WordPress 4.3
[autoinstalls/wordpress.git] / wp-content / plugins / akismet / class.akismet.php
1 <?php
2
3 class Akismet {
4         const API_HOST = 'rest.akismet.com';
5         const API_PORT = 80;
6         const MAX_DELAY_BEFORE_MODERATION_EMAIL = 86400; // One day in seconds
7
8         private static $last_comment = '';
9         private static $initiated = false;
10         private static $prevent_moderation_email_for_these_comments = array();
11         private static $last_comment_result = null;
12         private static $comment_as_submitted_allowed_keys = array( 'blog' => '', 'blog_charset' => '', 'blog_lang' => '', 'blog_ua' => '', 'comment_agent' => '', 'comment_author' => '', 'comment_author_IP' => '', 'comment_author_email' => '', 'comment_author_url' => '', 'comment_content' => '', 'comment_date_gmt' => '', 'comment_tags' => '', 'comment_type' => '', 'guid' => '', 'is_test' => '', 'permalink' => '', 'reporter' => '', 'site_domain' => '', 'submit_referer' => '', 'submit_uri' => '', 'user_ID' => '', 'user_agent' => '', 'user_id' => '', 'user_ip' => '' );
13
14         public static function init() {
15                 if ( ! self::$initiated ) {
16                         self::init_hooks();
17                 }
18         }
19
20         /**
21          * Initializes WordPress hooks
22          */
23         private static function init_hooks() {
24                 self::$initiated = true;
25
26                 add_action( 'wp_insert_comment', array( 'Akismet', 'auto_check_update_meta' ), 10, 2 );
27                 add_filter( 'preprocess_comment', array( 'Akismet', 'auto_check_comment' ), 1 );
28                 add_action( 'akismet_scheduled_delete', array( 'Akismet', 'delete_old_comments' ) );
29                 add_action( 'akismet_scheduled_delete', array( 'Akismet', 'delete_old_comments_meta' ) );
30                 add_action( 'akismet_schedule_cron_recheck', array( 'Akismet', 'cron_recheck' ) );
31
32                 $akismet_comment_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) );
33
34                 if ( $akismet_comment_nonce_option == 'true' || $akismet_comment_nonce_option == '' )
35                         add_action( 'comment_form',  array( 'Akismet',  'add_comment_nonce' ), 1 );
36
37                 add_action( 'admin_head-edit-comments.php', array( 'Akismet', 'load_form_js' ) );
38                 add_action( 'comment_form', array( 'Akismet', 'load_form_js' ) );
39                 add_action( 'comment_form', array( 'Akismet', 'inject_ak_js' ) );
40
41                 add_filter( 'comment_moderation_recipients', array( 'Akismet', 'disable_moderation_emails_if_unreachable' ), 1000, 2 );
42                 add_filter( 'pre_comment_approved', array( 'Akismet', 'last_comment_status' ), 10, 2 );
43                 
44                 add_action( 'transition_comment_status', array( 'Akismet', 'transition_comment_status' ), 10, 3 );
45
46                 // Run this early in the pingback call, before doing a remote fetch of the source uri
47                 add_action( 'xmlrpc_call', array( 'Akismet', 'pre_check_pingback' ) );
48
49                 if ( '3.0.5' == $GLOBALS['wp_version'] ) {
50                         remove_filter( 'comment_text', 'wp_kses_data' );
51                         if ( is_admin() )
52                                 add_filter( 'comment_text', 'wp_kses_post' );
53                 }
54         }
55
56         public static function get_api_key() {
57                 return apply_filters( 'akismet_get_api_key', defined('WPCOM_API_KEY') ? constant('WPCOM_API_KEY') : get_option('wordpress_api_key') );
58         }
59
60         public static function check_key_status( $key, $ip = null ) {
61                 return self::http_post( Akismet::build_query( array( 'key' => $key, 'blog' => get_option('home') ) ), 'verify-key', $ip );
62         }
63
64         public static function verify_key( $key, $ip = null ) {
65                 $response = self::check_key_status( $key, $ip );
66
67                 if ( $response[1] != 'valid' && $response[1] != 'invalid' )
68                         return 'failed';
69
70                 return $response[1];
71         }
72
73         public static function deactivate_key( $key ) {
74                 $response = self::http_post( Akismet::build_query( array( 'key' => $key, 'blog' => get_option('home') ) ), 'deactivate' );
75
76                 if ( $response[1] != 'deactivated' )
77                         return 'failed';
78
79                 return $response[1];
80         }
81
82         public static function auto_check_comment( $commentdata ) {
83                 self::$last_comment_result = null;
84
85                 $comment = $commentdata;
86
87                 $comment['user_ip']      = self::get_ip_address();
88                 $comment['user_agent']   = self::get_user_agent();
89                 $comment['referrer']     = self::get_referer();
90                 $comment['blog']         = get_option('home');
91                 $comment['blog_lang']    = get_locale();
92                 $comment['blog_charset'] = get_option('blog_charset');
93                 $comment['permalink']    = get_permalink( $comment['comment_post_ID'] );
94
95                 if ( !empty( $comment['user_ID'] ) )
96                         $comment['user_role'] = Akismet::get_user_roles( $comment['user_ID'] );
97
98                 $akismet_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) );
99                 $comment['akismet_comment_nonce'] = 'inactive';
100                 if ( $akismet_nonce_option == 'true' || $akismet_nonce_option == '' ) {
101                         $comment['akismet_comment_nonce'] = 'failed';
102                         if ( isset( $_POST['akismet_comment_nonce'] ) && wp_verify_nonce( $_POST['akismet_comment_nonce'], 'akismet_comment_nonce_' . $comment['comment_post_ID'] ) )
103                                 $comment['akismet_comment_nonce'] = 'passed';
104
105                         // comment reply in wp-admin
106                         if ( isset( $_POST['_ajax_nonce-replyto-comment'] ) && check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ) )
107                                 $comment['akismet_comment_nonce'] = 'passed';
108
109                 }
110
111                 if ( self::is_test_mode() )
112                         $comment['is_test'] = 'true';
113
114                 foreach( $_POST as $key => $value ) {
115                         if ( is_string( $value ) )
116                                 $comment["POST_{$key}"] = $value;
117                 }
118
119                 $ignore = array( 'HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW' );
120
121                 foreach ( $_SERVER as $key => $value ) {
122                         if ( !in_array( $key, $ignore ) && is_string($value) )
123                                 $comment["$key"] = $value;
124                         else
125                                 $comment["$key"] = '';
126                 }
127
128                 $post = get_post( $comment['comment_post_ID'] );
129                 $comment[ 'comment_post_modified_gmt' ] = $post->post_modified_gmt;
130
131                 $response = self::http_post( Akismet::build_query( $comment ), 'comment-check' );
132
133                 do_action( 'akismet_comment_check_response', $response );
134
135                 $commentdata['comment_as_submitted'] = array_intersect_key( $comment, self::$comment_as_submitted_allowed_keys );
136                 $commentdata['akismet_result']       = $response[1];
137
138                 if ( isset( $response[0]['x-akismet-pro-tip'] ) )
139                 $commentdata['akismet_pro_tip'] = $response[0]['x-akismet-pro-tip'];
140
141                 if ( isset( $response[0]['x-akismet-error'] ) ) {
142                         // An error occurred that we anticipated (like a suspended key) and want the user to act on.
