Skip to content

Commit a26d1a6

Browse files
kagg-designkagg-design
committed
Add anti-spam entry processing for Elementor.
1 parent 493f5b4 commit a26d1a6

File tree

2 files changed

+193
-15
lines changed

2 files changed

+193
-15
lines changed

src/php/ElementorPro/HCaptchaHandler.php

Lines changed: 32 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -364,13 +364,7 @@ public function validation( Form_Record $record, Ajax_Handler $ajax_handler ): v
364364

365365
$field = current( $fields );
366366

367-
// phpcs:disable WordPress.Security.NonceVerification.Missing
368-
$hcaptcha_response = isset( $_POST['h-captcha-response'] ) ?
369-
filter_var( wp_unslash( $_POST['h-captcha-response'] ), FILTER_SANITIZE_FULL_SPECIAL_CHARS ) :
370-
'';
371-
// phpcs:enable WordPress.Security.NonceVerification.Missing
372-
373-
$result = API::verify_request( $hcaptcha_response );
367+
$result = API::verify( $this->get_entry( $record ) );
374368

375369
if ( null !== $result ) {
376370
$ajax_handler->add_error( $field['id'], $result );
@@ -561,4 +555,35 @@ public function print_inline_styles(): void {
561555

562556
HCaptcha::css_display( $css );
563557
}
558+
559+
/**
560+
* Get entry.
561+
*
562+
* @param Form_Record $record Record.
563+
*
564+
* @return array
565+
*/
566+
private function get_entry( Form_Record $record ): array {
567+
$form_settings = $record->get( 'form_settings' );
568+
$form_id = (int) ( $form_settings['form_post_id'] ?? 0 );
569+
$post = get_post( $form_id );
570+
$sent_data = $record->get( 'sent_data' );
571+
$entry = [
572+
'form_date_gmt' => $post->post_modified_gmt ?? null,
573+
'data' => $sent_data,
574+
];
575+
576+
$fields = $record->get( 'fields' );
577+
578+
foreach ( $fields as $field ) {
579+
$type = $field['type'];
580+
$id = $field['id'];
581+
582+
if ( 'email' === $type ) {
583+
$entry['data'][ $id ] = $sent_data[ $id ];
584+
}
585+
}
586+
587+
return $entry;
588+
}
564589
}

tests/php/integration/ElementorPro/HCaptchaHandlerTest.php

Lines changed: 161 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -367,6 +367,7 @@ public function dp_test_init(): array {
367367
* Test register_admin_fields().
368368
*
369369
* @return void
370+
* @noinspection PhpParamsInspection
370371
*/
371372
public function test_register_admin_fields(): void {
372373
$settings = Mockery::mock( 'alias:Elementor\Settings' );
@@ -606,7 +607,37 @@ public function test_enqueue_preview_scripts(): void {
606607
* Test validation.
607608
*/
608609
public function test_validation(): void {
609-
$fields = [
610+
$form_settings = [
611+
'form_id' => '23',
612+
];
613+
$fields = [
614+
'name' =>
615+
[
616+
'id' => 'name',
617+
'type' => 'text',
618+
'title' => 'Name',
619+
'value' => 'John Doe',
620+
'raw_value' => 'John Doe',
621+
'required' => false,
622+
],
623+
'email' =>
624+
[
625+
'id' => 'email',
626+
'type' => 'email',
627+
'title' => 'Email',
628+
'value' => '[email protected]',
629+
'raw_value' => '[email protected]',
630+
'required' => false,
631+
],
632+
'message' =>
633+
[
634+
'id' => 'message',
635+
'type' => 'textarea',
636+
'title' => 'Message',
637+
'value' => 'Some message',
638+
'raw_value' => 'Some message',
639+
'required' => false,
640+
],
610641
'field_014ea7c' =>
611642
[
612643
'id' => 'field_014ea7c',
@@ -617,12 +648,20 @@ public function test_validation(): void {
617648
'required' => false,
618649
],
619650
];
620-
$field = current( $fields );
651+
$field = current( $fields );
652+
$sent_data = [
653+
'name' => 'John Doe',
654+
'email' => '[email protected]',
655+
'message' => 'Some message',
656+
];
621657

