Fix. TRP. Correctly save TRP hashes. (#710)

* Fix. TRP. Correctly save TRP hashes. Do not set hashes only if license is inactive or manual moderation is force enabled in WP settings.

* Fix. TRP. Cleantalk allowed moderation discussion state.

* Fix. Comments protection. TRP meta logic fixed.

* Fix. Comments protection. TRP meta logic fixed #2.

* Fix. TRP. TRP meta checking fixed.

* Fix. Code. Comment typo fixed.

* Fix. Code. Code docblock for `addActionSetTRPHash` fixed.

* Fix. Code. Psalm notice fixed.

* Fix. TRP. TRP meta checking fixed #2.

---------

Co-authored-by: Glomberg <bazz@bk.ru>

Author: alexandergull

inc/cleantalk-public.php

@@ -1039,20 +1039,6 @@ function ct_set_approved($approved, $_comment)
     return 1;
 }
 
-/**
- * Public action 'comment_post' - Store cleantalk hash in comment meta
- *
- * @psalm-suppress UnusedParam
- * @return void
- */
-function ct_set_real_user_badge_automod_hash($comment_id)
-{
-    $hash1 = ct_hash();
-    if ( ! empty($hash1) ) {
-        update_comment_meta($comment_id, 'ct_real_user_badge_automod_hash', ct_hash());
-    }
-}
-
 /**
  * Public filter 'pre_comment_approved' - Mark comment unapproved always
  * @return    string

inc/cleantalk-settings.php

@@ -63,6 +63,7 @@ function apbct_settings_add_page()
         global $apbct;
 
         $filtered = ($value === '1' || $value === 1) ? '1' : '0';
+        //sync discussion and plugin settings
         if ($old_value !== $filtered) {
             $apbct->settings['cleantalk_allowed_moderation'] = $filtered;
             $apbct->saveSettings();
@@ -2108,7 +2109,7 @@ function apbct_discussion_settings__field__moderation()
                 name="cleantalk_allowed_moderation" 
                 id="cleantalk_allowed_moderation" 
                 value="1" ' .
-                checked('1', $apbct->settings['cleantalk_allowed_moderation'], false) .
+                checked('1', TT::toString($apbct->settings['cleantalk_allowed_moderation'], '0'), false) .
                 '/> ';
     $output .= esc_html__('Skip manual approving for the very first comment if a comment has been allowed by CleanTalk Anti-Spam protection.', 'cleantalk-spam-protect');
     $output .= '</label>';
@@ -2582,6 +2583,11 @@ function apbct_settings__validate($incoming_settings)
         $incoming_settings['data__email_decoder_obfuscation_custom_text'] = ContactsEncoder::getDefaultReplacingText();
     }
 
+    //sync discussion and plugin settings
+    if (isset($incoming_settings['cleantalk_allowed_moderation'])) {
+        update_option('cleantalk_allowed_moderation', TT::toString($incoming_settings['cleantalk_allowed_moderation'], '0'));
+    }
+
     /**
      * Triggered before returning the settings
      */

lib/Cleantalk/Antispam/Integrations/CleantalkPreprocessComment.php

@@ -2,6 +2,7 @@
 
 namespace Cleantalk\Antispam\Integrations;
 
+use Cleantalk\ApbctWP\CleantalkRealPerson;
 use Cleantalk\ApbctWP\Sanitize;
 use Cleantalk\ApbctWP\Variables\AltSessions;
 use Cleantalk\ApbctWP\Variables\Cookie;
@@ -212,12 +213,14 @@ public function doActionsBeforeAllowDeny($argument)
     /**
      * Do all the actions after and if request is allowed
      * @return void
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function allow()
     {
         $wp_comment_moderation_enabled = get_option('comment_moderation') === '1';
         $wp_auto_approve_for_user_who_has_approved_comment = get_option('comment_previously_approved') === '1';
-        $clentalk_option_skip_moderation_for_first_comment = get_option('cleantalk_allowed_moderation', 1) == 1;
+        $cleantalk_option_skip_moderation_for_first_comment = self::firstCommentAutoModEnabled();
         $is_allowed_because_of_inactive_license = false;
 
         $args            = array(
@@ -250,7 +253,7 @@ public function allow()
         // if anu of options is disabled - standard WP recheck and exit
         if (
             !$wp_auto_approve_for_user_who_has_approved_comment ||
-            !$clentalk_option_skip_moderation_for_first_comment
+            !$cleantalk_option_skip_moderation_for_first_comment
         ) {
             if (
                 $this->rerunWPcheckCommentFunction()
@@ -259,6 +262,7 @@ public function allow()
             } else {
                 $this->setCommentPreStatusAndModifyEmail('not_approved');
             }
+            $this->addActionSetTRPHash();
             return;
         }
 