143                         // Send to moderation.
144                         self::$last_comment_result = '0';
145                 }
146                 else if ( 'true' == $response[1] ) {
147                         // akismet_spam_count will be incremented later by comment_is_spam()
148                         self::$last_comment_result = 'spam';
149
150                         $discard = ( isset( $commentdata['akismet_pro_tip'] ) && $commentdata['akismet_pro_tip'] === 'discard' && self::allow_discard() );
151
152                         do_action( 'akismet_spam_caught', $discard );
153
154                         if ( $discard ) {
155                                 // akismet_result_spam() won't be called so bump the counter here
156                                 if ( $incr = apply_filters('akismet_spam_count_incr', 1) )
157                                         update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr );
158                                 $redirect_to = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : get_permalink( $post );
159                                 wp_safe_redirect( esc_url_raw( $redirect_to ) );
160                                 die();
161                         }
162                 }
163                 
164                 // if the response is neither true nor false, hold the comment for moderation and schedule a recheck
165                 if ( 'true' != $response[1] && 'false' != $response[1] ) {
166                         if ( !current_user_can('moderate_comments') ) {
167                                 // Comment status should be moderated
168                                 self::$last_comment_result = '0';
169                         }
170                         if ( function_exists('wp_next_scheduled') && function_exists('wp_schedule_single_event') ) {
171                                 if ( !wp_next_scheduled( 'akismet_schedule_cron_recheck' ) ) {
172                                         wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' );
173                                         do_action( 'akismet_scheduled_recheck', 'invalid-response-' . $response[1] );
174                                 }
175                         }
176
177                         self::$prevent_moderation_email_for_these_comments[] = $commentdata;
178                 }
179
180                 if ( function_exists('wp_next_scheduled') && function_exists('wp_schedule_event') ) {
181                         // WP 2.1+: delete old comments daily
182                         if ( !wp_next_scheduled( 'akismet_scheduled_delete' ) )
183                                 wp_schedule_event( time(), 'daily', 'akismet_scheduled_delete' );
184                 }
185                 elseif ( (mt_rand(1, 10) == 3) ) {
186                         // WP 2.0: run this one time in ten
187                         self::delete_old_comments();
188                 }
189                 
190                 self::set_last_comment( $commentdata );
191                 self::fix_scheduled_recheck();
192
193                 return $commentdata;
194         }
195         
196         public static function get_last_comment() {
197                 return self::$last_comment;
198         }
199         
200         public static function set_last_comment( $comment ) {
201                 if ( is_null( $comment ) ) {
202                         self::$last_comment = null;
203                 }
204                 else {
205                         // We filter it here so that it matches the filtered comment data that we'll have to compare against later.
206                         // wp_filter_comment expects comment_author_IP
207                         self::$last_comment = wp_filter_comment(
208                                 array_merge(
209                                         array( 'comment_author_IP' => self::get_ip_address() ),
210                                         $comment
211                                 )
212                         );
213                 }
214         }
215
216         // this fires on wp_insert_comment.  we can't update comment_meta when auto_check_comment() runs
217         // because we don't know the comment ID at that point.
218         public static function auto_check_update_meta( $id, $comment ) {
219
220                 // failsafe for old WP versions
221                 if ( !function_exists('add_comment_meta') )
222                         return false;
223
224                 if ( !isset( self::$last_comment['comment_author_email'] ) )
225                         self::$last_comment['comment_author_email'] = '';
226
227                 // wp_insert_comment() might be called in other contexts, so make sure this is the same comment
228                 // as was checked by auto_check_comment
229                 if ( is_object( $comment ) && !empty( self::$last_comment ) && is_array( self::$last_comment ) ) {
230                         if ( self::matches_last_comment( $comment ) ) {
231                                         
232                                         load_plugin_textdomain( 'akismet' );
233                                         
234                                         // normal result: true or false
235                                         if ( self::$last_comment['akismet_result'] == 'true' ) {
236                                                 update_comment_meta( $comment->comment_ID, 'akismet_result', 'true' );
237                                                 self::update_comment_history( $comment->comment_ID, '', 'check-spam' );
238                                                 if ( $comment->comment_approved != 'spam' )
239                                                         self::update_comment_history(
240                                                                 $comment->comment_ID,
241                                                                 '',
242                                                                 'status-changed-'.$comment->comment_approved
243                                                         );
244                                         }
245                                         elseif ( self::$last_comment['akismet_result'] == 'false' ) {
246                                                 update_comment_meta( $comment->comment_ID, 'akismet_result', 'false' );
247                                                 self::update_comment_history( $comment->comment_ID, '', 'check-ham' );
248                                                 if ( $comment->comment_approved == 'spam' ) {
249                                                         if ( wp_blacklist_check($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent) )
250                                                                 self::update_comment_history( $comment->comment_ID, '', 'wp-blacklisted' );
251                                                         else
252                                                                 self::update_comment_history( $comment->comment_ID, '', 'status-changed-'.$comment->comment_approved );
253                                                 }
254                                         } // abnormal result: error
255                                         else {
256                                                 update_comment_meta( $comment->comment_ID, 'akismet_error', time() );
257                                                 self::update_comment_history(
258                                                         $comment->comment_ID,
259                                                         '',
260                                                         'check-error',
261                                                         array( 'response' => substr( self::$last_comment['akismet_result'], 0, 50 ) )
262                                                 );
263                                         }
264
265                                         // record the complete original data as submitted for checking
266                                         if ( isset( self::$last_comment['comment_as_submitted'] ) )
267                                                 update_comment_meta( $comment->comment_ID, 'akismet_as_submitted', self::$last_comment['comment_as_submitted'] );
268
269                                         if ( isset( self::$last_comment['akismet_pro_tip'] ) )
270                                                 update_comment_meta( $comment->comment_ID, 'akismet_pro_tip', self::$last_comment['akismet_pro_tip'] );
271                         }
272                 }
273         }
274
275         public static function delete_old_comments() {
276                 global $wpdb;
277
278                 /**
279                  * Determines how many comments will be deleted in each batch.