622658
$hcaptcha_response = 'some response';
623659
$this->prepare_verify_request( $hcaptcha_response );
624660

625661
$record = Mockery::mock( Form_Record::class );
662+
$record->shouldReceive( 'get' )->with( 'form_settings' )->once()->andReturn( $form_settings );
663+
$record->shouldReceive( 'get' )->with( 'sent_data' )->once()->andReturn( $sent_data );
664+
$record->shouldReceive( 'get' )->with( 'fields' )->once()->andReturn( $fields );
626665
$record->shouldReceive( 'get_field' )->with( [ 'type' => 'hcaptcha' ] )->once()->andReturn( $fields );
627666
$record->shouldReceive( 'remove_field' )->with( $field['id'] )->once();
628667

@@ -652,7 +691,37 @@ public function test_validation_with_empty_fields(): void {
652691
* Test validation with no hCaptcha response.
653692
*/
654693
public function test_validation_with_no_captcha(): void {
655-
$fields = [
694+
$form_settings = [
695+
'form_id' => '23',
696+
];
697+
$fields = [
698+
'name' =>
699+
[
700+
'id' => 'name',
701+
'type' => 'text',
702+
'title' => 'Name',
703+
'value' => 'John Doe',
704+
'raw_value' => 'John Doe',
705+
'required' => false,
706+
],
707+
'email' =>
708+
[
709+
'id' => 'email',
710+
'type' => 'email',
711+
'title' => 'Email',
712+
'value' => '[email protected]',
713+
'raw_value' => '[email protected]',
714+
'required' => false,
715+
],
716+
'message' =>
717+
[
718+
'id' => 'message',
719+
'type' => 'textarea',
720+
'title' => 'Message',
721+
'value' => 'Some message',
722+
'raw_value' => 'Some message',
723+
'required' => false,
724+
],
656725
'field_014ea7c' =>
657726
[
658727
'id' => 'field_014ea7c',
@@ -663,9 +732,17 @@ public function test_validation_with_no_captcha(): void {
663732
'required' => false,
664733
],
665734
];
666-
$field = current( $fields );
735+
$field = current( $fields );
736+
$sent_data = [
737+
'name' => 'John Doe',
738+
'email' => '[email protected]',
739+
'message' => 'Some message',
740+
];
667741

668742
$record = Mockery::mock( Form_Record::class );
743+
$record->shouldReceive( 'get' )->with( 'form_settings' )->once()->andReturn( $form_settings );
744+
$record->shouldReceive( 'get' )->with( 'sent_data' )->once()->andReturn( $sent_data );
745+
$record->shouldReceive( 'get' )->with( 'fields' )->once()->andReturn( $fields );
669746
$record->shouldReceive( 'get_field' )->with( [ 'type' => 'hcaptcha' ] )->once()->andReturn( $fields );
670747
$record->shouldReceive( 'remove_field' )->never();
671748

