';
}
public static function is_test_mode() {
return defined('AKISMET_TEST_MODE') && AKISMET_TEST_MODE;
}
public static function allow_discard() {
if ( defined( 'DOING_AJAX' ) && DOING_AJAX )
return false;
if ( is_user_logged_in() )
return false;
return ( get_option( 'akismet_strictness' ) === '1' );
}
public static function get_ip_address() {
return isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null;
}
/**
* Do these two comments, without checking the comment_ID, "match"?
*
* @param mixed $comment1 A comment object or array.
* @param mixed $comment2 A comment object or array.
* @return bool Whether the two comments should be treated as the same comment.
*/
private static function comments_match( $comment1, $comment2 ) {
$comment1 = (array) $comment1;
$comment2 = (array) $comment2;
return (
isset( $comment1['comment_post_ID'], $comment2['comment_post_ID'] )
&& intval( $comment1['comment_post_ID'] ) == intval( $comment2['comment_post_ID'] )
&& (
// The comment author length max is 255 characters, limited by the TINYTEXT column type.
substr( $comment1['comment_author'], 0, 255 ) == substr( $comment2['comment_author'], 0, 255 )
|| substr( stripslashes( $comment1['comment_author'] ), 0, 255 ) == substr( $comment2['comment_author'], 0, 255 )
|| substr( $comment1['comment_author'], 0, 255 ) == substr( stripslashes( $comment2['comment_author'] ), 0, 255 )
)
&& (
// The email max length is 100 characters, limited by the VARCHAR(100) column type.
substr( $comment1['comment_author_email'], 0, 100 ) == substr( $comment2['comment_author_email'], 0, 100 )
|| substr( stripslashes( $comment1['comment_author_email'] ), 0, 100 ) == substr( $comment2['comment_author_email'], 0, 100 )
|| substr( $comment1['comment_author_email'], 0, 100 ) == substr( stripslashes( $comment2['comment_author_email'] ), 0, 100 )
// Very long emails can be truncated and then stripped if the [0:100] substring isn't a valid address.
|| ( ! $comment1['comment_author_email'] && strlen( $comment2['comment_author_email'] ) > 100 )
|| ( ! $comment2['comment_author_email'] && strlen( $comment1['comment_author_email'] ) > 100 )
)
);
}
// Does the supplied comment match the details of the one most recently stored in self::$last_comment?
public static function matches_last_comment( $comment ) {
if ( is_object( $comment ) )
$comment = (array) $comment;
return self::comments_match( self::$last_comment, $comment );
}
private static function get_user_agent() {
return isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : null;
}
private static function get_referer() {
return isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : null;
}
// return a comma-separated list of role names for the given user
public static function get_user_roles( $user_id ) {
$roles = false;
if ( !class_exists('WP_User') )
return false;
if ( $user_id > 0 ) {
$comment_user = new WP_User( $user_id );
if ( isset( $comment_user->roles ) )
$roles = join( ',', $comment_user->roles );
}
if ( is_multisite() && is_super_admin( $user_id ) ) {
if ( empty( $roles ) ) {
$roles = 'super_admin';
} else {
$comment_user->roles[] = 'super_admin';
$roles = join( ',', $comment_user->roles );
}
}
return $roles;
}
// filter handler used to return a spam result to pre_comment_approved
public static function last_comment_status( $approved, $comment ) {
// Only do this if it's the correct comment
if ( is_null(self::$last_comment_result) || ! self::matches_last_comment( $comment ) ) {
self::log( "comment_is_spam mismatched comment, returning unaltered $approved" );
return $approved;
}
// bump the counter here instead of when the filter is added to reduce the possibility of overcounting
if ( $incr = apply_filters('akismet_spam_count_incr', 1) )
update_option( 'akismet_spam_count', get_option('akismet_spam_count') + $incr );
return self::$last_comment_result;
}
/**
* If Akismet is temporarily unreachable, we don't want to "spam" the blogger with
* moderation emails for comments that will be automatically cleared or spammed on
* the next retry.
*
* For comments that will be rechecked later, empty the list of email addresses that
* the moderation email would be sent to.
*
* @param array $emails An array of email addresses that the moderation email will be sent to.
* @param int $comment_id The ID of the relevant comment.
* @return array An array of email addresses that the moderation email will be sent to.
*/
public static function disable_moderation_emails_if_unreachable( $emails, $comment_id ) {
if ( ! empty( self::$prevent_moderation_email_for_these_comments ) && ! empty( $emails ) ) {
$comment = get_comment( $comment_id );
foreach ( self::$prevent_moderation_email_for_these_comments as $possible_match ) {
if ( self::comments_match( $possible_match, $comment ) ) {
update_comment_meta( $comment_id, 'akismet_delayed_moderation_email', true );
return array();
}
}
}
return $emails;
}
public static function _cmp_time( $a, $b ) {
return $a['time'] > $b['time'] ? -1 : 1;
}
public static function _get_microtime() {
$mtime = explode( ' ', microtime() );
return $mtime[1] + $mtime[0];
}
/**
* Make a POST request to the Akismet API.
