Update akismet

wp-content/plugins/akismet/_inc/akismet.css

@@ -80,9 +80,11 @@ table.comments td.comment p a:after {
     display: inline-block !important;
 }
 .checkforspam-progress {
-	padding-left: 1ex;
 	display: none;
 }
+.checkforspam.checking .checkforspam-progress {
+	padding-left: 1ex;
+}
 .checkforspam.button-disabled .checkforspam-progress {
 	display: inline;
 }
@@ -246,7 +248,6 @@ table.comments td.comment p a:after {
 	font-size: 140px;
 	color: #769F33;
 	font-family: Georgia, "Times New Roman", Times, serif;
-	z-index: 1;
 }
 
 .akismet_activate .aa_button {
@@ -312,7 +313,6 @@ table.comments td.comment p a:after {
 	margin-left: 25px;
 	color: #E5F2B1;
 	font-size: 15px;
-	z-index: 1000;
 }
 
 .akismet_activate .aa_description strong {

wp-content/plugins/akismet/_inc/akismet.js

@@ -146,10 +146,15 @@ jQuery( function ( $ ) {
 		} );
 	} );
 
-	$('.checkforspam:not(.button-disabled)').click( function(e) {
+	$( '.checkforspam' ).click( function( e ) {
 		e.preventDefault();
 
-		$('.checkforspam:not(.button-disabled)').addClass('button-disabled');
+		if ( $( this ).hasClass( 'button-disabled' ) ) {
+			window.location.href = $( this ).data( 'success-url' ).replace( '__recheck_count__', 0 ).replace( '__spam_count__', 0 );
+			return;
+		}
+
+		$('.checkforspam').addClass('button-disabled').addClass( 'checking' );
 		$('.checkforspam-spinner').addClass( 'spinner' ).addClass( 'is-active' );
 
 		// Update the label on the "Check for Spam" button to use the active "Checking for Spam" language.

wp-content/plugins/akismet/akismet.php

@@ -6,7 +6,7 @@
 Plugin Name: Akismet Anti-Spam
 Plugin URI: https://akismet.com/
 Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
-Version: 4.1.1
+Version: 4.1.2
 Author: Automattic
 Author URI: https://automattic.com/wordpress-plugins/
 License: GPLv2 or later
@@ -37,7 +37,7 @@ if ( !function_exists( 'add_action' ) ) {
 	exit;
 }
 
-define( 'AKISMET_VERSION', '4.1.1' );
+define( 'AKISMET_VERSION', '4.1.2' );
 define( 'AKISMET__MINIMUM_WP_VERSION', '4.0' );
 define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
 define( 'AKISMET_DELETE_LIMIT', 100000 );

wp-content/plugins/akismet/class.akismet-admin.php

@@ -390,9 +390,9 @@ class Akismet_Admin {
 		$comments_count = wp_count_comments();
 		
 		echo '</div>';
-		echo '<div class="alignleft">';
+		echo '<div class="alignleft actions">';
 		echo '<a
-				class="button-secondary checkforspam"
+				class="button-secondary checkforspam' . ( $comments_count->moderated == 0 ? ' button-disabled' : '' ) . '"
 				href="' . esc_url( $link ) . '"
 				data-active-label="' . esc_attr( __( 'Checking for Spam', 'akismet' ) ) . '"
 				data-progress-label-format="' . esc_attr( __( '(%1$s%)', 'akismet' ) ) . '"

wp-content/plugins/akismet/class.akismet.php

@@ -65,6 +65,11 @@ class Akismet {
 	}
 
 	public static function verify_key( $key, $ip = null ) {
+		// Shortcut for obviously invalid keys.
+		if ( strlen( $key ) != 12 ) {
+			return 'invalid';
+		}
+		
 		$response = self::check_key_status( $key, $ip );
 
 		if ( $response[1] != 'valid' && $response[1] != 'invalid' )
@@ -1178,6 +1183,10 @@ class Akismet {
 	}
 
 	public static function load_form_js() {
+		if ( function_exists( 'is_amp_endpoint' ) && is_amp_endpoint() ) {
+			return;
+		}
+
 		wp_register_script( 'akismet-form', plugin_dir_url( __FILE__ ) . '_inc/form.js', array(), AKISMET_VERSION, true );
 		wp_enqueue_script( 'akismet-form' );
 	}
@@ -1333,9 +1342,16 @@ p {
 		if ( !empty( $args[1] ) ) {
 			$post_id = url_to_postid( $args[1] );
 