@@ -684,7 +761,37 @@ public function test_validation_with_no_captcha(): void {
684761
* Test validation with failed hCaptcha.
685762
*/
686763
public function test_validation_with_failed_captcha(): void {
687-
$fields = [
764+
$form_settings = [
765+
'form_id' => '23',
766+
];
767+
$fields = [
768+
'name' =>
769+
[
770+
'id' => 'name',
771+
'type' => 'text',
772+
'title' => 'Name',
773+
'value' => 'John Doe',
774+
'raw_value' => 'John Doe',
775+
'required' => false,
776+
],
777+
'email' =>
778+
[
779+
'id' => 'email',
780+
'type' => 'email',
781+
'title' => 'Email',
782+
'value' => '[email protected]',
783+
'raw_value' => '[email protected]',
784+
'required' => false,
785+
],
786+
'message' =>
787+
[
788+
'id' => 'message',
789+
'type' => 'textarea',
790+
'title' => 'Message',
791+
'value' => 'Some message',
792+
'raw_value' => 'Some message',
793+
'required' => false,
794+
],
688795
'field_014ea7c' =>
689796
[
690797
'id' => 'field_014ea7c',
@@ -695,12 +802,20 @@ public function test_validation_with_failed_captcha(): void {
695802
'required' => false,
696803
],
697804
];
698-
$field = current( $fields );
805+
$field = current( $fields );
806+
$sent_data = [
807+
'name' => 'John Doe',
808+
'email' => '[email protected]',
809+
'message' => 'Some message',
810+
];
699811

700812
$hcaptcha_response = 'some response';
701813
$this->prepare_verify_request( $hcaptcha_response, false );
702814

703815
$record = Mockery::mock( Form_Record::class );
816+
$record->shouldReceive( 'get' )->with( 'form_settings' )->once()->andReturn( $form_settings );
817+
$record->shouldReceive( 'get' )->with( 'sent_data' )->once()->andReturn( $sent_data );
818+
$record->shouldReceive( 'get' )->with( 'fields' )->once()->andReturn( $fields );
704819
$record->shouldReceive( 'get_field' )->with( [ 'type' => 'hcaptcha' ] )->once()->andReturn( $fields );
705820
$record->shouldReceive( 'remove_field' )->never();
706821

@@ -715,7 +830,37 @@ public function test_validation_with_failed_captcha(): void {
715830
* Test validation with empty hCaptcha.
716831
*/
717832
public function test_validation_with_empty_captcha(): void {
718-
$fields = [
833+
$form_settings = [
834+
'form_id' => '23',
835+
];
836+
$fields = [
837+
'name' =>
838+
[
839+
'id' => 'name',
840+
'type' => 'text',
841+
'title' => 'Name',
842+
'value' => 'John Doe',
843+
'raw_value' => 'John Doe',
844+
'required' => false,
845+
],
846+
'email' =>
847+
[
848+
'id' => 'email',
849+
'type' => 'email',
850+
'title' => 'Email',
851+
'value' => '[email protected]',
852+
'raw_value' => '[email protected]',
853+
'required' => false,
854+
],
855+
'message' =>
856+
[
857+
'id' => 'message',
858+
'type' => 'textarea',
859+
'title' => 'Message',
860+
'value' => 'Some message',
861+
'raw_value' => 'Some message',
862+
'required' => false,
863+
],
719864
'field_014ea7c' =>
720865
[
721866
'id' => 'field_014ea7c',
@@ -726,12 +871,20 @@ public function test_validation_with_empty_captcha(): void {
726871
'required' => false,
727872
],
728873
];
729-
$field = current( $fields );
874+
$field = current( $fields );
875+
$sent_data = [
876+
'name' => 'John Doe',
877+
'email' => '[email protected]',
878+
'message' => 'Some message',
879+
];
730880

731881
$hcaptcha_response = 'some response';
732882
$this->prepare_verify_request( $hcaptcha_response, null );
733883

734884
$record = Mockery::mock( Form_Record::class );
885+
$record->shouldReceive( 'get' )->with( 'form_settings' )->once()->andReturn( $form_settings );
886+
$record->shouldReceive( 'get' )->with( 'sent_data' )->once()->andReturn( $sent_data );
887+
$record->shouldReceive( 'get' )->with( 'fields' )->once()->andReturn( $fields );
735888
$record->shouldReceive( 'get_field' )->with( [ 'type' => 'hcaptcha' ] )->once()->andReturn( $fields );
736889
$record->shouldReceive( 'remove_field' )->never();
737890

0 commit comments

Comments
 (0)