Skip to content

Fix. SFW. Modules die pages fixed.#820

Open
Glomberg wants to merge 1 commit into
devfrom
Fix-SFW-Die-page-fixed-VI
Open

Fix. SFW. Modules die pages fixed.#820
Glomberg wants to merge 1 commit into
devfrom
Fix-SFW-Die-page-fixed-VI

Conversation

@Glomberg

Copy link
Copy Markdown
Member

@codecov

codecov Bot commented Jun 26, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 17.85714% with 23 lines in your changes missing coverage. Please review.
✅ Project coverage is 26.68%. Comparing base (9637d6d) to head (1273add).

Files with missing lines Patch % Lines
lib/Cleantalk/ApbctWP/Firewall/SFW.php 0.00% 15 Missing ⚠️
lib/Cleantalk/ApbctWP/Firewall/AntiFlood.php 0.00% 6 Missing ⚠️
lib/Cleantalk/ApbctWP/Firewall/AntiCrawler.php 71.42% 2 Missing ⚠️

❌ Your patch check has failed because the patch coverage (17.85%) is below the target coverage (70.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files
@@            Coverage Diff            @@
##                dev     #820   +/-   ##
=========================================
  Coverage     26.68%   26.68%           
  Complexity     5683     5683           
=========================================
  Files           270      270           
  Lines         24258    24258           
=========================================
  Hits           6473     6473           
  Misses        17785    17785           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Firewall “die page” rendering logic to better escape dynamic values inserted into HTML templates, aiming to prevent unsafe output and fix die-page related issues across SFW/AntiFlood/AntiCrawler modules.

Changes:

  • Escapes several user-/request-derived placeholders (IP, request URI, service ID, debug dumps) before injecting them into die-page templates.
  • Adjusts request URI retrieval in AntiFlood to use Server::getString('REQUEST_URI').
  • Adds/extends escaping in debug output sections.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 10 comments.

File Description
lib/Cleantalk/ApbctWP/Firewall/SFW.php Adds escaping for multiple die-page placeholders and debug output.
lib/Cleantalk/ApbctWP/Firewall/AntiFlood.php Escapes die-page placeholders and uses Server::getString() for REQUEST_URI.
lib/Cleantalk/ApbctWP/Firewall/AntiCrawler.php Escapes die-page placeholders and tightens escaping around debug output.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

'{CLEANTALK_URL}' => $apbct->data['wl_url'],
'{REMOTE_ADDRESS}' => $result['ip'],
'{SERVICE_ID}' => $apbct->data['service_id'] . ', ' . $net_count,
'{CLEANTALK_URL}' => esc_html($apbct->data['wl_url']),
'{HOST}' => get_home_url() . ', ' . APBCT_VERSION,
'{GENERATED}' => '<p>The page was generated at&nbsp;' . date('D, d M Y H:i:s') . '</p>',
'{REQUEST_URI}' => $request_uri,
'{REQUEST_URI}' => esc_html($request_uri),
'{TEST_IP}' => '',
'{REAL_IP}' => '',
'{SCRIPT_URL}' => $js_url,
'{SCRIPT_URL}' => esc_html($js_url),

// Custom Logo
'{CUSTOM_LOGO}' => $custom_logo_img
'{CUSTOM_LOGO}' => esc_attr($custom_logo_img)
Comment on lines 511 to 513
$debug = '<h1>Headers</h1>'
. var_export(apache_request_headers(), true)
. '<h1>REMOTE_ADDR</h1>'
'{REQUEST_URI}' => Server::get('REQUEST_URI'),
'{SERVICE_ID}' => $this->apbct->data['service_id'] . ', ' . $net_count,
'{CLEANTALK_TITLE}' => esc_html($apbct->data['wl_brandname']),
'{CLEANTALK_URL}' => esc_html($apbct->data['wl_url']),
'{GENERATED}' => '<p>The page was generated at&nbsp;' . date('D, d M Y H:i:s') . "</p>",
'{COOKIE_ANTIFLOOD_PASSED}' => md5($result['ip'] . $this->api_key),
'{SCRIPT_URL}' => $js_url,
'{SCRIPT_URL}' => esc_html($js_url),
'{REMOTE_ADDRESS}' => $ip,
'{SERVICE_ID}' => $this->apbct->data['service_id'] . ', ' . $net_count,
'{CLEANTALK_TITLE}' => esc_html($apbct->data['wl_brandname']),
'{CLEANTALK_URL}' => esc_html($apbct->data['wl_url']),
'{COOKIE_ANTICRAWLER_PASSED}' => '1',
'{GENERATED}' => '<p>The page was generated at&nbsp;' . date('D, d M Y H:i:s') . "</p>",
'{SCRIPT_URL}' => $js_url,
'{SCRIPT_URL}' => esc_html($js_url),
Comment on lines 597 to 601
$debug = '<h1>Headers</h1>'
. str_replace("\n", "<br>", print_r(\apache_request_headers(), true))
. '<h1>$_SERVER</h1>'
. str_replace("\n", "<br>", print_r($_SERVER, true))
. '<h1>AC_LOG_RESULT</h1>'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants