Update akismet

This commit is contained in:
Oliver Davies 2019-06-07 19:05:09 +01:00
parent 1e3ac16676
commit 6ed0abf6a3
8 changed files with 53 additions and 37 deletions

View file

@ -80,9 +80,11 @@ table.comments td.comment p a:after {
display: inline-block !important; display: inline-block !important;
} }
.checkforspam-progress { .checkforspam-progress {
padding-left: 1ex;
display: none; display: none;
} }
.checkforspam.checking .checkforspam-progress {
padding-left: 1ex;
}
.checkforspam.button-disabled .checkforspam-progress { .checkforspam.button-disabled .checkforspam-progress {
display: inline; display: inline;
} }
@ -246,7 +248,6 @@ table.comments td.comment p a:after {
font-size: 140px; font-size: 140px;
color: #769F33; color: #769F33;
font-family: Georgia, "Times New Roman", Times, serif; font-family: Georgia, "Times New Roman", Times, serif;
z-index: 1;
} }
.akismet_activate .aa_button { .akismet_activate .aa_button {
@ -312,7 +313,6 @@ table.comments td.comment p a:after {
margin-left: 25px; margin-left: 25px;
color: #E5F2B1; color: #E5F2B1;
font-size: 15px; font-size: 15px;
z-index: 1000;
} }
.akismet_activate .aa_description strong { .akismet_activate .aa_description strong {

View file

@ -146,10 +146,15 @@ jQuery( function ( $ ) {
} ); } );
} ); } );
$('.checkforspam:not(.button-disabled)').click( function(e) { $( '.checkforspam' ).click( function( e ) {
e.preventDefault(); e.preventDefault();
$('.checkforspam:not(.button-disabled)').addClass('button-disabled'); if ( $( this ).hasClass( 'button-disabled' ) ) {
window.location.href = $( this ).data( 'success-url' ).replace( '__recheck_count__', 0 ).replace( '__spam_count__', 0 );
return;
}
$('.checkforspam').addClass('button-disabled').addClass( 'checking' );
$('.checkforspam-spinner').addClass( 'spinner' ).addClass( 'is-active' ); $('.checkforspam-spinner').addClass( 'spinner' ).addClass( 'is-active' );
// Update the label on the "Check for Spam" button to use the active "Checking for Spam" language. // Update the label on the "Check for Spam" button to use the active "Checking for Spam" language.

View file

@ -6,7 +6,7 @@
Plugin Name: Akismet Anti-Spam Plugin Name: Akismet Anti-Spam
Plugin URI: https://akismet.com/ Plugin URI: https://akismet.com/
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key. Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
Version: 4.1.1 Version: 4.1.2
Author: Automattic Author: Automattic
Author URI: https://automattic.com/wordpress-plugins/ Author URI: https://automattic.com/wordpress-plugins/
License: GPLv2 or later License: GPLv2 or later
@ -37,7 +37,7 @@ if ( !function_exists( 'add_action' ) ) {
exit; exit;
} }
define( 'AKISMET_VERSION', '4.1.1' ); define( 'AKISMET_VERSION', '4.1.2' );
define( 'AKISMET__MINIMUM_WP_VERSION', '4.0' ); define( 'AKISMET__MINIMUM_WP_VERSION', '4.0' );
define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
define( 'AKISMET_DELETE_LIMIT', 100000 ); define( 'AKISMET_DELETE_LIMIT', 100000 );

View file

@ -390,9 +390,9 @@ class Akismet_Admin {
$comments_count = wp_count_comments(); $comments_count = wp_count_comments();
echo '</div>'; echo '</div>';
echo '<div class="alignleft">'; echo '<div class="alignleft actions">';
echo '<a echo '<a
class="button-secondary checkforspam" class="button-secondary checkforspam' . ( $comments_count->moderated == 0 ? ' button-disabled' : '' ) . '"
href="' . esc_url( $link ) . '" href="' . esc_url( $link ) . '"
data-active-label="' . esc_attr( __( 'Checking for Spam', 'akismet' ) ) . '" data-active-label="' . esc_attr( __( 'Checking for Spam', 'akismet' ) ) . '"
data-progress-label-format="' . esc_attr( __( '(%1$s%)', 'akismet' ) ) . '" data-progress-label-format="' . esc_attr( __( '(%1$s%)', 'akismet' ) ) . '"

