class.akismet-admin.php — Akismet Anti-spam: Spam Protection 5.5

akismet / class.akismet-admin.php

akismet Last commit date

_inc 11 months ago views 1 year ago .htaccess 1 year ago LICENSE.txt 10 years ago akismet.php 10 months ago changelog.txt 1 year ago class-akismet-compatible-plugins.php 1 year ago class.akismet-admin.php 10 months ago class.akismet-cli.php 1 year ago class.akismet-rest-api.php 10 months ago class.akismet-widget.php 11 months ago class.akismet.php 10 months ago index.php 1 year ago readme.txt 10 months ago wrapper.php 1 year ago

class.akismet-admin.php

1597 lines

1	<?php
2
3	// We plan to gradually remove all of the disabled lint rules below.
4	// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotValidated
5	// phpcs:disable WordPress.Security.ValidatedSanitizedInput.MissingUnslash
6	// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
7	// phpcs:disable Squiz.PHP.DisallowMultipleAssignments.FoundInControlStructure
8	// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
9
10	class Akismet_Admin {
11
12	const NONCE = 'akismet-update-key';
13
14	const NOTICE_EXISTING_KEY_INVALID = 'existing-key-invalid';
15
16	private static $initiated = false;
17	private static $notices = array();
18	private static $allowed = array(
19	'a' => array(
20	'href' => true,
21	'title' => true,
22	),
23	'b' => array(),
24	'code' => array(),
25	'del' => array(
26	'datetime' => true,
27	),
28	'em' => array(),
29	'i' => array(),
30	'q' => array(
31	'cite' => true,
32	),
33	'strike' => array(),
34	'strong' => array(),
35	);
36
37	/**
38	* List of pages where activation banner should be displayed.
39	*
40	* @var array
41	*/
42	private static $activation_banner_pages = array(
43	'edit-comments.php',
44	'options-discussion.php',
45	'plugins.php',
46	);
47
48	public static function init() {
49	if ( ! self::$initiated ) {
50	self::init_hooks();
51	}
52
53	if ( isset( $_POST['action'] ) && $_POST['action'] == 'enter-key' ) {
54	self::enter_api_key();
55	}
56	}
57
58	public static function init_hooks() {
59	// The standalone stats page was removed in 3.0 for an all-in-one config and stats page.
60	// Redirect any links that might have been bookmarked or in browser history.
61	if ( isset( $_GET['page'] ) && 'akismet-stats-display' == $_GET['page'] ) {
62	wp_safe_redirect( esc_url_raw( self::get_page_url( 'stats' ) ), 301 );
63	die;
64	}
65
66	self::$initiated = true;
67
68	add_action( 'admin_init', array( 'Akismet_Admin', 'admin_init' ) );
69	add_action( 'admin_menu', array( 'Akismet_Admin', 'admin_menu' ), 5 ); // Priority 5, so it's called before Jetpack's admin_menu.
70	add_action( 'admin_notices', array( 'Akismet_Admin', 'display_notice' ) );
71	add_action( 'admin_enqueue_scripts', array( 'Akismet_Admin', 'load_resources' ) );
72	add_action( 'activity_box_end', array( 'Akismet_Admin', 'dashboard_stats' ) );
73	add_action( 'rightnow_end', array( 'Akismet_Admin', 'rightnow_stats' ) );
74	add_action( 'manage_comments_nav', array( 'Akismet_Admin', 'check_for_spam_button' ) );
75	add_action( 'admin_action_akismet_recheck_queue', array( 'Akismet_Admin', 'recheck_queue' ) );
76	add_action( 'wp_ajax_akismet_recheck_queue', array( 'Akismet_Admin', 'recheck_queue' ) );
77	add_action( 'wp_ajax_comment_author_deurl', array( 'Akismet_Admin', 'remove_comment_author_url' ) );
78	add_action( 'wp_ajax_comment_author_reurl', array( 'Akismet_Admin', 'add_comment_author_url' ) );
79	add_action( 'jetpack_auto_activate_akismet', array( 'Akismet_Admin', 'connect_jetpack_user' ) );
80
81	add_filter( 'plugin_action_links', array( 'Akismet_Admin', 'plugin_action_links' ), 10, 2 );
82	add_filter( 'comment_row_actions', array( 'Akismet_Admin', 'comment_row_action' ), 10, 2 );
83
84	add_filter( 'plugin_action_links_' . plugin_basename( plugin_dir_path( __FILE__ ) . 'akismet.php' ), array( 'Akismet_Admin', 'admin_plugin_settings_link' ) );
85
86	add_filter( 'wxr_export_skip_commentmeta', array( 'Akismet_Admin', 'exclude_commentmeta_from_export' ), 10, 3 );
87
88	add_filter( 'all_plugins', array( 'Akismet_Admin', 'modify_plugin_description' ) );
89
90	// priority=1 because we need ours to run before core's comment anonymizer runs, and that's registered at priority=10
91	add_filter( 'wp_privacy_personal_data_erasers', array( 'Akismet_Admin', 'register_personal_data_eraser' ), 1 );
92	}
93
94	public static function admin_init() {
95	if ( get_option( 'Activated_Akismet' ) ) {
96	delete_option( 'Activated_Akismet' );
97	if ( ! headers_sent() ) {
98	$admin_url = self::get_page_url( 'init' );
99	wp_redirect( $admin_url );
100	}
101	}
102
103	add_meta_box( 'akismet-status', __( 'Comment History', 'akismet' ), array( 'Akismet_Admin', 'comment_status_meta_box' ), 'comment', 'normal' );
104
105	if ( function_exists( 'wp_add_privacy_policy_content' ) ) {
106	wp_add_privacy_policy_content(
107	__( 'Akismet', 'akismet' ),
108	__( 'We collect information about visitors who comment on Sites that use our Akismet Anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter\'s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).', 'akismet' )
109	);
110	}
111	}
112
113	public static function admin_menu() {
114	if ( class_exists( 'Jetpack' ) ) {
115	add_action( 'jetpack_admin_menu', array( 'Akismet_Admin', 'load_menu' ) );
116	} else {
117	self::load_menu();
118	}
119	}
120
121	public static function admin_head() {
122	if ( ! current_user_can( 'manage_options' ) ) {
123	return;
124	}
125	}
126
127	public static function admin_plugin_settings_link( $links ) {
128	$settings_link = '<a href="' . esc_url( self::get_page_url() ) . '">' . __( 'Settings', 'akismet' ) . '</a>';
129	array_unshift( $links, $settings_link );
130	return $links;
131	}
132
133	public static function load_menu() {
134	if ( class_exists( 'Jetpack' ) ) {
135	$hook = add_submenu_page( 'jetpack', __( 'Akismet Anti-spam', 'akismet' ), __( 'Akismet Anti-spam', 'akismet' ), 'manage_options', 'akismet-key-config', array( 'Akismet_Admin', 'display_page' ) );
136	} else {
137	$hook = add_options_page( __( 'Akismet Anti-spam', 'akismet' ), __( 'Akismet Anti-spam', 'akismet' ), 'manage_options', 'akismet-key-config', array( 'Akismet_Admin', 'display_page' ) );
138	}
139
140	if ( $hook ) {
141	add_action( "load-$hook", array( 'Akismet_Admin', 'admin_help' ) );
142	}
143	}
144
145	public static function load_resources() {
146	global $hook_suffix;
147
148	if ( in_array(
149	$hook_suffix,
150	apply_filters(
151	'akismet_admin_page_hook_suffixes',
152	array_merge(
153	array(
154	'index.php', // dashboard
155	'comment.php',
156	'post.php',
157	'settings_page_akismet-key-config',
158	'jetpack_page_akismet-key-config',
159	),
160	self::$activation_banner_pages
161	)
162	)
163	) ) {
164	$akismet_css_path = is_rtl() ? '_inc/rtl/akismet-rtl.css' : '_inc/akismet.css';
165	wp_register_style( 'akismet', plugin_dir_url( __FILE__ ) . $akismet_css_path, array(), self::get_asset_file_version( $akismet_css_path ) );
166	wp_enqueue_style( 'akismet' );
167
168	wp_register_style( 'akismet-font-inter', plugin_dir_url( __FILE__ ) . '_inc/fonts/inter.css', array(), self::get_asset_file_version( '_inc/fonts/inter.css' ) );
169	wp_enqueue_style( 'akismet-font-inter' );
170
171	$akismet_admin_css_path = is_rtl() ? '_inc/rtl/akismet-admin-rtl.css' : '_inc/akismet-admin.css';
172	wp_register_style( 'akismet-admin', plugin_dir_url( __FILE__ ) . $akismet_admin_css_path, array(), self::get_asset_file_version( $akismet_admin_css_path ) );
173	wp_enqueue_style( 'akismet-admin' );
174
175	wp_add_inline_style( 'akismet-admin', self::get_inline_css() );
176
177	wp_register_script( 'akismet.js', plugin_dir_url( __FILE__ ) . '_inc/akismet.js', array( 'jquery' ), self::get_asset_file_version( '_inc/akismet.js' ) );
178	wp_enqueue_script( 'akismet.js' );
179
180	wp_register_script( 'akismet-admin.js', plugin_dir_url( __FILE__ ) . '_inc/akismet-admin.js', array(), self::get_asset_file_version( '/_inc/akismet-admin.js' ) );
181	wp_enqueue_script( 'akismet-admin.js' );
182
183	$inline_js = array(
184	'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ),
185	'strings' => array(
186	'Remove this URL' => __( 'Remove this URL', 'akismet' ),
187	'Removing...' => __( 'Removing...', 'akismet' ),
188	'URL removed' => __( 'URL removed', 'akismet' ),
189	'(undo)' => __( '(undo)', 'akismet' ),
190	'Re-adding...' => __( 'Re-adding...', 'akismet' ),
191	),
192	);
193
194	if ( isset( $_GET['akismet_recheck'] ) && wp_verify_nonce( $_GET['akismet_recheck'], 'akismet_recheck' ) ) {
195	$inline_js['start_recheck'] = true;
196	}
197
198	if ( apply_filters( 'akismet_enable_mshots', true ) ) {
199	$inline_js['enable_mshots'] = true;
200	}
201
202	wp_localize_script( 'akismet.js', 'WPAkismet', $inline_js );
203	}
204	}
205
206	/**
207	* Add help to the Akismet page
208	*
209	* @return false if not the Akismet page
210	*/
211	public static function admin_help() {
212	$current_screen = get_current_screen();
213
214	// Screen Content
215	if ( current_user_can( 'manage_options' ) ) {
216	if ( ! Akismet::get_api_key() \|\| ( isset( $_GET['view'] ) && $_GET['view'] == 'start' ) ) {
217	// setup page
218	$current_screen->add_help_tab(
219	array(
220	'id' => 'overview',
221	'title' => __( 'Overview', 'akismet' ),
222	'content' =>
223	'<p><strong>' . esc_html__( 'Akismet Setup', 'akismet' ) . '</strong></p>' .
