Merge pull request #144 from wp-blocks/update-fallback

Update fallback

Author: erikyo

admin/CF7_AntiSpam_Admin_Tools.php

@@ -2,11 +2,6 @@
 
 namespace CF7_AntiSpam\Admin;
 
-use CF7_AntiSpam\Core\CF7_AntiSpam;
-use CF7_AntiSpam\Core\CF7_AntiSpam_Filters;
-use CF7_AntiSpam\Core\CF7_AntiSpam_Flamingo;
-use CF7_AntiSpam\Engine\CF7_AntiSpam_Uninstaller;
-
 /**
  * The plugin admin tools
  *
@@ -23,17 +18,20 @@ class CF7_AntiSpam_Admin_Tools {
 	/**
 	 * It sets a transient with the name of `cf7a_notice` and the value of the notice
 	 *
-	 * @param string  $message The message you want to display.
-	 * @param string  $type error, warning, success, info.
+	 * @param string $message The message you want to display.
+	 * @param string $type error, warning, success, info.
 	 * @param boolean $dismissible when the notice needs the close button.
 	 */
-	public static function cf7a_push_notice( $message = 'generic', $type = 'error', $dismissible = true ) {
+	public static function cf7a_push_notice( string $message = 'generic', string $type = 'error', bool $dismissible = true ) {
 		$class  = "notice notice-$type";
 		$class .= $dismissible ? ' is-dismissible' : '';
 		$notice = sprintf( '<div class="%s"><p>%s</p></div>', esc_attr( $class ), esc_html( $message ) );
 		set_transient( 'cf7a_notice', $notice );
 	}
 
+	/**
+	 * It exports the blacklist
+	 */
 	public static function cf7a_export_blacklist() {
 		global $wpdb;
 		// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
@@ -67,4 +65,38 @@ public function cf7a_handle_actions() {
 			exit();
 		}
 	}
+
+	/**
+	 * It sends an email to the admin
+	 *
+	 * @param string $subject the mail message subject
+	 * @param string $recipient the mail recipient
+	 * @param string $body the mail message content
+	 * @param string $sender the mail message sender
+	 */
+	public function send_email_to_admin( string $subject, string $recipient, string $body, string $sender ) {
+		/**
+		 * Filter cf7-antispam before resend an email who was spammed
+		 *
+		 * @param string $body the mail message content
+		 * @param string $sender the mail message sender
+		 * @param string $subject the mail message subject
+		 * @param string $recipient the mail recipient
+		 *
+		 * @returns string the mail body content
+		 */
+		$body = apply_filters( 'cf7a_before_resend_email', $body, $sender, $subject, $recipient );
+
+		// Set up headers correctly
+		$site_name  = get_bloginfo( 'name' );
+		$from_email = get_option( 'admin_email' );
+
+		$headers  = "From: {$site_name} <{$from_email}>\n";
+		$headers .= "Content-Type: text/html\n";
+		$headers .= "X-WPCF7-Content-Type: text/html\n";
+		$headers .= "Reply-To: {$sender}\n";
+
+		/* send the email */
+		return wp_mail( $recipient, $subject, $body, $headers );
+	}
 }

core/CF7_AntiSpam_Filters.php

@@ -11,6 +11,7 @@
 
 namespace CF7_AntiSpam\Core;
 
+use CF7_AntiSpam\Admin\CF7_AntiSpam_Admin_Tools;
 use Exception;
 use WPCF7_Submission;
 
@@ -248,6 +249,15 @@ public function cf7a_spam_filter( $spam ) {
 		/* Get plugin options */
 		$options = get_option( 'cf7a_options', array() );
 
+		/* Check the period of grace and, if it is expired, reset the error count */
+		if ( isset( $options['last_update_data']['errors'] ) ) {
+			if ( time() - $options['last_update_data']['errors']['timestamp'] > $options['cf7a_period_of_grace'] ) {
+				$options['last_update_data']['errors'] = array();
+			}
+			// then save the updated options to the database
+			update_option( 'cf7a_options', $options );
+		}
+
 		/* Get basic submission details */
 		$mail_tags = $contact_form->scan_form_tags();
 		$email_tag = sanitize_title( cf7a_get_mail_meta( $contact_form->pref( 'flamingo_email' ) ) );
@@ -506,23 +516,75 @@ public function filter_plugin_version( $data ) {
 
 		$cf7a_version = isset( $_POST[ $prefix . 'version' ] ) ? cf7a_decrypt( sanitize_text_field( wp_unslash( $_POST[ $prefix . 'version' ] ) ), $options['cf7a_cipher'] ) : false;
 
