7 Plugin URI: http://akismet.com/?return=true
8 Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from comment and trackback spam</strong>. It keeps your site protected from spam even while you sleep. To get started: 1) Click the "Activate" link to the left of this description, 2) <a href="http://akismet.com/get/?return=true">Sign up for an Akismet API key</a>, and 3) Go to your Akismet configuration page, and save your API key.
11 Author URI: http://automattic.com/wordpress-plugins/
12 License: GPLv2 or later
16 This program is free software; you can redistribute it and/or
17 modify it under the terms of the GNU General Public License
18 as published by the Free Software Foundation; either version 2
19 of the License, or (at your option) any later version.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 GNU General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program; if not, write to the Free Software
28 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
31 // Make sure we don't expose any info if called directly
32 if ( !function_exists( 'add_action' ) ) {
33 echo 'Hi there! I\'m just a plugin, not much I can do when called directly.';
37 define('AKISMET_VERSION', '2.6.0');
38 define('AKISMET_PLUGIN_URL', plugin_dir_url( __FILE__ ));
39 define('AKISMET_DELETE_LIMIT', 10000);
41 /** If you hardcode a WP.com API key here, all key config screens will be hidden */
42 if ( defined('WPCOM_API_KEY') )
43 $wpcom_api_key = constant('WPCOM_API_KEY');
47 if ( isset($wp_db_version) && $wp_db_version <= 9872 )
48 include_once dirname( __FILE__ ) . '/legacy.php';
50 include_once dirname( __FILE__ ) . '/widget.php';
53 require_once dirname( __FILE__ ) . '/admin.php';
55 function akismet_init() {
56 global $wpcom_api_key, $akismet_api_host, $akismet_api_port;
59 $akismet_api_host = $wpcom_api_key . '.rest.akismet.com';
61 $akismet_api_host = get_option('wordpress_api_key') . '.rest.akismet.com';
63 $akismet_api_port = 80;
65 add_action('init', 'akismet_init');
67 function akismet_get_key() {
68 global $wpcom_api_key;
69 if ( !empty($wpcom_api_key) )
70 return $wpcom_api_key;
71 return get_option('wordpress_api_key');
74 function akismet_check_key_status( $key, $ip = null ) {
75 global $akismet_api_host, $akismet_api_port, $wpcom_api_key;
76 $blog = urlencode( get_option('home') );
78 $key = $wpcom_api_key;
79 $response = akismet_http_post("key=$key&blog=$blog", 'rest.akismet.com', '/1.1/verify-key', $akismet_api_port, $ip);
83 // given a response from an API call like akismet_check_key_status(), update the alert code options if an alert is present.
84 function akismet_update_alert( $response ) {
86 if ( isset($response[0]['x-akismet-alert-code']) ) {
87 $code = $response[0]['x-akismet-alert-code'];
88 $msg = $response[0]['x-akismet-alert-msg'];
91 // only call update_option() if the value has changed
92 if ( $code != get_option( 'akismet_alert_code' ) ) {
93 update_option( 'akismet_alert_code', $code );
94 update_option( 'akismet_alert_msg', $msg );
98 function akismet_verify_key( $key, $ip = null ) {
99 $response = akismet_check_key_status( $key, $ip );
100 akismet_update_alert( $response );
101 if ( !is_array($response) || !isset($response[1]) || $response[1] != 'valid' && $response[1] != 'invalid' )
106 // if we're in debug or test modes, use a reduced service level so as not to polute training or stats data
107 function akismet_test_mode() {
108 if ( defined('AKISMET_TEST_MODE') && AKISMET_TEST_MODE )
113 // return a comma-separated list of role names for the given user
114 function akismet_get_user_roles( $user_id ) {
117 if ( !class_exists('WP_User') )
120 if ( $user_id > 0 ) {
121 $comment_user = new WP_User($user_id);
122 if ( isset($comment_user->roles) )
123 $roles = join(',', $comment_user->roles);
126 if ( is_multisite() && is_super_admin( $user_id ) ) {
127 if ( empty( $roles ) ) {
128 $roles = 'super_admin';
130 $comment_user->roles[] = 'super_admin';
131 $roles = join( ',', $comment_user->roles );
138 // Returns array with headers in $response[0] and body in $response[1]
139 function akismet_http_post($request, $host, $path, $port = 80, $ip=null) {
142 $akismet_ua = "WordPress/{$wp_version} | ";
143 $akismet_ua .= 'Akismet/' . constant( 'AKISMET_VERSION' );
145 $akismet_ua = apply_filters( 'akismet_ua', $akismet_ua );
147 $content_length = strlen( $request );
150 // use a specific IP if provided
151 // needed by akismet_check_server_connectivity()
152 if ( $ip && long2ip( ip2long( $ip ) ) ) {
158 // use the WP HTTP class if it is available
159 if ( function_exists( 'wp_remote_post' ) ) {
163 'Content-Type' => 'application/x-www-form-urlencoded; ' .
