Upd. Settings. Updated flow to check pingback. (#764) (#773)

svfcode · web-flow · commit bd41dbacf85e · 2026-04-08T10:09:41.000+03:00
* Upd. Settings. Updated flow to check pingback. (#764) * Upd. Settings. Updated flow to check pingback. * upd structure * Upd. Code. Add test. * ci: rerun checks * try run test * try run test * add test
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -11,6 +11,7 @@ on: # event list
     branches:
       - dev
       - master
+      - '**'
 
 env: # environment variables (available in any part of the action)
   PHP_VERSION: 7.4
diff --git a/lib/Cleantalk/Antispam/Integrations/CleantalkPreprocessComment.php b/lib/Cleantalk/Antispam/Integrations/CleantalkPreprocessComment.php
@@ -445,37 +445,41 @@ private function doSkipReason($current_user, $ct_comment_done)
             return __FILE__ . ' -> ' . __FUNCTION__ . '():' . __LINE__;
         }
 
-        //do not hadle trackbacks on exclusions
-        if ($this->wp_comment['comment_type'] !== 'trackback') {
-            /**
-             * Process main ruleset
-             */
-            if (
-                apbct_is_user_enable() === false ||
-                $this->apbct->settings['forms__comments_test'] == 0 ||
-                $ct_comment_done ||
-                (isset($_SERVER['HTTP_REFERER']) && stripos($_SERVER['HTTP_REFERER'], 'page=wysija_campaigns&action=editTemplate') !== false) ||
-                (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], '/wp-admin/') !== false)
-            ) {
-                return __FILE__ . ' -> ' . __FUNCTION__ . '():' . __LINE__;
-            }
+        $comment_type = isset($this->wp_comment['comment_type']) ? $this->wp_comment['comment_type'] : 'comment';
 
-            /**
-             * Check if wordpress integrated words/chars blacklists.
-             */
-            $wordpress_own_string_blacklists_result = apbct_wp_blacklist_check(
-                $this->wp_comment['comment_author'],
-                $this->wp_comment['comment_author_email'],
-                $this->wp_comment['comment_author_url'],
-                $this->wp_comment['comment_content'],
-                Server::get('REMOTE_ADDR'),
-                Server::get('HTTP_USER_AGENT')
-            );
+        // Pingbacks and trackbacks are link notifications, not visitor form comments — no cloud check.
+        if ( in_array($comment_type, array('pingback', 'trackback'), true) ) {
+            return __FILE__ . ' -> ' . __FUNCTION__ . '():' . __LINE__;
+        }
 
-            // Go out if author in local blacklists, already stopped
-            if ( $wordpress_own_string_blacklists_result === true ) {
-                return __FILE__ . ' -> ' . __FUNCTION__ . '():' . __LINE__;
-            }
+        /**
+         * Process main ruleset
+         */
+        if (
+            apbct_is_user_enable() === false ||
+            $this->apbct->settings['forms__comments_test'] == 0 ||
+            $ct_comment_done ||
+            (isset($_SERVER['HTTP_REFERER']) && stripos($_SERVER['HTTP_REFERER'], 'page=wysija_campaigns&action=editTemplate') !== false) ||
+            (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], '/wp-admin/') !== false)
+        ) {
+            return __FILE__ . ' -> ' . __FUNCTION__ . '():' . __LINE__;
+        }
+
+        /**
+         * Check if wordpress integrated words/chars blacklists.
+         */
+        $wordpress_own_string_blacklists_result = apbct_wp_blacklist_check(
+            $this->wp_comment['comment_author'],
+            $this->wp_comment['comment_author_email'],
+            $this->wp_comment['comment_author_url'],
+            $this->wp_comment['comment_content'],
+            Server::get('REMOTE_ADDR'),
+            Server::get('HTTP_USER_AGENT')
+        );
+
+        // Go out if author in local blacklists, already stopped
+        if ( $wordpress_own_string_blacklists_result === true ) {
+            return __FILE__ . ' -> ' . __FUNCTION__ . '():' . __LINE__;
         }
 
