New. ShadowrootProtection. Implementation of form protection in Shadowroot elements, integration with Mailchimp shadowroot

inc/cleantalk-integrations-by-hook.php

@@ -338,6 +338,11 @@
         'setting' => 'forms__registrations_test',
         'ajax' => false
     ),
+    'MailChimpShadowRoot'         => array(
+        'hook'    => 'cleantalk_force_mailchimp_shadowroot_check',
+        'setting' => 'forms__check_external',
+        'ajax'    => true
+    ),
     'BloomForms' => array(
         'hook'    => 'bloom_subscribe',
         'setting' => 'forms__contact_forms_test',

inc/cleantalk-pluggable.php

@@ -714,6 +714,7 @@ function apbct_is_skip_request($ajax = false, $ajax_message_obj = array())
             'nasa_process_login', //Nasa login
             'leaky_paywall_validate_registration', //Leaky Paywall validation request
             'cleantalk_force_ajax_check', //Force ajax check has direct integration
+            'cleantalk_force_mailchimp_shadowroot_check', // Mailchimp ShadowRoot has direct integration
             'cscf-submitform', // CSCF has direct integration
             'mailpoet', // Mailpoet has direct integration
             'wpcommunity_auth_login', // WPCommunity login

lib/Cleantalk/Antispam/Integrations/MailChimpShadowRoot.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace Cleantalk\Antispam\Integrations;
+
+/**
+ * This class handles the integration with Mailchimp forms embedded via ShadowRoot (external widget).
+ * These forms send data directly to Mailchimp servers bypassing WordPress,
+ * so we intercept fetch requests on the JS side and validate them via AJAX.
+ */
+class MailChimpShadowRoot extends IntegrationBase
+{
+    public function getDataForChecking($argument)
+    {
+        global $apbct;
+
+        if (!empty($_POST)) {
+            if (!$apbct->stats['no_cookie_data_taken']) {
+                apbct_form__get_no_cookie_data();
+            }
+
+            $input_array = apply_filters('apbct__filter_post', $_POST);
+
+            $data = ct_gfa_dto($input_array)->getArray();
+
+            // Handle event token from bot detector
+            if (isset($data['ct_bot_detector_event_token'])) {
+                $data['event_token'] = $data['ct_bot_detector_event_token'];
+            }
+
+            return $data;
+        }
+
+        return null;
+    }
+
+    public function doBlock($message)
+    {
+        die(
+            json_encode(
+                array(
+                    'apbct' => array(
+                        'blocked'     => true,
+                        'comment'     => $message,
+                        'stop_script' => apbct__stop_script_after_ajax_checking()
+                    )
+                )
+            )
+        );
+    }
+
+    /**
+     * Allow the request to proceed
+     * @return void
+     */
+    public function allow()
+    {
+        die(
+            json_encode(
+                array(
+                    'apbct' => array(
+                        'blocked' => false,
+                        'allow'   => true,
+                    )
+                )
+            )
+        );
+    }
+}