Skip to content

Commit db8b5f6

Browse files
mrcasualmrcasual
committed
Use array format for WP_Error status data in token endpoint
1 parent 14436c2 commit db8b5f6

2 files changed

Lines changed: 7 additions & 6 deletions

File tree

includes/class-gf-zero-spam-token-endpoint.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,8 @@ public function handle_ajax() {
9696
nocache_headers();
9797

9898
if ( is_wp_error( $result ) ) {
99-
$status = (int) $result->get_error_data();
99+
$error_data = $result->get_error_data();
100+
$status = is_array( $error_data ) && isset( $error_data['status'] ) ? (int) $error_data['status'] : 500;
100101

101102
wp_send_json_error( $result->get_error_message(), $status );
102103
}
@@ -115,20 +116,20 @@ public function handle_ajax() {
115116
*/
116117
private function handle_token_request( int $form_id ) {
117118
if ( $form_id < 1 ) {
118-
return new WP_Error( 'missing_form_id', __( 'A valid form_id is required.', 'gravity-forms-zero-spam' ), 400 );
119+
return new WP_Error( 'missing_form_id', __( 'A valid form_id is required.', 'gravity-forms-zero-spam' ), [ 'status' => 400 ] );
119120
}
120121

121122
$form = GFAPI::get_form( $form_id );
122123

123124
if ( ! $form ) {
124-
return new WP_Error( 'invalid_form', __( 'Form not found.', 'gravity-forms-zero-spam' ), 400 );
125+
return new WP_Error( 'invalid_form', __( 'Form not found.', 'gravity-forms-zero-spam' ), [ 'status' => 400 ] );
125126
}
126127

127128
// Check if Zero Spam is enabled for this form.
128129
$enabled = gf_apply_filters( 'gf_zero_spam_check_key_field', $form_id, true, $form, [] );
129130

130131
if ( false === $enabled ) {
131-
return new WP_Error( 'zero_spam_disabled', __( 'Zero Spam is not enabled for this form.', 'gravity-forms-zero-spam' ), 400 );
132+
return new WP_Error( 'zero_spam_disabled', __( 'Zero Spam is not enabled for this form.', 'gravity-forms-zero-spam' ), [ 'status' => 400 ] );
132133
}
133134

134135
$rate_check = $this->check_rate_limit();
@@ -193,7 +194,7 @@ private function check_rate_limit() {
193194
$limit = (int) apply_filters( 'gf_zero_spam_rate_limit', self::RATE_LIMIT );
194195

195196
if ( $count >= $limit ) {
196-
return new WP_Error( 'rate_limited', __( 'Too many requests. Please try again later.', 'gravity-forms-zero-spam' ), 429 );
197+
return new WP_Error( 'rate_limited', __( 'Too many requests. Please try again later.', 'gravity-forms-zero-spam' ), [ 'status' => 429 ] );
197198
}
198199

199200
set_transient( $key, $count + 1, 60 );

readme.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ You can enable a spam summary report email. This email will be sent to the email
112112

113113
= develop =
114114

115-
* Added: Stronger spam prevention using signed tokens that can't be copied from the page source by bots
115+
* Added: Stronger spam prevention using signed, time-limited tokens fetched at submit time
116116
* API: Added `gf_zero_spam_client_ip` filter to override the visitor IP used for rate limiting (useful for sites behind Cloudflare or load balancers)
117117
* API: Added `gf_zero_spam_rate_limit` filter to adjust the maximum token requests allowed per IP per minute (default: 30)
118118

0 commit comments

Comments
 (0)