*
* @param string $request The body of the request.
* @param string $path The path for the request.
* @param string $ip The specific IP address to hit.
* @return array A two-member array consisting of the headers and the response body, both empty in the case of a failure.
*/
public static function http_post( $request, $path, $ip=null ) {
$akismet_ua = sprintf( 'WordPress/%s | Akismet/%s', $GLOBALS['wp_version'], constant( 'AKISMET_VERSION' ) );
$akismet_ua = apply_filters( 'akismet_ua', $akismet_ua );
$content_length = strlen( $request );
$api_key = self::get_api_key();
$host = self::API_HOST;
if ( !empty( $api_key ) )
$host = $api_key.'.'.$host;
$http_host = $host;
// use a specific IP if provided
// needed by Akismet_Admin::check_server_connectivity()
if ( $ip && long2ip( ip2long( $ip ) ) ) {
$http_host = $ip;
}
$http_args = array(
'body' => $request,
'headers' => array(
'Content-Type' => 'application/x-www-form-urlencoded; charset=' . get_option( 'blog_charset' ),
'Host' => $host,
'User-Agent' => $akismet_ua,
),
'httpversion' => '1.0',
'timeout' => 15
);
$akismet_url = $http_akismet_url = "http://{$http_host}/1.1/{$path}";
/**
* Try SSL first; if that fails, try without it and don't try it again for a while.
*/
$ssl = $ssl_failed = false;
// Check if SSL requests were disabled fewer than X hours ago.
$ssl_disabled = get_option( 'akismet_ssl_disabled' );
if ( $ssl_disabled && $ssl_disabled < ( time() - 60 * 60 * 24 ) ) { // 24 hours
$ssl_disabled = false;
delete_option( 'akismet_ssl_disabled' );
}
else if ( $ssl_disabled ) {
do_action( 'akismet_ssl_disabled' );
}
if ( ! $ssl_disabled && function_exists( 'wp_http_supports') && ( $ssl = wp_http_supports( array( 'ssl' ) ) ) ) {
$akismet_url = set_url_scheme( $akismet_url, 'https' );
do_action( 'akismet_https_request_pre' );
}
$response = wp_remote_post( $akismet_url, $http_args );
Akismet::log( compact( 'akismet_url', 'http_args', 'response' ) );
if ( $ssl && is_wp_error( $response ) ) {
do_action( 'akismet_https_request_failure', $response );
// Intermittent connection problems may cause the first HTTPS
// request to fail and subsequent HTTP requests to succeed randomly.
// Retry the HTTPS request once before disabling SSL for a time.
$response = wp_remote_post( $akismet_url, $http_args );
Akismet::log( compact( 'akismet_url', 'http_args', 'response' ) );
if ( is_wp_error( $response ) ) {
$ssl_failed = true;
do_action( 'akismet_https_request_failure', $response );
do_action( 'akismet_http_request_pre' );
// Try the request again without SSL.
$response = wp_remote_post( $http_akismet_url, $http_args );
Akismet::log( compact( 'http_akismet_url', 'http_args', 'response' ) );
}
}
if ( is_wp_error( $response ) ) {
do_action( 'akismet_request_failure', $response );
return array( '', '' );
}
if ( $ssl_failed ) {
// The request failed when using SSL but succeeded without it. Disable SSL for future requests.
update_option( 'akismet_ssl_disabled', time() );
do_action( 'akismet_https_disabled' );
}
$simplified_response = array( $response['headers'], $response['body'] );
self::update_alert( $simplified_response );
return $simplified_response;
}
// given a response from an API call like check_key_status(), update the alert code options if an alert is present.
private static function update_alert( $response ) {
$code = $msg = null;
if ( isset( $response[0]['x-akismet-alert-code'] ) ) {
$code = $response[0]['x-akismet-alert-code'];
$msg = $response[0]['x-akismet-alert-msg'];
}
// only call update_option() if the value has changed
if ( $code != get_option( 'akismet_alert_code' ) ) {
if ( ! $code ) {
delete_option( 'akismet_alert_code' );
delete_option( 'akismet_alert_msg' );
}
else {
update_option( 'akismet_alert_code', $code );
update_option( 'akismet_alert_msg', $msg );
}
}
}
public static function load_form_js() {
// WP < 3.3 can't enqueue a script this late in the game and still have it appear in the footer.
// Once we drop support for everything pre-3.3, this can change back to a single enqueue call.