224	'<p>' . esc_html__( 'Akismet filters out spam, so you can focus on more important things.', 'akismet' ) . '</p>' .
225	'<p>' . esc_html__( 'On this page, you are able to set up the Akismet plugin.', 'akismet' ) . '</p>',
226	)
227	);
228
229	$current_screen->add_help_tab(
230	array(
231	'id' => 'setup-signup',
232	'title' => __( 'New to Akismet', 'akismet' ),
233	'content' =>
234	'<p><strong>' . esc_html__( 'Akismet Setup', 'akismet' ) . '</strong></p>' .
235	'<p>' . esc_html__( 'You need to enter an API key to activate the Akismet service on your site.', 'akismet' ) . '</p>' .
236	/* translators: %s: a link to the signup page with the text 'Akismet.com'. */
237	'<p>' . sprintf( __( 'Sign up for an account on %s to get an API Key.', 'akismet' ), '<a href="https://akismet.com/plugin-signup/" target="_blank">Akismet.com</a>' ) . '</p>',
238	)
239	);
240
241	$current_screen->add_help_tab(
242	array(
243	'id' => 'setup-manual',
244	'title' => __( 'Enter an API Key', 'akismet' ),
245	'content' =>
246	'<p><strong>' . esc_html__( 'Akismet Setup', 'akismet' ) . '</strong></p>' .
247	'<p>' . esc_html__( 'If you already have an API key', 'akismet' ) . '</p>' .
248	'<ol>' .
249	'<li>' . esc_html__( 'Copy and paste the API key into the text field.', 'akismet' ) . '</li>' .
250	'<li>' . esc_html__( 'Click the Use this Key button.', 'akismet' ) . '</li>' .
251	'</ol>',
252	)
253	);
254	} elseif ( isset( $_GET['view'] ) && $_GET['view'] == 'stats' ) {
255	// stats page
256	$current_screen->add_help_tab(
257	array(
258	'id' => 'overview',
259	'title' => __( 'Overview', 'akismet' ),
260	'content' =>
261	'<p><strong>' . esc_html__( 'Akismet Stats', 'akismet' ) . '</strong></p>' .
262	'<p>' . esc_html__( 'Akismet filters out spam, so you can focus on more important things.', 'akismet' ) . '</p>' .
263	'<p>' . esc_html__( 'On this page, you are able to view stats on spam filtered on your site.', 'akismet' ) . '</p>',
264	)
265	);
266	} else {
267	// configuration page
268	$current_screen->add_help_tab(
269	array(
270	'id' => 'overview',
271	'title' => __( 'Overview', 'akismet' ),
272	'content' =>
273	'<p><strong>' . esc_html__( 'Akismet Configuration', 'akismet' ) . '</strong></p>' .
274	'<p>' . esc_html__( 'Akismet filters out spam, so you can focus on more important things.', 'akismet' ) . '</p>' .
275	'<p>' . esc_html__( 'On this page, you are able to update your Akismet settings and view spam stats.', 'akismet' ) . '</p>',
276	)
277	);
278
279	$current_screen->add_help_tab(
280	array(
281	'id' => 'settings',
282	'title' => __( 'Settings', 'akismet' ),
283	'content' =>
284	'<p><strong>' . esc_html__( 'Akismet Configuration', 'akismet' ) . '</strong></p>' .
285	( Akismet::predefined_api_key() ? '' : '<p><strong>' . esc_html__( 'API Key', 'akismet' ) . '</strong> - ' . esc_html__( 'Enter/remove an API key.', 'akismet' ) . '</p>' ) .
286	'<p><strong>' . esc_html__( 'Comments', 'akismet' ) . '</strong> - ' . esc_html__( 'Show the number of approved comments beside each comment author in the comments list page.', 'akismet' ) . '</p>' .
287	'<p><strong>' . esc_html__( 'Strictness', 'akismet' ) . '</strong> - ' . esc_html__( 'Choose to either discard the worst spam automatically or to always put all spam in spam folder.', 'akismet' ) . '</p>',
288	)
289	);
290
291	if ( ! Akismet::predefined_api_key() ) {
292	$current_screen->add_help_tab(
293	array(
294	'id' => 'account',
295	'title' => __( 'Account', 'akismet' ),
296	'content' =>
297	'<p><strong>' . esc_html__( 'Akismet Configuration', 'akismet' ) . '</strong></p>' .
298	'<p><strong>' . esc_html__( 'Subscription Type', 'akismet' ) . '</strong> - ' . esc_html__( 'The Akismet subscription plan', 'akismet' ) . '</p>' .
299	'<p><strong>' . esc_html__( 'Status', 'akismet' ) . '</strong> - ' . esc_html__( 'The subscription status - active, cancelled or suspended', 'akismet' ) . '</p>',
300	)
301	);
302	}
303	}
304	}
305
306	// Help Sidebar
307	$current_screen->set_help_sidebar(
308	'<p><strong>' . esc_html__( 'For more information:', 'akismet' ) . '</strong></p>' .
309	'<p><a href="https://akismet.com/faq/" target="_blank">' . esc_html__( 'Akismet FAQ', 'akismet' ) . '</a></p>' .
