Updates to 1.5.0

Author: Gravity Forms

change_log.txt

@@ -1,6 +1,14 @@
+## 1.5.0 | 2024-04-30
+- Fixed an issue where duplicate entries are created when using Conversational Forms with reCAPTCHA v3.
+- Fixed an issue where form submission hangs after Stripe 3DS validation.
+- Fixed an issue where all REST API submissions are marked as spam.
+- Note: If used alongside the Stripe Add-On, this version of the reCAPTCHA Add-On requires version 5.5.0 or later of the Stripe Add-On.
+
 ## 1.4.0 | 2024-01-17
 - Fixed an issue where reCaptcha v3 validation is not triggered when using the Stripe Payment Element.
 - Fixed the PHP 8.2 creation of dynamic property deprecation notice that occurs on form submission.
+
+## 1.3.0 | 2023-11-09
 - Fixed an issue where a JavaScript error can occur on the front-end if the page also includes custom or third-party forms.
 - Fixed an issue where the v3 settings aren't populated by the GF_RECAPTCHA_V3_SITE_KEY and GF_RECAPTCHA_V3_SECRET_KEY constants.
 

class-gf-recaptcha.php

@@ -550,20 +550,31 @@ public function get_plugin_settings_instance() {
 	 * @return bool
 	 */
 	private function initialize_api() {
+		static $result;
+
+		if ( is_bool( $result ) ) {
+			return $result;
+		}
+
+		$result     = false;
 		$site_key   = $this->plugin_settings->get_recaptcha_key( 'site_key_v3' );
 		$secret_key = $this->plugin_settings->get_recaptcha_key( 'secret_key_v3' );
 
 		if ( ! ( $site_key && $secret_key ) ) {
-			$this->log_debug( __METHOD__ . '(): missing v3 key configuration. Please check the add-on settings.' );
+			$this->log_debug( __METHOD__ . '(): Missing v3 key configuration. Please check the add-on settings.' );
+
 			return false;
 		}
 
 		if ( '1' !== $this->get_plugin_setting( 'recaptcha_keys_status_v3' ) ) {
-			$this->log_debug( __METHOD__ . '(): could not initialize reCAPTCHA v3 because site and/or secret key is invalid.' );
+			$this->log_debug( __METHOD__ . '(): Could not initialize reCAPTCHA v3 because site and/or secret key is invalid.' );
+
 			return false;
 		}
 
-		$this->log_debug( __METHOD__ . '(): Initializing API.' );
+		$result = true;
+		$this->log_debug( __METHOD__ . '(): API Initialized.' );
+
 		return true;
 	}
 
@@ -763,25 +774,39 @@ public function add_recaptcha_meta_box( $data ) {
 	 */
 	public function check_for_spam_entry( $is_spam, $form, $entry ) {
 
-		if ( $is_spam || $this->is_disabled_by_form_setting( $form ) || ! $this->initialize_api() || $this->is_preview() ) {
+		if ( $is_spam ) {
+			$this->log_debug( __METHOD__ . '(): Skipping, entry has already been identified as spam by another anti-spam solution.' );
 			return $is_spam;
 		}
 
-		$is_spam = (float) $this->get_score_from_entry( $entry ) <= $this->get_spam_score_threshold();
+		$is_spam = $this->is_spam_submission( $form, $entry );
 		$this->log_debug( __METHOD__ . '(): Is submission considered spam? ' . ( $is_spam ? 'Yes.' : 'No.' ) );
 
 		return $is_spam;
 	}
 
-	public function is_spam_submission( $form ) {
-		if ( $this->is_disabled_by_form_setting( $form ) || $this->is_preview() || ! $this->initialize_api() ) {
+	/**
+	 * Determines if the submission is spam by comparing its score with the threshold.
+	 *
+	 * @since 1.4
+	 * @since 1.5 Added the optional $entry param.
+	 *
+	 * @param array $form  The form being processed.
+	 * @param array $entry The entry being processed.
+	 *
+	 * @return bool
+	 */
+	public function is_spam_submission( $form, $entry = array() ) {
+		if ( $this->should_skip_validation( $form ) ) {
+			$this->log_debug( __METHOD__ . '(): Score check skipped.' );
+
 			return false;
 		}
 
-		$score      = $this->token_verifier->get_score();
-		$threashold = $this->get_spam_score_threshold();
+		$score     = empty( $entry ) ? $this->token_verifier->get_score() : $this->get_score_from_entry( $entry );
+		$threshold = $this->get_spam_score_threshold();
 