164 'charset=' . get_option( 'blog_charset' ),
166 'User-Agent' => $akismet_ua
168 'httpversion' => '1.0',
171 $akismet_url = "http://{$http_host}{$path}";
172 $response = wp_remote_post( $akismet_url, $http_args );
173 if ( is_wp_error( $response ) )
176 return array( $response['headers'], $response['body'] );
178 $http_request = "POST $path HTTP/1.0\r\n";
179 $http_request .= "Host: $host\r\n";
180 $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset=' . get_option('blog_charset') . "\r\n";
181 $http_request .= "Content-Length: {$content_length}\r\n";
182 $http_request .= "User-Agent: {$akismet_ua}\r\n";
183 $http_request .= "\r\n";
184 $http_request .= $request;
187 if( false != ( $fs = @fsockopen( $http_host, $port, $errno, $errstr, 10 ) ) ) {
188 fwrite( $fs, $http_request );
190 while ( !feof( $fs ) )
191 $response .= fgets( $fs, 1160 ); // One TCP-IP packet
193 $response = explode( "\r\n\r\n", $response, 2 );
199 // filter handler used to return a spam result to pre_comment_approved
200 function akismet_result_spam( $approved ) {
201 static $just_once = false;
205 // bump the counter here instead of when the filter is added to reduce the possibility of overcounting
206 if ( $incr = apply_filters('akismet_spam_count_incr', 1) )
207 update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr );
209 // this is a one-shot deal
214 function akismet_result_hold( $approved ) {
215 static $just_once = false;
224 // how many approved comments does this author have?
225 function akismet_get_user_comments_approved( $user_id, $comment_author_email, $comment_author, $comment_author_url ) {
228 if ( !empty($user_id) )
229 return $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE user_id = %d AND comment_approved = 1", $user_id ) );
231 if ( !empty($comment_author_email) )
232 return $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_author_email = %s AND comment_author = %s AND comment_author_url = %s AND comment_approved = 1", $comment_author_email, $comment_author, $comment_author_url ) );
237 function akismet_microtime() {
238 $mtime = explode( ' ', microtime() );
239 return $mtime[1] + $mtime[0];
242 // log an event for a given comment, storing it in comment_meta
243 function akismet_update_comment_history( $comment_id, $message, $event=null ) {
244 global $current_user;
246 // failsafe for old WP versions
247 if ( !function_exists('add_comment_meta') )
251 if ( is_object($current_user) && isset($current_user->user_login) )
252 $user = $current_user->user_login;
255 'time' => akismet_microtime(),
256 'message' => $message,
261 // $unique = false so as to allow multiple values per comment
262 $r = add_comment_meta( $comment_id, 'akismet_history', $event, false );
265 // get the full comment history for a given comment, as an array in reverse chronological order
266 function akismet_get_comment_history( $comment_id ) {
268 // failsafe for old WP versions
269 if ( !function_exists('add_comment_meta') )
272 $history = get_comment_meta( $comment_id, 'akismet_history', false );
273 usort( $history, 'akismet_cmp_time' );
277 function akismet_cmp_time( $a, $b ) {
278 return $a['time'] > $b['time'] ? -1 : 1;
281 // this fires on wp_insert_comment. we can't update comment_meta when akismet_auto_check_comment() runs
282 // because we don't know the comment ID at that point.
