public static function Helper::get_fields_any in Anti Spam by CleanTalk 8.4

Same name and namespace in other branches

1. 9.1.x src/lib/Cleantalk/Common/Helper.php \Cleantalk\Common\Helper::get_fields_any()

File

src/lib/Cleantalk/Common/Helper.php, line 526

Class

Helper

CleanTalk Helper class. Compatible with any CMS.

Namespace

Cleantalk\Common

Code

public static function get_fields_any($arr, $fields_exclusions = '', $message = array(), $email = null, $nickname = array(
  'nick' => '',
  'first' => '',
  'last' => '',
), $subject = null, $contact = true, $prev_name = '') {

  //Skip request if fields exists
  $skip_params = array(
    'ipn_track_id',
    // PayPal IPN #
    'txn_type',
    // PayPal transaction type
    'payment_status',
    // PayPal payment status
    'ccbill_ipn',
    // CCBill IPN
    'ct_checkjs',
    // skip ct_checkjs field
    'api_mode',
    // DigiStore-API
    'loadLastCommentId',
  );

  // Fields to replace with ****
  $obfuscate_params = array(
    'password',
    'pass',
    'pwd',
    'pswd',
  );

  // Skip feilds with these strings and known service fields
  $skip_fields_with_strings = array(
    // Common
    'ct_checkjs',
    //Do not send ct_checkjs
    'nonce',
    //nonce for strings such as 'rsvp_nonce_name'
    'security',
    // 'action',
    'http_referer',
    'timestamp',
    'captcha',
    // Formidable Form
    'form_key',
    'submit_entry',
    // Custom Contact Forms
    'form_id',
    'ccf_form',
    'form_page',
    // Qu Forms
    'iphorm_uid',
    'form_url',
    'post_id',
    'iphorm_ajax',
    'iphorm_id',
    // Fast SecureContact Froms
    'fs_postonce_1',
    'fscf_submitted',
    'mailto_id',
    'si_contact_action',
    // Ninja Forms
    'formData_id',
    'formData_settings',
    'formData_fields_\\d+_id',
    'formData_fields_\\d+_files.*',
    // E_signature
    'recipient_signature',
    'output_\\d+_\\w{0,2}',
    // Contact Form by Web-Settler protection
    '_formId',
    '_returnLink',
    // Social login and more
    '_save',
    '_facebook',
    '_social',
    'user_login-',
    // Contact Form 7
    '_wpcf7',
    'avatar__file_image_data',
    'task',
    'page_url',
    'page_title',
    'Submit',
    'formId',
    'key',
    'id',
    'hiddenlists',
    'ctrl',
    'task',
    'option',
    'nextstep',
    'acy_source',
    'subid',
    'ct_action',
    'ct_method',
  );

  // Reset $message if we have a sign-up data
  $skip_message_post = array(
    'edd_action',
  );
  foreach ($skip_params as $value) {
    if (@array_key_exists($value, $_GET) || @array_key_exists($value, $_POST)) {
      $contact = false;
    }
  }
  unset($value);
  if (count($arr)) {
    foreach ($arr as $key => $value) {
      if (gettype($value) == 'string') {
        $decoded_json_value = json_decode($value, true);
        if ($decoded_json_value !== null) {
          $value = $decoded_json_value;
        }
      }
      if (!is_array($value) && !is_object($value)) {

        //Add custom exclusions
        if (is_string($fields_exclusions) && !empty($fields_exclusions)) {
          $fields_exclusions = explode(",", $fields_exclusions);
          if (is_array($fields_exclusions) && !empty($fields_exclusions)) {
            foreach ($fields_exclusions as &$fields_exclusion) {
              if (preg_match('/\\[*\\]/', $fields_exclusion)) {

                // I have to do this to support exclusions like 'submitted[name]'
                $fields_exclusion = str_replace(array(
                  '[',
                  ']',
                ), array(
                  '_',
                  '',
                ), $fields_exclusion);
              }
            }
            $skip_fields_with_strings = array_merge($skip_fields_with_strings, $fields_exclusions);
          }
        }
        if (in_array($key, $skip_params, true) && $key != 0 && $key != '' || preg_match("/^ct_checkjs/", $key)) {
          $contact = false;
        }
        if ($value === '') {
          continue;
        }

        // Skipping fields names with strings from (array)skip_fields_with_strings
        foreach ($skip_fields_with_strings as $needle) {
          if (preg_match("/" . $needle . "/", $prev_name . $key) == 1) {
            continue 2;
          }
        }
        unset($needle);

        // Obfuscating params
        foreach ($obfuscate_params as $needle) {
          if (strpos($key, $needle) !== false) {
            $value = self::obfuscate_param($value);
            continue 2;
          }
        }
        unset($needle);

        // Removes whitespaces
        $value = urldecode(trim($value));

        // Fully cleaned message
        $value_for_email = trim($value);

        // Removes shortcodes to do better spam filtration on server side.
        // Email
        if (!$email && preg_match("/^\\S+@\\S+\\.\\S+\$/", $value_for_email)) {
          $email = $value_for_email;

          // Names
        }
        elseif (preg_match("/name/i", $key)) {
          preg_match("/((name.?)?(your|first|for)(.?name)?)\$/", $key, $match_forename);
          preg_match("/((name.?)?(last|family|second|sur)(.?name)?)\$/", $key, $match_surname);
          preg_match("/^(name.?)?(nick|user)(.?name)?\$/", $key, $match_nickname);
          if (count($match_forename) > 1) {
            $nickname['first'] = $value;
          }
          elseif (count($match_surname) > 1) {
            $nickname['last'] = $value;
          }
          elseif (count($match_nickname) > 1) {
            $nickname['nick'] = $value;
          }
          else {
            $nickname[$prev_name . $key] = $value;
          }

          // Subject
        }
        elseif ($subject === null && preg_match("/subject/i", $key)) {
          $subject = $value;

          // Message
        }
        else {
          $message[$prev_name . $key] = $value;
        }
      }
      elseif (!is_object($value)) {
        $prev_name_original = $prev_name;
        $prev_name = $prev_name === '' ? $key . '_' : $prev_name . $key . '_';
        $temp = self::get_fields_any($value, $fields_exclusions, $message, $email, $nickname, $subject, $contact, $prev_name);
        $message = $temp['message'];
        $email = $temp['email'] ? $temp['email'] : null;
        $nickname = $temp['nickname'] ? $temp['nickname'] : null;
        $subject = $temp['subject'] ? $temp['subject'] : null;
        if ($contact === true) {
          $contact = $temp['contact'] === false ? false : true;
        }
        $prev_name = $prev_name_original;
      }
    }
    unset($key, $value);
  }
  foreach ($skip_message_post as $v) {
    if (isset($_POST[$v])) {
      $message = null;
      break;
    }
  }
  unset($v);

  //If top iteration, returns compiled name field. Example: "Nickname Firtsname Lastname".
  if ($prev_name === '') {
    if (!empty($nickname)) {
      $nickname_str = '';
      foreach ($nickname as $value) {
        $nickname_str .= $value ? $value . " " : "";
      }
      unset($value);
    }
    $nickname = $nickname_str;
  }
  $return_param = array(
    'email' => $email,
    'nickname' => $nickname,
    'subject' => $subject,
    'contact' => $contact,
    'message' => $message,
  );
  return $return_param;
}