-		return (float) $score <= (float) $threashold;
+		return (float) $score <= (float) $threshold;
 	}
 	/**
 	 * Get the Recaptcha score from the entry details.
@@ -812,6 +837,12 @@ private function get_score_from_entry( $entry ) {
 	 * @return float
 	 */
 	private function get_spam_score_threshold() {
+		static $value;
+
+		if ( ! empty( $value ) ) {
+			return $value;
+		}
+
 		$value = (float) $this->get_plugin_setting( 'score_threshold_v3' );
 		if ( empty( $value ) ) {
 			$value = 0.5;
@@ -846,8 +877,8 @@ private function is_disabled_by_form_setting( $form ) {
 	public function validate_submission( $submission_data ) {
 		$this->log_debug( __METHOD__ . '(): Validating form (#' . rgars( $submission_data, 'form/id' ) . ') submission.' );
 
-		if ( $this->should_skip_validation( $submission_data ) ) {
-			$this->log_debug( __METHOD__ . '(): Validation skipped. reCAPTCHA v3 is misconfigured, disabled, or the form was submitted in preview mode.' );
+		if ( $this->should_skip_validation( rgar( $submission_data, 'form' ) ) ) {
+			$this->log_debug( __METHOD__ . '(): Validation skipped.' );
 
 			return $submission_data;
 		}
@@ -864,24 +895,55 @@ public function validate_submission( $submission_data ) {
 	 * we want to skip the reCaptcha validation so it isn't triggered twice, as this will make it always fail.
 	 *
 	 * @since 1.4
+	 * @since 1.5 Changed param to $form array.
 	 *
-	 * @param array $submission_data The submitted form data.
+	 * @param array $form The form being processed.
 	 *
 	 * @return bool
 	 */
-	public function should_skip_validation( $submission_data ) {
+	public function should_skip_validation( $form ) {
+		static $result = array();
+
+		$form_id = rgar( $form, 'id' );
+		if ( isset( $result[ $form_id ] ) ) {
+			return $result[ $form_id ];
+		}
+
+		$result[ $form_id ] = true;
+
+		if ( $this->is_preview() ) {
+			$this->log_debug( __METHOD__ . '(): Yes! Form preview page.' );
+
+			return true;
+		}
+
+		if ( ! $this->initialize_api() ) {
+			$this->log_debug( __METHOD__ . '(): Yes! API not initialized.' );
+
+			return true;
+		}
+
+		if ( $this->is_disabled_by_form_setting( $form ) ) {
+			$this->log_debug( __METHOD__ . '(): Yes! Disabled by form setting.' );
+
+			return true;
+		}
+
+		if ( defined( 'REST_REQUEST' ) && REST_REQUEST && ! isset( $_POST[ $this->field->get_input_name( $form_id ) ] ) ) {
+			$this->log_debug( __METHOD__ . '(): Yes! REST request without input.' );
 
-		$is_recaptcha_configured = $this->initialize_api() && ! $this->is_disabled_by_form_setting( rgar( $submission_data, 'form' ) );
-		// Skip validation if reCaptcha is not configured or if the form is in preview mode.
-		if ( ! $is_recaptcha_configured || $this->is_preview() ) {
 			return true;
 		}
 
 		// For older versions of Stripe, skip the first validation attempt and only validate on the second attempt. Newer versions of Stripe will validate twice without a problem.
 		if ( $this->is_stripe_validation() && version_compare( gf_stripe()->get_version(), '5.4.3', '<' ) ) {
+			$this->log_debug( __METHOD__ . '(): Yes! Older Stripe validation.' );
+
 			return true;
 		}
 
+		$result[ $form_id ] = false;
+
 		return false;
 	}
 

includes/class-gf-field-recaptcha.php

@@ -93,16 +93,10 @@ public function get_field_input( $form, $value = '', $entry = null ) {
 	public function validation_check( $validation_data ) {
 		$this->formId = absint( rgars( $validation_data, 'form/id' ) );
 
-		if ( defined( 'REST_REQUEST' ) && REST_REQUEST && ! isset( $_POST[ $this->get_input_name() ] ) ) {
-			gf_recaptcha()->log_debug( __METHOD__ . '(): Aborting; REST request.' );
-
-			return $validation_data;
-		}
-
 		if ( $this->is_valid_field_data() ) {
 
