diff --git a/cleantalk.antispam/include.php b/cleantalk.antispam/include.php index b1e04f1..c747043 100644 --- a/cleantalk.antispam/include.php +++ b/cleantalk.antispam/include.php @@ -418,7 +418,7 @@ public static function OnPageStartHandler() }else{ if( $arUser['type'] == 'contact_form_bitrix_smt' ){ - echo '
' . $aResult['ct_result_comment'] . '
'; + echo '
' . htmlspecialcharsbx($aResult['ct_result_comment']) . '
'; die(); }elseif( $arUser['type'] == 'contact_form_bitrix_iblock_ajax' ){ @@ -1866,9 +1866,9 @@ static function SendFeedback($module, $id, $feedback) { if(empty($feedback) || $feedback != 'Y' && $feedback != 'N') return; - $request_id = $DB->Query('SELECT ct_request_id FROM cleantalk_cids WHERE module=\''. $module .'\' AND cid=' . $id)->Fetch(); + $request_id = $DB->Query('SELECT ct_request_id FROM cleantalk_cids WHERE module=\''. $DB->ForSql($module) .'\' AND cid=' . (int)$id)->Fetch(); if($request_id !== FALSE){ - $DB->Query('DELETE FROM cleantalk_cids WHERE module=\''. $module .'\' AND cid=' . $id); + $DB->Query('DELETE FROM cleantalk_cids WHERE module=\''. $DB->ForSql($module) .'\' AND cid=' . (int)$id); $ct_key_site = COption::GetOptionString('cleantalk.antispam', '_key', '', $site["LID"]); $ct_key = empty($ct_key_site) ? COption::GetOptionString('cleantalk.antispam', 'key', '') : $ct_key_site; @@ -1905,7 +1905,7 @@ static function GetCleanTalkResume($module, $id) { if(empty($id) || intval($id) < 0) return; - $ret_val = $DB->Query('SELECT ct_request_id, ct_result_comment FROM cleantalk_cids WHERE module=\''. $module .'\' AND cid=' . $id)->Fetch(); + $ret_val = $DB->Query('SELECT ct_request_id, ct_result_comment FROM cleantalk_cids WHERE module=\''. $DB->ForSql($module) .'\' AND cid=' . (int)$id)->Fetch(); return $ret_val; } diff --git a/cleantalk.antispam/lang/en/options.php b/cleantalk.antispam/lang/en/options.php index cb7ceb1..740a611 100644 --- a/cleantalk.antispam/lang/en/options.php +++ b/cleantalk.antispam/lang/en/options.php @@ -59,5 +59,6 @@ $MESS['CLEANTALK_MULTISITE_LABEL_KEY'] = 'If you want to use specific Access Key for this website paste it here. Otherwise, leave it empty.'; $MESS['CLEANTALK_USE_CUSTOM_SERVER'] = 'Use custom server'; $MESS['CLEANTALK_USE_CUSTOM_SERVER_DESCRIPTION'] = 'Use custom server for spam checking. You can enter cleantalk.ru and the plugin will use only ru servers. This option is for critical situations when it is impossible to choose the server automatically.'; +$MESS['CLEANTALK_SERVER_NOT_ALLOWED'] = 'Only cleantalk server allowed.'; $MESS['CLEANTALK_CURL_NOT_AVAILABLE'] = 'cURL is not available.'; $MESS['CLEANTALK_CURL_NOT_AVAILABLE_DETAILS'] = 'cURL support is required'; diff --git a/cleantalk.antispam/lang/ru/options.php b/cleantalk.antispam/lang/ru/options.php index 52c3892..eaefc58 100644 --- a/cleantalk.antispam/lang/ru/options.php +++ b/cleantalk.antispam/lang/ru/options.php @@ -60,5 +60,6 @@ $MESS['CLEANTALK_USE_CUSTOM_SERVER'] = 'Использовать кастомный сервер'; $MESS['CLEANTALK_USE_CUSTOM_SERVER_DESCRIPTION'] = 'Использовать кастомный сервер для проверки спама. Можете ввести cleantalk.ru и плагин будет использовать только ru сервера. Опция для критических ситуаций, когда невозможен