Changeset 7196 for trunk/src/includes/extend/akismet.php

Timestamp:

04/26/2021 06:39:32 PM (4 years ago)

Author:

johnjamesjacoby

Message:

Akismet: port SSL support from Akismet plugin.

This commit ensures that installations using SSL will send remote requests to https:// instead of http:// including retries and graceful degradation to http:// if necessary.

It also cleans up some related header & response logic to make it easier to understand.

In trunk for 2.7.0. See #3410.

File:

• trunk/src/includes/extend/akismet.php (modified) (7 diffs)

trunk/src/includes/extend/akismet.php

@@ -161 +161 @@
         ) );
 
-        // Set the result headers (from maybe_spam() above)
-        $post_data['bbp_akismet_result_headers'] = ! empty( $_post['bbp_akismet_result_headers'] )
-            ? $_post['bbp_akismet_result_headers'] // raw
-            : esc_html__( 'No response', 'bbpress' );
-
-        // Set the result (from maybe_spam() above)
-        $post_data['bbp_akismet_result'] = ! empty( $_post['bbp_akismet_result'] )
-            ? $_post['bbp_akismet_result'] // raw
-            : esc_html__( 'No response', 'bbpress' );
-
-        // Avoid recurrsion by unsetting results
+        // Set the results (from maybe_spam() above)
+        $post_data['bbp_akismet_result_headers'] = $_post['bbp_akismet_result_headers'];
+        $post_data['bbp_akismet_result']         = $_post['bbp_akismet_result'];
+        $post_data['bbp_post_as_submitted']      = $_post;
+
+        // Avoid recursion by unsetting results from post-as-submitted
         unset(
-            $_post['bbp_akismet_result_headers'],
-            $_post['bbp_akismet_result']
+            $post_data['bbp_post_as_submitted']['bbp_akismet_result_headers'],
+            $post_data['bbp_post_as_submitted']['bbp_akismet_result']
         );
-        $post_data['bbp_post_as_submitted'] = $_post;
-
-        // Cleanup to avoid touching this variable again below
-        unset( $_post );
 
         // Allow post_data to be manipulated
@@ -421 +412 @@
 
         // Define variables
-        $query_string = $path = $response = '';
+        $query_string = $path = '';
+        $response = array( '', '' );
 
         // Make sure post data is an array
@@ -439 +431 @@
             foreach ( $_POST as $key => $value ) {
                 if ( is_string( $value ) ) {
-                    $post_data['POST_' . $key] = $value;
+                    $post_data[ 'POST_' . $key ] = $value;
                 }
             }
@@ -470 +462 @@
         }
 
+        // Only accepts spam|ham
+        if ( ! in_array( $spam, array( 'spam', 'ham' ), true ) ) {
+            $spam = 'spam';
+        }
+
         // Setup the API route
         if ( 'check' === $check ) {
@@ -478 +475 @@
 
         // Send data to Akismet
-        $response = ! apply_filters( 'bbp_bypass_check_for_spam', false, $post_data )
-            ? $this->http_post( $query_string, $akismet_api_host, $path, $akismet_api_port )
-            : false;
+        if ( ! apply_filters( 'bbp_bypass_check_for_spam', false, $post_data ) ) {
+            $response = $this->http_post( $query_string, $akismet_api_host, $path, $akismet_api_port );
+        }
 
         // Set the result headers
         $post_data['bbp_akismet_result_headers'] = ! empty( $response[0] )
-            ? $response[0]
+            ? $response[0] // raw
             : esc_html__( 'No response', 'bbpress' );
 
         // Set the result
         $post_data['bbp_akismet_result'] = ! empty( $response[1] )
-            ? $response[1]
+            ? $response[1] // raw
             : esc_html__( 'No response', 'bbpress' );
 
