Update WP

README.md

@@ -20,9 +20,9 @@
 
 ## Production
 - build CSS & JS assets - `C:\web\dev.biuro\ npm run build`
-- build new image `docker build -t biuro/web:2.0.1 .` (update version number)
+- build new image `docker build -t biuro/web:2.0.2 .` (update version number)
 - login to biuro docker account  `docker login --username=biuro --password=9Ndtjd2vKsLvGuFOeFq1KdJs`
-- push image to docker repository - `docker push biuro/web:2.0.1`
+- push image to docker repository - `docker push biuro/web:2.0.2`
 
 ## Production
 - update biuro/web image version in .env file (staging or www)

wp-content/plugins/akismet/.htaccess

@@ -12,7 +12,7 @@
 </IfModule>
 
 # Akismet CSS and JS
-<FilesMatch "^(form\.js|akismet\.js|akismet\.css)$">
+<FilesMatch "^(form\.js|akismet\.js|akismet-frontend\.js|akismet\.css)$">
 	<IfModule !mod_authz_core.c>
 		Allow from all
 	</IfModule>

wp-content/plugins/akismet/_inc/akismet-frontend.js

+/**
+ * Observe how the user enters content into the comment form in order to determine whether it's a bot or not.
+ *
+ * Note that no actual input is being saved here, only counts and timings between events.
+ */
+
+( function() {
+	function init() {
+		var input_begin = '';
+
+		var keydowns = {};
+		var lastKeyup = null;
+		var lastKeydown = null;
+		var keypresses = [];
+
+		var modifierKeys = [];
+		var correctionKeys = [];
+
+		var lastMouseup = null;
+		var lastMousedown = null;
+		var mouseclicks = [];
+
+		var mousemoveTimer = null;
+		var lastMousemoveX = null;
+		var lastMousemoveY = null;
+		var mousemoveStart = null;
+		var mousemoves = [];
+
+		var touchmoveCountTimer = null;
+		var touchmoveCount = 0;
+
+		var lastTouchEnd = null;
+		var lastTouchStart = null;
+		var touchEvents = [];
+
+		var scrollCountTimer = null;
+		var scrollCount = 0;
+
+		var correctionKeyCodes = [ 'Backspace', 'Delete', 'ArrowUp', 'ArrowDown', 'ArrowLeft', 'ArrowRight', 'Home', 'End', 'PageUp', 'PageDown' ];
+		var modifierKeyCodes = [ 'Shift', 'CapsLock' ];
+
+		var forms = document.querySelectorAll( 'form[method=post]' );
+
+		for ( var i = 0; i < forms.length; i++ ) {
+			var form = forms[i];
+
+			form.addEventListener( 'submit', function () {
+				var ak_bkp = prepare_timestamp_array_for_request( keypresses );
+				var ak_bmc = prepare_timestamp_array_for_request( mouseclicks );
+				var ak_bte = prepare_timestamp_array_for_request( touchEvents );
+				var ak_bmm = prepare_timestamp_array_for_request( mousemoves );
+
+				var input_fields = {
+					// When did the user begin entering any input?
+					'ak_bib': input_begin,
+
+					// When was the form submitted?
+					'ak_bfs': Date.now(),
+
+					// How many keypresses did they make?
+					'ak_bkpc': keypresses.length,
+
+					// How quickly did they press a sample of keys, and how long between them?
+					'ak_bkp': ak_bkp,
+
+					// How quickly did they click the mouse, and how long between clicks?
+					'ak_bmc': ak_bmc,
+
+					// How many mouseclicks did they make?
+					'ak_bmcc': mouseclicks.length,
+
+					// When did they press modifier keys (like Shift or Capslock)?
+					'ak_bmk': modifierKeys.join( ';' ),
+
+					// When did they correct themselves? e.g., press Backspace, or use the arrow keys to move the cursor back
+					'ak_bck': correctionKeys.join( ';' ),
+
+					// How many times did they move the mouse?
+					'ak_bmmc': mousemoves.length,
+
+					// How many times did they move around using a touchscreen?
+					'ak_btmc': touchmoveCount,
+