310	'<p><a href="https://akismet.com/support/" target="_blank">' . esc_html__( 'Akismet Support', 'akismet' ) . '</a></p>'
311	);
312	}
313
314	public static function enter_api_key() {
315	if ( ! current_user_can( 'manage_options' ) ) {
316	die( __( 'Cheatin’ uh?', 'akismet' ) );
317	}
318
319	if ( ! wp_verify_nonce( $_POST['_wpnonce'], self::NONCE ) ) {
320	return false;
321	}
322
323	foreach ( array( 'akismet_strictness', 'akismet_show_user_comments_approved' ) as $option ) {
324	update_option( $option, isset( $_POST[ $option ] ) && (int) $_POST[ $option ] == 1 ? '1' : '0' );
325	}
326
327	if ( ! empty( $_POST['akismet_comment_form_privacy_notice'] ) ) {
328	self::set_form_privacy_notice_option( $_POST['akismet_comment_form_privacy_notice'] );
329	} else {
330	self::set_form_privacy_notice_option( 'hide' );
331	}
332
333	if ( Akismet::predefined_api_key() ) {
334	return false; // shouldn't have option to save key if already defined
335	}
336
337	$new_key = preg_replace( '/[^a-f0-9]/i', '', $_POST['key'] );
338	$old_key = Akismet::get_api_key();
339
340	if ( empty( $new_key ) ) {
341	if ( ! empty( $old_key ) ) {
342	delete_option( 'wordpress_api_key' );
343	self::$notices[] = 'new-key-empty';
344	}
345	} elseif ( $new_key != $old_key ) {
346	self::save_key( $new_key );
347	}
348
349	return true;
350	}
351
352	public static function save_key( $api_key ) {
353	$key_status = Akismet::verify_key( $api_key );
354
355	if ( $key_status == 'valid' ) {
356	$akismet_user = self::get_akismet_user( $api_key );
357
358	if ( $akismet_user ) {
359	if ( in_array( $akismet_user->status, array( 'active', 'active-dunning', 'no-sub' ) ) ) {
360	update_option( 'wordpress_api_key', $api_key );
361	}
362
363	if ( $akismet_user->status == 'active' ) {
364	self::$notices['status'] = 'new-key-valid';
365	} elseif ( $akismet_user->status == 'notice' ) {
366	self::$notices['status'] = $akismet_user;
367	} else {
368	self::$notices['status'] = $akismet_user->status;
369	}
370	} else {
371	self::$notices['status'] = 'new-key-invalid';
372	}
373	} elseif ( in_array( $key_status, array( 'invalid', 'failed' ) ) ) {
374	self::$notices['status'] = 'new-key-' . $key_status;
375	}
376	}
377
378	public static function dashboard_stats() {
379	if ( did_action( 'rightnow_end' ) ) {
380	return; // We already displayed this info in the "Right Now" section
381	}
382
383	if ( ! $count = get_option( 'akismet_spam_count' ) ) {
384	return;
385	}
386
387	global $submenu;
388
389	echo '<h3>' . esc_html( _x( 'Spam', 'comments', 'akismet' ) ) . '</h3>';
390
391	echo '<p>' . sprintf(
392	/* translators: 1: Akismet website URL, 2: Comments page URL, 3: Number of spam comments. */
393	_n(
394	'<a href="%1$s">Akismet</a> has protected your site from <a href="%2$s">%3$s spam comment</a>.',
395	'<a href="%1$s">Akismet</a> has protected your site from <a href="%2$s">%3$s spam comments</a>.',
396	$count,
397	'akismet'
398	),
399	'https://akismet.com/wordpress/',
400	esc_url( add_query_arg( array( 'page' => 'akismet-admin' ), admin_url( isset( $submenu['edit-comments.php'] ) ? 'edit-comments.php' : 'edit.php' ) ) ),
401	number_format_i18n( $count )
402	) . '</p>';
403	}
404
405	// WP 2.5+
406	public static function rightnow_stats() {
407	if ( $count = get_option( 'akismet_spam_count' ) ) {
408	$intro = sprintf(
409	/* translators: 1: Akismet website URL, 2: Number of spam comments. */
410	_n(
411	'<a href="%1$s">Akismet</a> has protected your site from %2$s spam comment already. ',
412	'<a href="%1$s">Akismet</a> has protected your site from %2$s spam comments already. ',
413	$count,
414	'akismet'
415	),
416	'https://akismet.com/wordpress/',
417	number_format_i18n( $count )
418	);
419	} else {
420	/* translators: %s: Akismet website URL. */
421	$intro = sprintf( __( '<a href="%s">Akismet</a> blocks spam from getting to your blog. ', 'akismet' ), 'https://akismet.com/wordpress/' );
422	}
423
424	$link = add_query_arg( array( 'comment_status' => 'spam' ), admin_url( 'edit-comments.php' ) );
425
426	if ( $queue_count = self::get_spam_count() ) {
427	$queue_text = sprintf(
428	/* translators: 1: Number of comments, 2: Comments page URL. */
429	_n(
430	'There’s <a href="%2$s">%1$s comment</a> in your spam queue right now.',
431	'There are <a href="%2$s">%1$s comments</a> in your spam queue right now.',
432	$queue_count,
433	'akismet'
434	),
435	number_format_i18n( $queue_count ),
436	esc_url( $link )
437	);
438	} else {
439	/* translators: %s: Comments page URL. */
440	$queue_text = sprintf( __( "There’s nothing in your <a href='%s'>spam queue</a> at the moment.", 'akismet' ), esc_url( $link ) );
441	}
442
443	$text = $intro . '<br />' . $queue_text;
444	echo "<p class='akismet-right-now'>$text</p>\n";
445	}
446
447	public static function check_for_spam_button( $comment_status ) {
448	// The "Check for Spam" button should only appear when the page might be showing
449	// a comment with comment_approved=0, which means an un-trashed, un-spammed,
450	// not-yet-moderated comment.
451	if ( 'all' != $comment_status && 'moderated' != $comment_status ) {
452	return;
453	}
454
455	$link = '';
456
457	$comments_count = wp_count_comments();
458
459	echo '</div>';
460	echo '<div class="alignleft actions">';
461
462	$classes = array(
463	'button-secondary',
464	'checkforspam',
465	'button-disabled', // Disable button until the page is loaded
466	);
467
468	if ( $comments_count->moderated > 0 ) {
469	$classes[] = 'enable-on-load';
470
471	if ( ! Akismet::get_api_key() ) {
472	$link = self::get_page_url();
473	$classes[] = 'ajax-disabled';
474	}
475	}
476
477	echo '<a
478	class="' . esc_attr( implode( ' ', $classes ) ) . '"' .
479	( ! empty( $link ) ? ' href="' . esc_url( $link ) . '"' : '' ) .
480	/* translators: The placeholder is for showing how much of the process has completed, as a percent. e.g., "Checking for Spam (40%)" */
481	' data-progress-label="' . esc_attr( __( 'Checking for Spam (%1$s%)', 'akismet' ) ) . '"
482	data-success-url="' . esc_attr(
483	remove_query_arg(
484	array( 'akismet_recheck', 'akismet_recheck_error' ),
485	add_query_arg(
486	array(
487	'akismet_recheck_complete' => 1,
488	'recheck_count' => urlencode( '__recheck_count__' ),
489	'spam_count' => urlencode( '__spam_count__' ),
490	)
491	)
492	)
493	) . '"
494	data-failure-url="' . esc_attr( remove_query_arg( array( 'akismet_recheck', 'akismet_recheck_complete' ), add_query_arg( array( 'akismet_recheck_error' => 1 ) ) ) ) . '"
495	data-pending-comment-count="' . esc_attr( $comments_count->moderated ) . '"
496	data-nonce="' . esc_attr( wp_create_nonce( 'akismet_check_for_spam' ) ) . '"
497	' . ( ! in_array( 'ajax-disabled', $classes ) ? 'onclick="return false;"' : '' ) . '
498	>' . esc_html__( 'Check for Spam', 'akismet' ) . '</a>';
499	echo '<span class="checkforspam-spinner"></span>';
500	}
501
502	public static function recheck_queue() {
503	global $wpdb;
504
505	Akismet::fix_scheduled_recheck();
506
507	if ( ! ( isset( $_GET['recheckqueue'] ) \|\| ( isset( $_REQUEST['action'] ) && 'akismet_recheck_queue' == $_REQUEST['action'] ) ) ) {
508	return;
509	}
510
511	if ( ! wp_verify_nonce( $_POST['nonce'], 'akismet_check_for_spam' ) ) {
512	wp_send_json(
513	array(
514	'error' => __( 'You don’t have permission to do that.', 'akismet' ),
515	)
516	);
517	return;
518	}
519
520	$result_counts = self::recheck_queue_portion( empty( $_POST['offset'] ) ? 0 : $_POST['offset'], empty( $_POST['limit'] ) ? 100 : $_POST['limit'] );
521
522	if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
523	wp_send_json(
524	array(
525	'counts' => $result_counts,
526	)
527	);
528	} else {
529	$redirect_to = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : admin_url( 'edit-comments.php' );
530	wp_safe_redirect( $redirect_to );
531	exit;
532	}
533	}
534
535	public static function recheck_queue_portion( $start = 0, $limit = 100 ) {
536	global $wpdb;
537
538	$paginate = '';
539
540	if ( $limit <= 0 ) {
541	$limit = 100;
542	}
543
544	if ( $start < 0 ) {
545	$start = 0;
546	}
547
548	$moderation = $wpdb->get_col( $wpdb->prepare( "SELECT * FROM {$wpdb->comments} WHERE comment_approved = '0' LIMIT %d OFFSET %d", $limit, $start ) );
549
550	$result_counts = array(
551	'processed' => is_countable( $moderation ) ? count( $moderation ) : 0,
552	'spam' => 0,
553	'ham' => 0,
554	'error' => 0,
555	);
556
557	foreach ( $moderation as $comment_id ) {
558	$api_response = Akismet::recheck_comment( $comment_id, 'recheck_queue' );
559
560	if ( 'true' === $api_response ) {
561	++$result_counts['spam'];
562	} elseif ( 'false' === $api_response ) {
563	++$result_counts['ham'];
564	} else {
565	++$result_counts['error'];
566	}
567	}
568
569	return $result_counts;
570	}
571
572	// Adds an 'x' link next to author URLs, clicking will remove the author URL and show an undo link
573	public static function remove_comment_author_url() {
574	if ( ! empty( $_POST['id'] ) && check_admin_referer( 'comment_author_url_nonce' ) ) {
575	$comment_id = intval( $_POST['id'] );
576	$comment = get_comment( $comment_id, ARRAY_A );
577	if ( $comment && current_user_can( 'edit_comment', $comment['comment_ID'] ) ) {
578	$comment['comment_author_url'] = '';
579	do_action( 'comment_remove_author_url' );
580	print( wp_update_comment( $comment ) );
581	die();
582	}
583	}
584	}
585
586	public static function add_comment_author_url() {
587	if ( ! empty( $_POST['id'] ) && ! empty( $_POST['url'] ) && check_admin_referer( 'comment_author_url_nonce' ) ) {
588	$comment_id = intval( $_POST['id'] );
589	$comment = get_comment( $comment_id, ARRAY_A );
590	if ( $comment && current_user_can( 'edit_comment', $comment['comment_ID'] ) ) {
591	$comment['comment_author_url'] = esc_url( $_POST['url'] );
592	do_action( 'comment_add_author_url' );
593	print( wp_update_comment( $comment ) );
594	die();
595	}
596	}
597	}
598
599	public static function comment_row_action( $a, $comment ) {
600	$akismet_result = get_comment_meta( $comment->comment_ID, 'akismet_result', true );
601	if ( ! $akismet_result && get_comment_meta( $comment->comment_ID, 'akismet_skipped', true ) ) {
602	$akismet_result = 'skipped'; // Akismet chose to skip the comment-check request.