283 function akismet_auto_check_update_meta( $id, $comment ) {
284 global $akismet_last_comment;
286 // failsafe for old WP versions
287 if ( !function_exists('add_comment_meta') )
290 if ( !isset( $akismet_last_comment['comment_author_email'] ) )
291 $akismet_last_comment['comment_author_email'] = '';
293 // wp_insert_comment() might be called in other contexts, so make sure this is the same comment
294 // as was checked by akismet_auto_check_comment
295 if ( is_object($comment) && !empty($akismet_last_comment) && is_array($akismet_last_comment) ) {
296 if ( isset($akismet_last_comment['comment_post_ID']) && intval($akismet_last_comment['comment_post_ID']) == intval($comment->comment_post_ID)
297 && $akismet_last_comment['comment_author'] == $comment->comment_author
298 && $akismet_last_comment['comment_author_email'] == $comment->comment_author_email ) {
299 // normal result: true or false
300 if ( $akismet_last_comment['akismet_result'] == 'true' ) {
301 update_comment_meta( $comment->comment_ID, 'akismet_result', 'true' );
302 akismet_update_comment_history( $comment->comment_ID, __('Akismet caught this comment as spam'), 'check-spam' );
303 if ( $comment->comment_approved != 'spam' )
304 akismet_update_comment_history( $comment->comment_ID, sprintf( __('Comment status was changed to %s'), $comment->comment_approved), 'status-changed'.$comment->comment_approved );
305 } elseif ( $akismet_last_comment['akismet_result'] == 'false' ) {
306 update_comment_meta( $comment->comment_ID, 'akismet_result', 'false' );
307 akismet_update_comment_history( $comment->comment_ID, __('Akismet cleared this comment'), 'check-ham' );
308 if ( $comment->comment_approved == 'spam' ) {
309 if ( wp_blacklist_check($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent) )
310 akismet_update_comment_history( $comment->comment_ID, __('Comment was caught by wp_blacklist_check'), 'wp-blacklisted' );
312 akismet_update_comment_history( $comment->comment_ID, sprintf( __('Comment status was changed to %s'), $comment->comment_approved), 'status-changed-'.$comment->comment_approved );
314 // abnormal result: error
316 update_comment_meta( $comment->comment_ID, 'akismet_error', time() );
317 akismet_update_comment_history( $comment->comment_ID, sprintf( __('Akismet was unable to check this comment (response: %s), will automatically retry again later.'), substr($akismet_last_comment['akismet_result'], 0, 50)), 'check-error' );
320 // record the complete original data as submitted for checking
321 if ( isset($akismet_last_comment['comment_as_submitted']) )
322 update_comment_meta( $comment->comment_ID, 'akismet_as_submitted', $akismet_last_comment['comment_as_submitted'] );
327 add_action( 'wp_insert_comment', 'akismet_auto_check_update_meta', 10, 2 );
330 function akismet_auto_check_comment( $commentdata ) {
331 global $akismet_api_host, $akismet_api_port, $akismet_last_comment;
333 $comment = $commentdata;
334 $comment['user_ip'] = akismet_get_ip_address();
335 $comment['user_agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null;
336 $comment['referrer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null;
337 $comment['blog'] = get_option('home');
338 $comment['blog_lang'] = get_locale();
339 $comment['blog_charset'] = get_option('blog_charset');
340 $comment['permalink'] = get_permalink($comment['comment_post_ID']);
342 if ( !empty( $comment['user_ID'] ) ) {
343 $comment['user_role'] = akismet_get_user_roles( $comment['user_ID'] );
346 $akismet_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) );
347 $comment['akismet_comment_nonce'] = 'inactive';
348 if ( $akismet_nonce_option == 'true' || $akismet_nonce_option == '' ) {
349 $comment['akismet_comment_nonce'] = 'failed';
350 if ( isset( $_POST['akismet_comment_nonce'] ) && wp_verify_nonce( $_POST['akismet_comment_nonce'], 'akismet_comment_nonce_' . $comment['comment_post_ID'] ) )