280                  *
281                  * @param int The default, as defined by AKISMET_DELETE_LIMIT.
282                  */
283                 $delete_limit = apply_filters( 'akismet_delete_comment_limit', defined( 'AKISMET_DELETE_LIMIT' ) ? AKISMET_DELETE_LIMIT : 10000 );
284                 $delete_limit = max( 1, intval( $delete_limit ) );
285
286                 /**
287                  * Determines how many days a comment will be left in the Spam queue before being deleted.
288                  *
289                  * @param int The default number of days.
290                  */
291                 $delete_interval = apply_filters( 'akismet_delete_comment_interval', 15 );
292                 $delete_interval = max( 1, intval( $delete_interval ) );
293
294                 while ( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_id FROM {$wpdb->comments} WHERE DATE_SUB(NOW(), INTERVAL %d DAY) > comment_date_gmt AND comment_approved = 'spam' LIMIT %d", $delete_interval, $delete_limit ) ) ) {
295                         if ( empty( $comment_ids ) )
296                                 return;
297
298                         $wpdb->queries = array();
299
300                         foreach ( $comment_ids as $comment_id ) {
301                                 do_action( 'delete_comment', $comment_id );
302                         }
303
304                         $comma_comment_ids = implode( ', ', array_map('intval', $comment_ids) );
305
306                         $wpdb->query("DELETE FROM {$wpdb->comments} WHERE comment_id IN ( $comma_comment_ids )");
307                         $wpdb->query("DELETE FROM {$wpdb->commentmeta} WHERE comment_id IN ( $comma_comment_ids )");
308
309                         clean_comment_cache( $comment_ids );
310                 }
311
312                 if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11), $wpdb->comments ) ) // lucky number
313                         $wpdb->query("OPTIMIZE TABLE {$wpdb->comments}");
314         }
315
316         public static function delete_old_comments_meta() {
317                 global $wpdb;
318
319                 $interval = apply_filters( 'akismet_delete_commentmeta_interval', 15 );
320
321                 # enfore a minimum of 1 day
322                 $interval = absint( $interval );
323                 if ( $interval < 1 )
324                         $interval = 1;
325
326                 // akismet_as_submitted meta values are large, so expire them
327                 // after $interval days regardless of the comment status
328                 while ( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT m.comment_id FROM {$wpdb->commentmeta} as m INNER JOIN {$wpdb->comments} as c USING(comment_id) WHERE m.meta_key = 'akismet_as_submitted' AND DATE_SUB(NOW(), INTERVAL %d DAY) > c.comment_date_gmt LIMIT 10000", $interval ) ) ) {
329                         if ( empty( $comment_ids ) )
330                                 return;
331
332                         $wpdb->queries = array();
333
334                         foreach ( $comment_ids as $comment_id ) {
335                                 delete_comment_meta( $comment_id, 'akismet_as_submitted' );
336                         }
337                 }
338
339                 if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11), $wpdb->commentmeta ) ) // lucky number
340                         $wpdb->query("OPTIMIZE TABLE {$wpdb->commentmeta}");
341         }
342
343         // how many approved comments does this author have?
344         public static function get_user_comments_approved( $user_id, $comment_author_email, $comment_author, $comment_author_url ) {
345                 global $wpdb;
346
347                 if ( !empty( $user_id ) )
348                         return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->comments} WHERE user_id = %d AND comment_approved = 1", $user_id ) );
349
350                 if ( !empty( $comment_author_email ) )
351                         return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->comments} WHERE comment_author_email = %s AND comment_author = %s AND comment_author_url = %s AND comment_approved = 1", $comment_author_email, $comment_author, $comment_author_url ) );
352
353                 return 0;
354         }
355
356         // get the full comment history for a given comment, as an array in reverse chronological order
357         public static function get_comment_history( $comment_id ) {
358
359                 // failsafe for old WP versions
360                 if ( !function_exists('add_comment_meta') )
361                         return false;
362
363                 $history = get_comment_meta( $comment_id, 'akismet_history', false );
364                 usort( $history, array( 'Akismet', '_cmp_time' ) );
365                 return $history;
366         }
367
368         /**
369          * Log an event for a given comment, storing it in comment_meta.
370          *
371          * @param int $comment_id The ID of the relevant comment.
372          * @param string $message The string description of the event. No longer used.
373          * @param string $event The event code.
374          * @param array $meta Metadata about the history entry. e.g., the user that reported or changed the status of a given comment.