603	}
604
605	$akismet_error = get_comment_meta( $comment->comment_ID, 'akismet_error', true );
606	$user_result = get_comment_meta( $comment->comment_ID, 'akismet_user_result', true );
607	$comment_status = wp_get_comment_status( $comment->comment_ID );
608	$desc = null;
609	if ( $akismet_error ) {
610	$desc = __( 'Awaiting spam check', 'akismet' );
611	} elseif ( ! $user_result \|\| $user_result == $akismet_result ) {
612	// Show the original Akismet result if the user hasn't overridden it, or if their decision was the same
613	if ( $akismet_result == 'true' && $comment_status != 'spam' && $comment_status != 'trash' ) {
614	$desc = __( 'Flagged as spam by Akismet', 'akismet' );
615	} elseif ( $akismet_result == 'false' && $comment_status == 'spam' ) {
616	$desc = __( 'Cleared by Akismet', 'akismet' );
617	}
618	} else {
619	$who = get_comment_meta( $comment->comment_ID, 'akismet_user', true );
620	if ( $user_result == 'true' ) {
621	/* translators: %s: Username. */
622	$desc = sprintf( __( 'Flagged as spam by %s', 'akismet' ), $who );
623	} else {
624	/* translators: %s: Username. */
625	$desc = sprintf( __( 'Un-spammed by %s', 'akismet' ), $who );
626	}
627	}
628
629	// add a History item to the hover links, just after Edit
630	if ( $akismet_result && is_array( $a ) ) {
631	$b = array();
632	foreach ( $a as $k => $item ) {
633	$b[ $k ] = $item;
634	if (
635	$k == 'edit'
636	\|\| $k == 'unspam'
637	) {
638	$b['history'] = '<a href="comment.php?action=editcomment&c=' . $comment->comment_ID . '#akismet-status" title="' . esc_attr__( 'View comment history', 'akismet' ) . '"> ' . esc_html__( 'History', 'akismet' ) . '</a>';
639	}
640	}
641
642	$a = $b;
643	}
644
645	if ( $desc ) {
646	echo '<span class="akismet-status" commentid="' . $comment->comment_ID . '"><a href="comment.php?action=editcomment&c=' . $comment->comment_ID . '#akismet-status" title="' . esc_attr__( 'View comment history', 'akismet' ) . '">' . esc_html( $desc ) . '</a></span>';
647	}
648
649	$show_user_comments_option = get_option( 'akismet_show_user_comments_approved' );
650
651	if ( $show_user_comments_option === false ) {
652	// Default to active if the user hasn't made a decision.
653	$show_user_comments_option = '1';
654	}
655
656	$show_user_comments = apply_filters( 'akismet_show_user_comments_approved', $show_user_comments_option );
657	$show_user_comments = $show_user_comments === 'false' ? false : $show_user_comments; // option used to be saved as 'false' / 'true'
658
659	if ( $show_user_comments ) {
660	$comment_count = Akismet::get_user_comments_approved( $comment->user_id, $comment->comment_author_email, $comment->comment_author, $comment->comment_author_url );
661	$comment_count = intval( $comment_count );
662	echo '<span class="akismet-user-comment-count" commentid="' . $comment->comment_ID . '" style="display:none;"><br><span class="akismet-user-comment-counts">';
663	/* translators: %s: Number of comments. */
664	echo sprintf( esc_html( _n( '%s approved', '%s approved', $comment_count, 'akismet' ) ), number_format_i18n( $comment_count ) ) . '</span></span>';
665	}
666
667	return $a;
668	}
669
670	public static function comment_status_meta_box( $comment ) {
671	$history = Akismet::get_comment_history( $comment->comment_ID );
672
673	if ( $history ) {
674	foreach ( $history as $row ) {
675	$message = '';
676
677	if ( ! empty( $row['message'] ) ) {
678	// Old versions of Akismet stored the message as a literal string in the commentmeta.
679	// New versions don't do that for two reasons:
680	// 1) Save space.
681	// 2) The message can be translated into the current language of the blog, not stuck
682	// in the language of the blog when the comment was made.
683	$message = esc_html( $row['message'] );
684	} elseif ( ! empty( $row['event'] ) ) {
685	// If possible, use a current translation.
686	switch ( $row['event'] ) {
687	case 'recheck-spam':
688	$message = esc_html( __( 'Akismet re-checked and caught this comment as spam.', 'akismet' ) );
689	break;
690	case 'check-spam':
691	$message = esc_html( __( 'Akismet caught this comment as spam.', 'akismet' ) );
692	break;
693	case 'recheck-ham':
694	$message = esc_html( __( 'Akismet re-checked and cleared this comment.', 'akismet' ) );
695	break;
696	case 'check-ham':
697	$message = esc_html( __( 'Akismet cleared this comment.', 'akismet' ) );
698	break;
699	case 'check-ham-pending':
700	$message = esc_html( __( 'Akismet provisionally cleared this comment.', 'akismet' ) );
701	break;
702	case 'wp-blacklisted':
703	case 'wp-disallowed':
704	$message = sprintf(
705	/* translators: The placeholder is a WordPress PHP function name. */
706	esc_html( __( 'Comment was caught by %s.', 'akismet' ) ),
707	function_exists( 'wp_check_comment_disallowed_list' ) ? '<code>wp_check_comment_disallowed_list</code>' : '<code>wp_blacklist_check</code>'
708	);
709	break;
710	case 'report-spam':
711	if ( isset( $row['user'] ) ) {
712	/* translators: The placeholder is a username. */
713	$message = esc_html( sprintf( __( '%s reported this comment as spam.', 'akismet' ), $row['user'] ) );
714	} elseif ( ! $message ) {
715	$message = esc_html( __( 'This comment was reported as spam.', 'akismet' ) );
716	}
717	break;
718	case 'report-ham':
719	if ( isset( $row['user'] ) ) {
720	/* translators: The placeholder is a username. */
721	$message = esc_html( sprintf( __( '%s reported this comment as not spam.', 'akismet' ), $row['user'] ) );
722	} elseif ( ! $message ) {
723	$message = esc_html( __( 'This comment was reported as not spam.', 'akismet' ) );
724	}
725	break;
726	case 'cron-retry-spam':
727	$message = esc_html( __( 'Akismet caught this comment as spam during an automatic retry.', 'akismet' ) );
728	break;
729	case 'cron-retry-ham':
730	$message = esc_html( __( 'Akismet cleared this comment during an automatic retry.', 'akismet' ) );
731	break;
732	case 'check-error':
733	if ( isset( $row['meta'], $row['meta']['response'] ) ) {
734	/* translators: The placeholder is an error response returned by the API server. */
735	$message = sprintf( esc_html( __( 'Akismet was unable to check this comment (response: %s) but will automatically retry later.', 'akismet' ) ), '<code>' . esc_html( $row['meta']['response'] ) . '</code>' );
736	} else {
737	$message = esc_html( __( 'Akismet was unable to check this comment but will automatically retry later.', 'akismet' ) );
738	}
739	break;
740	case 'recheck-error':
741	if ( isset( $row['meta'], $row['meta']['response'] ) ) {
742	/* translators: The placeholder is an error response returned by the API server. */
743	$message = sprintf( esc_html( __( 'Akismet was unable to recheck this comment (response: %s).', 'akismet' ) ), '<code>' . esc_html( $row['meta']['response'] ) . '</code>' );
744	} else {
745	$message = esc_html( __( 'Akismet was unable to recheck this comment.', 'akismet' ) );
746	}
747	break;
748	case 'webhook-spam':
749	$message = esc_html( __( 'Akismet caught this comment as spam and updated its status via webhook.', 'akismet' ) );
750	break;
751	case 'webhook-ham':
752	$message = esc_html( __( 'Akismet cleared this comment and updated its status via webhook.', 'akismet' ) );
753	break;
754	case 'webhook-spam-noaction':
755	$message = esc_html( __( 'Akismet determined this comment was spam during a recheck. It did not update the comment status because it had already been modified by another user or plugin.', 'akismet' ) );
756	break;
757	case 'webhook-ham-noaction':
758	$message = esc_html( __( 'Akismet cleared this comment during a recheck. It did not update the comment status because it had already been modified by another user or plugin.', 'akismet' ) );
759	break;
760	case 'akismet-skipped':
761	$message = esc_html( __( 'This comment was not sent to Akismet when it was submitted because it was caught by something else.', 'akismet' ) );
762	break;
763	case 'akismet-skipped-disallowed':
764	$message = esc_html( __( 'This comment was not sent to Akismet when it was submitted because it was caught by the comment disallowed list.', 'akismet' ) );
765	break;
766	default:
767	if ( preg_match( '/^status-changed/', $row['event'] ) ) {
768	// Half of these used to be saved without the dash after 'status-changed'.
