field( &$errors, $field, $value, $args ) {
144			if ( $field->type == 'phone' \|\| ( $field->type == 'text' && FrmField::is_option_true_in_object( $field, 'format' ) ) ) {
145
146			$pattern = self::phone_format( $field );
147
148			if ( ! preg_match( $pattern, $value ) ) {
149			$errors[ 'field' . $args['id'] ] = FrmFieldsHelper::get_error_msg( $field, 'invalid' );
150			}
151			}
152			}
153
154			public static function phone_format( $field ) {
155			if ( FrmField::is_option_empty( $field, 'format' ) ) {
156			$pattern = self::default_phone_format();
157			} else {
158			$pattern = FrmField::get_option( $field, 'format' );
159			}
160
161			$pattern = apply_filters( 'frm_phone_pattern', $pattern, $field );
162
163			// Create a regexp if format is not already a regexp
164			if ( strpos( $pattern, '^' ) !== 0 ) {
165			$pattern = self::create_regular_expression_from_format( $pattern );
166			}
167
168			$pattern = '/' . $pattern . '/';
169
170			return $pattern;
171			}
172
173			/**
174			* @since 3.01
175			*/
176			private static function default_phone_format() {
177			return '^((\+\d{1,3}(-\|.\| )?\(?\d\)?(-\| \|.)?\d{1,5})\|(\(?\d{2,6}\)?))(-\|.\| )?(\d{3,4})(-\|.\| )?(\d{4})(( x\| ext)\d{1,5}){0,1}$';
178			}
179
180			/**
181			* Create a regular expression from a phone number format
182			*
183			* @since 2.02.02
184			*
185			* @param string $pattern
186			*
187			* @return string
188			*/
189			private static function create_regular_expression_from_format( $pattern ) {
190			$pattern = preg_quote( $pattern );
191
192			// Firefox doesn't like escaped dashes or colons
193			$pattern = str_replace( array( '\-', '\:' ), array( '-', ':' ), $pattern );
194
195			// Switch generic values out for their regular expression
196			$pattern = preg_replace( '/\d/', '\d', $pattern );
197			$pattern = str_replace( 'A', '[A-Z]', $pattern );
198			$pattern = str_replace( 'a', '[a-zA-Z]', $pattern );
199			$pattern = str_replace( '*', 'w', $pattern );
200			$pattern = str_replace( '/', '\/', $pattern );
201
202			if ( strpos( $pattern, '\?' ) !== false ) {
203			$parts = explode( '\?', $pattern );
204			$pattern = '';
205			foreach ( $parts as $part ) {
206			if ( empty( $pattern ) ) {
207			$pattern .= $part;
208			} else {
209			$pattern .= '(' . $part . ')?';
210			}
211			}
212			}
213			$pattern = '^' . $pattern . '$';
214
215			return $pattern;
216			}
217
218			/**
219			* Check for spam
220			*
221			* @param boolean $exclude
222			* @param array $values
223			* @param array $errors by reference
224			*/
225			public static function spam_check( $exclude, $values, &$errors ) {
226			if ( ! empty( $exclude ) \|\| ! isset( $values['item_meta'] ) \|\| empty( $values['item_meta'] ) \|\| ! empty( $errors ) ) {
227			// only check spam if there are no other errors
228			return;
229			}
230
231			if ( self::is_honeypot_spam() \|\| self::is_spam_bot() ) {
232			$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
233			}
234
235			if ( self::blacklist_check( $values ) ) {
236			$errors['spam'] = __( 'Your entry appears to be blocked spam!', 'formidable' );
237			}
238
239			if ( self::is_akismet_spam( $values ) ) {
240			if ( self::is_akismet_enabled_for_user( $values['form_id'] ) ) {
241			$errors['spam'] = __( 'Your entry appears to be spam!', 'formidable' );
242			}
243			}
244			}
245
246			private static function is_honeypot_spam() {
247			$honeypot_value = FrmAppHelper::get_param( 'frm_verify', '', 'get', 'sanitize_text_field' );
248