375          */
376         public static function update_comment_history( $comment_id, $message, $event=null, $meta=null ) {
377                 global $current_user;
378
379                 // failsafe for old WP versions
380                 if ( !function_exists('add_comment_meta') )
381                         return false;
382
383                 $user = '';
384
385                 $event = array(
386                         'time'    => self::_get_microtime(),
387                         'event'   => $event,
388                 );
389                 
390                 if ( is_object( $current_user ) && isset( $current_user->user_login ) ) {
391                         $event['user'] = $current_user->user_login;
392                 }
393                 
394                 if ( ! empty( $meta ) ) {
395                         $event['meta'] = $meta;
396                 }
397
398                 // $unique = false so as to allow multiple values per comment
399                 $r = add_comment_meta( $comment_id, 'akismet_history', $event, false );
400         }
401
402         public static function check_db_comment( $id, $recheck_reason = 'recheck_queue' ) {
403                 global $wpdb;
404
405                 $c = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->comments} WHERE comment_ID = %d", $id ), ARRAY_A );
406                 if ( !$c )
407                         return;
408
409                 $c['user_ip']        = $c['comment_author_IP'];
410                 $c['user_agent']     = $c['comment_agent'];
411                 $c['referrer']       = '';
412                 $c['blog']           = get_option('home');
413                 $c['blog_lang']      = get_locale();
414                 $c['blog_charset']   = get_option('blog_charset');
415                 $c['permalink']      = get_permalink($c['comment_post_ID']);
416                 $c['recheck_reason'] = $recheck_reason;
417
418                 if ( self::is_test_mode() )
419                         $c['is_test'] = 'true';
420
421                 $response = self::http_post( Akismet::build_query( $c ), 'comment-check' );
422
423                 return ( is_array( $response ) && ! empty( $response[1] ) ) ? $response[1] : false;
424         }
425         
426         
427
428         public static function transition_comment_status( $new_status, $old_status, $comment ) {
429                 
430                 if ( $new_status == $old_status )
431                         return;
432
433                 # we don't need to record a history item for deleted comments
434                 if ( $new_status == 'delete' )
435                         return;
436                 
437                 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
438                         return;
439
440                 if ( defined('WP_IMPORTING') && WP_IMPORTING == true )
441                         return;
442                         
443                 // if this is present, it means the status has been changed by a re-check, not an explicit user action
444                 if ( get_comment_meta( $comment->comment_ID, 'akismet_rechecking' ) )
445                         return;
446                 
447                 global $current_user;
448                 $reporter = '';
449                 if ( is_object( $current_user ) )
450                         $reporter = $current_user->user_login;
451
452                 // Assumption alert:
453                 // We want to submit comments to Akismet only when a moderator explicitly spams or approves it - not if the status
454                 // is changed automatically by another plugin.  Unfortunately WordPress doesn't provide an unambiguous way to
455                 // determine why the transition_comment_status action was triggered.  And there are several different ways by which
456                 // to spam and unspam comments: bulk actions, ajax, links in moderation emails, the dashboard, and perhaps others.
457                 // We'll assume that this is an explicit user action if certain POST/GET variables exist.
458                 if ( ( isset( $_POST['status'] ) && in_array( $_POST['status'], array( 'spam', 'unspam' ) ) ) ||
459                          ( isset( $_POST['spam'] )   && (int) $_POST['spam'] == 1 ) ||
460                          ( isset( $_POST['unspam'] ) && (int) $_POST['unspam'] == 1 ) ||
461                          ( isset( $_POST['comment_status'] )  && in_array( $_POST['comment_status'], array( 'spam', 'unspam' ) ) ) ||
462                          ( isset( $_GET['action'] )  && in_array( $_GET['action'], array( 'spam', 'unspam' ) ) ) ||
463                          ( isset( $_POST['action'] ) && in_array( $_POST['action'], array( 'editedcomment' ) ) )
464                  ) {
465                         if ( $new_status == 'spam' && ( $old_status == 'approved' || $old_status == 'unapproved' || !$old_status ) ) {
466                                 return self::submit_spam_comment( $comment->comment_ID );
467                         } elseif ( $old_status == 'spam' && ( $new_status == 'approved' || $new_status == 'unapproved' ) ) {
468                                 return self::submit_nonspam_comment( $comment->comment_ID );
469                         }
470                 }
471
472                 self::update_comment_history( $comment->comment_ID, '', 'status-' . $new_status );
473         }
474         
475         public static function submit_spam_comment( $comment_id ) {
476                 global $wpdb, $current_user, $current_site;
477
478                 $comment_id = (int) $comment_id;
479
480                 $comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->comments} WHERE comment_ID = %d", $comment_id ) );
481
482                 if ( !$comment ) // it was deleted
483                         return;
484
485                 if ( 'spam' != $comment->comment_approved )
486                         return;
487
488                 // use the original version stored in comment_meta if available
489                 $as_submitted = self::sanitize_comment_as_submitted( get_comment_meta( $comment_id, 'akismet_as_submitted', true ) );
490
491                 if ( $as_submitted && is_array( $as_submitted ) && isset( $as_submitted['comment_content'] ) )
492                         $comment = (object) array_merge( (array)$comment, $as_submitted );
493
494                 $comment->blog         = get_bloginfo('url');
495                 $comment->blog_lang    = get_locale();
496                 $comment->blog_charset = get_option('blog_charset');
497                 $comment->permalink    = get_permalink($comment->comment_post_ID);
498
499                 if ( is_object($current_user) )
500                         $comment->reporter = $current_user->user_login;
501
502                 if ( is_object($current_site) )
503                         $comment->site_domain = $current_site->domain;
504
505                 $comment->user_role = '';
506                 if ( isset( $comment->user_ID ) )
507                         $comment->user_role = Akismet::get_user_roles( $comment->user_ID );
508
509                 if ( self::is_test_mode() )
510                         $comment->is_test = 'true';
511
512                 $post = get_post( $comment->comment_post_ID );
513                 $comment->comment_post_modified_gmt = $post->post_modified_gmt;
514
515                 $response = Akismet::http_post( Akismet::build_query( $comment ), 'submit-spam' );
516                 if ( $comment->reporter ) {
517                         self::update_comment_history( $comment_id, '', 'report-spam' );
518                         update_comment_meta( $comment_id, 'akismet_user_result', 'true' );
519                         update_comment_meta( $comment_id, 'akismet_user', $comment->reporter );
520                 }
521
522                 do_action('akismet_submit_spam_comment', $comment_id, $response[1]);
523         }
524
525         public static function submit_nonspam_comment( $comment_id ) {
526                 global $wpdb, $current_user, $current_site;
527
528                 $comment_id = (int) $comment_id;
529
530                 $comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->comments} WHERE comment_ID = %d", $comment_id ) );
531                 if ( !$comment ) // it was deleted
532                         return;
533
534                 // use the original version stored in comment_meta if available
535                 $as_submitted = self::sanitize_comment_as_submitted( get_comment_meta( $comment_id, 'akismet_as_submitted', true ) );
536
537                 if ( $as_submitted && is_array($as_submitted) && isset($as_submitted['comment_content']) )
538                         $comment = (object) array_merge( (array)$comment, $as_submitted );
539
540                 $comment->blog         = get_bloginfo('url');
541                 $comment->blog_lang    = get_locale();
542                 $comment->blog_charset = get_option('blog_charset');
