Merge pull request #745 from CleanTalk/beta

Beta

Author: AntonV1211

cleantalk.php

@@ -4,7 +4,7 @@
   Plugin Name: Anti-Spam by CleanTalk
   Plugin URI: https://cleantalk.org
   Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
-  Version: 6.72
+  Version: 6.73
   Author: CleanTalk - Anti-Spam Protection <welcome@cleantalk.org>
   Author URI: https://cleantalk.org
   Text Domain: cleantalk-spam-protect
@@ -1519,92 +1519,13 @@ function apbct_sfw_update__get_multifiles_of_type(array $params)
 
 /**
  * Queue stage. Do load multifiles with networks on their urls.
- * @param $urls
- * @return array|array[]|bool|string|string[]
+ * @param $all_urls
+ * @return array|true
  */
-function apbct_sfw_update__download_files($urls, $direct_update = false)
+function apbct_sfw_update__download_files($all_urls, $direct_update = false)
 {
-    global $apbct;
-
-    sleep(3);
-
-    if ( ! is_writable($apbct->fw_stats['updating_folder']) ) {
-        return array('error' => 'SFW update folder is not writable.');
-    }
-
-    //Reset keys
-    $urls          = array_values(array_unique($urls));
-
-    $results = array();
-    $batch_size = 10;
-
-    /**
-     * Reduce batch size of curl multi instanced
-     */
-    if (defined('APBCT_SERVICE__SFW_UPDATE_CURL_MULTI_BATCH_SIZE')) {
-        if (
-            is_int(APBCT_SERVICE__SFW_UPDATE_CURL_MULTI_BATCH_SIZE) &&
-            APBCT_SERVICE__SFW_UPDATE_CURL_MULTI_BATCH_SIZE > 0 &&
-            APBCT_SERVICE__SFW_UPDATE_CURL_MULTI_BATCH_SIZE < 10
-        ) {
-            $batch_size = APBCT_SERVICE__SFW_UPDATE_CURL_MULTI_BATCH_SIZE;
-        };
-    }
-
-    $total_urls = count($urls);
-    $batches = ceil($total_urls / $batch_size);
-
-    for ($i = 0; $i < $batches; $i++) {
-        $batch_urls = array_slice($urls, $i * $batch_size, $batch_size);
-        if (!empty($batch_urls)) {
-            $http_results = Helper::httpMultiRequest($batch_urls, $apbct->fw_stats['updating_folder']);
-            if (is_array($http_results)) {
-                $results = array_merge($results, $http_results);
-            }
-            // to handle case if we request only one url, then Helper::httpMultiRequest returns string 'success' instead of array
-            if (count($batch_urls) === 1 && $http_results === 'success') {
-                $results = array_merge($results, $batch_urls);
-            }
-        }
-    }
-
-    $results       = TT::toArray($results);
-    $count_urls    = count($urls);
-    $count_results = count($results);
-
-    if ( empty($results['error']) && ($count_urls === $count_results) ) {
-        if ( $direct_update ) {
-            return true;
-        }
-        $download_again = array();
-        $results        = array_values($results);
-        for ( $i = 0; $i < $count_results; $i++ ) {
-            if ( $results[$i] === 'error' ) {
-                $download_again[] = $urls[$i];
-            }
-        }
-
-        if ( count($download_again) !== 0 ) {
-            return array(
-                'error'       => 'Files download not completed.',
-                'update_args' => array(
-                    'args' => $download_again
-                )
-            );
-        }
-
-        return array(
-            'next_stage' => array(
-                'name' => 'apbct_sfw_update__create_tables'
-            )
-        );
-    }
-
-    if ( ! empty($results['error']) ) {
-        return $results;
-    }
-
-    return array('error' => 'Files download not completed.');
+    $downloader = new \Cleantalk\ApbctWP\Firewall\SFWFilesDownloader();
+    return $downloader->downloadFiles($all_urls, $direct_update);
 }
 
 /**
@@ -2175,6 +2096,11 @@ function apbct_rc__install_plugin($_wp = null, $plugin = null)
         $plugin = Get::get('plugin') ? Get::get('plugin') : '';
     }
 
+    $allowed_plugin = 'security-malware-firewall/security-malware-firewall.php';
+    if ( !empty($plugin) && TT::toString($plugin) !== $allowed_plugin ) {
+        die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
+    }
+
     if ( !empty($plugin) ) {
         $plugin = TT::toString($plugin);
         if ( preg_match('/[a-zA-Z-\d]+[\/\\][a-zA-Z-\d]+\.php/', $plugin) ) {
@@ -2238,6 +2164,12 @@ function apbct_rc__activate_plugin($plugin)
         $plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
     }
 
