strider72 / spam-karma Goto Github PK

I will soon submit a patch adding an Action link to the SK line on the
Managem Plugins page.  This will replace the link hard-coded into the
description.

I'll also add a discrete info line to the footer of the SK Settings page,
and clean up such things in the plugin (e.g. from user standpoint, plugin
version not really needed at the top of the Settings page).

What steps will reproduce the problem?
1. In a blog where SK is installed, delete the SK tables from the database.
2. Go to the Comments admin page and try to apply filters to a comment
3. You'll get a bunch of "table does not exist" SQL errors

Desired behavior:  Instead of throwing the error it should simply create
the needed tables.  If it can't do so, *then* it should throw an error.

What steps will reproduce the problem?
1. Go to the plugin page in WP admin.
2. Click on a link in the SK item.
3. Access denied.

The SK admin page is no longer availabe under "Manage" in WP 2.8.  I am
attaching a patch to change the links to "Settings".  This may break SK
admin with really old WP.  However, I know it will work back to 2.2, and
probably 2.0.

The fix is to change /wp-admin/edit.php to /wp-admin/options-general.php in
sk2/spam_karma_plugin.php ... pretty easy.

'.org.ua' doesn't get recognized as a proper TLD, causing it the whole TLD to 
get blacklisted as one 
if a spammer uses 'domain.org.ua'...
The domain extraction regex needs to be updated.

Overall the exhaustive approach used by the URL domain-parsing regex (used to 
extract remove 
subdomains while keeping only domains and TLDs from URLs) probably needs a bit 
of dusting off. 
Either to make sure the TLD list is up-to-date or make the approach a bit more 
flexible to new 
TLDs.

The name says it all.  We've changed the entries in the wp_options table
from "sk2_..." to "sk_...".

We need to migrate old settings to the new settings for existing installs.
 (And then delete the old sk2_ settings records.)

Should probably just be inserted into the "initial setup" stuff, since that
already runs when expected options are not found.

I'm testing out the 2.4 alpha on WP 2.8-bleeding.  There is no existing
data for SK.  When I activate the plugin, every admin page shows this at
the top:

"It sounds like SK has recently been updated on this blog. But not fully
configured. You MUST visit Spam Karma's admin page at least once before
letting it filter your comments (chaos may ensue otherwise)."

Going to the SK Settings page should do whatever it needs to do to finish
setup, but there is no change after doing so.

The function get_settings has been deprecated for several WP versions.

Patch replaces it with get_option.

The 2 attached patches are the same, except that the first works with my
just-submitted patch #3, and the second assumes that the patch in #3 has
not been applied.

Patch replaces all remaining calls to get_settings() with calls to
get_option().

Patch does the following:

1) Puts the two separate admin pages (under "Manage" and "Settings") under
a single location in the Comments menu

2) Fixes paths in rest of SK2 (including plugins) for compatibility with #1.

3) Changes admin page restriction from user level 7 to user ability
"manage_options"

This patch partially replaces the download for Issue #2 (misc. patches)

The news module needs to be modified so it pulls news from here no the old 
website.



Cannot unserialize news array from URL

On a fresh install of Spam Karma, the "plugin not fully configured" message is 
mostly hidden behind the admin toolbar and the side menu bar.

Two possible fixes:

1) Use the standard WP admin/update message functionality to display this 
message.

2) Change SK so that it sets itself up fully on install.

Bunch of fixes and improvements:

1. Fixes it for a (possibly obscure) change in WP 2.6 — the ability to 
relocate wp-comments.

2. Adds some nice links from the plugins page directly to the SK2 admin. (Links 
in the “Action” 
column.)

3. Curing a longstanding peeve of mine — moves SK2 to the “Comments” 
section instead of putting 
it in two separate menus.

4. Put a nifty footer on the Admin screen that shows, plugin, version, and 
author.

What steps will reproduce the problem?
1. In Admin, on Comments page OR Dashboard, hit the "Reply" button for a 
comment.
2. Type your reply and Submit.
3. Comment is added properly, but the following message is displayed:

Fatal error: Call to a member function save_settings() on a non-object in 
/home/example.com/public_html/wp-content/plugins/spam-karma/spam_karma_plugin.ph
p on line 958 

My setup has the WordPress files in public_html/wp, the content in 
public_html/wp-content, and the blog itself is at the site root example.com/.

Though it's purely visual (the comment submits just fine), it causes confusion, 
and the person might easily hit Submit multiple times before realizing the 
comments are submitting.

What steps will reproduce the problem?
1. XHTML 1.0 Strict validation of comment forms with SK2 payload and time 
outputs

What is the expected output? What do you see instead?
What I see is that unless I edit SK2 to enclose the input fields for 
sk2_my_js_check1 and sk2_my_js_check2, as well as sk2_time, such pages 
fail to validate as XHTML 1.0 Strict in a WordPress theme that otherwise 
generates valid XHTML 1.0 Strict.