wp_register_script( 'akismet-form', AKISMET__PLUGIN_URL . '_inc/form.js', array(), AKISMET_VERSION, true );
add_action( 'wp_footer', array( 'Akismet', 'print_form_js' ) );
add_action( 'admin_footer', array( 'Akismet', 'print_form_js' ) );
}
public static function print_form_js() {
wp_print_scripts( 'akismet-form' );
}
public static function inject_ak_js( $fields ) {
echo '
';
echo '';
echo '
';
}
private static function bail_on_activation( $message, $deactivate = true ) {
?>
$plugin ) {
if ( $plugin === $akismet ) {
$plugins[$i] = false;
$update = true;
}
}
if ( $update ) {
update_option( 'active_plugins', array_filter( $plugins ) );
}
}
exit;
}
public static function view( $name, array $args = array() ) {
$args = apply_filters( 'akismet_view_arguments', $args, $name );
foreach ( $args AS $key => $val ) {
$$key = $val;
}
load_plugin_textdomain( 'akismet' );
$file = AKISMET__PLUGIN_DIR . 'views/'. $name . '.php';
include( $file );
}
/**
* Attached to activate_{ plugin_basename( __FILES__ ) } by register_activation_hook()
* @static
*/
public static function plugin_activation() {
if ( version_compare( $GLOBALS['wp_version'], AKISMET__MINIMUM_WP_VERSION, '<' ) ) {
load_plugin_textdomain( 'akismet' );
$message = ''.sprintf(esc_html__( 'Akismet %s requires WordPress %s or higher.' , 'akismet'), AKISMET_VERSION, AKISMET__MINIMUM_WP_VERSION ).' '.sprintf(__('Please upgrade WordPress to a current version, or downgrade to version 2.4 of the Akismet plugin.', 'akismet'), 'https://codex.wordpress.org/Upgrading_WordPress', 'http://wordpress.org/extend/plugins/akismet/download/');
Akismet::bail_on_activation( $message );
}
}
/**
* Removes all connection options
* @static
*/
public static function plugin_deactivation( ) {
return self::deactivate_key( self::get_api_key() );
}
/**
* Essentially a copy of WP's build_query but one that doesn't expect pre-urlencoded values.
*
* @param array $args An array of key => value pairs
* @return string A string ready for use as a URL query string.
*/
public static function build_query( $args ) {
return _http_build_query( $args, '', '&' );
}
/**
* Log debugging info to the error log.
*
* Enabled when WP_DEBUG_LOG is enabled, but can be disabled via the akismet_debug_log filter.
*
* @param mixed $akismet_debug The data to log.
*/
public static function log( $akismet_debug ) {
if ( apply_filters( 'akismet_debug_log', defined( 'WP_DEBUG_LOG' ) && WP_DEBUG_LOG ) ) {
error_log( print_r( compact( 'akismet_debug' ), true ) );
}
}
public static function pre_check_pingback( $method ) {
if ( $method !== 'pingback.ping' )
return;
global $wp_xmlrpc_server;
if ( !is_object( $wp_xmlrpc_server ) )
return false;
// Lame: tightly coupled with the IXR class.
$args = $wp_xmlrpc_server->message->params;
if ( !empty( $args[1] ) ) {
$post_id = url_to_postid( $args[1] );
// If this gets through the pre-check, make sure we properly identify the outbound request as a pingback verification
Akismet::pingback_forwarded_for( null, $args[0] );
add_filter( 'http_request_args', array( 'Akismet', 'pingback_forwarded_for' ), 10, 2 );
$comment = array(
'comment_author_url' => $args[0],
'comment_post_ID' => $post_id,
'comment_author' => '',
'comment_author_email' => '',
'comment_content' => '',
'comment_type' => 'pingback',
'akismet_pre_check' => '1',
'comment_pingback_target' => $args[1],
);
$comment = Akismet::auto_check_comment( $comment );
if ( isset( $comment['akismet_result'] ) && 'true' == $comment['akismet_result'] ) {
// Lame: tightly coupled with the IXR classes. Unfortunately the action provides no context and no way to return anything.
$wp_xmlrpc_server->error( new IXR_Error( 0, 'Invalid discovery target' ) );
}
}
}
public static function pingback_forwarded_for( $r, $url ) {
static $urls = array();
// Call this with $r == null to prime the callback to add headers on a specific URL
if ( is_null( $r ) && !in_array( $url, $urls ) ) {
$urls[] = $url;
}
// Add X-Pingback-Forwarded-For header, but only for requests to a specific URL (the apparent pingback source)
if ( is_array( $r ) && is_array( $r['headers'] ) && !isset( $r['headers']['X-Pingback-Forwarded-For'] ) && in_array( $url, $urls ) ) {
$remote_ip = preg_replace( '/[^a-fx0-9:.,]/i', '', $_SERVER['REMOTE_ADDR'] );
// Note: this assumes REMOTE_ADDR is correct, and it may not be if a reverse proxy or CDN is in use
$r['headers']['X-Pingback-Forwarded-For'] = $remote_ip;
// Also identify the request as a pingback verification in the UA string so it appears in logs
$r['user-agent'] .= '; verifying pingback from ' . $remote_ip;
}
return $r;
}
/**
* Ensure that we are loading expected scalar values from akismet_as_submitted commentmeta.
*
* @param mixed $meta_value
* @return mixed
*/
private static function sanitize_comment_as_submitted( $meta_value ) {
if ( empty( $meta_value ) ) {
return $meta_value;
}
$meta_value = (array) $meta_value;
foreach ( $meta_value as $key => $value ) {
if ( ! isset( self::$comment_as_submitted_allowed_keys[$key] ) || ! is_scalar( $value ) ) {
unset( $meta_value[$key] );
}
}
return $meta_value;
}
}