769	// See https://plugins.trac.wordpress.org/changeset/1150658/akismet/trunk
770	$new_status = preg_replace( '/^status-changed-?/', '', $row['event'] );
771	/* translators: The placeholder is a short string (like 'spam' or 'approved') denoting the new comment status. */
772	$message = sprintf( esc_html( __( 'Comment status was changed to %s', 'akismet' ) ), '<code>' . esc_html( $new_status ) . '</code>' );
773	} elseif ( preg_match( '/^status-/', $row['event'] ) ) {
774	$new_status = preg_replace( '/^status-/', '', $row['event'] );
775
776	if ( isset( $row['user'] ) ) {
777	/* translators: %1$s is a username; %2$s is a short string (like 'spam' or 'approved') denoting the new comment status. */
778	$message = sprintf( esc_html( __( '%1$s changed the comment status to %2$s.', 'akismet' ) ), $row['user'], '<code>' . esc_html( $new_status ) . '</code>' );
779	}
780	}
781	break;
782	}
783	}
784
785	if ( ! empty( $message ) ) {
786	echo '<p>';
787
788	if ( isset( $row['time'] ) ) {
789	$time = gmdate( 'D d M Y @ h:i:s a', (int) $row['time'] ) . ' GMT';
790
791	/* translators: The placeholder is an amount of time, like "7 seconds" or "3 days" returned by the function human_time_diff(). */
792	$time_html = '<span style="color: #999;" alt="' . esc_attr( $time ) . '" title="' . esc_attr( $time ) . '">' . sprintf( esc_html__( '%s ago', 'akismet' ), human_time_diff( $row['time'] ) ) . '</span>';
793
794	printf(
795	/* translators: %1$s is a human-readable time difference, like "3 hours ago", and %2$s is an already-translated phrase describing how a comment's status changed, like "This comment was reported as spam." */
796	esc_html( __( '%1$s - %2$s', 'akismet' ) ),
797	// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
798	$time_html,
799	// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
800	$message
801	); // esc_html() is done above so that we can use HTML in $message.
802	} else {
803	// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
804	echo $message; // esc_html() is done above so that we can use HTML in $message.
805	}
806
807	echo '</p>';
808	}
809	}
810	} else {
811	echo '<p>';
812	echo esc_html( __( 'No comment history.', 'akismet' ) );
813	echo '</p>';
814	}
815	}
816
817	public static function plugin_action_links( $links, $file ) {
818	if ( $file == plugin_basename( plugin_dir_url( __FILE__ ) . '/akismet.php' ) ) {
819	$links[] = '<a href="' . esc_url( self::get_page_url() ) . '">' . esc_html__( 'Settings', 'akismet' ) . '</a>';
820	}
821
822	return $links;
823	}
824
825	// Total spam in queue
826	// get_option( 'akismet_spam_count' ) is the total caught ever
827	public static function get_spam_count( $type = false ) {
828	global $wpdb;
829
830	if ( ! $type ) { // total
831	$count = wp_cache_get( 'akismet_spam_count', 'widget' );
832	if ( false === $count ) {
833	$count = wp_count_comments();
834	$count = $count->spam;
835	wp_cache_set( 'akismet_spam_count', $count, 'widget', 3600 );
836	}
837	return $count;
838	} elseif ( 'comments' == $type \|\| 'comment' == $type ) { // comments
839	$type = '';
840	}
841
842	return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM {$wpdb->comments} WHERE comment_approved = 'spam' AND comment_type = %s", $type ) );
843	}
844
845	// Check connectivity between the WordPress blog and Akismet's servers.
846	// Returns an associative array of server IP addresses, where the key is the IP address, and value is true (available) or false (unable to connect).
847	public static function check_server_ip_connectivity() {
848
849	$servers = $ips = array();
850
851	// Some web hosts may disable this function
852	if ( function_exists( 'gethostbynamel' ) ) {
853
854	$ips = gethostbynamel( 'rest.akismet.com' );
855	if ( $ips && is_array( $ips ) && count( $ips ) ) {
856	$api_key = Akismet::get_api_key();
857
858	foreach ( $ips as $ip ) {
859	$response = Akismet::verify_key( $api_key, $ip );
860	// even if the key is invalid, at least we know we have connectivity
861	if ( $response == 'valid' \|\| $response == 'invalid' ) {
862	$servers[ $ip ] = 'connected';
863	} else {
864	$servers[ $ip ] = $response ? $response : 'unable to connect';
865	}
866	}
867	}
868	}
869
870	return $servers;
871	}
872
873	// Simpler connectivity check
874	public static function check_server_connectivity( $cache_timeout = 86400 ) {
875
876	$debug = array();
877	$debug['PHP_VERSION'] = PHP_VERSION;
878	$debug['WORDPRESS_VERSION'] = $GLOBALS['wp_version'];
879	$debug['AKISMET_VERSION'] = AKISMET_VERSION;
880	$debug['AKISMET__PLUGIN_DIR'] = AKISMET__PLUGIN_DIR;
881	$debug['SITE_URL'] = site_url();
882	$debug['HOME_URL'] = home_url();
883
884	$servers = get_option( 'akismet_available_servers' );
885	if ( ( time() - get_option( 'akismet_connectivity_time' ) < $cache_timeout ) && $servers !== false ) {
886	$servers = self::check_server_ip_connectivity();
887	update_option( 'akismet_available_servers', $servers );
888	update_option( 'akismet_connectivity_time', time() );
889	}
890
891	if ( wp_http_supports( array( 'ssl' ) ) ) {
892	$response = wp_remote_get( 'https://rest.akismet.com/1.1/test' );
893	} else {
894	$response = wp_remote_get( 'http://rest.akismet.com/1.1/test' );
895	}
896
897	$debug['gethostbynamel'] = function_exists( 'gethostbynamel' ) ? 'exists' : 'not here';
898	$debug['Servers'] = $servers;
899	$debug['Test Connection'] = $response;
900
901	Akismet::log( $debug );
902
903	if ( $response && 'connected' == wp_remote_retrieve_body( $response ) ) {
904	return true;
905	}
906
907	return false;
908	}
909
910	// Check the server connectivity and store the available servers in an option.
911	public static function get_server_connectivity( $cache_timeout = 86400 ) {
912	return self::check_server_connectivity( $cache_timeout );
913	}
914
915	/**
916	* Find out whether any comments in the Pending queue have not yet been checked by Akismet.
917	*
918	* @return bool
919	*/
920	public static function are_any_comments_waiting_to_be_checked() {
921	return ! ! get_comments(
922	array(
923	// Exclude comments that are not pending. This would happen if someone manually approved or spammed a comment
924	// that was waiting to be checked. The akismet_error meta entry will eventually be removed by the cron recheck job.
925	'status' => 'hold',
926
927	// This is the commentmeta that is saved when a comment couldn't be checked.
928	'meta_key' => 'akismet_error',
929
930	// We only need to know whether at least one comment is waiting for a check.
931	'number' => 1,
932	)
933	);
934	}
935
936	public static function get_page_url( $page = 'config' ) {
937
938	$args = array( 'page' => 'akismet-key-config' );
939
940	if ( $page == 'stats' ) {
941	$args = array(
942	'page' => 'akismet-key-config',
943	'view' => 'stats',
944	);
945	} elseif ( $page == 'delete_key' ) {
946	$args = array(
947	'page' => 'akismet-key-config',
948	'view' => 'start',
949	'action' => 'delete-key',
950	'_wpnonce' => wp_create_nonce( self::NONCE ),
951	);
952	} elseif ( $page === 'init' ) {
953	$args = array(
954	'page' => 'akismet-key-config',
955	'view' => 'start',
956	);
957	}
958
959	return add_query_arg( $args, menu_page_url( 'akismet-key-config', false ) );
960	}
961
962	public static function get_akismet_user( $api_key ) {
963	$akismet_user = false;
964
965	$request_args = array(
966	'key' => $api_key,
967	'blog' => get_option( 'home' ),
968	);
969
970	$request_args = apply_filters( 'akismet_request_args', $request_args, 'get-subscription' );
971
972	$subscription_verification = Akismet::http_post( Akismet::build_query( $request_args ), 'get-subscription' );
973
974	if ( ! empty( $subscription_verification[1] ) ) {
975	if ( 'invalid' !== $subscription_verification[1] ) {
976	$akismet_user = json_decode( $subscription_verification[1] );
977	}
978	}
979
980	return $akismet_user;
981	}
982
983	public static function get_stats( $api_key ) {
984	$stat_totals = array();
985
986	foreach ( array( '6-months', 'all' ) as $interval ) {
987	$request_args = array(
988	'blog' => get_option( 'home' ),
989	'key' => $api_key,
990	'from' => $interval,
991	);
992
993	$request_args = apply_filters( 'akismet_request_args', $request_args, 'get-stats' );
994
995	$response = Akismet::http_post( Akismet::build_query( $request_args ), 'get-stats' );
996
997	if ( ! empty( $response[1] ) ) {
998	$data = json_decode( $response[1] );
999	/*
1000	* The json decoded response should be an object. If it's not an object, something's wrong, and the data
1001	* shouldn't be added to the stats_totals array.