What version of the product are you using? On what operating system?
SK2 2.3 rc4, Debian Linux

Please provide any additional information below.
I "solved" this locally by editing my SK2 plugins to wrap these fields in 
div id="SK2" tags, I don't know if that's the optimal solution though.

Although I did my best (with WP's utterly crappy doc of nonce at the time) to 
make mail digest URL 
be both secure and working, they seem to be broken again in recent versions of 
WP.

I would suggest looking into the [hopefully more complete by now] doc for nonce 
and establish a 
system so that:
- email links get a WP nonce valid for a while
- if the nonce is no longer valid, WP displays a valid "Are you sure you want 
to do that?" msg that 
really forwards to the appropriate page (at the moment, it's broken... possibly 
WP API's fault)

per http://wordpress.org/extend/plugins/bad-behavior/other_notes/

"When using Bad Behavior in conjunction with Spam Karma 2, you may see
PHP warnings when Spam Karma 2 displays its internally generated
CAPTCHA. This is a design problem in Spam Karma 2."

I recently got a comment saying that the captcha, when triggered, just says
thanks and doesn't link back to the post, the site or anywhere else. 

It'd be lovely if this could be modified (ideally with a preview page)

A number of the files have missing localization domains, preventing their
being translated.

Attached patch fixes this.

There is basically a double copyright statement, and the two don't quite
jibe.  This patch simply cleans up the copyright (leaving the standard GPL
version), and makes a few other minor changes to the plugin info.

In the email reports of spam collected, there is nothing telling us which post 
got the comment.  That context is important in determining whether a comment is 
relevant or not.

String cast gives floats like "1,12" with the german locale and MySQL doesn't 
like that.

Possible Patch:

--- sk2/sk2_core_class.php      2009-05-14 12:40:20.000000000 +0200
+++ spam-karma2/sk2_core_class.php      2011-12-14 11:25:57.000000000 +0100
@@ -663,8 +663,10 @@
                                continue;
                        if (is_array($val))
                                $val = serialize($val);
-                       if (is_int($val) || is_float($val))
+                       if (is_int($val))
                                $query .= "`$key` = " . $val . ",";
+                       elseif (is_float($val))
+                               $query .= "`$key` = " . sprintf("%F", $val) . 
",";
                        else
                                $query .= "`$key` = '" . sk2_escape_string($val) . "', ";

WordPress plugins should never call wp-config directly.  It can break in 
multiple situations.  Perhaps a fix involving hooking template calls?

When looking at the Comments page in admin, it's cumbersome to just scroll down 
the list because the karma details sections keep popping open and closed as the 
cursor moves from one comment to the next.

Recommend changing it so that the details aren't displayed unless the user 
clicks.  Mouseover is just irritating in this area.

Suggested interface:  At bottom of comment it simply shows "Karma: 10" or 
whatever the number is.  Clicking on that text opens the "details" box for that 
karma count.

I'm running Spam Karma 2.3 rc4 on WordPress 2.9.2 and I just recently 
received a spam message which, despite having a bad Javascript payload and 
a Flash Gordon problem, had a karma of 48.67.

After examining the problem, I discovered that it was using a URL of 
http://myblog.com/?randomHexadecimalGibberish to trick the snowball plugin 
into overriding the rest of the plugins with an injection of 60 karma.

I'm not familiar with the internals of Spam Karma, but here are the two 
possibilities that came to mind:
- add a check that makes "self-link" karma conditional on the commenter 
being logged in
- modify SK so karma for logged-in and non-logged-in users are is tracked 
separately.

The temporary workaround I'll be trying is setting the snowball plugin to 
weak. If that fails, I'll just have to disable it.

Spam will overflow the database unless you logon to the admin area.

The settings to purge old spam do not work by chron only when you logon.
They need to be changed so that they run from chron.

As a side effect of r28, Karma information is displayed in the "Recent
Comments" widget on the dashboard.  It's current presentation is rather
unsightly.

Recommend removing this information from the dashboard, as it is available
in the comments list.

What steps will reproduce the problem?
1. move wp-config.php one level below your www directory. this is advised for 
security reasons
2. make a comment, it will spill something like: wp-config.php cannot be found 
at ../../../ , whereas ../../../ seems to be hardcoded but false in my case


What is the expected output? What do you see instead?

the correct page telling the user that the comment was accepted

What version of the product are you using? On what operating system?

wp 3.01, sk2 2.2 r3

Please provide any additional information below.

Moving the wp-config.php out is mentioned here: 
http://www.devlounge.net/code/protect-your-wordpress-wp-config-so-you-dont-get-h
acked