CleanTalk
diff --git a/‎cleantalk.php‎
Lines changed: 19 additions & 6 deletions b/‎cleantalk.php‎
Lines changed: 19 additions & 6 deletions
diff --git a/‎inc/cleantalk-admin.php‎
Lines changed: 61 additions & 40 deletions b/‎inc/cleantalk-admin.php‎
Lines changed: 61 additions & 40 deletions
diff --git a/‎inc/cleantalk-ajax.php‎
Lines changed: 21 additions & 21 deletions b/‎inc/cleantalk-ajax.php‎
Lines changed: 21 additions & 21 deletions
diff --git a/‎inc/cleantalk-common.php‎
Lines changed: 21 additions & 2 deletions b/‎inc/cleantalk-common.php‎
Lines changed: 21 additions & 2 deletions
diff --git a/‎inc/cleantalk-integrations-by-hook.php‎
Lines changed: 10 additions & 0 deletions b/‎inc/cleantalk-integrations-by-hook.php‎
Lines changed: 10 additions & 0 deletions
@@ -4,7 +4,7 @@
   Plugin Name: Anti-Spam by CleanTalk
   Plugin URI: https://cleantalk.org
   Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
-  Version: 6.58.1
+  Version: 6.59
   Author: CleanTalk - Anti-Spam Protection <welcome@cleantalk.org>
   Author URI: https://cleantalk.org
   Text Domain: cleantalk-spam-protect
@@ -118,7 +118,15 @@
     $plugin_version__agent = $major_version . '.' . $minor_version . '.' . $branch_sub . $padded;
 }
 define('APBCT_AGENT', 'wordpress-' . $plugin_version__agent); // Prepared agent
-const APBCT_MODERATE_URL = 'https://moderate.cleantalk.org'; // Api URL
+
+if ( defined('CLEANTALK_SERVER') ) {
+    define('APBCT_MODERATE_URL', 'https://moderate.' . CLEANTALK_SERVER);
+    if ( ! defined('CLEANTALK_API_URL') ) {
+        define('CLEANTALK_API_URL', 'https://api.' . CLEANTALK_SERVER);
+    }
+} else {
+    define('APBCT_MODERATE_URL', 'https://moderate.cleantalk.org'); // Api URL
+}
 
 /**
  * Require base classes.
@@ -442,8 +450,11 @@ function apbct_write_js_errors($data)
 // Metform
 if (
     apbct_is_plugin_active('metform/metform.php') &&
-    apbct_is_in_uri('/wp-json/metform/') &&
-    sizeof($_POST) > 0
+    sizeof($_POST) > 0 &&
+    (
+        apbct_is_in_uri('/wp-json/metform/') ||
+        (apbct_get_rest_url_only_path() !== 'index.php' && apbct_is_in_uri(apbct_get_rest_url_only_path() . 'metform/'))
+    )
 ) {
     apbct_form__metform_subscribe__testSpam();
 }
@@ -582,7 +593,7 @@ function apbct_write_js_errors($data)
                 . APBCT_URL_PATH
                 . '/js/apbct-public-bundle.min.js'
                 . '?ver=' . APBCT_VERSION . '" id="ct_public_functions-js"></script>';
-            echo '<script src="https://moderate.cleantalk.org/ct-bot-detector-wrapper.js?ver='
+            echo '<script src="' . APBCT_MODERATE_URL . '/ct-bot-detector-wrapper.js?ver='
                 . APBCT_VERSION . '" id="ct_bot_detector-js"></script>';
         }, 100);
     }
@@ -2579,7 +2590,7 @@ function apbct_cookie()
     $domain = '';
 
     // Submit time
-    if ( empty($_POST) || Post::get('action') === 'apbct_set_important_parameters' ) {
+    if ( empty($_POST) ) {
         $apbct_timestamp = time();
         RequestParameters::set('apbct_timestamp', (string)$apbct_timestamp, true);
         $cookie_test_value['cookies_names'][] = 'apbct_timestamp';
@@ -2751,11 +2762,13 @@ function ct_account_status_check($api_key = null, $process_errors = true)
 