+    // Only allow activation of Security by CleanTalk plugin via remote call
+    $allowed_plugin = 'security-malware-firewall/security-malware-firewall.php';
+    if ( $plugin && $plugin !== $allowed_plugin ) {
+        return array('error' => 'PLUGIN_NOT_ALLOWED');
+    }
+
     if ( $plugin ) {
         if ( preg_match('@[a-zA-Z-\d]+[\\\/][a-zA-Z-\d]+\.php@', $plugin) ) {
             require_once(ABSPATH . '/wp-admin/includes/plugin.php');
@@ -2278,6 +2210,15 @@ function apbct_rc__deactivate_plugin($plugin = null)
         $plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
     }
 
+    // Only allow deactivation of CleanTalk plugins via remote call
+    $allowed_plugins = array(
+        'cleantalk-spam-protect/cleantalk.php',
+        'security-malware-firewall/security-malware-firewall.php',
+    );
+    if ( $plugin && !in_array($plugin, $allowed_plugins, true) ) {
+        die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
+    }
+
     if ( $plugin ) {
         // Switching complete deactivation for security
         if ( $plugin === 'security-malware-firewall/security-malware-firewall.php' && ! empty(Get::get('misc__complete_deactivation')) ) {
@@ -2324,6 +2265,15 @@ function apbct_rc__uninstall_plugin($plugin = null)
         $plugin = Get::get('plugin') ? TT::toString(Get::get('plugin')) : null;
     }
 
+    // Only allow uninstallation of CleanTalk plugins via remote call
+    $allowed_plugins = array(
+        'cleantalk-spam-protect/cleantalk.php',
+        'security-malware-firewall/security-malware-firewall.php',
+    );
+    if ( $plugin && !in_array($plugin, $allowed_plugins, true) ) {
+        die('FAIL ' . json_encode(array('error' => 'PLUGIN_NOT_ALLOWED')));
+    }
+
     if ( $plugin ) {
         // Switching complete deactivation for security
         if ( $plugin === 'security-malware-firewall/security-malware-firewall.php' && ! empty(Get::get('misc__complete_deactivation')) ) {

gulpfile.js

@@ -35,6 +35,7 @@ function minify_all_js_files_except_already_bundled() {
             '!js/src/cleantalk-admin.js',
             '!js/src/common-decoder.js',
             'js/src/public-3-trp.js',
+            'js/src/public-2-gathering-data.js',
         ])
         .pipe(sourcemaps.init())
         .pipe(uglify())
@@ -67,6 +68,9 @@ function bundle_public_default() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-3*.js',
     ])
@@ -82,6 +86,9 @@ function bundle_public_default_with_gathering() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-2-gathering-data.js',
         'js/src/public-3*.js',
@@ -98,6 +105,9 @@ function bundle_public_external_protection() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-2-external-forms.js',
         '!js/src/public-2-gathering-data.js',
@@ -115,6 +125,9 @@ function bundle_public_external_protection_with_gathering() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-2-external-forms.js',
         'js/src/public-2-gathering-data.js',
@@ -132,6 +145,9 @@ function bundle_public_internal_protection() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-2-internal-forms.js',
         'js/src/public-3*.js',
@@ -148,6 +164,9 @@ function bundle_public_internal_protection_with_gathering() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-2-internal-forms.js',
         'js/src/public-2-gathering-data.js',
@@ -165,6 +184,9 @@ function bundle_public_full_protection() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-2*.js',
         '!js/src/public-2-gathering-data.js',
@@ -182,6 +204,9 @@ function bundle_public_full_protection_with_gathering() {
         'js/src/common-decoder.js',
         'js/src/common-cleantalk-modal.js',
         'js/src/public-0*.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootCallbacks.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootConfig.js',
+        'js/src/ShadowrootProtection/ApbctShadowRootProtection.js',
         'js/src/public-1*.js',
         'js/src/public-2*.js',
         'js/src/public-3*.js',

inc/cleantalk-admin.php

@@ -1551,6 +1551,10 @@ function apbct_action_adjust_change()
 {
     AJAXService::checkAdminNonce();
 
+    if (!current_user_can('activate_plugins')) {
+        wp_send_json_error('Permission denied');
+    }
+
     if (in_array(Post::get('adjust'), array_keys(AdjustToEnvironmentHandler::SET_OF_ADJUST))) {
         try {
             $adjust = Post::getString('adjust');
@@ -1570,6 +1574,10 @@ function apbct_action_adjust_reverse()
 {
     AJAXService::checkAdminNonce();
 
+    if (!current_user_can('activate_plugins')) {
+        wp_send_json_error('Permission denied');
+    }
+
     if (in_array(Post::getString('adjust'), array_keys(AdjustToEnvironmentHandler::SET_OF_ADJUST))) {
         $adjust = Post::getString('adjust');
         try {
@@ -1586,6 +1594,10 @@ function apbct_action_adjust_reverse()
 
 function apbct_action__create_support_user()
 {
+    if (!current_user_can('activate_plugins')) {
+        wp_send_json_error('Permission denied');
+    }
+
     $support_user = new SupportUser();
     $result = $support_user->ajaxProcess();
     wp_send_json($result);

inc/cleantalk-common.php

@@ -684,6 +684,7 @@ function apbct_get_sender_info()
         'bot_detector_prepared_form_exclusions' => apbct__bot_detector_get_prepared_exclusion(),
         'bot_detector_frontend_data_log' => apbct__bot_detector_get_fd_log(),
         'submit_time_calculation_enabled' => SubmitTimeHandler::isCalculationDisabled() ? 0 : 1,
+        'ct_gathering_loaded' => Cookie::getBool('ct_gathering_loaded'),
     );
 