351 $comment['akismet_comment_nonce'] = 'passed';
353 // comment reply in wp-admin
354 if ( isset( $_POST['_ajax_nonce-replyto-comment'] ) && check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ) )
355 $comment['akismet_comment_nonce'] = 'passed';
359 if ( akismet_test_mode() )
360 $comment['is_test'] = 'true';
362 foreach ($_POST as $key => $value ) {
363 if ( is_string($value) )
364 $comment["POST_{$key}"] = $value;
367 $ignore = array( 'HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW' );
369 foreach ( $_SERVER as $key => $value ) {
370 if ( !in_array( $key, $ignore ) && is_string($value) )
371 $comment["$key"] = $value;
373 $comment["$key"] = '';
376 $post = get_post( $comment['comment_post_ID'] );
377 $comment[ 'comment_post_modified_gmt' ] = $post->post_modified_gmt;
380 foreach ( $comment as $key => $data )
381 $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
383 $commentdata['comment_as_submitted'] = $comment;
385 $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
386 do_action( 'akismet_comment_check_response', $response );
387 akismet_update_alert( $response );
388 $commentdata['akismet_result'] = $response[1];
389 if ( 'true' == $response[1] ) {
390 // akismet_spam_count will be incremented later by akismet_result_spam()
391 add_filter('pre_comment_approved', 'akismet_result_spam');
393 do_action( 'akismet_spam_caught' );
395 $last_updated = strtotime( $post->post_modified_gmt );
396 $diff = time() - $last_updated;
397 $diff = $diff / 86400;
399 if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' && empty($comment['user_ID']) ) {
400 // akismet_result_spam() won't be called so bump the counter here
401 if ( $incr = apply_filters('akismet_spam_count_incr', 1) )
402 update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr );
403 $redirect_to = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : get_permalink( $post );
404 wp_safe_redirect( $redirect_to );
409 // if the response is neither true nor false, hold the comment for moderation and schedule a recheck
410 if ( 'true' != $response[1] && 'false' != $response[1] ) {
411 if ( !current_user_can('moderate_comments') ) {
412 add_filter('pre_comment_approved', 'akismet_result_hold');
414 if ( !wp_next_scheduled( 'akismet_schedule_cron_recheck' ) ) {
415 wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' );
419 if ( function_exists('wp_next_scheduled') && function_exists('wp_schedule_event') ) {
420 // WP 2.1+: delete old comments daily
421 if ( !wp_next_scheduled('akismet_scheduled_delete') )
422 wp_schedule_event(time(), 'daily', 'akismet_scheduled_delete');
423 } elseif ( (mt_rand(1, 10) == 3) ) {
424 // WP 2.0: run this one time in ten
425 akismet_delete_old();
427 $akismet_last_comment = $commentdata;
429 akismet_fix_scheduled_recheck();
433 add_action('preprocess_comment', 'akismet_auto_check_comment', 1);
435 function akismet_get_ip_address() {
436 foreach( array( 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR' ) as $key ) {
437 if ( array_key_exists( $key, $_SERVER ) === true ) {
438 foreach ( explode( ',', $_SERVER[$key] ) as $ip ) {
441 if ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false ) {
450 function akismet_delete_old() {
453 while( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_id FROM {$wpdb->comments} WHERE DATE_SUB(NOW(), INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam' LIMIT %d", defined( 'AKISMET_DELETE_LIMIT' ) ? AKISMET_DELETE_LIMIT : 10000 ) ) ) {
454 if ( empty( $comment_ids ) )
457 $wpdb->queries = array();
459 do_action( 'delete_comment', $comment_ids );
461 $comma_comment_ids = implode( ', ', array_map('intval', $comment_ids) );
463 $wpdb->query("DELETE FROM {$wpdb->comments} WHERE comment_id IN ( $comma_comment_ids )");
464 $wpdb->query("DELETE FROM {$wpdb->commentmeta} WHERE comment_id IN ( $comma_comment_ids )");