+		// CASE A: Version field is completely missing or empty -> SPAM
 		if ( ! $cf7a_version ) {
 			$data['spam_score'] += $score_fingerprinting;
 			$data['reasons']['data_mismatch'] = sprintf( "Version mismatch (empty) != '%s'", CF7ANTISPAM_VERSION );
 			cf7a_log( sprintf( "The 'version' field submitted by %s is empty", $data['remote_ip'] ), 1 );
-		} else if ( $cf7a_version !== CF7ANTISPAM_VERSION ) {
-			// check the last update of the plugin
-			$last_update = $options['last_update'];
-			if ( $last_update < time() - WEEK_IN_SECONDS ) {
-				$data['spam_score'] += $score_fingerprinting;
-				$data['reasons']['data_mismatch'] = "Version mismatch '$cf7a_version' != '" . CF7ANTISPAM_VERSION . "'";
-				cf7a_log( "The 'version' field submitted by {$data['remote_ip']} is empty", 1 );
-			}
-			// Failsafe for cache issues: do not mark as spam, but logic dictates we might unset spam flag
-			// if it was set purely by accident here (though logic above prevents entry).
-			// Original code: $spam = false;
-			// Since we are in a filter, we simply do nothing or reset specific flags if required.
+
+			return $data;
 		}
+
+		// CASE B: Version matches current version -> OK
+		if ( $cf7a_version === CF7ANTISPAM_VERSION ) {
+			return $data;
+		}
+
+		// CASE C: Version Mismatch logic (Cache vs Spam)
+		// Retrieve update data stored during the last plugin update
+		$last_update_data = $options['last_update_data'] ?? null;
+
+		// Check if we have update data and if the submitted version matches the PREVIOUS version
+		$is_old_version_match = ( $last_update_data && isset( $last_update_data['old_version'] ) && $cf7a_version === $last_update_data['old_version'] );
+
+		// Check if the update happened less than a week ago
+		$period_of_grace = apply_filters('cf7a_period_of_grace', WEEK_IN_SECONDS);
+		$is_within_grace_period = ( $last_update_data && isset( $last_update_data['time'] ) && ( time() - $last_update_data['time'] ) < $period_of_grace );
+
+		if ( $is_old_version_match && $is_within_grace_period ) {
+
+			// --- CACHE ISSUE DETECTED (FALLBACK) ---
+			// Do NOT mark as spam. This is likely a cached user.
+
+			cf7a_log( "Cache mismatch detected for IP {$data['remote_ip']}. Submitted: $cf7a_version. Expected: " . CF7ANTISPAM_VERSION, 1 );
+
+			// Record the error
+			if ( ! isset( $options['last_update_data']['errors'] ) ) {
+				$options['last_update_data']['errors'] = array();
+			}
+
+			// Add error details
+			$options['last_update_data']['errors'][] = array(
+				'ip'   => $data['remote_ip'],
+				'time' => time(),
+			);
+
+			$error_count = count( $options['last_update_data']['errors'] );
+
+			// Check trigger for email notification (Exactly on the 5th error)
+			$cf7a_period_of_grace_max_attempts = intval(apply_filters( 'cf7a_period_of_grace_max_attempts', 5));
+			if ( $cf7a_period_of_grace_max_attempts === $error_count || $error_count * 3 === $cf7a_period_of_grace_max_attempts ) {
+				$this->send_cache_warning_email( $options['last_update_data'] );
+				cf7a_log( "Cache warning email sent to admin.", 1 );
+			}
+
+			// SAVE OPTIONS: We must save the error count to the database
+			// Update the local $options variable first so subsequent filters use it if needed (though unlikely)
+			$data['options'] = $options;
+
+			// Persist to DB
+			update_option( 'cf7a_options', $options );
+
+		} else {
+
+			// --- REAL SPAM / INVALID VERSION ---
+			// Either the grace period expired, or the version is completely random
+
+			$data['spam_score'] += $score_fingerprinting;
+			$data['reasons']['data_mismatch'] = "Version mismatch '$cf7a_version' != '" . CF7ANTISPAM_VERSION . "'";
+			cf7a_log( "The 'version' field submitted by {$data['remote_ip']} is mismatching (expired grace period or invalid)", 1 );
+		}
+
 		return $data;
 	}
 
