The request subscriber should properly check admin paths and user roles before executing the spam prevention checks:

Subscribing to the http_middleware is too soon as current_user service & request routing context is not fully loaded.

Replacing it with a regular request subscriber solves this issue.

CommentFileSizeAuthor
#8 3260607-8.patch25.86 KBbceyssens
#7 3260607-7.patch25.75 KBbceyssens
#2 3260607-2.patch25.75 KBbceyssens

Comments

bceyssens created an issue. See original summary.

bceyssens’s picture

bceyssens
Primary language Dutch
Location Genk 🇧🇪
commented
Status: Active » Needs review
StatusFileSize
new 3260607-2.patch25.75 KB
serge-m’s picture

serge-m commented

Hello.

Thank you for opening an issue.

We will investigate the issue as soon as possible and contact you when we get any results. It may take up to 5 business days. Please, wait.

Your CleanTalk Control Panel: [ https://cleantalk.org/my/ ].

Best regards.

znaeff’s picture

znaeff commented

Well, it seems a good idea. We will take it in the next stable release.

Thank you!

gaurav.kapoor’s picture

gaurav.kapoor commented
Status: Needs review » Needs work

The patch isn't working with the latest 9.1.x branch. Also,

  • This shouldn't be used it isn't a good pratice. 
        +
    +// Autoload
    +require_once(dirname(__FILE__) . '/../lib/autoload.php');
    +
  • Usage of $global should also be avoided. 
        global $cleantalk_executed;
  • Multiple instances of accessing services directly. Those should be used via DI instead.
  • PHPCS error should be resolved as well.
serge-m’s picture

serge-m commented

Hello.
We plan to implement the fixes within 3 months. Please, wait.
Thank you.

bceyssens’s picture

bceyssens
Primary language Dutch
Location Genk 🇧🇪
commented
StatusFileSize
new 3260607-7.patch25.75 KB

I agree with @gaurav.kapoor that the code needs some improvements. For now I'm only trying to fix the issue.

bceyssens’s picture

bceyssens
Primary language Dutch
Location Genk 🇧🇪
commented
StatusFileSize
new 3260607-8.patch25.86 KB

Adding following code to only execute on POST requests.

    // Exclusion. Not POST request.
    $request = $event->getRequest();
    if ($request->getMethod() !== 'POST') {
      return;
    }
znaeff’s picture

znaeff commented

Hello.
This issue has been resolved in release 9.2.2.