466 clean_comment_cache( $comment_ids );
469 if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11) ) ) // lucky number
470 $wpdb->query("OPTIMIZE TABLE {$wpdb->comments}");
473 function akismet_delete_old_metadata() {
476 $interval = apply_filters( 'akismet_delete_commentmeta_interval', 15 );
478 # enfore a minimum of 1 day
479 $interval = absint( $interval );
483 // akismet_as_submitted meta values are large, so expire them
484 // after $interval days regardless of the comment status
485 while ( $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT m.comment_id FROM {$wpdb->commentmeta} as m INNER JOIN {$wpdb->comments} as c USING(comment_id) WHERE m.meta_key = 'akismet_as_submitted' AND DATE_SUB(NOW(), INTERVAL %d DAY) > c.comment_date_gmt LIMIT 10000", $interval ) ) ) {
486 if ( empty( $comment_ids ) )
489 $wpdb->queries = array();
491 foreach ( $comment_ids as $comment_id ) {
492 delete_comment_meta( $comment_id, 'akismet_as_submitted' );
496 if ( apply_filters( 'akismet_optimize_table', ( mt_rand(1, 5000) == 11) ) ) // lucky number
497 $wpdb->query("OPTIMIZE TABLE {$wpdb->comments}");
500 add_action('akismet_scheduled_delete', 'akismet_delete_old');
501 add_action('akismet_scheduled_delete', 'akismet_delete_old_metadata');
503 function akismet_check_db_comment( $id, $recheck_reason = 'recheck_queue' ) {
504 global $wpdb, $akismet_api_host, $akismet_api_port;
507 $c = $wpdb->get_row( "SELECT * FROM $wpdb->comments WHERE comment_ID = '$id'", ARRAY_A );
511 $c['user_ip'] = $c['comment_author_IP'];
512 $c['user_agent'] = $c['comment_agent'];
514 $c['blog'] = get_option('home');
515 $c['blog_lang'] = get_locale();
516 $c['blog_charset'] = get_option('blog_charset');
517 $c['permalink'] = get_permalink($c['comment_post_ID']);
518 $id = $c['comment_ID'];
519 if ( akismet_test_mode() )
520 $c['is_test'] = 'true';
521 $c['recheck_reason'] = $recheck_reason;
524 foreach ( $c as $key => $data )
525 $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
527 $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
528 return ( is_array( $response ) && isset( $response[1] ) ) ? $response[1] : false;
531 function akismet_cron_recheck() {
534 $status = akismet_verify_key( akismet_get_key() );
535 if ( get_option( 'akismet_alert_code' ) || $status == 'invalid' ) {
536 // since there is currently a problem with the key, reschedule a check for 6 hours hence
537 wp_schedule_single_event( time() + 21600, 'akismet_schedule_cron_recheck' );
541 delete_option('akismet_available_servers');
543 $comment_errors = $wpdb->get_col( "
545 FROM {$wpdb->prefix}commentmeta
546 WHERE meta_key = 'akismet_error'
550 foreach ( (array) $comment_errors as $comment_id ) {
551 // if the comment no longer exists, or is too old, remove the meta entry from the queue to avoid getting stuck
552 $comment = get_comment( $comment_id );
553 if ( !$comment || strtotime( $comment->comment_date_gmt ) < strtotime( "-15 days" ) ) {
554 delete_comment_meta( $comment_id, 'akismet_error' );
558 add_comment_meta( $comment_id, 'akismet_rechecking', true );
559 $status = akismet_check_db_comment( $comment_id, 'retry' );
562 if ( $status == 'true' ) {
563 $msg = __( 'Akismet caught this comment as spam during an automatic retry.' );
564 } elseif ( $status == 'false' ) {
565 $msg = __( 'Akismet cleared this comment during an automatic retry.' );
568 // If we got back a legit response then update the comment history
569 // other wise just bail now and try again later. No point in
570 // re-trying all the comments once we hit one failure.
571 if ( !empty( $msg ) ) {
572 delete_comment_meta( $comment_id, 'akismet_error' );
573 akismet_update_comment_history( $comment_id, $msg, 'cron-retry' );
574 update_comment_meta( $comment_id, 'akismet_result', $status );
575 // make sure the comment status is still pending. if it isn't, that means the user has already moved it elsewhere.