+					// How many times did they scroll?
+					'ak_bsc': scrollCount,
+
+					// How quickly did they perform touch events, and how long between them?
+					'ak_bte': ak_bte,
+
+					// How many touch events were there?
+					'ak_btec' : touchEvents.length,
+
+					// How quickly did they move the mouse, and how long between moves?
+					'ak_bmm' : ak_bmm
+				};
+
+				for ( var field_name in input_fields ) {
+					var field = document.createElement( 'input' );
+					field.setAttribute( 'type', 'hidden' );
+					field.setAttribute( 'name', field_name );
+					field.setAttribute( 'value', input_fields[ field_name ] );
+					this.appendChild( field );
+				}
+			} );
+
+			form.addEventListener( 'keydown', function ( e ) {
+				// If you hold a key down, some browsers send multiple keydown events in a row.
+				// Ignore any keydown events for a key that hasn't come back up yet.
+				if ( e.key in keydowns ) {
+					return;
+				}
+
+				var keydownTime = ( new Date() ).getTime();
+				keydowns[ e.key ] = [ keydownTime ];
+
+				if ( ! input_begin ) {
+					input_begin = keydownTime;
+				}
+
+				// In some situations, we don't want to record an interval since the last keypress -- for example,
+				// on the first keypress, or on a keypress after focus has changed to another element. Normally,
+				// we want to record the time between the last keyup and this keydown. But if they press a
+				// key while already pressing a key, we want to record the time between the two keydowns.
+
+				var lastKeyEvent = Math.max( lastKeydown, lastKeyup );
+
+				if ( lastKeyEvent ) {
+					keydowns[ e.key ].push( keydownTime - lastKeyEvent );
+				}
+
+				lastKeydown = keydownTime;
+			} );
+
+			form.addEventListener( 'keyup', function ( e ) {
+				if ( ! ( e.key in keydowns ) ) {
+					// This key was pressed before this script was loaded, or a mouseclick happened during the keypress, or...
+					return;
+				}
+
+				var keyupTime = ( new Date() ).getTime();
+
+				if ( 'TEXTAREA' === e.target.nodeName || 'INPUT' === e.target.nodeName ) {
+					if ( -1 !== modifierKeyCodes.indexOf( e.key ) ) {
+						modifierKeys.push( keypresses.length - 1 );
+					} else if ( -1 !== correctionKeyCodes.indexOf( e.key ) ) {
+						correctionKeys.push( keypresses.length - 1 );
+					} else {
+						// ^ Don't record timings for keys like Shift or backspace, since they
+						// typically get held down for longer than regular typing.
+
+						var keydownTime = keydowns[ e.key ][0];
+
+						var keypress = [];
+
+						// Keypress duration.
+						keypress.push( keyupTime - keydownTime );
+
+						// Amount of time between this keypress and the previous keypress.
+						if ( keydowns[ e.key ].length > 1 ) {
+							keypress.push( keydowns[ e.key ][1] );
+						}
+
+						keypresses.push( keypress );
+					}
+				}
+
+				delete keydowns[ e.key ];
+
+				lastKeyup = keyupTime;
+			} );
+
+			form.addEventListener( "focusin", function ( e ) {
+				lastKeydown = null;
+				lastKeyup = null;
+				keydowns = {};
+			} );
+
+			form.addEventListener( "focusout", function ( e ) {
+				lastKeydown = null;
+				lastKeyup = null;
+				keydowns = {};
+			} );
+		}
+
+		document.addEventListener( 'mousedown', function ( e ) {
+			lastMousedown = ( new Date() ).getTime();
+		} );
+
+		document.addEventListener( 'mouseup', function ( e ) {
+			if ( ! lastMousedown ) {
+				// If the mousedown happened before this script was loaded, but the mouseup happened after...
+				return;
+			}
+
+			var now = ( new Date() ).getTime();
+
+			var mouseclick = [];
+			mouseclick.push( now - lastMousedown );
+
+			if ( lastMouseup ) {
+				mouseclick.push( lastMousedown - lastMouseup );
+			}
+
+			mouseclicks.push( mouseclick );
+
+			lastMouseup = now;
+
+			// If the mouse has been clicked, don't record this time as an interval between keypresses.
+			lastKeydown = null;
+			lastKeyup = null;
+			keydowns = {};
+		} );
+
+		document.addEventListener( 'mousemove', function ( e ) {
+			if ( mousemoveTimer ) {
+				clearTimeout( mousemoveTimer );
+				mousemoveTimer = null;
+			}
+			else {
+				mousemoveStart = ( new Date() ).getTime();
+				lastMousemoveX = e.offsetX;
+				lastMousemoveY = e.offsetY;
+			}
+
+			mousemoveTimer = setTimeout( function ( theEvent, originalMousemoveStart ) {
+				var now = ( new Date() ).getTime() - 250; // To account for the timer delay.
+
+				var mousemove = [];
+				mousemove.push( now - originalMousemoveStart );
+				mousemove.push(
+					Math.round(
+						Math.sqrt(
+							Math.pow( theEvent.offsetX - lastMousemoveX, 2 ) +
+							Math.pow( theEvent.offsetY - lastMousemoveY, 2 )
+						)
+					)
+				);
+
+				if ( mousemove[1] > 0 ) {
+					// If there was no measurable distance, then it wasn't really a move.
+					mousemoves.push( mousemove );
+				}
+
+				mousemoveStart = null;
+				mousemoveTimer = null;
+			}, 250, e, mousemoveStart );
+		} );
+
+		document.addEventListener( 'touchmove', function ( e ) {
+			if ( touchmoveCountTimer ) {
+				clearTimeout( touchmoveCountTimer );
+			}
+
+			touchmoveCountTimer = setTimeout( function () {
+				touchmoveCount++;
+			}, 250 );
+		} );
+
+		document.addEventListener( 'touchstart', function ( e ) {
+			lastTouchStart = ( new Date() ).getTime();
+		} );
+
+		document.addEventListener( 'touchend', function ( e ) {
+			if ( ! lastTouchStart ) {
+				// If the touchstart happened before this script was loaded, but the touchend happened after...
+				return;
+			}
+
+			var now = ( new Date() ).getTime();
+
+			var touchEvent = [];
+			touchEvent.push( now - lastTouchStart );
+
+			if ( lastTouchEnd ) {
+				touchEvent.push( lastTouchStart - lastTouchEnd );
+			}
+
+			touchEvents.push( touchEvent );
+
+			lastTouchEnd = now;
+
+			// Don't record this time as an interval between keypresses.
+			lastKeydown = null;
+			lastKeyup = null;
+			keydowns = {};
+		} );
+
+		document.addEventListener( 'scroll', function ( e ) {
+			if ( scrollCountTimer ) {
+				clearTimeout( scrollCountTimer );
+			}
+
+			scrollCountTimer = setTimeout( function () {
+				scrollCount++;
+			}, 250 );
+		} );
+	}
+
+	/**
+	 * For the timestamp data that is collected, don't send more than `limit` data points in the request.
+	 * Choose a random slice and send those.
+	 */
+	function prepare_timestamp_array_for_request( a, limit ) {
+		if ( ! limit ) {
+			limit = 100;
+		}
+
+		var rv = '';
+
+		if ( a.length > 0 ) {
+			var random_starting_point = Math.max( 0, Math.floor( Math.random() * a.length - limit ) );
+
+			for ( var i = 0; i < limit && i < a.length; i++ ) {
+				rv += a[ random_starting_point + i ][0];
+
+				if ( a[ random_starting_point + i ].length >= 2 ) {
+					rv += "," + a[ random_starting_point + i ][1];
+				}
+
+				rv += ";";
+			}
+		}
+
+		return rv;
+	}
+
+	if ( document.readyState !== 'loading' ) {
+		init();
+	} else {
+		document.addEventListener( 'DOMContentLoaded', init );
+	}
+})();
\ No newline at end of file