543                 $comment->permalink    = get_permalink( $comment->comment_post_ID );
544                 $comment->user_role    = '';
545
546                 if ( is_object($current_user) )
547                         $comment->reporter = $current_user->user_login;
548
549                 if ( is_object($current_site) )
550                         $comment->site_domain = $current_site->domain;
551
552                 if ( isset( $comment->user_ID ) )
553                         $comment->user_role = Akismet::get_user_roles($comment->user_ID);
554
555                 if ( Akismet::is_test_mode() )
556                         $comment->is_test = 'true';
557
558                 $post = get_post( $comment->comment_post_ID );
559                 $comment->comment_post_modified_gmt = $post->post_modified_gmt;
560
561                 $response = self::http_post( Akismet::build_query( $comment ), 'submit-ham' );
562                 if ( $comment->reporter ) {
563                         self::update_comment_history( $comment_id, '', 'report-ham' );
564                         update_comment_meta( $comment_id, 'akismet_user_result', 'false' );
565                         update_comment_meta( $comment_id, 'akismet_user', $comment->reporter );
566                 }
567
568                 do_action('akismet_submit_nonspam_comment', $comment_id, $response[1]);
569         }
570
571         public static function cron_recheck() {
572                 global $wpdb;
573
574                 $api_key = self::get_api_key();
575
576                 $status = self::verify_key( $api_key );
577                 if ( get_option( 'akismet_alert_code' ) || $status == 'invalid' ) {
578                         // since there is currently a problem with the key, reschedule a check for 6 hours hence
579                         wp_schedule_single_event( time() + 21600, 'akismet_schedule_cron_recheck' );
580                         do_action( 'akismet_scheduled_recheck', 'key-problem-' . get_option( 'akismet_alert_code' ) . '-' . $status );
581                         return false;
582                 }
583
584                 delete_option('akismet_available_servers');
585
586                 $comment_errors = $wpdb->get_col( "SELECT comment_id FROM {$wpdb->commentmeta} WHERE meta_key = 'akismet_error' LIMIT 100" );
587                 
588                 load_plugin_textdomain( 'akismet' );
589
590                 foreach ( (array) $comment_errors as $comment_id ) {
591                         // if the comment no longer exists, or is too old, remove the meta entry from the queue to avoid getting stuck
592                         $comment = get_comment( $comment_id );
593                         if ( !$comment || strtotime( $comment->comment_date_gmt ) < strtotime( "-15 days" ) ) {
594                                 delete_comment_meta( $comment_id, 'akismet_error' );
595                                 delete_comment_meta( $comment_id, 'akismet_delayed_moderation_email' );
596                                 continue;
597                         }
598
599                         add_comment_meta( $comment_id, 'akismet_rechecking', true );
600                         $status = self::check_db_comment( $comment_id, 'retry' );
601
602                         $event = '';
603                         if ( $status == 'true' ) {
604                                 $event = 'cron-retry-spam';
605                         } elseif ( $status == 'false' ) {
606                                 $event = 'cron-retry-ham';
607                         }
608
609                         // If we got back a legit response then update the comment history
610                         // other wise just bail now and try again later.  No point in
611                         // re-trying all the comments once we hit one failure.
612                         if ( !empty( $event ) ) {
613                                 delete_comment_meta( $comment_id, 'akismet_error' );
614                                 self::update_comment_history( $comment_id, '', $event );
615                                 update_comment_meta( $comment_id, 'akismet_result', $status );
616                                 // make sure the comment status is still pending.  if it isn't, that means the user has already moved it elsewhere.
617                                 $comment = get_comment( $comment_id );
618                                 if ( $comment && 'unapproved' == wp_get_comment_status( $comment_id ) ) {
619                                         if ( $status == 'true' ) {
620                                                 wp_spam_comment( $comment_id );
621                                         } elseif ( $status == 'false' ) {
622                                                 // comment is good, but it's still in the pending queue.  depending on the moderation settings
623                                                 // we may need to change it to approved.
624                                                 if ( check_comment($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent, $comment->comment_type) )
625                                                         wp_set_comment_status( $comment_id, 1 );
626                                                 else if ( get_comment_meta( $comment_id, 'akismet_delayed_moderation_email', true ) )
627                                                         wp_notify_moderator( $comment_id );
628                                         }
629                                 }
630                                 
631                                 delete_comment_meta( $comment_id, 'akismet_delayed_moderation_email' );
632                         } else {
633                                 // If this comment has been pending moderation for longer than MAX_DELAY_BEFORE_MODERATION_EMAIL,
634                                 // send a moderation email now.
635                                 if ( ( intval( gmdate( 'U' ) ) - strtotime( $comment->comment_date_gmt ) ) < self::MAX_DELAY_BEFORE_MODERATION_EMAIL ) {
636                                         delete_comment_meta( $comment_id, 'akismet_delayed_moderation_email' );
637                                         wp_notify_moderator( $comment_id );
638                                 }
639
640                                 delete_comment_meta( $comment_id, 'akismet_rechecking' );
641                                 wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' );
642                                 do_action( 'akismet_scheduled_recheck', 'check-db-comment-' . $status );
643                                 return;
644                         }
645                         delete_comment_meta( $comment_id, 'akismet_rechecking' );
646                 }
647
648                 $remaining = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->commentmeta} WHERE meta_key = 'akismet_error'" );
649                 if ( $remaining && !wp_next_scheduled('akismet_schedule_cron_recheck') ) {
650                         wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' );
651                         do_action( 'akismet_scheduled_recheck', 'remaining' );
652                 }
653         }
654
655         public static function fix_scheduled_recheck() {
656                 $future_check = wp_next_scheduled( 'akismet_schedule_cron_recheck' );
657                 if ( !$future_check ) {
658                         return;
659                 }
660
661                 if ( get_option( 'akismet_alert_code' ) > 0 ) {
662                         return;
663                 }
664
665                 $check_range = time() + 1200;
666                 if ( $future_check > $check_range ) {
667                         wp_clear_scheduled_hook( 'akismet_schedule_cron_recheck' );
668                         wp_schedule_single_event( time() + 300, 'akismet_schedule_cron_recheck' );
669                         do_action( 'akismet_scheduled_recheck', 'fix-scheduled-recheck' );
670                 }
671         }
672
673         public static function add_comment_nonce( $post_id ) {
674                 echo '<p style="display: none;">';
675                 wp_nonce_field( 'akismet_comment_nonce_' . $post_id, 'akismet_comment_nonce', FALSE );
676                 echo '</p>';
677         }
678
679         public static function is_test_mode() {
680                 return defined('AKISMET_TEST_MODE') && AKISMET_TEST_MODE;
681         }
682         
683         public static function allow_discard() {
684                 if ( defined( 'DOING_AJAX' ) && DOING_AJAX )
685                         return false;
686                 if ( is_user_logged_in() )
687                         return false;
688         
689                 return ( get_option( 'akismet_strictness' ) === '1'  );
690         }
691
692         public static function get_ip_address() {
693                 return isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null;
694         }
695         
696         /**
697          * Do these two comments, without checking the comment_ID, "match"?