@@ -737 +734 @@
         // Preload required variables
         $bbp_version  = bbp_get_version();
+        $ak_version   = constant( 'AKISMET_VERSION' );
         $http_host    = $host;
         $blog_charset = get_option( 'blog_charset' );
-        $response     = '';
-
-        // Untque User Agent
-        $akismet_ua     = "bbPress/{$bbp_version} | ";
-        $akismet_ua    .= 'Akismet/' . constant( 'AKISMET_VERSION' );
+
+        // User Agent & Content Type
+        $akismet_ua   = "bbPress/{$bbp_version} | Akismet/{$ak_version}";
+        $content_type = 'application/x-www-form-urlencoded; charset=' . $blog_charset;
 
         // Use specific IP (if provided)
@@ -752 +749 @@
         // Setup the arguments
         $http_args = array(
-            'body'             => $request,
-            'headers'          => array(
-                'Content-Type' => 'application/x-www-form-urlencoded; charset=' . $blog_charset,
+            'httpversion' => '1.0',
+            'timeout'     => 15,
+            'body'        => $request,
+            'headers'     => array(
+                'Content-Type' => $content_type,
                 'Host'         => $host,
                 'User-Agent'   => $akismet_ua
-            ),
-            'httpversion'      => '1.0',
-            'timeout'          => 15
+            )
         );
 
-        // Where we are sending our request
-        $akismet_url = 'http://' . $http_host . $path;
-
-        // Send the request
-        $response    = wp_remote_post( $akismet_url, $http_args );
-
-        // Bail if the response is an error
+        // Return the response
+        return $this->get_response( $http_host . $path, $http_args );
+    }
+
+    /**
+     * Handles the repeated calls to wp_remote_post(), including SSL support.
+     *
+     * @since 2.6.7 (bbPress r7194)
+     *
+     * @param string $host_and_path Scheme-less URL
+     * @param array  $http_args     Array of arguments for wp_remote_post()
+     * @return array
+     */
+    private function get_response( $host_and_path = '', $http_args = array() ) {
+
+        // Default variables
+        $akismet_url = $http_akismet_url = 'http://' . $host_and_path;
+        $is_ssl = $ssl_failed = false;
+        $now = time();
+
+        // Check if SSL requests were disabled fewer than 24 hours ago
+        $ssl_disabled_time = get_option( 'akismet_ssl_disabled' );
+
+        // Clean-up if 24 hours have passed
+        if ( ! empty( $ssl_disabled_time ) && ( $ssl_disabled_time < ( $now - DAY_IN_SECONDS ) ) ) {
+            delete_option( 'akismet_ssl_disabled' );
+            $ssl_disabled_time = false;
+        }
+
+        // Maybe HTTPS if not disabled
+        if ( empty( $ssl_disabled_time ) && ( $is_ssl = wp_http_supports( array( 'ssl' ) ) ) ) {
+            $akismet_url = set_url_scheme( $akismet_url, 'https' );
+        }
+
+        // Initial remote request
+        $response = wp_remote_post( $akismet_url, $http_args );
+
+        // Initial request produced an error, so retry...
+        if ( ! empty( $is_ssl ) && is_wp_error( $response ) ) {
+
+            // Intermittent connection problems may cause the first HTTPS
+            // request to fail and subsequent HTTP requests to succeed randomly.
+            // Retry the HTTPS request once before disabling SSL for a time.
+            $response = wp_remote_post( $akismet_url, $http_args );
+
+            // SSL request failed twice, so try again without it
+            if ( is_wp_error( $response ) ) {
+                $response   = wp_remote_post( $http_akismet_url, $http_args );
+                $ssl_failed = true;
+            }
+        }
+
+        // Bail if errored
         if ( is_wp_error( $response ) ) {
             return array( '', '' );
         }
 
+        // Maybe disable SSL for future requests
+        if ( ! empty( $ssl_failed ) ) {
+            update_option( 'akismet_ssl_disabled', $now );
+        }
+
         // No errors so return response
-        return array( $response['headers'], $response['body'] );
+        return array(
+            $response['headers'],
+            $response['body']
+        );
     }