 			// Set is_spam value.
-			$validation_data['is_spam'] = gf_recaptcha()->is_spam_submission( GFAPI::get_form( $this->formId ) );
+			$validation_data['is_spam'] = gf_recaptcha()->is_spam_submission( rgar( $validation_data, 'form' ) );
 
 			return $validation_data;
 		}

includes/class-token-verifier.php

@@ -180,16 +180,16 @@ public function verify_submission( $token ) {
 
 		$data = \GFCache::get( 'recaptcha_' . $token, $found );
 		if ( $found ) {
-			$this->addon->log_debug( __METHOD__ . '() using cached reCAPTCHA result: ' . print_r( $data, true ) );
+			$this->addon->log_debug( __METHOD__ . '(): Using cached reCAPTCHA result: ' . print_r( $data, true ) );
 			$this->recaptcha_result = $data;
 
 			return true;
 		}
 
-		$this->addon->log_debug( __METHOD__ . '(): verifying reCAPTCHA submission.' );
+		$this->addon->log_debug( __METHOD__ . '(): Verifying reCAPTCHA submission.' );
 
 		if ( empty( $token ) ) {
-			$this->addon->log_debug( __METHOD__ . '() could not verify the submission because no token was found.' . PHP_EOL );
+			$this->addon->log_debug( __METHOD__ . '(): Could not verify the submission because no token was found.' . PHP_EOL );
 			return false;
 		}
 
@@ -209,15 +209,15 @@ public function verify_submission( $token ) {
 
 		if ( ! $this->validate_response_data( $data ) ) {
 			$this->addon->log_debug(
-				__METHOD__ . '() could not validate the token request from the reCAPTCHA service. ' . PHP_EOL
+				__METHOD__ . '(): Could not validate the token request from the reCAPTCHA service. ' . PHP_EOL
 				. "token: {$token}" . PHP_EOL
 				. "response: " . print_r( $data, true ) . PHP_EOL // @codingStandardsIgnoreLine
 			);
 			return false;
 		}
 
 		// @codingStandardsIgnoreLine
-		$this->addon->log_debug( __METHOD__ . '() validated reCAPTCHA: ' . print_r( $data, true ) );
+		$this->addon->log_debug( __METHOD__ . '(): Validated reCAPTCHA: ' . print_r( $data, true ) );
 		$this->recaptcha_result = $data;
 
 		// Caching result for 1 hour.
@@ -294,7 +294,7 @@ private function verify_hostname( $hostname ) {
 	 * @return bool
 	 */
 	private function verify_action( $action ) {
-		$this->addon->log_debug( __METHOD__ . '(): verifying action from reCAPTCHA response.' );
+		$this->addon->log_debug( __METHOD__ . '(): Verifying action from reCAPTCHA response.' );
 
 		return $this->action === $action;
 	}
@@ -309,7 +309,7 @@ private function verify_action( $action ) {
 	 * @return bool
 	 */
 	private function verify_score( $score ) {
-		$this->addon->log_debug( __METHOD__ . '(): verifying score from reCAPTCHA response.' );
+		$this->addon->log_debug( __METHOD__ . '(): Verifying score from reCAPTCHA response.' );
 
 		return is_float( $score ) && $score >= 0.0 && $score <= 1.0;
 	}
@@ -328,7 +328,7 @@ private function verify_score( $score ) {
 	 * @return bool
 	 */
 	private function verify_timestamp( $challenge_ts ) {
-		$this->addon->log_debug( __METHOD__ . '(): verifying timestamp from reCAPTCHA response.' );
+		$this->addon->log_debug( __METHOD__ . '(): Verifying timestamp from reCAPTCHA response.' );
 
 		return ( gmdate( time() ) - strtotime( $challenge_ts ) ) <= 24 * HOUR_IN_SECONDS;
 	}

includes/settings/class-plugin-settings.php

@@ -509,7 +509,7 @@ public function verify_v3_keys() {
 		$this->apply_status_changes( $result );
 
 		if ( is_wp_error( $result ) ) {
-			$this->addon->log_debug( __METHOD__ . '(): failed to verify reCAPTCHA token. ' . $result->get_error_message() );
+			$this->addon->log_debug( __METHOD__ . '(): Failed to verify reCAPTCHA token. ' . $result->get_error_message() );
 
 			wp_send_json_error();
 		}