WordPress.org
Get WordPress

Plugin Directory

Changeset 3393619


Ignore:
Timestamp:
11/11/2025 12:06:45 PM (5 weeks ago)
Author:
FolioVision
Message:

2.8: Security and WordPress 6.8 fixes

Location:
fv-antispam/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • fv-antispam/trunk/fv-antispam.php

    r3215411 r3393619  
    55Description: Powerful and simple antispam plugin. Puts all the spambot comments directly into trash and let's other plugins (Akismet) deal with the rest.
    66Author: Foliovision
    7 Version: 2.7
     7Version: 2.8
    88Author URI: http://www.foliovision.com
    99*/
    1010
    1111
    12 $fv_antispam_ver = '2.7';
     12$fv_antispam_ver = '2.8';
    1313$FV_Antispam_iFilledInCount = 0;
    1414$FV_Antispam_bMathJS = false;
     
    551551      $date = date('Y-m-d H:i:s' ,mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
    552552    }
     553
     554    if ( ! $date ) {
     555      return;
     556    }
     557
    553558    $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_id NOT IN ( select comment_id from $wpdb->commentmeta where meta_key = '_wp_trash_meta_time' ) AND comment_date_gmt < '$date' AND comment_approved = 'trash' ORDER BY comment_date_gmt ASC LIMIT 5000");
    554559    if( count($comments) ) {     
     
    10421047 
    10431048  function disp__login_form_js() {
     1049    $key   = $this->func__ip_protect();
    10441050    $value = !empty($_POST[$this->func__ip_protect()]) ? $_POST[$this->func__ip_protect()] : '';
    10451051    ?>
     
    10471053  jQuery(document).ready(function() {
    10481054        jQuery( '#user_email').after(
    1049             jQuery("#user_email").clone().attr('id', '<?php echo $this->func__ip_protect(); ?>').attr('name', '<?php echo $this->func__ip_protect(); ?>').attr('value', '<?php echo $value; ?>')
     1055            jQuery("#user_email").clone().attr('id', '<?php echo esc_js( $key ); ?>').attr('name', '<?php echo esc_js( $key ); ?>').attr('value', '<?php echo esc_attr( $value ); ?>')
    10501056        );
    10511057    jQuery("#user_email").hide();   
     
    16601666    $sTextarea = $aMatch[1];
    16611667 
    1662     preg_match( '/class=[\"\'](.*?)[\"\']/', $sTextarea, $class );
     1668    preg_match( '/class=["\'](.*?)["\']/', $sTextarea, $class );
    16631669    preg_match( '/id=[\"\'](.*?)[\"\']/', $sTextarea, $id );
    16641670    preg_match( '/name=[\"\'](.*?)[\"\']/', $sTextarea, $name );
     1671    preg_match( '/\s*?required=["\'](.*?)["\']/', $sTextarea, $required );
    16651672
    16661673    $sClass = !empty($class) ? $class[1] : false;
    16671674    $sID = $id[1];
    16681675    $sName = $name[1];
     1676    $sRequired = !empty( $required ) ? $required[0] : false;
    16691677
    16701678    $sTextarea = preg_replace('~<textarea([^\>]*>).*?</textarea>~', "<textarea$1</textarea>", $sTextarea ); // have to keep the hidden textarea empty
    1671        
     1679
     1680    // Remove the required attribute from the textarea
     1681    $sTextarea = str_replace( $sRequired, '', $sTextarea );
     1682
    16721683    $sProtect = FV_Antispam::func__protect($post->ID);
    16731684   
     
    17801791        $_POST['user_email'] = ( $_POST['user_email'] ) ? $_POST['user_email'] : $_POST[$this->func__ip_protect()];
    17811792    } else if( isset($_POST['user_email']) && trim($_POST['user_email']) != "" ) {
    1782       $fv_antispam_registrations = get_option('fv_antispam_registrations');
    1783       $fv_antispam_registrations = ( $fv_antispam_registrations ) ? $fv_antispam_registrations : array();     
     1793      $fv_antispam_registrations = get_option('fv_antispam_registrations', array() );
     1794
     1795      // Go through $fv_antispam_registrations and remove items older than 1 year
     1796      $keep_recent_only = array();
     1797      foreach( $fv_antispam_registrations as $line ) {
     1798        if ( strtotime( $line['date'] ) > strtotime( '-1 year' ) ) {
     1799          $keep_recent_only[] = $line;
     1800        }
     1801      }
     1802      $fv_antispam_registrations = $keep_recent_only;
     1803
    17841804      $fv_antispam_registrations[] = array( 'date' => date('r'), 'user_login' => $_POST['user_login'], 'user_email' => $_POST['user_email'] );
    1785       update_option( 'fv_antispam_registrations', $fv_antispam_registrations );
     1805      update_option( 'fv_antispam_registrations', $fv_antispam_registrations, false );
    17861806      unset($_POST['user_email']);
    17871807     

  • fv-antispam/trunk/readme.txt

    r3215161 r3393619  
    33Tags: antispam, spam, akismet
    44Requires at least: 3.5
    5 Tested up to: 6.7
     5Tested up to: 6.8
    66Stable tag: trunk
    77
     
    3939
    4040== Changelog ==
     41
     42= 2.8 =
     43
     44* Security: Avoid CSRF on the wp-login.php registration page
     45* WordPress 6.8 fix for the "required" attribute on comment textarea
    4146
    4247= 2.7 =
Note: See TracChangeset for help on using the changeset viewer.