         //todo:temporary solution for description, until we found the way to transfer this from cloud
         if (defined('APBCT_WHITELABEL_PLUGIN_DESCRIPTION')) {
+            /** @psalm-suppress PossiblyInvalidArrayAssignment */
             $result['wl_antispam_description'] = APBCT_WHITELABEL_PLUGIN_DESCRIPTION;
         }
 
         //todo:temporary solution for FAQ
         if (defined('APBCT_WHITELABEL_FAQ_LINK')) {
+            /** @psalm-suppress PossiblyInvalidArrayAssignment */
             $result['wl_faq_url'] = APBCT_WHITELABEL_FAQ_LINK;
         }
 
 
@@ -95,8 +95,16 @@ function ct_dashboard_statistics_widget()
     if (isset($apbct->data['wl_brandname']) && $apbct->data['wl_brandname'] !== APBCT_NAME) {
         $actual_plugin_name = $apbct->data['wl_brandname'];
     }
+    /**
+     * Hook. List of allowed user roles for the Dashboard widget.
+     * add_filter('apbct_hook_dashboard_widget_allowed_roles_list', function($roles_list) {
+     *  $roles_list[] = 'editor';
+     *  return $roles_list;
+     * });
+     */
+    $roles_list = apply_filters('apbct_hook_dashboard_widget_allowed_roles_list', array('administrator'));
 
