diff --git a/dapper.php b/dapper.php index f3e59c9..7a28dc9 100644 --- a/dapper.php +++ b/dapper.php @@ -1248,70 +1248,73 @@ if ( class_exists( 'WPCF7' ) ) { '; return $hp . $form; } - add_filter('rest_pre_dispatch', 'dapper_block_cf7_rest_spam', 10, 3); - - function dapper_block_cf7_rest_spam($result, $server, $request) { - - $route = $request->get_route(); - $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; - dapper_debug_log("CF7 REST HIT from IP: $ip → $route"); - - // Only target CF7 submissions - if (strpos($route, '/contact-form-7/') === false) { - return $result; - } - - // LOG ALL HITS - dapper_debug_log('CF7 REST HIT → ' . $route); - - $params = $request->get_params(); - - // 1. Require JS token - if (empty($params['dapper_token']) || strpos($params['dapper_token'], 'dpr_') !== 0) { - - dapper_debug_log('BLOCKED REST: Missing JS token'); - - return new WP_Error( - 'dapper_spam_block', - 'Spam detected', - ['status' => 403] - ); - } - - // 2. Require timestamp - if (empty($params['dapper_ts'])) { - - dapper_debug_log('BLOCKED REST: Missing timestamp'); - - return new WP_Error( - 'dapper_spam_block', - 'Spam detected', - ['status' => 403] - ); - } - - // 3. Speed check - $elapsed = time() - (int)$params['dapper_ts']; - - if ($elapsed < 3) { - - dapper_debug_log('BLOCKED REST: Too fast'); - - return new WP_Error( - 'dapper_spam_block', - 'Spam detected', - ['status' => 403] - ); - } - - return $result; - } - } +add_filter('rest_pre_dispatch', 'dapper_block_cf7_rest_spam', 10, 3); + +function dapper_block_cf7_rest_spam($result, $server, $request) { + + $route = $request->get_route(); + $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; + dapper_debug_log("CF7 REST HIT from IP: $ip → $route"); + + // Only target CF7 submissions + if (strpos($route, '/contact-form-7/') === false) { + return $result; + } + + // LOG ALL HITS + dapper_debug_log('CF7 REST HIT → ' . $route); + + $params = $request->get_params(); + + // 1. Require JS token + if (empty($params['dapper_token']) || strpos($params['dapper_token'], 'dpr_') !== 0) { + + dapper_debug_log('BLOCKED REST: Missing JS token'); + + return new WP_Error( + 'dapper_spam_block', + 'Spam detected', + ['status' => 403] + ); + } + + // 2. Require timestamp + if (empty($params['dapper_ts'])) { + + dapper_debug_log('BLOCKED REST: Missing timestamp'); + + return new WP_Error( + 'dapper_spam_block', + 'Spam detected', + ['status' => 403] + ); + } + + // 3. Speed check + $elapsed = time() - (int)$params['dapper_ts']; + + if ($elapsed < 3) { + + dapper_debug_log('BLOCKED REST: Too fast'); + + return new WP_Error( + 'dapper_spam_block', + 'Spam detected', + ['status' => 403] + ); + } + + return $result; +} + + + + function add_campaign_management_page() { add_submenu_page(