diff --git a/cleantalk.antispam/include.php b/cleantalk.antispam/include.php index cbdc79a..6749426 100644 --- a/cleantalk.antispam/include.php +++ b/cleantalk.antispam/include.php @@ -96,47 +96,215 @@ static function CleantalkDie($message) } die(); } - /** - * Get all fields from array - * @param string email variable - * @param string message variable - * @param array array, containing fields - */ - - static function CleantalkGetFields(&$email,&$message,$arr) + /* + * Get data from submit recursively + */ + static public function CleantalkGetFields($arr, $message=array(), $email = null, $nickname = array('nick' => '', 'first' => '', 'last' => ''), $subject = null, $contact = true, $prev_name = '') { - $is_continue=true; - foreach($arr as $key=>$value) - { - if(strpos($key,'ct_checkjs')!==false) - { - $email=null; - $message=''; - $is_continue=false; + //Skip request if fields exists + $skip_params = array( + 'ipn_track_id', // PayPal IPN # + 'txn_type', // PayPal transaction type + 'payment_status', // PayPal payment status + 'ccbill_ipn', // CCBill IPN + 'ct_checkjs', // skip ct_checkjs field + 'api_mode', // DigiStore-API + 'loadLastCommentId', // Plugin: WP Discuz. ticket_id=5571 + ); + + // Fields to replace with **** + $obfuscate_params = array( + 'password', + 'pass', + 'pwd', + 'pswd' + ); + + // Skip feilds with these strings and known service fields + $skip_fields_with_strings = array( + // Common + 'ct_checkjs', //Do not send ct_checkjs + 'nonce', //nonce for strings such as 'rsvp_nonce_name' + 'security', + // 'action', + 'http_referer', + 'timestamp', + 'captcha', + // Formidable Form + 'form_key', + 'submit_entry', + // Custom Contact Forms + 'form_id', + 'ccf_form', + 'form_page', + // Qu Forms + 'iphorm_uid', + 'form_url', + 'post_id', + 'iphorm_ajax', + 'iphorm_id', + // Fast SecureContact Froms + 'fs_postonce_1', + 'fscf_submitted', + 'mailto_id', + 'si_contact_action', + // Ninja Forms + 'formData_id', + 'formData_settings', + 'formData_fields_\d+_id', + 'formData_fields_\d+_files.*', + // E_signature + 'recipient_signature', + 'output_\d+_\w{0,2}', + // Contact Form by Web-Settler protection + '_formId', + '_returnLink', + // Social login and more + '_save', + '_facebook', + '_social', + 'user_login-', + // Contact Form 7 + '_wpcf7', + 'avatar__file_image_data', + ); + $fields_exclusions = CleantalkCustomConfig::get_fields_exclusions(); + if ($fields_exclusions) + array_merge($skip_fields_with_strings,$fields_exclusions); + // Reset $message if we have a sign-up data + $skip_message_post = array( + 'edd_action', // Easy Digital Downloads + ); + + foreach($skip_params as $value){ + if(@array_key_exists($value,$_GET)||@array_key_exists($value,$_POST)) + $contact = false; + } unset($value); + + if(count($arr)){ + foreach($arr as $key => $value){ + + if(gettype($value)=='string'){ + $decoded_json_value = json_decode($value, true); + if($decoded_json_value !== null) + $value = $decoded_json_value; + } + + if(!is_array($value) && !is_object($value)){ + + if (in_array($key, $skip_params, true) && $key != 0 && $key != '' || preg_match("/^ct_checkjs/", $key)) + $contact = false; + + if($value === '') + continue; + + // Skipping fields names with strings from (array)skip_fields_with_strings + foreach($skip_fields_with_strings as $needle){ + if (preg_match("/".$needle."/", $prev_name.$key) == 1){ + continue(2); + } + }unset($needle); + + // Obfuscating params + foreach($obfuscate_params as $needle){ + if (strpos($key, $needle) !== false){ + $value = CleantalkAntispam::CleantalkObfuscateParam($value); + continue(2); + } + }unset($needle); + + + // Decodes URL-encoded data to string. + $value = urldecode($value); + + // Email + if (!$email && preg_match("/^\S+@\S+\.\S+$/", $value)){ + $email = $value; + + // Names + }elseif (preg_match("/name/i", $key)){ + + preg_match("/((name.?)?(your|first|for)(.?name)?)$/", $key, $match_forename); + preg_match("/((name.?)?(last|family|second|sur)(.?name)?)$/", $key, $match_surname); + preg_match("/^(name.?)?(nick|user)(.?name)?