-    if ( apbct_is_user_role_in(array('administrator')) ) {
+    if (is_array($roles_list) && apbct_is_user_role_in($roles_list) ) {
         wp_add_dashboard_widget(
             'ct_dashboard_statistics_widget',
             $actual_plugin_name,
@@ -172,7 +180,7 @@ function ct_dashboard_statistics_widget_output($_post, $_callback_args)
                  "<u>{$apbct->brief_data['error']}</u>"
              )
              . '</h2>';
-        if ( $apbct->user_token && ! $apbct->white_label ) {
+        if (apbct_is_user_role_in(array('administrator')) && $apbct->user_token && ! $apbct->white_label ) {
             $link = LinkConstructor::buildCleanTalkLink(
                 'anti_crawler_inactive',
                 'my',
@@ -225,7 +233,7 @@ function ct_dashboard_statistics_widget_output($_post, $_callback_args)
                 } ?>
             </table>
             <?php
-            if ( $apbct->user_token && ! $apbct->data["wl_mode_enabled"] ) {
+            if (apbct_is_user_role_in(array('administrator')) && $apbct->user_token && ! $apbct->data["wl_mode_enabled"] ) {
                 $link = LinkConstructor::buildCleanTalkLink(
                     'dashboard_widget_all_data_link',
                     'my/show_requests',
@@ -244,50 +252,55 @@ function ct_dashboard_statistics_widget_output($_post, $_callback_args)
         <?php
     }
     // Notice at the bottom
-    if ( isset($current_user) && in_array('administrator', $current_user->roles) ) {
-        if ( $apbct->spam_count && $apbct->spam_count > 0 ) {
+    if ( $apbct->spam_count && $apbct->spam_count > 0 ) {
+        $cp_total_stats = '';
+        //Link to CP is only for admins due the token provided
+        if ( apbct_is_user_role_in(array('administrator')) ) {
             $link = LinkConstructor::buildCleanTalkLink(
                 'dashboard_widget_go_to_cp',
                 'my',
                 array(
                     'user_token' => $apbct->user_token,
-                    'cp_mode' => 'antispam'
+                    'cp_mode'    => 'antispam'
                 )
             );
-            echo '<div class="ct_widget_wprapper_total_blocked">'
-                 . ($apbct->data["wl_mode_enabled"] ? '' : '<img src="' . Escape::escUrl($apbct->logo__small__colored) . '" class="ct_widget_small_logo"/>')
-                 . '<span title="' . sprintf(
-                     __(
-                         'This is the count from the %s\'s cloud and could be different to admin bar counters',
-                         'cleantalk-spam-protect'
-                     ) . '">',
-                     $actual_plugin_name
-                 )
-                 . sprintf(
-                 /* translators: %s: Number of spam messages */
-                     __(
-                         '%s%s%s has blocked %s spam for past year. The statistics are automatically updated every 24 hours.',
-                         'cleantalk-spam-protect'
-                     ),
-                     ! $apbct->data["wl_mode_enabled"] ? '<a href="' . $link . '" target="_blank">' : '',
-                     $actual_plugin_name,
-                     ! $apbct->data["wl_mode_enabled"] ? '</a>' : '',
-                     number_format($apbct->data['spam_count'], 0, ',', ' ')
-                 )
-                 . '</span>'
-                 . (! $apbct->white_label && ! $apbct->data["wl_mode_enabled"]
-                    ? '<br><br>'
-                      . '<b style="font-size: 16px;">'
-                      . sprintf(
-                          __('Do you like CleanTalk? %sPost your feedback here%s.', 'cleantalk-spam-protect'),
-                          '<u><a href="https://wordpress.org/support/plugin/cleantalk-spam-protect/reviews/#new-post" target="_blank">',
-                          '</a></u>'
-                      )
-                      . '</b>'
-                    : ''
-                 )
-                 . '</div>';
+            $cp_total_stats =
+                ($apbct->data["wl_mode_enabled"] ? '' : '<img src="' . Escape::escUrl($apbct->logo__small__colored) . '" class="ct_widget_small_logo"/>')
+                . '<span title="'
+                . sprintf(
+                    __(
+                        'This is the count from the %s\'s cloud and could be different to admin bar counters',
+                        'cleantalk-spam-protect'
+                    ) . '">',
+                    $actual_plugin_name
+                )
+                . sprintf(
+                /* translators: %s: Number of spam messages */
+                    __(
+                        '%s%s%s has blocked %s spam for past year. The statistics are automatically updated every 24 hours.',
+                        'cleantalk-spam-protect'
+                    ),
+                    ! $apbct->data["wl_mode_enabled"] ? '<a href="' . $link . '" target="_blank">' : '',
+                    $actual_plugin_name,
+                    ! $apbct->data["wl_mode_enabled"] ? '</a>' : '',
+                    number_format($apbct->data['spam_count'], 0, ',', ' ')
+                )
+                . '</span>';
         }
+        echo '<div class="ct_widget_wprapper_total_blocked">'
+             . $cp_total_stats
+             . (! $apbct->white_label && ! $apbct->data["wl_mode_enabled"]
+                ? '<br><br>'
+                  . '<b style="font-size: 16px;">'
+                  . sprintf(
+                      __('Do you like CleanTalk? %sPost your feedback here%s.', 'cleantalk-spam-protect'),
+                      '<u><a href="https://wordpress.org/support/plugin/cleantalk-spam-protect/reviews/#new-post" target="_blank">',
+                      '</a></u>'
+                  )
+                  . '</b>'
+                : ''
+             )
+             . '</div>';
     }
     echo '</div>';
 }
@@ -527,10 +540,18 @@ function apbct_admin__enqueue_scripts($hook)
     $data = array_merge($data, EmailEncoder::getLocalizationText());
     wp_localize_script('cleantalk-admin-js', 'ctAdminCommon', $data);
 
+    /**
+     * Hook. List of allowed user roles for the Dashboard widget.
+     * add_filter('apbct_hook_dashboard_widget_allowed_roles_list', function($roles_list) {
+     *  $roles_list[] = 'editor';
+     *  return $roles_list;
+     * });
+     */
+    $roles_list = apply_filters('apbct_hook_dashboard_widget_allowed_roles_list', array('administrator'));
     // DASHBOARD page JavaScript and CSS
     if (
         $hook == 'index.php' &&
-        apbct_is_user_role_in(array('administrator')) &&
+        is_array($roles_list) && apbct_is_user_role_in($roles_list) &&
         $apbct->settings['wp__dashboard_widget__show'] &&
         ! $apbct->moderate_ip
     ) {
 