249			return ( $honeypot_value !== '' );
250			}
251
252			private static function is_spam_bot() {
253			$ip = FrmAppHelper::get_ip_address();
254
255			return empty( $ip );
256			}
257
258			private static function is_akismet_spam( $values ) {
259			global $wpcom_api_key;
260
261			return ( is_callable( 'Akismet::http_post' ) && ( get_option( 'wordpress_api_key' ) \|\| $wpcom_api_key ) && self::akismet( $values ) );
262			}
263
264			private static function is_akismet_enabled_for_user( $form_id ) {
265			$form = FrmForm::getOne( $form_id );
266
267			return ( isset( $form->options['akismet'] ) && ! empty( $form->options['akismet'] ) && ( $form->options['akismet'] != 'logged' \|\| ! is_user_logged_in() ) );
268			}
269
270			public static function blacklist_check( $values ) {
271			if ( ! apply_filters( 'frm_check_blacklist', true, $values ) ) {
272			return false;
273			}
274
275			$mod_keys = trim( self::get_disallowed_words() );
276			if ( empty( $mod_keys ) ) {
277			return false;
278			}
279
280			$content = FrmEntriesHelper::entry_array_to_string( $values );
281			if ( empty( $content ) ) {
282			return false;
283			}
284
285			$ip = FrmAppHelper::get_ip_address();
286			$user_agent = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
287			$user_info = self::get_spam_check_user_info( $values );
288
289			return self::check_disallowed_words( $user_info['comment_author'], $user_info['comment_author_email'], $user_info['comment_author_url'], $content, $ip, $user_agent );
290			}
291
292			/**
293			* For WP 5.5 compatibility.
294			*
295			* @since 4.06.02
296			*/
297			private static function check_disallowed_words( $author, $email, $url, $content, $ip, $user_agent ) {
298			if ( function_exists( 'wp_check_comment_disallowed_list' ) ) {
299			return wp_check_comment_disallowed_list( $author, $email, $url, $content, $ip, $user_agent );
300			} else {
301			return wp_blacklist_check( $author, $email, $url, $content, $ip, $user_agent );
302			}
303			}
304
305			/**
306			* For WP 5.5 compatibility.
307			*
308			* @since 4.06.02
309			*/
310			private static function get_disallowed_words() {
311			$keys = get_option( 'disallowed_keys' );
312			if ( false === $keys ) {
313			// Fallback for WP < 5.5.
314			$keys = get_option( 'blacklist_keys' );
315			}
316			return $keys;
317			}
318
319			/**
320			* Check entries for Akismet spam
321			*
322			* @return boolean true if is spam
323			*/
324			public static function akismet( $values ) {
325			$content = FrmEntriesHelper::entry_array_to_string( $values );
326			if ( empty( $content ) ) {
327			return false;
328			}
329
330			$datas = array(
331			'comment_type' => 'formidable',
332			'comment_content' => $content,
333			);
334			self::parse_akismet_array( $datas, $values );
335
336			$query_string = _http_build_query( $datas, '', '&' );
337			$response = Akismet::http_post( $query_string, 'comment-check' );
338
339			return ( is_array( $response ) && $response[1] == 'true' );
340			}
341
342			/**
343			* @since 2.0
344			*/
345			private static function parse_akismet_array( &$datas, $values ) {
346			self::add_site_info_to_akismet( $datas );
347			self::add_user_info_to_akismet( $datas, $values );
348			self::add_server_values_to_akismet( $datas );
349			}
350
351			private static function add_site_info_to_akismet( &$datas ) {
352			$datas['blog'] = FrmAppHelper::site_url();
353			$datas['user_ip'] = preg_replace( '/[^0-9., ]/', '', FrmAppHelper::get_ip_address() );