-			// If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification
-			Akismet::pingback_forwarded_for( null, $args[0] );
-			add_filter( 'http_request_args', array( 'Akismet', 'pingback_forwarded_for' ), 10, 2 );
+			// If pingbacks aren't open on this post, we'll still check whether this request is part of a potential DDOS,
+			// but indicate to the server that pingbacks are indeed closed so we don't include this request in the user's stats,
+			// since the user has already done their part by disabling pingbacks.
+			$pingbacks_closed = false;
+			
+			$post = get_post( $post_id );
+			
+			if ( ! $post || ! pings_open( $post ) ) {
+				$pingbacks_closed = true;
+			}
 
 			$comment = array(
 				'comment_author_url' => $args[0],
@@ -1346,6 +1362,7 @@ p {
 				'comment_type' => 'pingback',
 				'akismet_pre_check' => '1',
 				'comment_pingback_target' => $args[1],
+				'pingbacks_closed' => $pingbacks_closed ? '1' : '0',
 			);
 
 			$comment = Akismet::auto_check_comment( $comment );
@@ -1357,28 +1374,6 @@ p {
 		}
 	}
 
-	public static function pingback_forwarded_for( $r, $url ) {
-		static $urls = array();
-	
-		// Call this with $r == null to prime the callback to add headers on a specific URL
-		if ( is_null( $r ) && !in_array( $url, $urls ) ) {
-			$urls[] = $url;
-		}
-
-		// Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source)
-		if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) {
-			$remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] );
-		
-			// Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use
-			$r['headers']['X-Pingback-Forwarded-For'] = $remote_ip;
-
-			// Also identify the request as a pingback verification in the UA string so it appears in logs
-			$r['user-agent'] .= '; verifying pingback from ' . $remote_ip;
-		}
-
-		return $r;
-	}
-	
 	/**
 	 * Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta.
 	 *

wp-content/plugins/akismet/readme.txt

@@ -2,8 +2,8 @@
 Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau
 Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments
 Requires at least: 4.0
-Tested up to: 5.1
-Stable tag: 4.1.1
+Tested up to: 5.2
+Stable tag: 4.1.2
 License: GPLv2 or later
 
 Akismet checks your comments and contact form submissions against our global database of spam to protect you and your site from malicious content.
@@ -30,6 +30,15 @@ Upload the Akismet plugin to your blog, Activate it, then enter your [Akismet.co
 
 == Changelog ==
 
+= 4.1.2 =
+*Release Date - 14 May 2019*
+
+* Fixed a conflict between the Akismet setup banner and other plugin notices.
+* Reduced the number of API requests made by the plugin when attempting to verify the API key.
+* Include additional data in the pingback pre-check API request to help make the stats more accurate.
+* Fixed a bug that was enabling the "Check for Spam" button when no comments were eligible to be checked.
+* Improved Akismet's AMP compatibility.
+
 = 4.1.1 =
 *Release Date - 31 January 2019*
 

wp-content/plugins/akismet/views/get.php

@@ -1,3 +1,9 @@
+<?php
+
+//phpcs:disable VariableAnalysis
+// There are "undefined" variables here because they're defined in the code that includes this file as a template.
+
+?>
 <form name="akismet_activate" action="https://akismet.com/get/" method="POST" target="_blank">
 	<input type="hidden" name="passback_url" value="<?php echo esc_url( Akismet_Admin::get_page_url() ); ?>"/>
 	<input type="hidden" name="blog" value="<?php echo esc_url( get_option( 'home' ) ); ?>"/>

wp-content/plugins/akismet/wrapper.php

@@ -206,7 +206,8 @@ function akismet_kill_proxy_check( $option ) {
 	return 0;
 }
 function akismet_pingback_forwarded_for( $r, $url ) {
-	return Akismet::pingback_forwarded_for( $r, $url );
+	// This functionality is now in core.
+	return false;
 }
 function akismet_pre_check_pingback( $method ) {
 	return Akismet::pre_check_pingback( $method );