View file

@ -65,6 +65,11 @@ class Akismet {
} }
public static function verify_key( $key, $ip = null ) { public static function verify_key( $key, $ip = null ) {
// Shortcut for obviously invalid keys.
if ( strlen( $key ) != 12 ) {
return 'invalid';
}
$response = self::check_key_status( $key, $ip ); $response = self::check_key_status( $key, $ip );
if ( $response[1] != 'valid' && $response[1] != 'invalid' ) if ( $response[1] != 'valid' && $response[1] != 'invalid' )
@ -1178,6 +1183,10 @@ class Akismet {
} }
public static function load_form_js() { public static function load_form_js() {
if ( function_exists( 'is_amp_endpoint' ) && is_amp_endpoint() ) {
return;
}
wp_register_script( 'akismet-form', plugin_dir_url( __FILE__ ) . '_inc/form.js', array(), AKISMET_VERSION, true ); wp_register_script( 'akismet-form', plugin_dir_url( __FILE__ ) . '_inc/form.js', array(), AKISMET_VERSION, true );
wp_enqueue_script( 'akismet-form' ); wp_enqueue_script( 'akismet-form' );
} }
@ -1333,9 +1342,16 @@ p {
if ( !empty( $args[1] ) ) { if ( !empty( $args[1] ) ) {
$post_id = url_to_postid( $args[1] ); $post_id = url_to_postid( $args[1] );
// If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification // If pingbacks aren't open on this post, we'll still check whether this request is part of a potential DDOS,
Akismet::pingback_forwarded_for( null, $args[0] ); // but indicate to the server that pingbacks are indeed closed so we don't include this request in the user's stats,
add_filter( 'http_request_args', array( 'Akismet', 'pingback_forwarded_for' ), 10, 2 ); // since the user has already done their part by disabling pingbacks.
$pingbacks_closed = false;
$post = get_post( $post_id );
if ( ! $post || ! pings_open( $post ) ) {
$pingbacks_closed = true;
}
$comment = array( $comment = array(
'comment_author_url' => $args[0], 'comment_author_url' => $args[0],
@ -1346,6 +1362,7 @@ p {
'comment_type' => 'pingback', 'comment_type' => 'pingback',
'akismet_pre_check' => '1', 'akismet_pre_check' => '1',
'comment_pingback_target' => $args[1], 'comment_pingback_target' => $args[1],
'pingbacks_closed' => $pingbacks_closed ? '1' : '0',
); );
$comment = Akismet::auto_check_comment( $comment ); $comment = Akismet::auto_check_comment( $comment );
@ -1357,28 +1374,6 @@ p {
} }
} }
public static function pingback_forwarded_for( $r, $url ) {
static $urls = array();
// Call this with $r == null to prime the callback to add headers on a specific URL
if ( is_null( $r ) && !in_array( $url, $urls ) ) {
$urls[] = $url;
}
// Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source)
if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) {
$remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] );
// Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use
$r['headers']['X-Pingback-Forwarded-For'] = $remote_ip;
// Also identify the request as a pingback verification in the UA string so it appears in logs
$r['user-agent'] .= '; verifying pingback from ' . $remote_ip;
}
return $r;
}
/** /**
* Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta. * Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta.
* *

View file

@ -2,8 +2,8 @@
Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau
Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments
Requires at least: 4.0 Requires at least: 4.0
Tested up to: 5.1 Tested up to: 5.2
Stable tag: 4.1.1 Stable tag: 4.1.2
License: GPLv2 or later License: GPLv2 or later
Akismet checks your comments and contact form submissions against our global database of spam to protect you and your site from malicious content. Akismet checks your comments and contact form submissions against our global database of spam to protect you and your site from malicious content.
@ -30,6 +30,15 @@ Upload the Akismet plugin to your blog, Activate it, then enter your [Akismet.co
== Changelog == == Changelog ==
= 4.1.2 =
*Release Date - 14 May 2019*
* Fixed a conflict between the Akismet setup banner and other plugin notices.
* Reduced the number of API requests made by the plugin when attempting to verify the API key.
* Include additional data in the pingback pre-check API request to help make the stats more accurate.
* Fixed a bug that was enabling the "Check for Spam" button when no comments were eligible to be checked.
* Improved Akismet's AMP compatibility.
= 4.1.1 = = 4.1.1 =
*Release Date - 31 January 2019* *Release Date - 31 January 2019*

View file

@ -1,3 +1,9 @@
<?php
//phpcs:disable VariableAnalysis
// There are "undefined" variables here because they're defined in the code that includes this file as a template.
?>
<form name="akismet_activate" action="https://akismet.com/get/" method="POST" target="_blank"> <form name="akismet_activate" action="https://akismet.com/get/" method="POST" target="_blank">
<input type="hidden" name="passback_url" value="<?php echo esc_url( Akismet_Admin::get_page_url() ); ?>"/> <input type="hidden" name="passback_url" value="<?php echo esc_url( Akismet_Admin::get_page_url() ); ?>"/>
<input type="hidden" name="blog" value="<?php echo esc_url( get_option( 'home' ) ); ?>"/> <input type="hidden" name="blog" value="<?php echo esc_url( get_option( 'home' ) ); ?>"/>

View file

@ -206,7 +206,8 @@ function akismet_kill_proxy_check( $option ) {
return 0; return 0;
} }
function akismet_pingback_forwarded_for( $r, $url ) { function akismet_pingback_forwarded_for( $r, $url ) {
return Akismet::pingback_forwarded_for( $r, $url ); // This functionality is now in core.
return false;
} }
function akismet_pre_check_pingback( $method ) { function akismet_pre_check_pingback( $method ) {
return Akismet::pre_check_pingback( $method ); return Akismet::pre_check_pingback( $method );