выбор сервера автоматически.'; $MESS['CLEANTALK_SERVER_NOT_AVAILABLE'] = 'Указанные сервера не доступны, обратитесь в тех поддержку https://cleantalk.org/my/support/open'; +$MESS['CLEANTALK_SERVER_NOT_ALLOWED'] = 'Разрешены только cleantalk сервера'; $MESS['CLEANTALK_CURL_NOT_AVAILABLE'] = 'cURL не установлен.'; $MESS['CLEANTALK_CURL_NOT_AVAILABLE_DETAILS'] = 'cURL необходим для работы модуля'; diff --git a/cleantalk.antispam/lib/Cleantalk/Antispam/Cleantalk.php b/cleantalk.antispam/lib/Cleantalk/Antispam/Cleantalk.php index 5cff41f..06ad681 100644 --- a/cleantalk.antispam/lib/Cleantalk/Antispam/Cleantalk.php +++ b/cleantalk.antispam/lib/Cleantalk/Antispam/Cleantalk.php @@ -281,10 +281,10 @@ private function sendRequest($data = null, $url, $server_timeout = 15) { // see http://stackoverflow.com/a/23322368 curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Disabling CA cert verivication and - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); // Disabling common name verification + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Verify CA certificate + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Verify common name matches host - if ($this->ssl_on && $this->ssl_path != '') { + if ($this->ssl_path != '') { curl_setopt($ch, CURLOPT_CAINFO, $this->ssl_path); } diff --git a/cleantalk.antispam/lib/Cleantalk/ApbctBitrix/SFW.php b/cleantalk.antispam/lib/Cleantalk/ApbctBitrix/SFW.php index 135267e..7c0447c 100644 --- a/cleantalk.antispam/lib/Cleantalk/ApbctBitrix/SFW.php +++ b/cleantalk.antispam/lib/Cleantalk/ApbctBitrix/SFW.php @@ -44,11 +44,11 @@ public function _die( $result ) '{SFW_DIE_CLICK_TO_PASS}' => $this->__('Please click the link below to pass the protection,', 'cleantalk-spam-protect'), '{SFW_DIE_YOU_WILL_BE_REDIRECTED}' => sprintf( $this->__('Or you will be automatically redirected to the requested page after %d seconds.', 'cleantalk-spam-protect'), 3), '{CLEANTALK_TITLE}' => ($this->test ? $this->__('This is the testing page for SpamFireWall', 'cleantalk-spam-protect') : ''), - '{REMOTE_ADDRESS}' => $result['ip'], + '{REMOTE_ADDRESS}' => htmlspecialcharsbx($result['ip']), '{SERVICE_ID}' => $net_count['net_count'], '{HOST}' => '', '{GENERATED}' => '

The page was generated at ' . date( 'D, d M Y H:i:s' ) . "

", - '{REQUEST_URI}' => $request_uri, + '{REQUEST_URI}' => htmlspecialcharsbx($request_uri), // Cookie '{COOKIE_PREFIX}' => '', @@ -99,7 +99,7 @@ public function _die( $result ) } - die( "IP BLACKLISTED. Blocked by SFW " . $result['ip'] ); + die( "IP BLACKLISTED. Blocked by SFW " . htmlspecialcharsbx($result['ip']) ); } diff --git a/cleantalk.antispam/lib/Cleantalk/Common/Cron.php b/cleantalk.antispam/lib/Cleantalk/Common/Cron.php index 7c26374..561a2af 100644 --- a/cleantalk.antispam/lib/Cleantalk/Common/Cron.php +++ b/cleantalk.antispam/lib/Cleantalk/Common/Cron.php @@ -234,8 +234,14 @@ public function runTasks( $tasks ) return; } + $allowed_handlers = array('apbct_sfw_update', 'apbct_sfw_send_logs'); + foreach( $tasks as $task ){ + if( ! in_array( $this->tasks[$task]['handler'], $allowed_handlers, true ) ) { + continue; + } + if( method_exists( '\CleantalkAntispam',$this->tasks[$task]['handler'] ) ){ if( $this->debug ) { diff --git a/cleantalk.antispam/lib/Cleantalk/Common/RemoteCalls.php b/cleantalk.antispam/lib/Cleantalk/Common/RemoteCalls.php index 4786b39..ba652aa 100644 --- a/cleantalk.antispam/lib/Cleantalk/Common/RemoteCalls.php +++ b/cleantalk.antispam/lib/Cleantalk/Common/RemoteCalls.php @@ -90,7 +90,7 @@ public function perform() $this->setLastCall( $action ); // Check API key - if( $token === strtolower( md5( $this->api_key ) ) ){ + if( ! empty( $this->api_key ) && $token === strtolower( md5( $this->api_key ) ) ){ // Flag to let plugin know that Remote Call is running. $this->rc_running = true; @@ -100,8 +100,9 @@ public function perform() if( method_exists( static::class, $action_method ) ){ // Delay before perform action; - if ( Get::get( 'delay' ) ) { - sleep(Get::get('delay')); + $delay = (int) Get::get( 'delay' ); + if ( $delay > 0 ) { + sleep( min( $delay, 5 ) ); } $action_result = static::$action_method(); diff --git a/cleantalk.antispam/options.php b/cleantalk.antispam/options.php index ddc3dfa..3eca18c 100644 --- a/cleantalk.antispam/options.php +++ b/cleantalk.antispam/options.php @@ -40,9 +40,12 @@ $subTabControl = new CAdminViewTabControl("subTabControl", $sub_tabs); -$current_options = ct_get_options($sModuleId); + $current_options = ct_get_options($sModuleId); -if ( ! empty($REQUEST_METHOD) && $REQUEST_METHOD == 'POST' && $_POST['Update'] == 'Y' ) { + global $APPLICATION; + $ct_module_right = $APPLICATION->GetGroupRight($sModuleId); + +if ( ! empty($REQUEST_METHOD) && $REQUEST_METHOD == 'POST' && $_POST['Update'] == 'Y' && check_bitrix_sessid() && $ct_module_right >= 'W' ) { //try to get default options $default_options = ct_get_default_options($sModuleId); @@ -218,18 +221,30 @@ // Convert to lowercase and trim $domain = strtolower(trim($domain)); // use default bitrix http client to make request - $httpClient = new \Bitrix\Main\Web\HttpClient(); - $response = $httpClient->get('https://moderate.' . $domain); - if ($response === false) { + $allowed_servers = array('cleantalk.org', 'cleantalk.ru'); + if ( ! in_array($domain, $allowed_servers, true) ) { Option::set( $sModuleId, 'use_custom_server', '' ); CAdminNotify::Add(array( - 'MESSAGE' => GetMessage( 'CLEANTALK_SERVER_NOT_AVAILABLE' ), - 'TAG' => 'server_not_available', + 'MESSAGE' => GetMessage( 'CLEANTALK_SERVER_NOT_ALLOWED' ), + 'TAG' => 'server_not_allowed', 'MODULE_ID' => 'main', 'ENABLE_CLOSE' => 'Y')); } else { - Option::set( $sModuleId, 'use_custom_server', $domain ); - CAdminNotify::DeleteByTag('server_not_available'); + // use default bitrix http client to make request + $httpClient = new \Bitrix\Main\Web\HttpClient(); + $response = $httpClient->get('https://moderate.' . $domain); + if ($response === false) { + Option::set( $sModuleId, 'use_custom_server', '' ); + CAdminNotify::Add(array( + 'MESSAGE' => GetMessage( 'CLEANTALK_SERVER_NOT_AVAILABLE' ), + 'TAG' => 'server_not_available', + 'MODULE_ID' => 'main', + 'ENABLE_CLOSE' => 'Y')); + } else { + Option::set( $sModuleId, 'use_custom_server', $domain ); + CAdminNotify::DeleteByTag('server_not_available'); + CAdminNotify::DeleteByTag('server_not_allowed'); + } } } } @@ -404,16 +419,16 @@ function ctDisableInputLine(ct_input_line){