354			$datas['user_agent'] = FrmAppHelper::get_server_value( 'HTTP_USER_AGENT' );
355			$datas['referrer'] = isset( $_SERVER['HTTP_REFERER'] ) ? FrmAppHelper::get_server_value( 'HTTP_REFERER' ) : false;
356			$datas['blog_lang'] = get_locale();
357			$datas['blog_charset'] = get_option( 'blog_charset' );
358
359			if ( akismet_test_mode() ) {
360			$datas['is_test'] = 'true';
361			}
362			}
363
364			private static function add_user_info_to_akismet( &$datas, $values ) {
365			$user_info = self::get_spam_check_user_info( $values );
366			$datas = $datas + $user_info;
367
368			if ( isset( $user_info['user_ID'] ) ) {
369			$datas['user_role'] = Akismet::get_user_roles( $user_info['user_ID'] );
370			}
371			}
372
373			private static function get_spam_check_user_info( $values ) {
374			$datas = array();
375
376			if ( is_user_logged_in() ) {
377			$user = wp_get_current_user();
378
379			$datas['user_ID'] = $user->ID;
380			$datas['user_id'] = $user->ID;
381			$datas['comment_author'] = $user->display_name;
382			$datas['comment_author_email'] = $user->user_email;
383			$datas['comment_author_url'] = $user->user_url;
384			} else {
385			$datas['comment_author'] = '';
386			$datas['comment_author_email'] = '';
387			$datas['comment_author_url'] = '';
388
389			$values = array_filter( $values );
390			foreach ( $values as $value ) {
391			if ( ! is_array( $value ) ) {
392			if ( $datas['comment_author_email'] == '' && strpos( $value, '@' ) && is_email( $value ) ) {
393			$datas['comment_author_email'] = $value;
394			} elseif ( $datas['comment_author_url'] == '' && strpos( $value, 'http' ) === 0 ) {
395			$datas['comment_author_url'] = $value;
396			} elseif ( $datas['comment_author'] == '' && ! is_numeric( $value ) && strlen( $value ) < 200 ) {
397			$datas['comment_author'] = $value;
398			}
399			}
400			}
401			}
402
403			return $datas;
404			}
405
406			private static function add_server_values_to_akismet( &$datas ) {
407			foreach ( $_SERVER as $key => $value ) {
408			$include_value = is_string( $value ) && ! preg_match( '/^HTTP_COOKIE/', $key ) && preg_match( '/^(HTTP_\|REMOTE_ADDR\|REQUEST_URI\|DOCUMENT_URI)/', $key );
409
410			// Send any potentially useful $_SERVER vars, but avoid sending junk we don't need.
411			if ( $include_value ) {
412			$datas[ $key ] = $value;
413			}
414			unset( $key, $value );
415			}
416			}
417
418			/**
419			* @deprecated 3.0
420			* @codeCoverageIgnore
421			*/
422			public static function validate_url_field( &$errors, $field, $value, $args ) {
423			FrmDeprecated::validate_url_field( $errors, $field, $value, $args );
424			}
425
426			/**
427			* @deprecated 3.0
428			* @codeCoverageIgnore
429			*/
430			public static function validate_email_field( &$errors, $field, $value, $args ) {
431			FrmDeprecated::validate_email_field( $errors, $field, $value, $args );
432			}
433
434			/**
435			* @deprecated 3.0
436			* @codeCoverageIgnore
437			*/
438			public static function validate_number_field( &$errors, $field, $value, $args ) {
439			FrmDeprecated::validate_number_field( $errors, $field, $value, $args );
440			}
441
442			/**
443			* @deprecated 3.0
444			* @codeCoverageIgnore
445			*/
446			public static function validate_recaptcha( &$errors, $field, $args ) {
447			FrmDeprecated::validate_recaptcha( $errors, $field, $args );
448			}
449			}
450

Strategy11 / formidable-forms

Push — master ( b5bee3...18e7f5 )

FrmEntryValidate::get_disallowed_words() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like