     // Unset cookies_enabled from sender_info if cookies_type === none

inc/cleantalk-integrations-by-hook.php

@@ -338,6 +338,11 @@
         'setting' => 'forms__registrations_test',
         'ajax' => false
     ),
+    'MailChimpShadowRoot'         => array(
+        'hook'    => 'cleantalk_force_mailchimp_shadowroot_check',
+        'setting' => 'forms__check_external',
+        'ajax'    => true
+    ),
     'BloomForms' => array(
         'hook'    => 'bloom_subscribe',
         'setting' => 'forms__contact_forms_test',

inc/cleantalk-pluggable.php

@@ -714,6 +714,7 @@ function apbct_is_skip_request($ajax = false, $ajax_message_obj = array())
             'nasa_process_login', //Nasa login
             'leaky_paywall_validate_registration', //Leaky Paywall validation request
             'cleantalk_force_ajax_check', //Force ajax check has direct integration
+            'cleantalk_force_mailchimp_shadowroot_check', // Mailchimp ShadowRoot has direct integration
             'cscf-submitform', // CSCF has direct integration
             'mailpoet', // Mailpoet has direct integration
             'wpcommunity_auth_login', // WPCommunity login
@@ -783,6 +784,14 @@ function apbct_is_skip_request($ajax = false, $ajax_message_obj = array())
             return 'WS Form submit service request';
         }
 
+        // UNIT OK https://wordpress.org/plugins/woocommerce-sendinblue-newsletter-subscription/
+        if (
+            apbct_is_plugin_active('woocommerce-sendinblue-newsletter-subscription/woocommerce-sendinblue.php') &&
+            Post::getString('action') === 'the_ajax_hook'
+        ) {
+            return 'woocommerce-sendinblue-newsletter-subscription';
+        }
+
         // Paid Memberships Pro - Login Form
         if (
             apbct_is_plugin_active('paid-memberships-pro/paid-memberships-pro.php') &&
@@ -1675,6 +1684,38 @@ class_exists('Cleantalk\Antispam\Integrations\CleantalkInternalForms')
         ) {
             return 'spoki_abandoned_card_for_woocommerce';
         }
+
+        //UNIT OK https://wordpress.org/plugins/woocommerce-abandoned-cart/
+        if (
+            apbct_is_plugin_active('woocommerce-abandoned-cart\woocommerce-ac.php') &&
+            Post::equal('action', 'save_data')
+        ) {
+            return 'woocommerce-abandoned-cart';
+        }
+
+        //UNIT OK https://wordpress.org/plugins/woo-abandoned-cart-recovery/
+        if (
+            apbct_is_plugin_active('woo-abandoned-cart-recovery/woo-abandoned-cart-recovery.php') &&
+            Post::equal('action', 'wacv_get_info')
+        ) {
+            return 'woo-abandoned-cart-recovery';
+        }
+
+        //UNIT OK unknown wc plugin from https://app.doboard.com/1/task/41205
+        if (
+            apbct_is_plugin_active('abandoned-cart-capture/abandoned-cart-capture.php') &&
+            Post::equal('action', 'acc_save_data')
+        ) {
+            return 'abandoned-cart-capture';
+        }
+
+        //UNIT OK https://wordpress.org/plugins/wp-multi-step-checkout/ multipage request
+        if (
+            apbct_is_plugin_active('wp-multi-step-checkout/wp-multi-step-checkout.php') &&
+            Post::equal('action', 'wpms_checkout_errors')
+        ) {
+            return 'wp-multi-step-checkout';
+        }
     } else {
         /*****************************************/
         /*  Here is non-ajax requests skipping   */

inc/cleantalk-public-validate-skip-functions.php

@@ -253,7 +253,10 @@ function skip_for_ct_contact_form_validate()
         '86' => (isset($_POST['action']) && $_POST['action'] === 'check_email_exists'),
         // Handling an unknown action check_email_exists
         '87' => Server::inUri('cleantalk-antispam/v1/alt_sessions'),
-        '88' => apbct_is_in_uri('wc-api') && apbct_is_in_uri('WC_Invoice4U'),
+        '88' => (
+            (apbct_is_in_uri('wc-api') && apbct_is_in_uri('WC_Invoice4U')) ||
+            (apbct_is_in_uri('wp-json') && apbct_is_in_uri('invoice4u/v1/callback'))
+        ),
         // has direct integration lib/Cleantalk/Antispam/Integrations/MemberPress.php
         '89' => apbct_is_plugin_active('memberpress/memberpress.php') && Post::get('mepr_process_signup_form'),
         // WooCommerce recovery password form