698          *
699          * @param mixed $comment1 A comment object or array.
700          * @param mixed $comment2 A comment object or array.
701          * @return bool Whether the two comments should be treated as the same comment.
702          */
703         private static function comments_match( $comment1, $comment2 ) {
704                 $comment1 = (array) $comment1;
705                 $comment2 = (array) $comment2;
706                 
707                 return (
708                            isset( $comment1['comment_post_ID'], $comment2['comment_post_ID'] )
709                         && intval( $comment1['comment_post_ID'] ) == intval( $comment2['comment_post_ID'] )
710                         && (
711                                 $comment1['comment_author'] == $comment2['comment_author']
712                                 || stripslashes( $comment1['comment_author'] ) == $comment2['comment_author']
713                                 || $comment1['comment_author'] == stripslashes( $comment2['comment_author'] )
714                                 )
715                         && (
716                                 $comment1['comment_author_email'] == $comment2['comment_author_email']
717                                 || stripslashes( $comment1['comment_author_email'] ) == $comment2['comment_author_email']
718                                 || $comment1['comment_author_email'] == stripslashes( $comment2['comment_author_email'] )
719                         )
720                 );
721         }
722         
723         // Does the supplied comment match the details of the one most recently stored in self::$last_comment?
724         public static function matches_last_comment( $comment ) {
725                 if ( is_object( $comment ) )
726                         $comment = (array) $comment;
727
728                 return self::comments_match( self::$last_comment, $comment );
729         }
730
731         private static function get_user_agent() {
732                 return isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : null;
733         }
734
735         private static function get_referer() {
736                 return isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : null;
737         }
738
739         // return a comma-separated list of role names for the given user
740         public static function get_user_roles( $user_id ) {
741                 $roles = false;
742
743                 if ( !class_exists('WP_User') )
744                         return false;
745
746                 if ( $user_id > 0 ) {
747                         $comment_user = new WP_User( $user_id );
748                         if ( isset( $comment_user->roles ) )
749                                 $roles = join( ',', $comment_user->roles );
750                 }
751
752                 if ( is_multisite() && is_super_admin( $user_id ) ) {
753                         if ( empty( $roles ) ) {
754                                 $roles = 'super_admin';
755                         } else {
756                                 $comment_user->roles[] = 'super_admin';
757                                 $roles = join( ',', $comment_user->roles );
758                         }
759                 }
760
761                 return $roles;
762         }
763
764         // filter handler used to return a spam result to pre_comment_approved
765         public static function last_comment_status( $approved, $comment ) {
766                 // Only do this if it's the correct comment
767                 if ( is_null(self::$last_comment_result) || ! self::matches_last_comment( $comment ) ) {
768                         self::log( "comment_is_spam mismatched comment, returning unaltered $approved" );
769                         return $approved;
770                 }
771
772                 // bump the counter here instead of when the filter is added to reduce the possibility of overcounting
773                 if ( $incr = apply_filters('akismet_spam_count_incr', 1) )
774                         update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr );
775
776                 return self::$last_comment_result;
777         }
778         
779         /**
780          * If Akismet is temporarily unreachable, we don't want to "spam" the blogger with
781          * moderation emails for comments that will be automatically cleared or spammed on
782          * the next retry.
783          *
784          * For comments that will be rechecked later, empty the list of email addresses that
785          * the moderation email would be sent to.
786          *
787          * @param array $emails An array of email addresses that the moderation email will be sent to.
788          * @param int $comment_id The ID of the relevant comment.
789          * @return array An array of email addresses that the moderation email will be sent to.
790          */
791         public static function disable_moderation_emails_if_unreachable( $emails, $comment_id ) {
792                 if ( ! empty( self::$prevent_moderation_email_for_these_comments ) && ! empty( $emails ) ) {
793                         $comment = get_comment( $comment_id );
794
795                         foreach ( self::$prevent_moderation_email_for_these_comments as $possible_match ) {
796                                 if ( self::comments_match( $possible_match, $comment ) ) {
797                                         update_comment_meta( $comment_id, 'akismet_delayed_moderation_email', true );
798                                         return array();
799                                 }
800                         }
801                 }
802
803                 return $emails;
804         }
805
806         public static function _cmp_time( $a, $b ) {
807                 return $a['time'] > $b['time'] ? -1 : 1;
808         }
809
810         public static function _get_microtime() {
811                 $mtime = explode( ' ', microtime() );
812                 return $mtime[1] + $mtime[0];
813         }
814
815         /**
816          * Make a POST request to the Akismet API.
817          *
818          * @param string $request The body of the request.
819          * @param string $path The path for the request.
820          * @param string $ip The specific IP address to hit.
821          * @return array A two-member array consisting of the headers and the response body, both empty in the case of a failure.