wp-content/plugins/akismet/akismet.php

@@ -6,7 +6,7 @@
 Plugin Name: Akismet Anti-Spam
 Plugin URI: https://akismet.com/
 Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
-Version: 4.2.4
+Version: 5.0
 Author: Automattic
 Author URI: https://automattic.com/wordpress-plugins/
 License: GPLv2 or later
@@ -28,7 +28,7 @@ You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-Copyright 2005-2015 Automattic, Inc.
+Copyright 2005-2022 Automattic, Inc.
 */
 
 // Make sure we don't expose any info if called directly
@@ -37,7 +37,7 @@ if ( !function_exists( 'add_action' ) ) {
 	exit;
 }
 
-define( 'AKISMET_VERSION', '4.2.4' );
+define( 'AKISMET_VERSION', '5.0' );
 define( 'AKISMET__MINIMUM_WP_VERSION', '5.0' );
 define( 'AKISMET__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
 define( 'AKISMET_DELETE_LIMIT', 10000 );

wp-content/plugins/akismet/changelog.txt

@@ -5,6 +5,50 @@
 This file contains older changelog entries, so we can keep the size of the standard WordPress readme.txt file reasonable.
 For the latest changes, please see the "Changelog" section of the [readme.txt file](https://plugins.svn.wordpress.org/akismet/trunk/readme.txt).
 
+= 4.1.12 =
+*Release Date - 3 September 2021*
+
+* Fixed "Use of undefined constant" notice.
+* Improved styling of alert notices.
+
+= 4.1.11 =
+*Release Date - 23 August 2021*
+
+* Added support for Akismet API usage notifications on Akismet settings and edit-comments admin pages.
+* Added support for the deleted_comment action when bulk-deleting comments from Spam.
+
+= 4.1.10 =
+*Release Date - 6 July 2021*
+
+* Simplified the code around checking comments in REST API and XML-RPC requests.
+* Updated Plus plan terminology in notices to match current subscription names.
+* Added `rel="noopener"` to the widget link to avoid warnings in Google Lighthouse.
+* Set the Akismet JavaScript as deferred instead of async to improve responsiveness.
+* Improved the preloading of screenshot popups on the edit comments admin page.
+
+= 4.1.9 =
+*Release Date - 2 March 2021*
+
+* Improved handling of pingbacks in XML-RPC multicalls
+
+= 4.1.8 =
+*Release Date - 6 January 2021*
+
+* Fixed missing fields in submit-spam and submit-ham calls that could lead to reduced accuracy.
+* Fixed usage of deprecated jQuery function.
+
+= 4.1.7 =
+*Release Date - 22 October 2020*
+
+* Show the "Set up your Akismet account" banner on the comments admin screen, where it's relevant to mention if Akismet hasn't been configured.
+* Don't use wp_blacklist_check when the new wp_check_comment_disallowed_list function is available.
+
+= 4.1.6 =
+*Release Date - 4 June 2020*
+
+* Disable "Check for Spam" button until the page is loaded to avoid errors with clicking through to queue recheck endpoint directly.
+* Added filter "akismet_enable_mshots" to allow disabling screenshot popups on the edit comments admin page.
+
 = 4.1.5 =
 *Release Date - 29 April 2020*
 
@@ -56,7 +100,7 @@ For the latest changes, please see the "Changelog" section of the [readme.txt fi
 *Release Date - 19 June 2018*
 
 * Improved the grammar and consistency of the in-admin privacy related notes (notice and config).
-* Revised in-admin explanation of the comment form privacy notice to make its usage clearer. 
+* Revised in-admin explanation of the comment form privacy notice to make its usage clearer.
 * Added `rel="nofollow noopener"` to the comment form privacy notice to improve SEO and security.
 
 = 4.0.7 =
@@ -69,7 +113,7 @@ For the latest changes, please see the "Changelog" section of the [readme.txt fi
 = 4.0.6 =
 *Release Date - 26 May 2018*
 
-* Moved away from using `empty( get_option() )` to instantiating a variable to be compatible with older versions of PHP (5.3, 5.4, etc).  
+* Moved away from using `empty( get_option() )` to instantiating a variable to be compatible with older versions of PHP (5.3, 5.4, etc).
 