1002	*/
1003	if ( is_object( $data ) ) {
1004	$stat_totals[ $interval ] = $data;
1005	}
1006	}
1007	}
1008
1009	return $stat_totals;
1010	}
1011
1012	public static function verify_wpcom_key( $api_key, $user_id, $extra = array() ) {
1013	$request_args = array_merge(
1014	array(
1015	'user_id' => $user_id,
1016	'api_key' => $api_key,
1017	'get_account_type' => 'true',
1018	),
1019	$extra
1020	);
1021
1022	$request_args = apply_filters( 'akismet_request_args', $request_args, 'verify-wpcom-key' );
1023
1024	$akismet_account = Akismet::http_post( Akismet::build_query( $request_args ), 'verify-wpcom-key' );
1025
1026	if ( ! empty( $akismet_account[1] ) ) {
1027	$akismet_account = json_decode( $akismet_account[1] );
1028	}
1029
1030	Akismet::log( compact( 'akismet_account' ) );
1031
1032	return $akismet_account;
1033	}
1034
1035	public static function connect_jetpack_user() {
1036
1037	if ( $jetpack_user = self::get_jetpack_user() ) {
1038	if ( isset( $jetpack_user['user_id'] ) && isset( $jetpack_user['api_key'] ) ) {
1039	$akismet_user = self::verify_wpcom_key( $jetpack_user['api_key'], $jetpack_user['user_id'], array( 'action' => 'connect_jetpack_user' ) );
1040
1041	if ( is_object( $akismet_user ) ) {
1042	self::save_key( $akismet_user->api_key );
1043	return in_array( $akismet_user->status, array( 'active', 'active-dunning', 'no-sub' ) );
1044	}
1045	}
1046	}
1047
1048	return false;
1049	}
1050
1051	public static function display_alert() {
1052	Akismet::view(
1053	'notice',
1054	array(
1055	'type' => 'alert',
1056	'code' => (int) get_option( 'akismet_alert_code' ),
1057	'msg' => get_option( 'akismet_alert_msg' ),
1058	)
1059	);
1060	}
1061
1062	public static function get_usage_limit_alert_data() {
1063	return array(
1064	'type' => 'usage-limit',
1065	'code' => (int) get_option( 'akismet_alert_code' ),
1066	'msg' => get_option( 'akismet_alert_msg' ),
1067	'api_calls' => get_option( 'akismet_alert_api_calls' ),
1068	'usage_limit' => get_option( 'akismet_alert_usage_limit' ),
1069	'upgrade_plan' => get_option( 'akismet_alert_upgrade_plan' ),
1070	'upgrade_url' => get_option( 'akismet_alert_upgrade_url' ),
1071	'upgrade_type' => get_option( 'akismet_alert_upgrade_type' ),
1072	'upgrade_via_support' => get_option( 'akismet_alert_upgrade_via_support' ) === 'true',
1073	);
1074	}
1075
1076	public static function display_usage_limit_alert() {
1077	Akismet::view( 'notice', self::get_usage_limit_alert_data() );
1078	}
1079
1080	public static function display_spam_check_warning() {
1081	Akismet::fix_scheduled_recheck();
1082
1083	if ( wp_next_scheduled( 'akismet_schedule_cron_recheck' ) > time() && self::are_any_comments_waiting_to_be_checked() ) {
1084	/*
1085	* The 'akismet_display_cron_disabled_notice' filter can be used to control whether the WP-Cron disabled notice is displayed.
1086	*/
1087	if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON && apply_filters( 'akismet_display_cron_disabled_notice', true ) ) {
1088	Akismet::view( 'notice', array( 'type' => 'spam-check-cron-disabled' ) );
1089	} else {
1090	/* translators: The Akismet configuration page URL. */
1091	$link_text = apply_filters( 'akismet_spam_check_warning_link_text', sprintf( __( 'Please check your <a href="%s">Akismet configuration</a> and contact your web host if problems persist.', 'akismet' ), esc_url( self::get_page_url() ) ) );
1092	Akismet::view(
1093	'notice',
1094	array(
1095	'type' => 'spam-check',
1096	'link_text' => $link_text,
1097	)
1098	);
1099	}
1100	}
1101	}
1102
1103	public static function display_api_key_warning() {
1104	Akismet::view( 'notice', array( 'type' => 'plugin' ) );
1105	}
1106
1107	public static function display_page() {
1108	if ( ! Akismet::get_api_key() \|\| ( isset( $_GET['view'] ) && $_GET['view'] == 'start' ) ) {
1109	self::display_start_page();
1110	} elseif ( isset( $_GET['view'] ) && $_GET['view'] == 'stats' ) {
1111	self::display_stats_page();
1112	} else {
1113	self::display_configuration_page();
1114	}
1115	}
1116
1117	public static function display_start_page() {
1118	if ( isset( $_GET['action'] ) ) {
1119	if ( $_GET['action'] == 'delete-key' ) {
1120	if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], self::NONCE ) ) {
1121	delete_option( 'wordpress_api_key' );
1122	}
1123	}
1124	}
1125
1126	$api_key = Akismet::get_api_key();
1127	$existing_key_is_valid = ! (
1128	self::get_notice_by_key( 'status' ) === self::NOTICE_EXISTING_KEY_INVALID
1129	);
1130
1131	if ( $api_key && $existing_key_is_valid ) {
1132	self::display_configuration_page();
1133	return;
1134	}
1135
1136	// the user can choose to auto connect their API key by clicking a button on the akismet done page
1137	// if jetpack, get verified api key by using connected wpcom user id
1138	// if no jetpack, get verified api key by using an akismet token
1139
1140	$akismet_user = false;
1141
1142	if ( isset( $_GET['token'] ) && preg_match( '/^(\d+)-[0-9a-f]{20}$/', $_GET['token'] ) ) {
1143	$akismet_user = self::verify_wpcom_key( '', '', array( 'token' => $_GET['token'] ) );
1144	}
1145
1146	if ( false === $akismet_user ) {
1147	$jetpack_user = self::get_jetpack_user();
1148
1149	if ( is_array( $jetpack_user ) ) {
1150	$akismet_user = self::verify_wpcom_key( $jetpack_user['api_key'], $jetpack_user['user_id'] );
1151	}
1152	}
1153
1154	if ( isset( $_GET['action'] ) ) {
1155	if ( $_GET['action'] == 'save-key' ) {
1156	if ( is_object( $akismet_user ) ) {
1157	self::save_key( $akismet_user->api_key );
1158	self::display_configuration_page();
1159	return;
1160	}
1161	}
1162	}
1163
1164	Akismet::view( 'start', compact( 'akismet_user' ) );
1165
1166	/*
1167	// To see all variants when testing.
1168	$akismet_user->status = 'no-sub';
1169	Akismet::view( 'start', compact( 'akismet_user' ) );
1170	$akismet_user->status = 'cancelled';
1171	Akismet::view( 'start', compact( 'akismet_user' ) );
1172	$akismet_user->status = 'suspended';
1173	Akismet::view( 'start', compact( 'akismet_user' ) );
1174	$akismet_user->status = 'other';
1175	Akismet::view( 'start', compact( 'akismet_user' ) );
1176	$akismet_user = false;
1177	*/
1178	}
1179
1180	public static function display_stats_page() {
1181	Akismet::view( 'stats' );
1182	}
1183
1184	public static function display_configuration_page() {
1185	$api_key = Akismet::get_api_key();
1186	$akismet_user = self::get_akismet_user( $api_key );
1187
1188	if ( ! $akismet_user ) {
1189	// This could happen if the user's key became invalid after it was previously valid and successfully set up.
1190	self::$notices['status'] = self::NOTICE_EXISTING_KEY_INVALID;
1191	self::display_start_page();
1192	return;
1193	}
1194
1195	$stat_totals = self::get_stats( $api_key );
1196
1197	// If unset, create the new strictness option using the old discard option to determine its default.
1198	// If the old option wasn't set, default to discarding the blatant spam.
1199	if ( get_option( 'akismet_strictness' ) === false ) {
1200	add_option( 'akismet_strictness', ( get_option( 'akismet_discard_month' ) === 'false' ? '0' : '1' ) );
1201	}
1202
1203	// Sync the local "Total spam blocked" count with the authoritative count from the server.
