mirror of
https://gh.wpcy.net/https://github.com/webguyio/dam-spam.git
synced 2026-05-25 03:03:57 +08:00
40 lines
1.5 KiB
PHP
40 lines
1.5 KiB
PHP
<?php
|
|
|
|
if ( !defined( 'ABSPATH' ) ) {
|
|
status_header( 404 );
|
|
exit;
|
|
}
|
|
|
|
class dam_spam_check_exploits {
|
|
// phpcs:disable WordPress.Security.NonceVerification -- Spam detection module intentionally processes untrusted input
|
|
public function process( $ip, &$stats = array(), &$options = array(), &$post = array() ) {
|
|
if ( empty( $_REQUEST ) || !is_array( $_REQUEST ) ) {
|
|
return false;
|
|
}
|
|
foreach ( $_REQUEST as $req ) {
|
|
if ( is_array( $req ) ) {
|
|
// phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r -- Converting array for security scanning
|
|
$req = print_r( $req, true );
|
|
}
|
|
$req = wp_unslash( $req );
|
|
if ( stripos( $req, 'eval' . '(base64' . '_decode(' ) !== false ) {
|
|
$sample = sanitize_text_field( substr( $req, 0, 100 ) );
|
|
/* translators: %s: Sample of the attack payload */
|
|
return sprintf( esc_html__( 'Eval Attack: %s', 'dam-spam' ), esc_html( $sample ) );
|
|
}
|
|
if ( stripos( $req, 'document.write(string.fromcharcode' ) !== false ) {
|
|
$sample = sanitize_text_field( substr( $req, 0, 100 ) );
|
|
/* translators: %s: Sample of the attack payload */
|
|
return sprintf( esc_html__( 'Offset String Attack: %s', 'dam-spam' ), esc_html( $sample ) );
|
|
}
|
|
if ( stripos( $req, 'union all select' ) !== false ) {
|
|
$sample = sanitize_text_field( substr( $req, 0, 100 ) );
|
|
/* translators: %s: Sample of the attack payload */
|
|
return sprintf( esc_html__( 'SQL Inject Attack: %s', 'dam-spam' ), esc_html( $sample ) );
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
|
|
?>
|
