williamt/Dapper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move Rest API spam blocking outside of CF7 code block
All checks were successful
Generate Build Info / build-info (push) Successful in 2s
Details

Browse Source
This commit is contained in:
carpentryplus25
2026-03-20 09:34:41 -04:00
parent dfe52042af
commit 3fe651b7d1
1 changed files with 62 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
dapper.php
View File

@@ -1248,70 +1248,73 @@ if ( class_exists( 'WPCF7' ) ) {
</span>'; </span>';
return $hp . $form; return $hp . $form;
} }
add_filter('rest_pre_dispatch', 'dapper_block_cf7_rest_spam', 10, 3);
function dapper_block_cf7_rest_spam($result, $server, $request) {
$route = $request->get_route();
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
dapper_debug_log("CF7 REST HIT from IP: $ip → $route");
// Only target CF7 submissions
if (strpos($route, '/contact-form-7/') === false) {
return $result;
}
// LOG ALL HITS
dapper_debug_log('CF7 REST HIT → ' . $route);
$params = $request->get_params();
// 1. Require JS token
if (empty($params['dapper_token']) || strpos($params['dapper_token'], 'dpr_') !== 0) {
dapper_debug_log('BLOCKED REST: Missing JS token');
return new WP_Error(
'dapper_spam_block',
'Spam detected',
['status' => 403]
);
}
// 2. Require timestamp
if (empty($params['dapper_ts'])) {
dapper_debug_log('BLOCKED REST: Missing timestamp');
return new WP_Error(
'dapper_spam_block',
'Spam detected',
['status' => 403]
);
}
// 3. Speed check
$elapsed = time() - (int)$params['dapper_ts'];
if ($elapsed < 3) {
dapper_debug_log('BLOCKED REST: Too fast');
return new WP_Error(
'dapper_spam_block',
'Spam detected',
['status' => 403]
);
}
return $result;
}
} }
add_filter('rest_pre_dispatch', 'dapper_block_cf7_rest_spam', 10, 3);
function dapper_block_cf7_rest_spam($result, $server, $request) {
$route = $request->get_route();
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
dapper_debug_log("CF7 REST HIT from IP: $ip → $route");
// Only target CF7 submissions
if (strpos($route, '/contact-form-7/') === false) {
return $result;
}
// LOG ALL HITS
dapper_debug_log('CF7 REST HIT → ' . $route);
$params = $request->get_params();
// 1. Require JS token
if (empty($params['dapper_token']) || strpos($params['dapper_token'], 'dpr_') !== 0) {
dapper_debug_log('BLOCKED REST: Missing JS token');
return new WP_Error(
'dapper_spam_block',
'Spam detected',
['status' => 403]
);
}
// 2. Require timestamp
if (empty($params['dapper_ts'])) {
dapper_debug_log('BLOCKED REST: Missing timestamp');
return new WP_Error(
'dapper_spam_block',
'Spam detected',
['status' => 403]
);
}
// 3. Speed check
$elapsed = time() - (int)$params['dapper_ts'];
if ($elapsed < 3) {
dapper_debug_log('BLOCKED REST: Too fast');
return new WP_Error(
'dapper_spam_block',
'Spam detected',
['status' => 403]
);
}
return $result;
}
function add_campaign_management_page() { function add_campaign_management_page() {
add_submenu_page( add_submenu_page(