 = 4.0.5 =
 *Release Date - 26 May 2018*
@@ -132,7 +176,7 @@ For the latest changes, please see the "Changelog" section of the [readme.txt fi
 *Release Date - 10 May 2017*
 
 * Fixed a bug causing JavaScript errors in some browsers.
- 
+
 = 3.3.1 =
 *Release Date - 2 May 2017*
 
@@ -293,7 +337,7 @@ For the latest changes, please see the "Changelog" section of the [readme.txt fi
 *Release Date - 18th March, 2014*
 
 * Add ajax paging to the check for spam button to handle large volumes of comments
-* Optimize javascript and add localization support 
+* Optimize javascript and add localization support
 * Fix bug in link to spam comments from right now dashboard widget
 * Fix bug with deleting old comments to avoid timeouts dealing with large volumes of comments
 * Include X-Pingback-Forwarded-For header in outbound WordPress pingback verifications
@@ -353,7 +397,7 @@ For the latest changes, please see the "Changelog" section of the [readme.txt fi
 * Move wp-admin menu items under Jetpack, if it is installed
 * Purge old Akismet comment meta data, default of 15 days
 
-= 2.5.3 = 
+= 2.5.3 =
 *Release Date - 8th Febuary, 2011*
 
 * Specify the license is GPL v2 or later
@@ -393,7 +437,7 @@ For the latest changes, please see the "Changelog" section of the [readme.txt fi
 *Release Date - 7th December, 2010*
 
 * Track comment actions under 'Akismet Status' on the edit comment screen
-* Fix a few remaining deprecated function calls ( props Mike Glendinning ) 
+* Fix a few remaining deprecated function calls ( props Mike Glendinning )
 * Use HTTPS for the stats IFRAME when wp-admin is using HTTPS
 * Use the WordPress HTTP class if available
 * Move the admin UI code to a separate file, only loaded when needed

wp-content/plugins/akismet/class.akismet-admin.php

@@ -923,8 +923,16 @@ class Akismet_Admin {
 		Akismet::fix_scheduled_recheck();
 
 		if ( wp_next_scheduled('akismet_schedule_cron_recheck') > time() && self::are_any_comments_waiting_to_be_checked() ) {
-			$link_text = apply_filters( 'akismet_spam_check_warning_link_text', sprintf( __( 'Please check your <a href="%s">Akismet configuration</a> and contact your web host if problems persist.', 'akismet'), esc_url( self::get_page_url() ) ) );
-			Akismet::view( 'notice', array( 'type' => 'spam-check', 'link_text' => $link_text ) );
+			/*
+			 * The 'akismet_display_cron_disabled_notice' filter can be used to control whether the WP-Cron disabled notice is displayed.
+			 */
+			if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON && apply_filters( 'akismet_display_cron_disabled_notice', true ) ) {
+				Akismet::view( 'notice', array( 'type' => 'spam-check-cron-disabled' ) );
+			} else {
+				/* translators: The Akismet configuration page URL. */
+				$link_text = apply_filters( 'akismet_spam_check_warning_link_text', sprintf( __( 'Please check your <a href="%s">Akismet configuration</a> and contact your web host if problems persist.', 'akismet' ), esc_url( self::get_page_url() ) ) );
+				Akismet::view( 'notice', array( 'type' => 'spam-check', 'link_text' => $link_text ) );
+			}
 		}
 	}
 
@@ -1077,6 +1085,7 @@ class Akismet_Admin {
 		$notices[] = array( 'type' => 'limit-reached', 'level' => 'yellow' );
 		$notices[] = array( 'type' => 'limit-reached', 'level' => 'red' );
 		$notices[] = array( 'type' => 'usage-limit', 'api_calls' => '15000', 'usage_limit' => '10000', 'upgrade_plan' => 'Enterprise', 'upgrade_url' => 'https://akismet.com/account/' );
+		$notices[] = array( 'type' => 'spam-check-cron-disabled' );
 		*/
 		
 		Akismet::log( compact( 'stat_totals', 'akismet_user' ) );

wp-content/plugins/akismet/class.akismet.php

@@ -35,6 +35,9 @@ class Akismet {
 		add_filter( 'preprocess_comment', array( 'Akismet', 'auto_check_comment' ), 1 );
 		add_filter( 'rest_pre_insert_comment', array( 'Akismet', 'rest_auto_check_comment' ), 1 );
 