         return false;
diff --git a/tests/Antispam/Integrations/TestCleantalkPreprocessComment.php b/tests/Antispam/Integrations/TestCleantalkPreprocessComment.php
@@ -0,0 +1,242 @@
+<?php
+
+namespace Cleantalk\Antispam\Integrations;
+
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Covers skip rules for pingback/trackback in preprocess comment flow (see PR #764 / #773).
+ */
+class TestCleantalkPreprocessComment extends TestCase
+{
+    /**
+     * @var mixed
+     */
+    private $savedCurrentUser;
+    /**
+     * @var string
+     */
+    private $savedDisallowedKeys;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        global $current_user;
+        $this->savedCurrentUser = isset($current_user) ? $current_user : null;
+        $this->savedDisallowedKeys = (string) get_option('disallowed_keys', '');
+    }
+
+    protected function tearDown(): void
+    {
+        global $current_user;
+        $current_user = $this->savedCurrentUser;
+        if (function_exists('wp_set_current_user')) {
+            wp_set_current_user(0);
+        }
+        update_option('disallowed_keys', $this->savedDisallowedKeys);
+        parent::tearDown();
+    }
+
+    /**
+     * @return \stdClass
+     */
+    private function makeSubscriberUser()
+    {
+        $subscriber = new \stdClass();
+        $subscriber->ID = 91234;
+        $subscriber->roles = array('subscriber');
+        $subscriber->caps = array('subscriber' => true);
+
+        return $subscriber;
+    }
+
+    /**
+     * @param array<string, mixed> $wp_comment
+     * @param object               $current_user
+     * @param bool                 $ct_comment_done
+     * @param object|null          $apbct
+     *
+     * @return mixed
+     */
+    private function invokeDoSkipReason(array $wp_comment, $current_user, $ct_comment_done = false, $apbct = null)
+    {
+        $integration = new CleantalkPreprocessComment();
+        $reflection  = new \ReflectionClass($integration);
+
+        $wp_comment_prop = $reflection->getProperty('wp_comment');
+        $wp_comment_prop->setAccessible(true);
+        $wp_comment_prop->setValue($integration, $wp_comment);
+
+        if ($apbct !== null) {
+            $apbct_prop = $reflection->getProperty('apbct');
+            $apbct_prop->setAccessible(true);
+            $apbct_prop->setValue($integration, $apbct);
+        }
+
+        $method = $reflection->getMethod('doSkipReason');
+        $method->setAccessible(true);
+
+        return $method->invoke($integration, $current_user, $ct_comment_done);
+    }
+
+    public function testDoSkipReasonSkipsAdministratorBeforePingbackHandling(): void
+    {
+        $user = new \stdClass();
+        $user->roles = array('administrator');
+
+        $result = $this->invokeDoSkipReason(
+            array(
+                'comment_type'    => 'pingback',
+                'comment_post_ID' => 1,
+            ),
+            $user
+        );
+
+        $this->assertNotFalse($result);
+        $this->assertStringContainsString('doSkipReason', $result);
+    }
+
+    public function testDoSkipReasonSkipsPingback(): void
+    {
+        $user = new \stdClass();
+        $user->roles = array('subscriber');
+
+        $result = $this->invokeDoSkipReason(
+            array(
+                'comment_type'    => 'pingback',
+                'comment_post_ID' => 1,
+            ),
+            $user
+        );
+
+        $this->assertNotFalse($result);
+        $this->assertStringContainsString('doSkipReason', $result);
+    }
+
+    public function testDoSkipReasonSkipsTrackback(): void
+    {
+        $user = new \stdClass();
+        $user->roles = array('subscriber');
+
+        $result = $this->invokeDoSkipReason(
+            array(
+                'comment_type'    => 'trackback',
+                'comment_post_ID' => 1,
+            ),
+            $user
+        );
+
+        $this->assertNotFalse($result);
+        $this->assertStringContainsString('doSkipReason', $result);
+    }
+
+    /**
+     * Missing comment_type must default to "comment" and continue into the main ruleset (not pingback skip).
+     */
+    public function testDoSkipReasonDefaultsMissingCommentTypeToComment(): void
+    {
+        global $current_user;
+        $subscriber = $this->makeSubscriberUser();
+        $current_user = $subscriber;
+
+        $apbct = (object) array(
+            'settings' => array(
+                'forms__comments_test' => 0,
+            ),
+        );
+
+        $wp_comment = array(
+            'comment_post_ID' => 1,
+        );
+
+        $result = $this->invokeDoSkipReason($wp_comment, $subscriber, false, $apbct);
+
+        $this->assertNotFalse($result);
+        $this->assertStringContainsString('doSkipReason', $result);
+    }
+
+    public function testDoSkipReasonSkipsWhenCommentAlreadyHandled(): void
+    {
+        global $current_user;
+        $subscriber = $this->makeSubscriberUser();
+        $current_user = $subscriber;
+
+        $apbct = (object) array(
+            'settings' => array(
+                'forms__comments_test' => 1,
+            ),
+        );
+
+        $wp_comment = array(
+            'comment_type' => 'comment',
+            'comment_post_ID' => 1,
+            'comment_author' => 'John',
+            'comment_author_email' => 'john@example.com',
+            'comment_author_url' => 'https://example.com',
+            'comment_content' => 'Regular text',
+        );
+
+        $result = $this->invokeDoSkipReason($wp_comment, $subscriber, true, $apbct);
+
+        $this->assertNotFalse($result);
+        $this->assertStringContainsString('doSkipReason', $result);
+    }
+
+    public function testDoSkipReasonReturnsFalseForRegularCommentWithoutBlacklistedContent(): void
+    {
+        global $current_user;
+        $subscriber = $this->makeSubscriberUser();
+        $current_user = $subscriber;
+
+        update_option('disallowed_keys', 'forbidden-keyword-that-is-not-used');
+
+        $apbct = (object) array(
+            'settings' => array(
+                'forms__comments_test' => 1,
+            ),
+        );
+
+        $wp_comment = array(
+            'comment_type' => 'comment',
+            'comment_post_ID' => 1,
+            'comment_author' => 'John',
+            'comment_author_email' => 'john@example.com',
+            'comment_author_url' => 'https://example.com',
+            'comment_content' => 'Absolutely clean content',
+        );
+
+        $result = $this->invokeDoSkipReason($wp_comment, $subscriber, false, $apbct);
+
+        $this->assertFalse($result);
+    }
+
+    public function testDoSkipReasonSkipsWhenWordPressBlacklistMatches(): void
+    {
+        global $current_user;
+        $subscriber = $this->makeSubscriberUser();
+        $current_user = $subscriber;
+
+        update_option('disallowed_keys', 'blacklisted-fragment');
+
+        $apbct = (object) array(
+            'settings' => array(
+                'forms__comments_test' => 1,
+            ),
+        );
+
+        $wp_comment = array(
+            'comment_type' => 'comment',
+            'comment_post_ID' => 1,
+            'comment_author' => 'John',
+            'comment_author_email' => 'john@example.com',
+            'comment_author_url' => 'https://example.com',
+            'comment_content' => 'Message contains blacklisted-fragment inside',
+        );
+
+        $result = $this->invokeDoSkipReason($wp_comment, $subscriber, false, $apbct);
+
+        $this->assertNotFalse($result);
+        $this->assertStringContainsString('doSkipReason', $result);
+    }
+}
+
