m string $token Token to validate. * @param array $form_data Form data and settings. * * @return bool Whether the token is valid or not. */ public function verify( string $token, array $form_data = [] ): bool { // Check to see if our token is inside the valid tokens. return in_array( $token, $this->get_valid_tokens( $form_data ), true ); } /** * Add the token to the form attributes. * * @since 1.6.2 * @since 1.7.1 Added the $form_data argument. * * @param array $attrs Form attributes. * @param array $form_data Form data and settings. * * @return array Form attributes. */ public function add_token_to_form_atts( array $attrs, array $form_data ) { $attrs['atts']['data-token'] = $this->get( true, $form_data ); $attrs['atts']['data-token-time'] = time(); return $attrs; } /** * Validate Anti-spam if enabled. * * @since 1.6.2 * * @param array $form_data Form data. * @param array $fields Fields. * @param array $entry Form entry. * * @return bool|string True or a string with the error. */ public function validate( array $form_data, array $fields, array $entry ) { // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh // Bail out if we don't have the antispam setting. if ( empty( $form_data['settings']['antispam'] ) ) { return true; } // Bail out if the antispam setting isn't enabled. if ( $form_data['settings']['antispam'] !== '1' ) { return true; } $is_valid_token = isset( $entry['token'] ) && $this->verify( (string) $entry['token'], $form_data ); if ( $this->process_antispam_filter_wrapper( $is_valid_token, $fields, $entry, $form_data ) ) { return true; } // Prepare the log data. $form_title = $form_data['settings']['form_title'] ?? ''; $form_id = $form_data['id'] ?? 'unknown'; if ( $is_valid_token ) { // Token is OK, but antispam filter is not passed. $log_message = 'Filter is not passed'; $error_message = $this->get_antispam_filter_message(); } else { // Invalid token. $log_message = 'Token is invalid'; $error_message = $this->get_invalid_token_message(); } wpforms_log( 'Antispam: ' . $log_message, [ 'message' => $error_message, 'referer' => esc_url_raw( (string) wp_get_referer() ), 'form' => ! empty( $form_title ) ? $form_title . ' (ID: ' . $form_id . ')' : 'ID: ' . $form_id, 'token' => $entry['token'] ?? '', 'user_ip' => wpforms_get_ip(), 'entry_data' => ! wpforms_setting( 'gdpr' ) ? $entry : 'Not logged', ], [ 'type' => [ 'spam', 'error' ], 'form_id' => $form_data['id'], 'force' => true, ] ); return $error_message; } /** * Helper to run our filter on all the responses for the antispam checks. * * @since 1.6.2 * * @param bool $is_valid_not_spam Is valid entry or not. * @param array $fields Form Fields. * @param array $entry Form entry. * @param array $form_data Form Data. * * @return bool Is valid or not. */ public function process_antispam_filter_wrapper( bool $is_valid_not_spam, array $fields, array $entry, array $form_data ): bool { /** * Allows developers to filter the antispam check result. * * @since 1.6.2 * * @param bool $is_valid_not_spam True if entry valid, false otherwise. * @param array $fields Fields data. * @param array $entry Entry data. * @param array $form_data Form data. */ return (bool) apply_filters( 'wpforms_process_antispam', $is_valid_not_spam, $fields, $entry, $form_data ); // phpcs:ignore WPForms.PHP.ValidateHooks.InvalidHookName } /** * Helper to get the invalid token message. * * @since 1.6.2.1 * * @return string Invalid token message. */ private function get_invalid_token_message(): string { return $this->get_error_message( esc_html__( 'Antispam token is invalid.', 'wpforms-lite' ) ); } /** * Helper to get the antispam filter error message. * * @since 1.8.9 * * @return string Missing token message. */ private function get_antispam_filter_message(): string { return $this->get_error_message( esc_html__( 'Antispam filter did not allow your data to pass through.', 'wpforms-lite' ) ); } /** * Get error message depends on user. * * @since 1.6.4.1 * * @param string $text Message text. * * @return string */ private function get_error_message( string $text ): string { $text .= ' ' . esc_html__( 'Please reload the page and try submitting the form again.', 'wpforms-lite' ); return wpforms_current_user_can() ? $text . $this->maybe_get_support_text() : $text; } /** * If a user is a super admin, add a support link to the message. * * @since 1.6.2.1 * * @return string Support text if super admin, empty string if not. */ private function maybe_get_support_text(): string { // If a user isn't a super admin, don't return any text. if ( ! is_super_admin() ) { return ''; } // If the user is an admin, return text with a link to support. // We add a space here to separate the sentences, but outside the localized text to avoid it being removed. return ' ' . sprintf( /* translators: placeholders are links. */ esc_html__( 'Please check out our %1$stroubleshooting guide%2$s for details on resolving this issue.', 'wpforms-lite' ), '', '' ); } /** * Add token related strings to the frontend. * * @since 1.8.8 * * @param array|mixed $strings Frontend strings. * * @return array Frontend strings. */ public function add_frontend_strings( $strings ): array { $strings = (array) $strings; $strings['error_updating_token'] = esc_html__( 'Error updating token. Please try again or contact support if the issue persists.', 'wpforms-lite' ); $strings['network_error'] = esc_html__( 'Network error or server is unreachable. Check your connection or try again later.', 'wpforms-lite' ); // Default token lifetime is 24 hours in seconds. $token_lifetime = DAY_IN_SECONDS; /** * Filter token cache lifetime in seconds. * * @since 1.8.8 * * @param integer $token_lifetime Token lifetime in seconds. */ $strings['token_cache_lifetime'] = apply_filters( 'wpforms_forms_token_cache_lifetime', $token_lifetime ); return $strings; } /** * Update token via ajax handler. * * @since 1.8.8 */ public function ajax_get_token() { $form_data = []; $form_data['id'] = filter_input( INPUT_POST, 'formId', FILTER_VALIDATE_INT ); $response = [ 'token' => $this->get( true, $form_data ), ]; wp_send_json_success( $response ); } } 15 mai 2024 - JusteInfos- Information générale

Browsing daily archive

mai 15, 2024