Merge pull request #54 from GravityKit/develop

Release 1.7.1

Author: mrcasual

gravityforms-zero-spam.php

@@ -3,7 +3,7 @@
  * Plugin Name:       Gravity Forms Zero Spam
  * Plugin URI:        https://www.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=pluginuri
  * Description:       Enhance Gravity Forms to include effective anti-spam measures—without using a CAPTCHA.
- * Version:           1.7.0
+ * Version:           1.7.1
  * Author:            GravityKit
  * Author URI:        https://www.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=authoruri
  * Requires PHP:      7.4

includes/class-gf-zero-spam-token.php

@@ -152,7 +152,26 @@ public static function validate( string $token, int $expected_form_id ): array {
 	 * @return string The derived HMAC secret.
 	 */
 	public static function get_site_secret( int $salt_version ): string {
-		return hash_hmac( 'sha256', $salt_version . '|' . AUTH_KEY, SECURE_AUTH_KEY );
+		$auth_key        = defined( 'AUTH_KEY' ) ? AUTH_KEY : '';
+		$secure_auth_key = defined( 'SECURE_AUTH_KEY' ) ? SECURE_AUTH_KEY : '';
+
+		// Fall back to a DB-stored secret if wp-config.php salts are missing.
+		if ( '' === $auth_key && '' === $secure_auth_key ) {
+			$fallback = get_option( 'gf_zero_spam_fallback_secret' );
+
+			if ( ! $fallback ) {
+				$fallback = wp_generate_password( 64, true, true );
+
+				if ( ! add_option( 'gf_zero_spam_fallback_secret', $fallback, '', false ) ) {
+					$fallback = get_option( 'gf_zero_spam_fallback_secret' );
+				}
+			}
+
+			$auth_key        = $fallback;
+			$secure_auth_key = $fallback;
+		}
+
+		return hash_hmac( 'sha256', $salt_version . '|' . $auth_key, $secure_auth_key );
 	}
 
 	/**

phpstan.dist.neon

@@ -16,7 +16,6 @@ parameters:
         - %currentWorkingDirectory%/vendor/php-stubs/gravity-forms-stubs/gravity-forms-stubs.php
     ignoreErrors:
         - '#(Used )?[Cc]onstant GF_ZERO_SPAM_\w+ not found#'
-        - '#Constant (AUTH_KEY|SECURE_AUTH_KEY) not found#'
         - '#Parameter \#6 \$sub_type of static method GFAPI::add_note\(\) expects null, string given#'
         - '#Function gf_apply_filters invoked with \d+ parameters, 2 required#'
         - '#Action callback returns bool but should not return anything#'

readme.txt

@@ -3,7 +3,7 @@ Contributors: gravityview
 Tags: gravity forms, spam, captcha, honeypot, anti-spam
 Requires at least: 4.7
 Tested up to: 6.9.1
-Stable tag: 1.7.0
+Stable tag: 1.7.1
 Requires PHP: 7.4
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -110,6 +110,10 @@ You can enable a spam summary report email. This email will be sent to the email
 
 == Changelog ==
 
+= 1.7.1 on March 6, 2026 =
+
+* Fixed: Fatal error on sites where `AUTH_KEY` or `SECURE_AUTH_KEY` constants are not defined in `wp-config.php`
+
 = 1.7.0 on March 5, 2026 =
 
 * Added: Stronger spam prevention using signed, time-limited tokens