/** * Enhanced search term validation */ function pk_stt2_validate_search_term($term) { // Basic length check if (strlen($term) < 3 || strlen($term) > 100) { return false; } // Check if it's a URL if (filter_var($term, FILTER_VALIDATE_URL) !== false) { return false; } // Check for URL patterns $url_patterns = array( '/https?:\/\//', // http:// or https:// '/www\./i', // www. '/\w+\.(com|net|org|br|co|uk|de|fr|it|es|ru|jp|cn|in)/i', // domain extensions '/\/[a-zA-Z0-9\-_]+/', // URL paths '/\w+\.\w+\.\w+/', // domain-like patterns ); foreach ($url_patterns as $pattern) { if (preg_match($pattern, $term)) { return false; } } // Check for too many special characters $special_char_count = preg_match_all('/[^a-zA-Z0-9\s]/', $term); if ($special_char_count > strlen($term) * 0.3) { return false; } // Check against common non-search patterns $invalid_patterns = array( '/^[0-9]+$/', // Only numbers '/^[^a-zA-Z0-9]+$/', // Only special characters '/cache:/i', // Cache queries '/site:/i', // Site queries '/filetype:/i', // Filetype queries ); foreach ($invalid_patterns as $pattern) { if (preg_match($pattern, $term)) { return false; } } return true; } /** * Updated AJAX handler for recording search terms with better validation */ function pk_stt2_ajax_record_search_term_improved() { // Apply LiteSpeed Cache optimizations pk_stt2_litespeed_optimizations(); // Verify request if (!isset($_POST['term']) || !isset($_POST['path'])) { wp_die('Invalid request'); } $term = sanitize_text_field($_POST['term']); $path = sanitize_text_field($_POST['path']); // Enhanced validation if (!pk_stt2_validate_search_term($term)) { wp_die('Invalid search term'); } // Get post ID from path $post_id = url_to_postid($path); if (!$post_id) { $post_id = 0; // Homepage } // Check for bad words using the main plugin's function if it exists $has_bad_words = false; if (function_exists('pk_stt2_is_contain_bad_words')) { $has_bad_words = pk_stt2_is_contain_bad_words($term); } else { // Enhanced fallback bad words check $badwords = get_option('pk_stt2_badwords', 'http:,cache:,site:,utm_source,sex,porn,gamble,xxx,www,com,net,org'); $badwords_array = explode(',', $badwords); foreach ($badwords_array as $badword) { if (stripos($term, trim($badword)) !== false) { $has_bad_words = true; break; } } } // Record the search term if it's clean if (!$has_bad_words) { $result = pk_stt2_db_save_searchterms_with_post_id($term, $post_id); // Trigger action for cache purging if ($result) { do_action('pk_stt2_search_term_added', $post_id, $term); } } wp_die('success'); } // Replace the original AJAX handler with the improved version remove_action('wp_ajax_record_search_term', 'pk_stt2_ajax_record_search_term'); remove_action('wp_ajax_nopriv_record_search_term', 'pk_stt2_ajax_record_search_term'); add_action('wp_ajax_record_search_term', 'pk_stt2_ajax_record_search_term_improved'); add_action('wp_ajax_nopriv_record_search_term', 'pk_stt2_ajax_record_search_term_improved');Novinha Safada Deliciosa da CCI - Caiu na Net - Só Gatinhas