commit: db016fe34cccf898352cc516832b3eafdff1b4b3 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Mon Apr 18 16:04:48 2016 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Mon Apr 18 16:04:48 2016 +0000 URL: https://gitweb.gentoo.org/proj/blogs-gentoo.git/commit/?id=db016fe3
Update plugin akismet to 3.1.10 plugins/akismet/akismet.php | 5 +- plugins/akismet/class.akismet-admin.php | 6 +-- plugins/akismet/class.akismet.php | 85 ++++++++++++++++++++++++++------- plugins/akismet/readme.txt | 25 +++++++++- 4 files changed, 97 insertions(+), 24 deletions(-) diff --git a/plugins/akismet/akismet.php b/plugins/akismet/akismet.php index 2c13942..a4807c9 100644 --- a/plugins/akismet/akismet.php +++ b/plugins/akismet/akismet.php @@ -6,7 +6,7 @@ Plugin Name: Akismet Plugin URI: http://akismet.com/ Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: 1) Click the "Activate" link to the left of this description, 2) <a href="http://akismet.com/get/";>Sign up for an Akismet plan</a> to get an API key, and 3) Go to your Akismet configuration page, and save your API key. -Version: 3.1.7 +Version: 3.1.10 Author: Automattic Author URI: http://automattic.com/wordpress-plugins/ License: GPLv2 or later @@ -37,9 +37,8 @@ if ( !function_exists( 'add_action' ) ) { exit; } -define( 'AKISMET_VERSION', '3.1.7' ); +define( 'AKISMET_VERSION', '3.1.10' ); define( 'AKISMET__MINIMUM_WP_VERSION', '3.2' ); -define( 'AKISMET__PLUGIN_URL', plugin_dir_url( __FILE__ ) ); define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); define( 'AKISMET_DELETE_LIMIT', 100000 ); diff --git a/plugins/akismet/class.akismet-admin.php b/plugins/akismet/class.akismet-admin.php index 863d1ca..08d6770 100644 --- a/plugins/akismet/class.akismet-admin.php +++ b/plugins/akismet/class.akismet-admin.php @@ -111,10 +111,10 @@ class Akismet_Admin { 'jetpack_page_akismet-key-config', 'plugins.php', ) ) ) { - wp_register_style( 'akismet.css', AKISMET__PLUGIN_URL . '_inc/akismet.css', array(), AKISMET_VERSION ); + wp_register_style( 'akismet.css', plugin_dir_url( __FILE__ ) . '_inc/akismet.css', array(), AKISMET_VERSION ); wp_enqueue_style( 'akismet.css'); - wp_register_script( 'akismet.js', AKISMET__PLUGIN_URL . '_inc/akismet.js', array('jquery','postbox'), AKISMET_VERSION ); + wp_register_script( 'akismet.js', plugin_dir_url( __FILE__ ) . '_inc/akismet.js', array('jquery','postbox'), AKISMET_VERSION ); wp_enqueue_script( 'akismet.js' ); wp_localize_script( 'akismet.js', 'WPAkismet', array( 'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ), @@ -605,7 +605,7 @@ class Akismet_Admin { } public static function plugin_action_links( $links, $file ) { - if ( $file == plugin_basename( AKISMET__PLUGIN_URL . '/akismet.php' ) ) { + if ( $file == plugin_basename( plugin_dir_url( __FILE__ ) . '/akismet.php' ) ) { $links[] = '<a href="' . esc_url( self::get_page_url() ) . '">'.esc_html__( 'Settings' , 'akismet').'</a>'; } diff --git a/plugins/akismet/class.akismet.php b/plugins/akismet/class.akismet.php index e47c8a8..c81d70d 100644 --- a/plugins/akismet/class.akismet.php +++ b/plugins/akismet/class.akismet.php @@ -53,6 +53,10 @@ class Akismet { // Run this early in the pingback call, before doing a remote fetch of the source uri add_action( 'xmlrpc_call', array( 'Akismet', 'pre_check_pingback' ) ); + + // Jetpack compatibility + add_filter( 'jetpack_options_whitelist', array( 'Akismet', 'add_to_jetpack_options_whitelist' ) ); + add_action( 'update_option_wordpress_api_key', array( 'Akismet', 'updated_option' ), 10, 2 ); } public static function get_api_key() { @@ -81,6 +85,37 @@ class Akismet { return $response[1]; } + /** + * Add the akismet option to the Jetpack options management whitelist. + * + * @param array $options The list of whitelisted option names. + * @return array The updated whitelist + */ + public static function add_to_jetpack_options_whitelist( $options ) { + $options[] = 'wordpress_api_key'; + return $options; + } + + /** + * When the akismet option is updated, run the registration call. + * + * This should only be run when the option is updated from the Jetpack/WP.com + * API call, and only if the new key is different than the old key. + * + * @param mixed $old_value The old option value. + * @param mixed $value The new option value. + */ + public static function updated_option( $old_value, $value ) { + // Not an API call + if ( ! class_exists( 'WPCOM_JSON_API_Update_Option_Endpoint' ) ) { + return; + } + // Only run the registration if the old key is different. + if ( $old_value !== $value ) { + self::verify_key( $value ); + } + } + public static function auto_check_comment( $commentdata ) { self::$last_comment_result = null; @@ -119,13 +154,19 @@ class Akismet { $comment["POST_{$key}"] = $value; } - $ignore = array( 'HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW' ); - foreach ( $_SERVER as $key => $value ) { - if ( !in_array( $key, $ignore ) && is_string($value) ) - $comment["$key"] = $value; - else - $comment["$key"] = ''; + if ( ! is_string( $value ) ) { + continue; + } + + if ( preg_match( "/^HTTP_COOKIE/", $key ) ) { + continue; + } + + // Send any potentially useful $_SERVER vars, but avoid sending junk we don't need. + if ( preg_match( "/^(HTTP_|REMOTE_ADDR|REQUEST_URI|DOCUMENT_URI)/", $key ) ) { + $comment[ "$key" ] = $value; + } } $post = get_post( $comment['comment_post_ID'] ); @@ -248,7 +289,9 @@ class Akismet { elseif ( self::$last_comment['akismet_result'] == 'false' ) { update_comment_meta( $comment->comment_ID, 'akismet_result', 'false' ); self::update_comment_history( $comment->comment_ID, '', 'check-ham' ); - if ( $comment->comment_approved == 'spam' ) { + // Status could be spam or trash, depending on the WP version and whether this change applies: + // https://core.trac.wordpress.org/changeset/34726 + if ( $comment->comment_approved == 'spam' || $comment->comment_approved == 'trash' ) { if ( wp_blacklist_check($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent) ) self::update_comment_history( $comment->comment_ID, '', 'wp-blacklisted' ); else @@ -707,25 +750,35 @@ class Akismet { $comment1 = (array) $comment1; $comment2 = (array) $comment2; - return ( + $comments_match = ( isset( $comment1['comment_post_ID'], $comment2['comment_post_ID'] ) && intval( $comment1['comment_post_ID'] ) == intval( $comment2['comment_post_ID'] ) && ( // The comment author length max is 255 characters, limited by the TINYTEXT column type. - substr( $comment1['comment_author'], 0, 255 ) == substr( $comment2['comment_author'], 0, 255 ) - || substr( stripslashes( $comment1['comment_author'] ), 0, 255 ) == substr( $comment2['comment_author'], 0, 255 ) - || substr( $comment1['comment_author'], 0, 255 ) == substr( stripslashes( $comment2['comment_author'] ), 0, 255 ) + // If the comment author includes multibyte characters right around the 255-byte mark, they + // may be stripped when the author is saved in the DB, so a 300+ char author may turn into + // a 253-char author when it's saved, not 255 exactly. The longest possible character is + // theoretically 6 bytes, so we'll only look at the first 248 bytes to be safe. + substr( $comment1['comment_author'], 0, 248 ) == substr( $comment2['comment_author'], 0, 248 ) + || substr( stripslashes( $comment1['comment_author'] ), 0, 248 ) == substr( $comment2['comment_author'], 0, 248 ) + || substr( $comment1['comment_author'], 0, 248 ) == substr( stripslashes( $comment2['comment_author'] ), 0, 248 ) + // Certain long comment author names will be truncated to nothing, depending on their encoding. + || ( ! $comment1['comment_author'] && strlen( $comment2['comment_author'] ) > 248 ) + || ( ! $comment2['comment_author'] && strlen( $comment1['comment_author'] ) > 248 ) ) && ( // The email max length is 100 characters, limited by the VARCHAR(100) column type. - substr( $comment1['comment_author_email'], 0, 100 ) == substr( $comment2['comment_author_email'], 0, 100 ) - || substr( stripslashes( $comment1['comment_author_email'] ), 0, 100 ) == substr( $comment2['comment_author_email'], 0, 100 ) - || substr( $comment1['comment_author_email'], 0, 100 ) == substr( stripslashes( $comment2['comment_author_email'] ), 0, 100 ) + // Same argument as above for only looking at the first 93 characters. + substr( $comment1['comment_author_email'], 0, 93 ) == substr( $comment2['comment_author_email'], 0, 93 ) + || substr( stripslashes( $comment1['comment_author_email'] ), 0, 93 ) == substr( $comment2['comment_author_email'], 0, 93 ) + || substr( $comment1['comment_author_email'], 0, 93 ) == substr( stripslashes( $comment2['comment_author_email'] ), 0, 93 ) // Very long emails can be truncated and then stripped if the [0:100] substring isn't a valid address. || ( ! $comment1['comment_author_email'] && strlen( $comment2['comment_author_email'] ) > 100 ) || ( ! $comment2['comment_author_email'] && strlen( $comment1['comment_author_email'] ) > 100 ) ) ); + + return $comments_match; } // Does the supplied comment match the details of the one most recently stored in self::$last_comment? @@ -956,7 +1009,7 @@ class Akismet { public static function load_form_js() { // WP < 3.3 can't enqueue a script this late in the game and still have it appear in the footer. // Once we drop support for everything pre-3.3, this can change back to a single enqueue call. - wp_register_script( 'akismet-form', AKISMET__PLUGIN_URL . '_inc/form.js', array(), AKISMET_VERSION, true ); + wp_register_script( 'akismet-form', plugin_dir_url( __FILE__ ) . '_inc/form.js', array(), AKISMET_VERSION, true ); add_action( 'wp_footer', array( 'Akismet', 'print_form_js' ) ); add_action( 'admin_footer', array( 'Akismet', 'print_form_js' ) ); } @@ -1153,4 +1206,4 @@ p { return $meta_value; } -} \ No newline at end of file +} diff --git a/plugins/akismet/readme.txt b/plugins/akismet/readme.txt index 69f43d8..01197dc 100644 --- a/plugins/akismet/readme.txt +++ b/plugins/akismet/readme.txt @@ -2,8 +2,8 @@ Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs Tags: akismet, comments, spam, antispam, anti-spam, anti spam, comment moderation, comment spam, contact form spam, spam comments Requires at least: 3.2 -Tested up to: 4.4.1 -Stable tag: 3.1.7 +Tested up to: 4.5 +Stable tag: 3.1.10 License: GPLv2 or later Akismet checks your comments against the Akismet Web service to see if they look like spam or not. @@ -30,6 +30,27 @@ Upload the Akismet plugin to your blog, Activate it, then enter your [Akismet.co == Changelog == += 3.1.10 = +*Release Date - 1 April 2016* + +* Fixed a bug that could cause comments caught as spam to be placed in the Pending queue. +* Fixed a bug that could have resulted in comments that were caught by the core WordPress comment blacklist not to have a corresponding History entry. +* Fixed a bug that could have caused avoidable PHP warnings in the error log. + += 3.1.9 = +*Release Date - 28 March 2016* + +* Add compatibility with Jetpack so that Jetpack can automatically configure Akismet settings when appropriate. +* Fixed a bug preventing some comment data from being sent to Akismet. + += 3.1.8 = +*Release Date - 4 March 2016* + +* Fixed a bug preventing Akismet from being used with some plugins that rewrite admin URLs. +* Reduced the amount of bandwidth used on Akismet API calls +* Reduced the amount of space Akismet uses in the database +* Fixed a bug that could cause comments caught as spam to be placed in the Pending queue. + = 3.1.7 = *Release Date - 4 January 2016*