$/", $key, $match_nickname); + + if(count($match_forename) > 1) + $nickname['first'] = $value; + elseif(count($match_surname) > 1) + $nickname['last'] = $value; + elseif(count($match_nickname) > 1) + $nickname['nick'] = $value; + else + $message[$prev_name.$key] = $value; + + // Subject + }elseif ($subject === null && preg_match("/subject/i", $key)){ + $subject = $value; + + // Message + }else{ + $message[$prev_name.$key] = $value; } - } - if($is_continue) - { - foreach($arr as $key=>$value) - { - if(!is_array($value)) - { - if ($email === null && preg_match("/^\S+@\S+\.\S+$/", $value)) - { - $email = $value; - } - else - { - $message.="$value\n"; - } - } - else - { - CleantalkAntispam::CleantalkGetFields($email,$message,$value); - } + + }elseif(!is_object($value)){ + + $prev_name_original = $prev_name; + $prev_name = ($prev_name === '' ? $key.'_' : $prev_name.$key.'_'); + + $temp = CleantalkAntispam::CleantalkGetFields($value, $message, $email, $nickname, $subject, $contact, $prev_name); + + $message = $temp['message']; + $email = ($temp['email'] ? $temp['email'] : null); + $nickname = ($temp['nickname'] ? $temp['nickname'] : null); + $subject = ($temp['subject'] ? $temp['subject'] : null); + if($contact === true) + $contact = ($temp['contact'] === false ? false : true); + $prev_name = $prev_name_original; + } + } unset($key, $value); + } + + foreach ($skip_message_post as $v) { + if (isset($_POST[$v])) { + $message = null; + break; } + } unset($v); + + //If top iteration, returns compiled name field. Example: "Nickname Firtsname Lastname". + if($prev_name === ''){ + if(!empty($nickname)){ + $nickname_str = ''; + foreach($nickname as $value){ + $nickname_str .= ($value ? $value." " : ""); + }unset($value); } - } + $nickname = $nickname_str; + } + + $return_param = array( + 'email' => $email, + 'nickname' => $nickname, + 'subject' => $subject, + 'contact' => $contact, + 'message' => $message + ); + return $return_param; + + } + + /** + * Masks a value with asterisks (*) Needed by the getFieldsAny() + * @return string + */ + static public function CleantalkObfuscateParam($value = null) { + if ($value && (!is_object($value) || !is_array($value))) { + $length = strlen($value); + $value = str_repeat('*', $length); + } + + return $value; + } /** * Checking all forms for spam @@ -252,27 +420,27 @@ public function OnPageStartHandler() (isset($_POST['order']['action']) && $_POST['order']['action'] == 'refreshOrderAjax')|| // Order AJAX refresh (isset($_POST['order']['action']) && $_POST['order']['action'] == 'saveOrderAjax') || (isset($_POST['action']) && $_POST['action'] == 'refreshOrderAjax') || - (isset($_POST['action']) && $_POST['action'] == 'saveOrderAjax') + (isset($_POST['action']) && $_POST['action'] == 'saveOrderAjax') || + strpos($_SERVER['REQUEST_URI'],'/user-profile.php?update=Y')!==false ) { return; } - $sender_email = null; - $message = ''; - CleantalkAntispam::CleantalkGetFields($sender_email,$message,$_POST); //Works via links need to be fixed - if ($sender_email === null) - CleantalkAntispam::CleantalkGetFields($sender_email,$message,$_GET); + $ct_temp_msg_data = CleantalkAntispam::CleantalkGetFields($_POST); //Works via links need to be fixed + + if ($ct_temp_msg_data === null) + CleantalkAntispam::CleantalkGetFields($_GET); if($sender_email!==null || $ct_global_without_email == 1) { $arUser = array(); $arUser["type"] = "feedback_general_contact_form"; - $arUser["sender_email"] = $sender_email; - $arUser["sender_nickname"] = ''; + $arUser["sender_email"] = ($ct_temp_msg_data['email'] ? $ct_temp_msg_data['email'] : ''); + $arUser["sender_nickname"] = ($ct_temp_msg_data['nickname'] ? $ct_temp_msg_data['nickname'] : ''); $arUser["sender_ip"] = $_SERVER['REMOTE_ADDR']; - $arUser["message_title"] = ""; - $arUser["message_body"] = $message; + $arUser["message_title"] = ($ct_temp_msg_data['subject'] ? $ct_temp_msg_data['subject'] : ''); + $arUser["message_body"] = ($ct_temp_msg_data['message'] ? $ct_temp_msg_data['message'] : ''); $arUser["example_title"] = ""; $arUser["example_body"] = ""; $arUser["example_comments"] = "";