1204	if ( isset( $stat_totals['all'], $stat_totals['all']->spam ) ) {
1205	update_option( 'akismet_spam_count', $stat_totals['all']->spam );
1206	}
1207
1208	$notices = array();
1209
1210	if ( empty( self::$notices ) ) {
1211	if ( ! empty( $stat_totals['all'] ) && isset( $stat_totals['all']->time_saved ) && $akismet_user->status == 'active' && $akismet_user->account_type == 'free-api-key' ) {
1212
1213	$time_saved = false;
1214
1215	if ( $stat_totals['all']->time_saved > 1800 ) {
1216	$total_in_minutes = round( $stat_totals['all']->time_saved / 60 );
1217	$total_in_hours = round( $total_in_minutes / 60 );
1218	$total_in_days = round( $total_in_hours / 8 );
1219	$cleaning_up = __( 'Cleaning up spam takes time.', 'akismet' );
1220
1221	if ( $total_in_days > 1 ) {
1222	/* translators: %s: Number of days. */
1223	$time_saved = $cleaning_up . ' ' . sprintf( _n( 'Akismet has saved you %s day!', 'Akismet has saved you %s days!', $total_in_days, 'akismet' ), number_format_i18n( $total_in_days ) );
1224	} elseif ( $total_in_hours > 1 ) {
1225	/* translators: %s: Number of hours. */
1226	$time_saved = $cleaning_up . ' ' . sprintf( _n( 'Akismet has saved you %d hour!', 'Akismet has saved you %d hours!', $total_in_hours, 'akismet' ), $total_in_hours );
1227	} elseif ( $total_in_minutes >= 30 ) {
1228	/* translators: %s: Number of minutes. */
1229	$time_saved = $cleaning_up . ' ' . sprintf( _n( 'Akismet has saved you %d minute!', 'Akismet has saved you %d minutes!', $total_in_minutes, 'akismet' ), $total_in_minutes );
1230	}
1231	}
1232
1233	$notices[] = array(
1234	'type' => 'active-notice',
1235	'time_saved' => $time_saved,
1236	);
1237	}
1238	}
1239
1240	if ( ! Akismet::predefined_api_key() && ! isset( self::$notices['status'] ) && in_array( $akismet_user->status, array( 'cancelled', 'suspended', 'missing', 'no-sub' ) ) ) {
1241	$notices[] = array( 'type' => $akismet_user->status );
1242	}
1243
1244	$alert_code = get_option( 'akismet_alert_code' );
1245	if ( isset( Akismet::$limit_notices[ $alert_code ] ) ) {
1246	$notices[] = self::get_usage_limit_alert_data();
1247	} elseif ( $alert_code > 0 ) {
1248	$notices[] = array(
1249	'type' => 'alert',
1250	'code' => (int) get_option( 'akismet_alert_code' ),
1251	'msg' => get_option( 'akismet_alert_msg' ),
1252	);
1253	}
1254
1255	/*
1256	* To see all variants when testing.
1257	*
1258	* You may also want to comment out the akismet_view_arguments filter in Akismet::view()
1259	* to ensure that you can see all of the notices (e.g. suspended, active-notice).
1260	*/
1261	// $notices[] = array( 'type' => 'active-notice', 'time_saved' => 'Cleaning up spam takes time. Akismet has saved you 1 minute!' );
1262	// $notices[] = array( 'type' => 'plugin' );
1263	// $notices[] = array( 'type' => 'notice', 'notice_header' => 'This is the notice header.', 'notice_text' => 'This is the notice text.' );
1264	// $notices[] = array( 'type' => 'missing-functions' );
1265	// $notices[] = array( 'type' => 'servers-be-down' );
1266	// $notices[] = array( 'type' => 'active-dunning' );
1267	// $notices[] = array( 'type' => 'cancelled' );
1268	// $notices[] = array( 'type' => 'suspended' );
1269	// $notices[] = array( 'type' => 'missing' );
1270	// $notices[] = array( 'type' => 'no-sub' );
1271	// $notices[] = array( 'type' => 'new-key-valid' );
1272	// $notices[] = array( 'type' => 'new-key-invalid' );
1273	// $notices[] = array( 'type' => 'existing-key-invalid' );
1274	// $notices[] = array( 'type' => 'new-key-failed' );
1275	// $notices[] = array( 'type' => 'usage-limit', 'api_calls' => '15000', 'usage_limit' => '10000', 'upgrade_plan' => 'Enterprise', 'upgrade_url' => 'https://akismet.com/account/', 'code' => 10502 );
1276	// $notices[] = array( 'type' => 'spam-check', 'link_text' => 'Link text.' );
1277	// $notices[] = array( 'type' => 'spam-check-cron-disabled' );
1278	// $notices[] = array( 'type' => 'alert', 'code' => 123 );
1279	// $notices[] = array( 'type' => 'alert', 'code' => Akismet::ALERT_CODE_COMMERCIAL );
1280
1281	Akismet::log( compact( 'stat_totals', 'akismet_user' ) );
1282	Akismet::view( 'config', compact( 'api_key', 'akismet_user', 'stat_totals', 'notices' ) );
1283	}
1284
1285	public static function display_notice() {
1286	global $hook_suffix;
1287
1288	if ( in_array( $hook_suffix, array( 'jetpack_page_akismet-key-config', 'settings_page_akismet-key-config' ) ) ) {
1289	// This page manages the notices and puts them inline where they make sense.
1290	return;
1291	}
1292
1293	// To see notice variants while testing.
1294	// Akismet::view( 'notice', array( 'type' => 'spam-check-cron-disabled' ) );
1295	// Akismet::view( 'notice', array( 'type' => 'spam-check' ) );
1296	// Akismet::view( 'notice', array( 'type' => 'alert', 'code' => 123, 'msg' => 'Message' ) );
1297
1298	if ( in_array( $hook_suffix, array( 'edit-comments.php' ) ) && (int) get_option( 'akismet_alert_code' ) > 0 ) {
1299	Akismet::verify_key( Akismet::get_api_key() ); // verify that the key is still in alert state
1300
1301	$alert_code = get_option( 'akismet_alert_code' );
1302	if ( isset( Akismet::$limit_notices[ $alert_code ] ) ) {
1303	self::display_usage_limit_alert();
1304	} elseif ( $alert_code > 0 ) {
1305	self::display_alert();
1306	}
1307	} elseif ( in_array( $hook_suffix, self::$activation_banner_pages, true ) && ! Akismet::get_api_key() ) {
1308	// Show the "Set Up Akismet" banner on the comments and plugin pages if no API key has been set.
1309	self::display_api_key_warning();
1310	} elseif ( $hook_suffix == 'edit-comments.php' && wp_next_scheduled( 'akismet_schedule_cron_recheck' ) ) {
1311	self::display_spam_check_warning();
1312	}
1313
1314	if ( isset( $_GET['akismet_recheck_complete'] ) ) {
1315	$recheck_count = (int) $_GET['recheck_count'];
1316	$spam_count = (int) $_GET['spam_count'];
1317
1318	if ( $recheck_count === 0 ) {
1319	$message = __( 'There were no comments to check. Akismet will only check comments awaiting moderation.', 'akismet' );
1320	} else {
1321	/* translators: %s: Number of comments. */
1322	$message = sprintf( _n( 'Akismet checked %s comment.', 'Akismet checked %s comments.', $recheck_count, 'akismet' ), number_format( $recheck_count ) );
1323	$message .= ' ';
1324
1325	if ( $spam_count === 0 ) {
1326	$message .= __( 'No comments were caught as spam.', 'akismet' );
1327	} else {
1328	/* translators: %s: Number of comments. */
1329	$message .= sprintf( _n( '%s comment was caught as spam.', '%s comments were caught as spam.', $spam_count, 'akismet' ), number_format( $spam_count ) );
1330	}
1331	}
1332
1333	echo '<div class="notice notice-success"><p>' . esc_html( $message ) . '</p></div>';
1334	} elseif ( isset( $_GET['akismet_recheck_error'] ) ) {
1335	echo '<div class="notice notice-error"><p>' . esc_html( __( 'Akismet could not recheck your comments for spam.', 'akismet' ) ) . '</p></div>';
1336	}
1337	}
1338
1339	public static function display_status() {
1340	if ( ! self::get_server_connectivity() ) {
1341	Akismet::view( 'notice', array( 'type' => 'servers-be-down' ) );
1342	} elseif ( ! empty( self::$notices ) ) {
1343	foreach ( self::$notices as $index => $type ) {
1344	if ( is_object( $type ) ) {
1345	$notice_header = $notice_text = '';
1346
1347	if ( property_exists( $type, 'notice_header' ) ) {
1348	$notice_header = wp_kses( $type->notice_header, self::$allowed );
1349	}
1350
1351	if ( property_exists( $type, 'notice_text' ) ) {
1352	$notice_text = wp_kses( $type->notice_text, self::$allowed );
1353	}
1354
1355	if ( property_exists( $type, 'status' ) ) {
1356	$type = wp_kses( $type->status, self::$allowed );
1357	Akismet::view( 'notice', compact( 'type', 'notice_header', 'notice_text' ) );
1358
1359	unset( self::$notices[ $index ] );
1360	}
1361	} else {
1362	Akismet::view( 'notice', compact( 'type' ) );
1363
1364	unset( self::$notices[ $index ] );
1365	}
1366	}
1367	}
1368	}
1369
1370	/**
1371	* Gets a specific notice by key.