@@ -959,4 +1021,23 @@ public function filter_b8_bayesian( $data ) {
 		}
 		return $data;
 	}
+
+	/**
+	 * Sends an email to the admin, warning them to clear the cache.
+	 * @param array $update_data the array of data to be sent to the admin
+	 * @return void
+	 */
+	private function send_cache_warning_email( $update_data ): void {
+		$tools = new CF7_AntiSpam_Admin_Tools();
+		$recipient = get_option( 'admin_email' );
+		$body = sprintf(
+			"Hello Admin,\n\nWe detected 5 users trying to submit forms with the old version (%s) instead of the new one (%s).\n\nThis usually means your website cache (or CDN) hasn't been cleared after the last update.\n\nPlease purge your site cache immediately to prevent legitimate users from being flagged as spam.\n\nTime of update: %s",
+			$update_data['old_version'],
+			$update_data['new_version'],
+			gmdate( 'Y-m-d H:i:s', $update_data['time'] )
+		);
+		$subject = 'CF7 AntiSpam - Cache Warning Alert';
+
+		$tools->send_email_to_admin( $subject, $recipient, $body, $recipient );
+	}
 }

core/CF7_AntiSpam_Flamingo.php

@@ -2,6 +2,7 @@
 
 namespace CF7_AntiSpam\Core;
 
+use CF7_AntiSpam\Admin\CF7_AntiSpam_Admin_Tools;
 use WP_Query;
 use WPCF7_ContactForm;
 use WPCF7_Submission;
@@ -208,7 +209,7 @@ private static function cf7a_get_mail_field( $flamingo_post, $field ) {
 	 *
 	 * @return array { success: boolean, message: string }
 	 */
-	public function cf7a_resend_mail( $mail_id ) {
+	public function cf7a_resend_mail( int $mail_id ): array {
 		$flamingo_data = new Flamingo_Inbound_Message( $mail_id );
 		$message = self::cf7a_get_mail_field( $flamingo_data, 'message' );
 
@@ -264,29 +265,9 @@ public function cf7a_resend_mail( $mail_id ) {
 			}
 		}
 
-		/**
-		 * Filter cf7-antispam before resend an email who was spammed
-		 *
-		 * @param string $body the mail message content
-		 * @param string $sender the mail message sender
-		 * @param string $subject the mail message subject
-		 * @param string $recipient the mail recipient
-		 *
-		 * @returns string the mail body content
-		 */
-		$body = apply_filters( 'cf7a_before_resend_email', $body, $sender, $subject, $recipient );
-
-		// Set up headers correctly
-		$site_name  = get_bloginfo( 'name' );
-		$from_email = get_option( 'admin_email' );
-
-		$headers  = "From: {$site_name} <{$from_email}>\n";
-		$headers .= "Content-Type: text/html\n";
-		$headers .= "X-WPCF7-Content-Type: text/html\n";
-		$headers .= "Reply-To: {$sender}\n";
-
-		/* send the email */
-		$result = wp_mail( $recipient, $subject, $body, $headers );
+		$tools = new CF7_AntiSpam_Admin_Tools();
+		$result = $tools->send_email_to_admin( $subject, $recipient, $body, $sender );
+
 		if ( $result ) {
 			return array( 'success'=> true, 'message' => __( 'Email sent with success', 'cf7-antispam' ) );
 		}
@@ -295,7 +276,7 @@ public function cf7a_resend_mail( $mail_id ) {
 	}
 
 	/**
-	 * Parse CF7 mail tags in recipient field
+	 * Parse CF7 mail tags in the recipient field
 	 *
 	 * @param string                   $recipient The recipient string that may contain CF7 tags
 	 * @param Flamingo_Inbound_Message $flamingo_data The flamingo message data

engine/CF7_AntiSpam_Activator.php

@@ -212,6 +212,22 @@ public static function install() {
 		}
 	}
 
+	/**
+	 * Store the update data
+	 *
+	 * @param array $options - the options array.
+	 */
+	private static function store_update_data( $options ) {
+		/* update the plugin update time field */
+		$options['last_update_data'] = array(
+			'time' => time(),
+			'old_version' => $options['cf7a_version'] ?? 'unknown',
+			'new_version' => CF7ANTISPAM_VERSION,
+			'errors' => array(),
+		);
+		return $options;
+	}
+
 	/**
 	 *  Create or Update the CF7 Antispam options
 	 *
@@ -235,10 +251,14 @@ public static function update_options( $reset_options = false ) {
 			add_option( 'cf7a_options', $new_options );
 
 		} else {
-
-			/* update the plugin options but add the new options automatically */
+			/* if the plugin is already installed, update the plugin options automatically */
 			if ( isset( $options['cf7a_version'] ) ) {
-				unset( $options['cf7a_version'] );
+
+				/* update the plugin last update time field if the current version is set (so we are updating the plugin and not installing it) */
+				$options = self::store_update_data( $options );
+
+				/* remove the version field */
+				$options['cf7a_version'] = CF7ANTISPAM_VERSION;
 			}
 
 			/* merge previous options with the updated copy keeping the already selected option as default */