@@ -271,6 +275,7 @@ public function allow()
                 !$is_allowed_because_of_inactive_license
             ) {
                 $this->setCommentPreStatusAndModifyEmail('approved');
+                $this->addActionSetTRPHash();
             } else {
                 // moderation disabled - standard WP check
                 if (
@@ -280,6 +285,7 @@ public function allow()
                 } else {
                     $this->setCommentPreStatusAndModifyEmail('not_approved');
                 }
+                // this is the only case when we do not set TRP hash!
             }
         } else {
             //not new author - standard WP check
@@ -290,6 +296,18 @@ public function allow()
             } else {
                 $this->setCommentPreStatusAndModifyEmail('not_approved');
             }
+            $this->addActionSetTRPHash();
+        }
+    }
+
+    /**
+     * TRP hash should be set only if Cleantalk processed && auto-moderated the comment.
+     */
+    private function addActionSetTRPHash()
+    {
+        $callback = array(CleantalkRealPerson::class, 'setTRPHash');
+        if (has_action('comment_post', $callback) === false) {
+            add_action('comment_post', $callback, 999, 2);
         }
     }
 
@@ -540,24 +558,20 @@ private function rerunWPcheckCommentFunction()
         return $check_result;
     }
 
+    /**
+     * @param $status
+     *
+     * @return void
+     */
     private function setCommentPreStatusAndModifyEmail($status)
     {
         if ($status !== 'approved' && $status !== 'not_approved') {
             return;
         }
-        if ( $status === 'approved' ) {
-            add_filter('pre_comment_approved', 'ct_set_approved', 999, 2);
-
-            // Always set hash for auto-moderated (approved) comments if cleantalk_allowed_moderation is enabled
-            if (
-                !empty($this->apbct->settings['cleantalk_allowed_moderation']) &&
-                $this->apbct->settings['cleantalk_allowed_moderation'] == '1'
-            ) {
-                add_action('comment_post', 'ct_set_real_user_badge_automod_hash', 999, 2);
-            }
-        } else {
-            add_filter('pre_comment_approved', 'ct_set_not_approved', 999, 2);
-        }
+        $pre_comment_approved_callback_function = $status === 'approved'
+            ? 'ct_set_approved'
+            : 'ct_set_not_approved';
+        add_filter('pre_comment_approved', $pre_comment_approved_callback_function, 999, 2);
 
         // Modify the email notification
         add_filter(
@@ -567,4 +581,13 @@ private function setCommentPreStatusAndModifyEmail($status)
             2
         ); // Add two blacklist links: by email and IP
     }
+
+    /**
+     * @return bool
+     */
+    public static function firstCommentAutoModEnabled()
+    {
+        global $apbct;
+        return !empty($apbct->settings['cleantalk_allowed_moderation']) && $apbct->settings['cleantalk_allowed_moderation'] == '1';
+    }
 }

lib/Cleantalk/ApbctWP/CleantalkRealPerson.php

@@ -2,8 +2,12 @@
 
 namespace Cleantalk\ApbctWP;
 
+use Cleantalk\Antispam\Integrations\CleantalkPreprocessComment;
+
 class CleantalkRealPerson
 {
+    public static $meta_hash_name__old = 'ct_real_user_badge_hash';
+    public static $meta_hash_name__automod = 'ct_real_user_badge_automod_hash';
     public static function getLocalizingData()
     {
         /** @psalm-suppress PossiblyUndefinedVariable */
@@ -44,23 +48,44 @@ public function publicCommentAddTrpClass($classes, $_css_class, $comment_id, $co
         }
 
         // Logic for show TRP badge
-        $show_trp = false;
         $the_real_person = !empty($apbct->settings['comments__the_real_person']) && $apbct->settings['comments__the_real_person'] == '1';
-        $allowed_moderation = !empty($apbct->settings['cleantalk_allowed_moderation']) && $apbct->settings['cleantalk_allowed_moderation'] == '1';
-
-        if ($the_real_person && $allowed_moderation) {
-            // Only for auto-moderated
-            $automod_hash = get_comment_meta((int)$comment_id, 'ct_real_user_badge_automod_hash', true);
-            $show_trp = $automod_hash && $comment->comment_author;
-        } elseif ($the_real_person && !$allowed_moderation) {
-            // Only for old
-            $old_hash = get_comment_meta((int)$comment_id, 'ct_real_user_badge_hash', true);
-            $show_trp = $old_hash && $comment->comment_author;
-        }
+        $show_trp = $the_real_person && self::isTRPHashExist($comment_id) && $comment->comment_author;
 
         if ($show_trp || $show_trp_on_roles) {
             $classes[] = 'apbct-trp';
         }
         return $classes;
     }
+
+    /**
+     * Check if TRP hash is saved for comment ID. Autodetect if cleantalk_allowed_moderation is enabled.
+     * @param int|string $comment_id
+     * @return bool
+     */
+    public static function isTRPHashExist($comment_id)
+    {
+        $trp_hash =
+            get_comment_meta((int)$comment_id, self::$meta_hash_name__automod, true) ||
+            get_comment_meta((int)$comment_id, self::$meta_hash_name__old, true);
+
+        return $trp_hash;
+    }
+
+    /**
+     * Save TRP hash for comment ID. Autodetect if cleantalk_allowed_moderation is enabled.
+     * @param int|string $comment_id
+     *
+     * @return void
+     */
+    public static function setTRPHash($comment_id)
+    {
+        $hash = ct_hash();
+        if ( ! empty($hash) ) {
+            if (CleantalkPreprocessComment::firstCommentAutoModEnabled()) {
+                update_comment_meta((int)$comment_id, self::$meta_hash_name__automod, $hash);
+            } else {
+                update_comment_meta((int)$comment_id, self::$meta_hash_name__old, $hash);
+            }
+        }
+    }
 }