1372	*
1373	* @param $key
1374	* @return mixed
1375	*/
1376	private static function get_notice_by_key( $key ) {
1377	return self::$notices[ $key ] ?? null;
1378	}
1379
1380	/**
1381	* Gets a Jetpack user.
1382	*
1383	* @return array\|false
1384	*/
1385	private static function get_jetpack_user() {
1386	if ( ! class_exists( 'Jetpack' ) ) {
1387	return false;
1388	}
1389
1390	if ( defined( 'JETPACK__VERSION' ) && version_compare( JETPACK__VERSION, '7.7', '<' ) ) {
1391	// For version of Jetpack prior to 7.7.
1392	Jetpack::load_xml_rpc_client();
1393	}
1394
1395	$xml = new Jetpack_IXR_ClientMulticall( array( 'user_id' => get_current_user_id() ) );
1396
1397	$xml->addCall( 'wpcom.getUserID' );
1398	$xml->addCall( 'akismet.getAPIKey' );
1399	$xml->query();
1400
1401	Akismet::log( compact( 'xml' ) );
1402
1403	if ( ! $xml->isError() ) {
1404	$responses = $xml->getResponse();
1405	if ( ( is_countable( $responses ) ? count( $responses ) : 0 ) > 1 ) {
1406	// Due to a quirk in how Jetpack does multi-calls, the response order
1407	// can't be trusted to match the call order. It's a good thing our
1408	// return values can be mostly differentiated from each other.
1409	$first_response_value = array_shift( $responses[0] );
1410	$second_response_value = array_shift( $responses[1] );
1411
1412	// If WPCOM ever reaches 100 billion users, this will fail. :-)
1413	if ( preg_match( '/^[a-f0-9]{12}$/i', $first_response_value ) ) {
1414	$api_key = $first_response_value;
1415	$user_id = (int) $second_response_value;
1416	} else {
1417	$api_key = $second_response_value;
1418	$user_id = (int) $first_response_value;
1419	}
1420
1421	return compact( 'api_key', 'user_id' );
1422	}
1423	}
1424	return false;
1425	}
1426
1427	/**
1428	* Some commentmeta isn't useful in an export file. Suppress it (when supported).
1429	*
1430	* @param bool $exclude
1431	* @param string $key The meta key
1432	* @param object $meta The meta object
1433	* @return bool Whether to exclude this meta entry from the export.
1434	*/
1435	public static function exclude_commentmeta_from_export( $exclude, $key, $meta ) {
1436	if (
1437	in_array(
1438	$key,
1439	array(
1440	'akismet_as_submitted',
1441	'akismet_delay_moderation_email',
1442	'akismet_delayed_moderation_email',
1443	'akismet_rechecking',
1444	'akismet_schedule_approval_fallback',
1445	'akismet_schedule_email_fallback',
1446	'akismet_skipped_microtime',
1447	)
1448	)
1449	) {
1450	return true;
1451	}
1452
1453	return $exclude;
1454	}
1455
1456	/**
1457	* When Akismet is active, remove the "Activate Akismet" step from the plugin description.
1458	*/
1459	public static function modify_plugin_description( $all_plugins ) {
1460	if ( isset( $all_plugins['akismet/akismet.php'] ) ) {
1461	if ( Akismet::get_api_key() ) {
1462	$all_plugins['akismet/akismet.php']['Description'] = __( 'Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. Your site is fully configured and being protected, even while you sleep.', 'akismet' );
1463	} else {
1464	$all_plugins['akismet/akismet.php']['Description'] = __( 'Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started, just go to <a href="admin.php?page=akismet-key-config">your Akismet Settings page</a> to set up your API key.', 'akismet' );
1465	}
1466	}
1467
1468	return $all_plugins;
1469	}
1470
1471	private static function set_form_privacy_notice_option( $state ) {
1472	if ( in_array( $state, array( 'display', 'hide' ) ) ) {
1473	update_option( 'akismet_comment_form_privacy_notice', $state );
1474	}
1475	}
1476
1477	public static function register_personal_data_eraser( $erasers ) {
1478	$erasers['akismet'] = array(
1479	'eraser_friendly_name' => __( 'Akismet', 'akismet' ),
1480	'callback' => array( 'Akismet_Admin', 'erase_personal_data' ),
1481	);
1482
1483	return $erasers;
1484	}
1485
1486	/**
1487	* When a user requests that their personal data be removed, Akismet has a duty to discard
1488	* any personal data we store outside of the comment itself. Right now, that is limited
1489	* to the copy of the comment we store in the akismet_as_submitted commentmeta.
1490	*
1491	* FWIW, this information would be automatically deleted after 15 days.
1492	*
1493	* @param $email_address string The email address of the user who has requested erasure.
1494	* @param $page int This function can (and will) be called multiple times to prevent timeouts,
1495	* so this argument is used for pagination.
1496	* @return array
1497	* @see https://developer.wordpress.org/plugins/privacy/adding-the-personal-data-eraser-to-your-plugin/
1498	*/
1499	public static function erase_personal_data( $email_address, $page = 1 ) {
1500	$items_removed = false;
1501
1502	$number = 50;
1503	$page = (int) $page;
1504
1505	$comments = get_comments(
1506	array(
1507	'author_email' => $email_address,
1508	'number' => $number,
1509	'paged' => $page,
1510	'order_by' => 'comment_ID',
1511	'order' => 'ASC',
1512	)
1513	);
1514
1515	foreach ( (array) $comments as $comment ) {
1516	$comment_as_submitted = get_comment_meta( $comment->comment_ID, 'akismet_as_submitted', true );
1517
1518	if ( $comment_as_submitted ) {
1519	delete_comment_meta( $comment->comment_ID, 'akismet_as_submitted' );
1520	$items_removed = true;
1521	}
1522	}
1523
1524	// Tell core if we have more comments to work on still
1525	$done = ( is_countable( $comments ) ? count( $comments ) : 0 ) < $number;
1526
1527	return array(
1528	'items_removed' => $items_removed,
1529	'items_retained' => false, // always false in this example
1530	'messages' => array(), // no messages in this example
1531	'done' => $done,
1532	);
1533	}
1534
1535	/**
1536	* Return an array of HTML elements that are allowed in a notice.
1537	*
1538	* @return array
1539	*/
1540	public static function get_notice_kses_allowed_elements() {
1541	return self::$allowed;
1542	}
1543
1544	/**
1545	* Return a version to append to the URL of an asset file (e.g. CSS and images).
1546	*
1547	* @param string $relative_path Relative path to asset file
1548	* @return string
1549	*/
1550	public static function get_asset_file_version( $relative_path ) {
1551
1552	$full_path = AKISMET__PLUGIN_DIR . $relative_path;
1553
1554	// If the AKISMET_VERSION contains a lower-case letter, it's a development version (e.g. 5.3.1a2).
1555	// Use the file modified time in development.
1556	if ( preg_match( '/[a-z]/', AKISMET_VERSION ) && file_exists( $full_path ) ) {
1557	return filemtime( $full_path );
1558	}
1559
1560	// Otherwise, use the AKISMET_VERSION.
1561	return AKISMET_VERSION;
1562	}
1563
1564	/**
1565	* Return inline CSS for Akismet admin.
1566	*
1567	* @return string
1568	*/
1569	protected static function get_inline_css(): string {
1570	global $hook_suffix;
1571
1572	// Hide excess compatible plugins when there are lots.
1573	$inline_css = '
1574	.akismet-compatible-plugins__card:nth-child(n+' . esc_attr( Akismet_Compatible_Plugins::DEFAULT_VISIBLE_PLUGIN_COUNT + 1 ) . ') {
1575	display: none;
1576	}
1577
1578	.akismet-compatible-plugins__list.is-expanded .akismet-compatible-plugins__card:nth-child(n+' . esc_attr( Akismet_Compatible_Plugins::DEFAULT_VISIBLE_PLUGIN_COUNT + 1 ) . ') {
1579	display: flex;
1580	}
1581	';
1582
1583	// Enqueue the Akismet activation banner background separately so we can
1584	// include the right path to the image. Shown on edit-comments.php and plugins.php.
1585	if ( in_array( $hook_suffix, self::$activation_banner_pages, true ) ) {
1586	$activation_banner_url = esc_url(
1587	plugin_dir_url( __FILE__ ) . '_inc/img/akismet-activation-banner-elements.png'
1588	);
1589	$inline_css .= '.akismet-activate {' . PHP_EOL .
1590	'background-image: url(' . $activation_banner_url . ');' . PHP_EOL .
1591	'}';
1592	}
1593
1594	return $inline_css;
1595	}
1596	}
1597