822          */
823         public static function http_post( $request, $path, $ip=null ) {
824
825                 $akismet_ua = sprintf( 'WordPress/%s | Akismet/%s', $GLOBALS['wp_version'], constant( 'AKISMET_VERSION' ) );
826                 $akismet_ua = apply_filters( 'akismet_ua', $akismet_ua );
827
828                 $content_length = strlen( $request );
829
830                 $api_key   = self::get_api_key();
831                 $host      = self::API_HOST;
832
833                 if ( !empty( $api_key ) )
834                         $host = $api_key.'.'.$host;
835
836                 $http_host = $host;
837                 // use a specific IP if provided
838                 // needed by Akismet_Admin::check_server_connectivity()
839                 if ( $ip && long2ip( ip2long( $ip ) ) ) {
840                         $http_host = $ip;
841                 }
842
843                 $http_args = array(
844                         'body' => $request,
845                         'headers' => array(
846                                 'Content-Type' => 'application/x-www-form-urlencoded; charset=' . get_option( 'blog_charset' ),
847                                 'Host' => $host,
848                                 'User-Agent' => $akismet_ua,
849                         ),
850                         'httpversion' => '1.0',
851                         'timeout' => 15
852                 );
853
854                 $akismet_url = $http_akismet_url = "http://{$http_host}/1.1/{$path}";
855
856                 /**
857                  * Try SSL first; if that fails, try without it and don't try it again for a while.
858                  */
859
860                 $ssl = $ssl_failed = false;
861
862                 // Check if SSL requests were disabled fewer than X hours ago.
863                 $ssl_disabled = get_option( 'akismet_ssl_disabled' );
864
865                 if ( $ssl_disabled && $ssl_disabled < ( time() - 60 * 60 * 24 ) ) { // 24 hours
866                         $ssl_disabled = false;
867                         delete_option( 'akismet_ssl_disabled' );
868                 }
869                 else if ( $ssl_disabled ) {
870                         do_action( 'akismet_ssl_disabled' );
871                 }
872
873                 if ( ! $ssl_disabled && function_exists( 'wp_http_supports') && ( $ssl = wp_http_supports( array( 'ssl' ) ) ) ) {
874                         $akismet_url = set_url_scheme( $akismet_url, 'https' );
875
876                         do_action( 'akismet_https_request_pre' );
877                 }
878
879                 $response = wp_remote_post( $akismet_url, $http_args );
880
881                 Akismet::log( compact( 'akismet_url', 'http_args', 'response' ) );
882
883                 if ( $ssl && is_wp_error( $response ) ) {
884                         do_action( 'akismet_https_request_failure', $response );
885
886                         // Intermittent connection problems may cause the first HTTPS
887                         // request to fail and subsequent HTTP requests to succeed randomly.
888                         // Retry the HTTPS request once before disabling SSL for a time.
889                         $response = wp_remote_post( $akismet_url, $http_args );
890                         
891                         Akismet::log( compact( 'akismet_url', 'http_args', 'response' ) );
892
893                         if ( is_wp_error( $response ) ) {
894                                 $ssl_failed = true;
895
896                                 do_action( 'akismet_https_request_failure', $response );
897
898                                 do_action( 'akismet_http_request_pre' );
899
900                                 // Try the request again without SSL.
901                                 $response = wp_remote_post( $http_akismet_url, $http_args );
902
903                                 Akismet::log( compact( 'http_akismet_url', 'http_args', 'response' ) );
904                         }
905                 }
906
907                 if ( is_wp_error( $response ) ) {
908                         do_action( 'akismet_request_failure', $response );
909
910                         return array( '', '' );
911                 }
912
913                 if ( $ssl_failed ) {
914                         // The request failed when using SSL but succeeded without it. Disable SSL for future requests.
915                         update_option( 'akismet_ssl_disabled', time() );
916                         
917                         do_action( 'akismet_https_disabled' );
918                 }
919                 
920                 $simplified_response = array( $response['headers'], $response['body'] );
921                 
922                 self::update_alert( $simplified_response );
923
924                 return $simplified_response;
925         }
926
927         // given a response from an API call like check_key_status(), update the alert code options if an alert is present.
928         private static function update_alert( $response ) {
929                 $code = $msg = null;
930                 if ( isset( $response[0]['x-akismet-alert-code'] ) ) {
931                         $code = $response[0]['x-akismet-alert-code'];
932                         $msg  = $response[0]['x-akismet-alert-msg'];
933                 }
934
935                 // only call update_option() if the value has changed
936                 if ( $code != get_option( 'akismet_alert_code' ) ) {
937                         if ( ! $code ) {
938                                 delete_option( 'akismet_alert_code' );
939                                 delete_option( 'akismet_alert_msg' );
940                         }
941                         else {
942                                 update_option( 'akismet_alert_code', $code );
943                                 update_option( 'akismet_alert_msg', $msg );
944                         }
945                 }
946         }
947
948         public static function load_form_js() {
949                 // WP < 3.3 can't enqueue a script this late in the game and still have it appear in the footer.
950                 // Once we drop support for everything pre-3.3, this can change back to a single enqueue call.