@@ -129,11 +129,11 @@
  */
 function ct_validate_email_ajaxlogin($email = null)
 {
-    $email   = is_null($email) ? $email : Post::get('email');
-    $email   = \Cleantalk\ApbctWP\Sanitize::cleanEmail($email);
-    $is_good = ! ( ! filter_var($email, FILTER_VALIDATE_EMAIL) || email_exists($email));
-
     if ( class_exists('AjaxLogin') && Post::get('action') === 'validate_email' ) {
+        $email   = is_null($email) ? $email : Post::get('email');
+        $email   = \Cleantalk\ApbctWP\Sanitize::cleanEmail($email);
+        $is_good = ! ( ! filter_var($email, FILTER_VALIDATE_EMAIL) || email_exists($email));
+
         $sender_info = array();
         $checkjs                            = apbct_js_test(TT::toString(Post::get('ct_checkjs')));
         $sender_info['post_checkjs_passed'] = $checkjs;
@@ -156,25 +156,25 @@ function ct_validate_email_ajaxlogin($email = null)
                 $is_good = false;
             }
         }
-    }
 
-    if ( $is_good ) {
-        $ajaxresult = array(
-            'description' => null,
-            'cssClass'    => 'noon',
-            'code'        => 'success'
-        );
-    } else {
-        $ajaxresult = array(
-            'description' => 'Invalid Email',
-            'cssClass'    => 'error-container',
-            'code'        => 'error'
-        );
-    }
+        if ( $is_good ) {
+            $ajaxresult = array(
+                'description' => null,
+                'cssClass'    => 'noon',
+                'code'        => 'success'
+            );
+        } else {
+            $ajaxresult = array(
+                'description' => 'Invalid Email',
+                'cssClass'    => 'error-container',
+                'code'        => 'error'
+            );
+        }
 
-    $ajaxresult = json_encode($ajaxresult);
-    print $ajaxresult;
-    wp_die();
+        $ajaxresult = json_encode($ajaxresult);
+        print $ajaxresult;
+        wp_die();
+    }
 }
 
 /**
 
@@ -221,7 +221,21 @@ function apbct_base_call($params = array(), $reg_flag = false)
         ! apbct_is_trackback() &&
         ! defined('XMLRPC_REQUEST')
     ) {
-        $params['exception_action'] = 1;
+        /**
+         * If the constant APBCT_SERVICE__DISABLE_EMPTY_EMAIL_EXCEPTION is defined,
+         * it means that the exception action should be disabled for empty email checks.
+         *
+         * Check all post data option ignore this constant.
+         * @since 6.58.99
+         */
+        if (
+            $apbct->service_constants->disable_empty_email_exception->isDefined() &&
+            !$apbct->settings['data__general_postdata_test']
+        ) {
+            $params['exception_action'] = 0;
+        } else {
+            $params['exception_action'] = 1;
+        }
     }
     /**
      * Skip checking excepted requests if the "Log excluded requests" option is disabled.
@@ -410,11 +424,16 @@ function apbct_exclusions_check__url()
             $exclusions = explode(',', $apbct->settings['exclusions__urls']);
         }
 
+        $rest_url_only_path = apbct_get_rest_url_only_path();
         // Fix for AJAX and WP REST API forms
         $haystack =
             (
                 Server::get('REQUEST_URI') === '/wp-admin/admin-ajax.php' ||
-                stripos(TT::toString(Server::get('REQUEST_URI')), '/wp-json/') === 0
+                stripos(TT::toString(Server::getString('REQUEST_URI')), '/wp-json/') === 0 ||
+                (
+                    $rest_url_only_path !== 'index.php' &&
+                    stripos(TT::toString(Server::getString('REQUEST_URI')), $rest_url_only_path) === 0
+                )
             ) &&
             TT::toString(Server::get('HTTP_REFERER'))
             ? str_ireplace(
 
@@ -420,6 +420,16 @@
         'setting' => 'forms__registrations_test',
         'ajax'    => true
     ),
+    'QuickCal'         => array(
+        'hook'    => 'booked_add_appt',
+        'setting' => 'forms__contact_forms_test',
+        'ajax'    => true
+    ),
+    'RegistrationMagic'         => array(
+        'hook'    => 'rm_validate_before_form_submit',
+        'setting' => 'forms__registrations_test',
+        'ajax'    => false
+    ),
 );
 
 add_action('plugins_loaded', function () use ($apbct_active_integrations) {