576 $comment = get_comment( $comment_id );
577 if ( $comment && 'unapproved' == wp_get_comment_status( $comment_id ) ) {
578 if ( $status == 'true' ) {
579 wp_spam_comment( $comment_id );
580 } elseif ( $status == 'false' ) {
581 // comment is good, but it's still in the pending queue. depending on the moderation settings
582 // we may need to change it to approved.
583 if ( check_comment($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent, $comment->comment_type) )
584 wp_set_comment_status( $comment_id, 1 );
588 delete_comment_meta( $comment_id, 'akismet_rechecking' );
589 wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' );
592 delete_comment_meta( $comment_id, 'akismet_rechecking' );
595 $remaining = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->commentmeta WHERE meta_key = 'akismet_error'" );
596 if ( $remaining && !wp_next_scheduled('akismet_schedule_cron_recheck') ) {
597 wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' );
600 add_action( 'akismet_schedule_cron_recheck', 'akismet_cron_recheck' );
602 function akismet_add_comment_nonce( $post_id ) {
603 echo '<p style="display: none;">';
604 wp_nonce_field( 'akismet_comment_nonce_' . $post_id, 'akismet_comment_nonce', FALSE );
608 $akismet_comment_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) );
610 if ( $akismet_comment_nonce_option == 'true' || $akismet_comment_nonce_option == '' )
611 add_action( 'comment_form', 'akismet_add_comment_nonce' );
613 function akismet_pingback_forwarded_for( $r, $url ) {
614 static $urls = array();
616 // Call this with $r == null to prime the callback to add headers on a specific URL
617 if ( is_null( $r ) && !in_array( $url, $urls ) ) {
621 // Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source)
622 if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) {
623 $remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] );
625 // Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use
626 $r['headers']['X-Pingback-Forwarded-For'] = $remote_ip;
628 // Also identify the request as a pingback verification in the UA string so it appears in logs
629 $r['user-agent'] .= '; verifying pingback from ' . $remote_ip;
635 function akismet_pre_check_pingback( $method ) {
637 if ( $method !== 'pingback.ping' )
640 global $wp_xmlrpc_server;
642 if ( !is_object( $wp_xmlrpc_server ) )
645 // Lame: tightly coupled with the IXR class.
646 $args = $wp_xmlrpc_server->message->params;
648 if ( !empty( $args[1] ) ) {
649 $post_id = url_to_postid( $args[1] );
651 // If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification
652 akismet_pingback_forwarded_for( null, $args[0] );
653 add_filter( 'http_request_args', 'akismet_pingback_forwarded_for', 10, 2 );
656 'comment_author_url' => $args[0],
657 'comment_post_ID' => $post_id,
658 'comment_author' => '',
659 'comment_author_email' => '',
660 'comment_content' => '',
661 'comment_type' => 'pingback',
662 'akismet_pre_check' => '1',
663 'comment_pingback_target' => $args[1],
666 $comment = akismet_auto_check_comment( $comment );
668 if ( isset( $comment['akismet_result'] ) && 'true' == $comment['akismet_result'] ) {
669 // Lame: tightly coupled with the IXR classes. Unfortunately the action provides no context and no way to return anything.
670 $wp_xmlrpc_server->error( new IXR_Error( 0, 'Invalid discovery target' ) );
675 // Run this early in the pingback call, before doing a remote fetch of the source uri
676 add_action( 'xmlrpc_call', 'akismet_pre_check_pingback' );
679 if ( '3.0.5' == $wp_version ) {
680 remove_filter( 'comment_text', 'wp_kses_data' );
682 add_filter( 'comment_text', 'wp_kses_post' );
685 function akismet_fix_scheduled_recheck() {
686 $future_check = wp_next_scheduled( 'akismet_schedule_cron_recheck' );
687 if ( !$future_check ) {
691 if ( get_option( 'akismet_alert_code' ) > 0 ) {
695 $check_range = time() + 1200;
696 if ( $future_check > $check_range ) {
697 wp_clear_scheduled_hook( 'akismet_schedule_cron_recheck' );
698 wp_schedule_single_event( time() + 300, 'akismet_schedule_cron_recheck' );