951                 wp_register_script( 'akismet-form', AKISMET__PLUGIN_URL . '_inc/form.js', array(), AKISMET_VERSION, true );
952                 add_action( 'wp_footer', array( 'Akismet', 'print_form_js' ) );
953                 add_action( 'admin_footer', array( 'Akismet', 'print_form_js' ) );
954         }
955         
956         public static function print_form_js() {
957                 wp_print_scripts( 'akismet-form' );
958         }
959
960         public static function inject_ak_js( $fields ) {
961                 echo '<p style="display: none;">';
962                 echo '<input type="hidden" id="ak_js" name="ak_js" value="' . mt_rand( 0, 250 ) . '"/>';
963                 echo '</p>';
964         }
965
966         private static function bail_on_activation( $message, $deactivate = true ) {
967 ?>
968 <!doctype html>
969 <html>
970 <head>
971 <meta charset="<?php bloginfo( 'charset' ); ?>">
972 <style>
973 * {
974         text-align: center;
975         margin: 0;
976         padding: 0;
977         font-family: "Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;
978 }
979 p {
980         margin-top: 1em;
981         font-size: 18px;
982 }
983 </style>
984 <body>
985 <p><?php echo esc_html( $message ); ?></p>
986 </body>
987 </html>
988 <?php
989                 if ( $deactivate ) {
990                         $plugins = get_option( 'active_plugins' );
991                         $akismet = plugin_basename( AKISMET__PLUGIN_DIR . 'akismet.php' );
992                         $update  = false;
993                         foreach ( $plugins as $i => $plugin ) {
994                                 if ( $plugin === $akismet ) {
995                                         $plugins[$i] = false;
996                                         $update = true;
997                                 }
998                         }
999
1000                         if ( $update ) {
1001                                 update_option( 'active_plugins', array_filter( $plugins ) );
1002                         }
1003                 }
1004                 exit;
1005         }
1006
1007         public static function view( $name, array $args = array() ) {
1008                 $args = apply_filters( 'akismet_view_arguments', $args, $name );
1009                 
1010                 foreach ( $args AS $key => $val ) {
1011                         $$key = $val;
1012                 }
1013                 
1014                 load_plugin_textdomain( 'akismet' );
1015
1016                 $file = AKISMET__PLUGIN_DIR . 'views/'. $name . '.php';
1017
1018                 include( $file );
1019         }
1020
1021         /**
1022          * Attached to activate_{ plugin_basename( __FILES__ ) } by register_activation_hook()
1023          * @static
1024          */
1025         public static function plugin_activation() {
1026                 if ( version_compare( $GLOBALS['wp_version'], AKISMET__MINIMUM_WP_VERSION, '<' ) ) {
1027                         load_plugin_textdomain( 'akismet' );
1028                         
1029                         $message = '<strong>'.sprintf(esc_html__( 'Akismet %s requires WordPress %s or higher.' , 'akismet'), AKISMET_VERSION, AKISMET__MINIMUM_WP_VERSION ).'</strong> '.sprintf(__('Please <a href="%1$s">upgrade WordPress</a> to a current version, or <a href="%2$s">downgrade to version 2.4 of the Akismet plugin</a>.', 'akismet'), 'https://codex.wordpress.org/Upgrading_WordPress', 'http://wordpress.org/extend/plugins/akismet/download/');
1030
1031                         Akismet::bail_on_activation( $message );
1032                 }
1033         }
1034
1035         /**
1036          * Removes all connection options
1037          * @static
1038          */
1039         public static function plugin_deactivation( ) {
1040                 return self::deactivate_key( self::get_api_key() );
1041         }
1042         
1043         /**
1044          * Essentially a copy of WP's build_query but one that doesn't expect pre-urlencoded values.
1045          *
1046          * @param array $args An array of key => value pairs
1047          * @return string A string ready for use as a URL query string.
1048          */
1049         public static function build_query( $args ) {
1050                 return _http_build_query( $args, '', '&' );
1051         }
1052
1053         /**
1054          * Log debugging info to the error log.
1055          *
1056          * Enabled when WP_DEBUG_LOG is enabled, but can be disabled via the akismet_debug_log filter.
1057          *
1058          * @param mixed $akismet_debug The data to log.
1059          */
1060         public static function log( $akismet_debug ) {
1061                 if ( apply_filters( 'akismet_debug_log', defined( 'WP_DEBUG_LOG' ) && WP_DEBUG_LOG ) ) {
1062                         error_log( print_r( compact( 'akismet_debug' ), true ) );
1063                 }
1064         }
1065
1066         public static function pre_check_pingback( $method ) {
1067                 if ( $method !== 'pingback.ping' )
1068                         return;
1069
1070                 global $wp_xmlrpc_server;
1071         
1072                 if ( !is_object( $wp_xmlrpc_server ) )
1073                         return false;
1074         
1075                 // Lame: tightly coupled with the IXR class.
1076                 $args = $wp_xmlrpc_server->message->params;
1077         
1078                 if ( !empty( $args[1] ) ) {
1079                         $post_id = url_to_postid( $args[1] );
1080
1081                         // If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification
1082                         Akismet::pingback_forwarded_for( null, $args[0] );
1083                         add_filter( 'http_request_args', array( 'Akismet', 'pingback_forwarded_for' ), 10, 2 );
1084
1085                         $comment = array(
1086                                 'comment_author_url' => $args[0],
1087                                 'comment_post_ID' => $post_id,
1088                                 'comment_author' => '',
1089                                 'comment_author_email' => '',
1090                                 'comment_content' => '',
1091                                 'comment_type' => 'pingback',
1092                                 'akismet_pre_check' => '1',
1093                                 'comment_pingback_target' => $args[1],
1094                         );
1095
1096                         $comment = Akismet::auto_check_comment( $comment );
1097
1098                         if ( isset( $comment['akismet_result'] ) && 'true' == $comment['akismet_result'] ) {
1099                                 // Lame: tightly coupled with the IXR classes. Unfortunately the action provides no context and no way to return anything.
1100                                 $wp_xmlrpc_server->error( new IXR_Error( 0, 'Invalid discovery target' ) );
1101                         }
1102                 }
1103         }
1104         
1105         public static function pingback_forwarded_for( $r, $url ) {
1106                 static $urls = array();
1107         
1108                 // Call this with $r == null to prime the callback to add headers on a specific URL
1109                 if ( is_null( $r ) && !in_array( $url, $urls ) ) {
1110                         $urls[] = $url;
1111                 }
1112
1113                 // Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source)
1114                 if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) {
1115                         $remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] );
1116                 
1117                         // Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use
1118                         $r['headers']['X-Pingback-Forwarded-For'] = $remote_ip;
1119
1120                         // Also identify the request as a pingback verification in the UA string so it appears in logs
1121                         $r['user-agent'] .= '; verifying pingback from ' . $remote_ip;
1122                 }
1123
1124                 return $r;
1125         }
1126         
1127         /**
1128          * Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta.
1129          *
1130          * @param mixed $meta_value
1131          * @return mixed
1132          */
1133         private static function sanitize_comment_as_submitted( $meta_value ) {
1134                 if ( empty( $meta_value ) ) {
1135                         return $meta_value;
1136                 }
1137
1138                 $meta_value = (array) $meta_value;
1139
1140                 foreach ( $meta_value as $key => $value ) {
1141                         if ( ! isset( self::$comment_as_submitted_allowed_keys[$key] ) || ! is_scalar( $value ) ) {
1142                                 unset( $meta_value[$key] );
1143                         }
1144                 }
1145
1146                 return $meta_value;
1147         }
1148 }