brianhansonxyz/homeproz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
abbd3502e813b577619dc25bbd939394640c6125
homeproz/wp-content/plugins/all-in-one-wp-security-and-firewall/admin/wp-security-list-comment-spammer-ip.php
T

222 lines
8.0 KiB
PHP
Executable File
Raw Blame History

<?php
if (!defined('ABSPATH')) {
exit; // Exit if accessed directly
}
class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
public function __construct() {
//Set parent defaults
parent::__construct(array(
'singular' => 'item', // singular name of the listed records
'plural' => 'items', // plural name of the listed records
'ajax' => false // does this table support ajax?
));
}
public function column_default($item, $column_name) {
return $item[$column_name];
}
public function column_comment_author_IP($item) {
//Build row actions
if (!is_main_site() || 'blocked' === $item['status']) {
//Suppress the block link if site is a multi site AND not the main site or the status is blocked
$actions = array(); //blank array
} else {
//Add IP to block URL
$ip = $item['comment_author_IP'];
$actions = array(
'block' => '<a class="aios-block-author-ip" data-ip="'.esc_attr($ip).'" data-message="'.esc_js(__('Are you sure you want to permanently block this IP address?', 'all-in-one-wp-security-and-firewall')).'" href="">'.__('Block', 'all-in-one-wp-security-and-firewall').'</a>',
);
}
//Return the user_login contents
return sprintf('%1$s <span style="color:silver"></span>%2$s',
/*$1%s*/ $item['comment_author_IP'],
/*$2%s*/ $this->row_actions($actions)
);
}
public function column_cb($item) {
return sprintf(
'<input type="checkbox" name="%1$s[]" value="%2$s" />',
/*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
/*$2%s*/ esc_attr($item['comment_author_IP']) //The value of the checkbox should be the record's id
);
}
public function get_columns() {
$columns = array(
'cb' => '<input type="checkbox" />', //Render a checkbox
'comment_author_IP' => __('Spammer IP', 'all-in-one-wp-security-and-firewall'),
'amount' => __('Number of spam comments from this IP', 'all-in-one-wp-security-and-firewall'),
'status' => __('Status', 'all-in-one-wp-security-and-firewall'),
);
return $columns;
}
public function get_sortable_columns() {
$sortable_columns = array(
'comment_author_IP' => array('comment_author_IP',false),
'amount' => array('amount',false),
'status' => array('status',false),
);
return $sortable_columns;
}
public function get_bulk_actions() {
if (!is_main_site()) {
//Suppress the block link if site is a multi site AND not the main site
$actions = array(); //blank array
} else {
$actions = array(
'block' => __('Block', 'all-in-one-wp-security-and-firewall')
);
}
return $actions;
}
/**
* This function handles bulk actions on the table
*
* @return void
*/
private function process_bulk_action() {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- This IS the nonce check.
if (empty($_REQUEST['_wpnonce']) || !isset($_REQUEST['_wp_http_referer'])) return;
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput -- This IS the nonce check.
$result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($_REQUEST['_wpnonce'], 'bulk-items');
if (is_wp_error($result)) return;
if ('block' === $this->current_action()) {
//Process block bulk actions
if (!isset($_REQUEST['item'])) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Nonce already checked above.
$error_msg = '<div id="message" class="error"><p><strong>';
$error_msg .= esc_html__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall');
$error_msg .= '</strong></p></div>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. Output already escaped.
echo $error_msg;
} else {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Nonce already checked above.
$this->block_spammer_ip_records((filter_var(wp_unslash($_REQUEST['item']), FILTER_VALIDATE_IP)));
}
}
}
/**
* This function will add the selected IP addresses to the blacklist.
*
* @param int|array $entries - either an array of IDs or a single ID of ip to be blocked
*
* @return void
*/
public function block_spammer_ip_records($entries) {
if (is_array($entries)) {
$entries = array_map('esc_sql', $entries); // Escape every array element
//Bulk selection using checkboxes were used
foreach ($entries as $ip_add) {
AIOWPSecurity_Blocking::add_ip_to_block_list($ip_add, 'spam');
}
}
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses are now permanently blocked.', 'all-in-one-wp-security-and-firewall'));
}
/**
* This function prepare the items rendered on the table
*
* @return void
*/
public function prepare_items() {
//First, lets decide how many records per page to show
$per_page = 100;
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$this->_column_headers = array($columns, $hidden, $sortable);
$this->process_bulk_action();
global $wpdb;
global $aio_wp_security;
$minimum_comments_per_ip = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments');
if (empty($minimum_comments_per_ip)) {
$minimum_comments_per_ip = 5;
}
// Ordering parameters
//Parameters that are going to be used to order the result
isset($_GET["orderby"]) ? $orderby = wp_strip_all_tags(wp_unslash($_GET["orderby"])) : $orderby = ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- No nonce to check.
isset($_GET["order"]) ? $order = wp_strip_all_tags(wp_unslash($_GET["order"])) : $order = ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- No nonce to check.
$orderby = !empty($orderby) ? esc_sql($orderby) : 'amount';
$order = !empty($order) ? esc_sql($order) : 'DESC';
$orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
$order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
// status is not a key in the database so we don't want to sort the database results, but sort the array later
if ('status' == $orderby) {
$sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
FROM $wpdb->comments
WHERE comment_approved = 'spam'
GROUP BY comment_author_IP
HAVING amount >= %d
", $minimum_comments_per_ip);
} else {
// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $orderby cannot be prepared.
$sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
FROM $wpdb->comments
WHERE comment_approved = 'spam'
GROUP BY comment_author_IP
HAVING amount >= %d
ORDER BY $orderby $order
", $minimum_comments_per_ip);
// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $orderby cannot be prepared.
}
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery -- Preparing done in conditional above.
$data = $wpdb->get_results($sql, ARRAY_A);
// Get all permanently blocked IP addresses
$block_list = AIOWPSecurity_Blocking::get_list_blocked_ips();
foreach ($data as $key => $value) {
if (in_array($value['comment_author_IP'], $block_list)) {
$data[$key]['status'] = 'blocked';
} else {
$data[$key]['status'] = 'not blocked';
}
}
if ('status' == $orderby) {
$keys = array_column($data, 'status');
if ('asc' == $order) {
array_multisort($keys, SORT_ASC, SORT_STRING, $data);
} else {
array_multisort($keys, SORT_DESC, SORT_STRING, $data);
}
}
$current_page = $this->get_pagenum();
$total_items = count($data);
$data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
$this->items = $data;
$this->set_pagination_args(array(
'total_items' => $total_items, //WE have to calculate the total number of items
'per_page' => $per_page, //WE have to determine how many items to show on a page
'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
));
}
}
Reference in New Issue View Git Blame Copy Permalink