+		add_action( 'comment_form', array( 'Akismet', 'load_form_js' ) );
+		add_action( 'do_shortcode_tag', array( 'Akismet', 'load_form_js_via_filter' ), 10, 4 );
+
 		add_action( 'akismet_scheduled_delete', array( 'Akismet', 'delete_old_comments' ) );
 		add_action( 'akismet_scheduled_delete', array( 'Akismet', 'delete_old_comments_meta' ) );
 		add_action( 'akismet_scheduled_delete', array( 'Akismet', 'delete_orphaned_commentmeta' ) );
@@ -42,6 +45,7 @@ class Akismet {
 
 		add_action( 'comment_form',  array( 'Akismet',  'add_comment_nonce' ), 1 );
 		add_action( 'comment_form', array( 'Akismet', 'output_custom_form_fields' ) );
+		add_filter( 'script_loader_tag', array( 'Akismet', 'set_form_js_async' ), 10, 3 );
 
 		add_filter( 'comment_moderation_recipients', array( 'Akismet', 'disable_moderation_emails_if_unreachable' ), 1000, 2 );
 		add_filter( 'pre_comment_approved', array( 'Akismet', 'last_comment_status' ), 10, 2 );
@@ -672,8 +676,6 @@ class Akismet {
 		
 		$api_response = self::check_db_comment( $id, $recheck_reason );
 
-		delete_comment_meta( $id, 'akismet_rechecking' );
-
 		if ( is_wp_error( $api_response ) ) {
 			// Invalid comment ID.
 		}
@@ -701,6 +703,8 @@ class Akismet {
 			);
 		}
 
+		delete_comment_meta( $id, 'akismet_rechecking' );
+
 		return $api_response;
 	}
 
@@ -1344,13 +1348,17 @@ class Akismet {
 		}
 	}
 
-	public static function load_form_js() {
-		/* deprecated */
-	}
-
+	/**
+	 * Mark akismet-frontend.js as deferred. Because nothing depends on it, it can run at any time
+	 * after it's loaded, and the browser won't have to wait for it to load to continue
+	 * parsing the rest of the page.
+	 */
 	public static function set_form_js_async( $tag, $handle, $src ) {
-		/* deprecated */
-		return $tag;
+		if ( 'akismet-frontend' !== $handle ) {
+			return $tag;
+		}
+
+		return preg_replace( '/^<script /i', '<script defer ', $tag );
 	}
 
 	public static function get_akismet_form_fields() {
@@ -1739,4 +1747,26 @@ p {
 			) . '</p>'
 		);
 	}
+
+	public static function load_form_js() {
+		if (
+			! is_admin()
+			&& ( ! function_exists( 'amp_is_request' ) || ! amp_is_request() )
+			&& self::get_api_key()
+			) {
+			wp_register_script( 'akismet-frontend', plugin_dir_url( __FILE__ ) . '_inc/akismet-frontend.js', array(), filemtime( plugin_dir_path( __FILE__ ) . '_inc/akismet-frontend.js' ), true );
+			wp_enqueue_script( 'akismet-frontend' );
+		}
+	}
+
+	/**
+	 * Add the form JavaScript when we detect that a supported form shortcode is being parsed.
+	 */
+	public static function load_form_js_via_filter( $return_value, $tag, $attr, $m ) {
+		if ( in_array( $tag, array( 'contact-form', 'gravityform', 'contact-form-7', 'formidable', 'fluentform' ) ) ) {
+			self::load_form_js();
+		}
+
+		return $return_value;
+	}
 }

wp-content/plugins/akismet/readme.txt

 === Akismet Spam Protection ===
-Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau
+Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs, procifer, stephdau, kbrownkd
 Tags: comments, spam, antispam, anti-spam, contact form, anti spam, comment moderation, comment spam, contact form spam, spam comments
 Requires at least: 5.0
-Tested up to: 6.0
-Stable tag: 4.2.4
+Tested up to: 6.0.1
+Stable tag: 5.0
 License: GPLv2 or later
 
 The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.
@@ -30,6 +30,17 @@ Upload the Akismet plugin to your blog, activate it, and then enter your Akismet
 
 == Changelog ==
 
+= 5.0 =
+*Release Date - 26 July 2022*
+
+* Added a new feature to catch spammers by observing how they interact with the page.
+
+= 4.2.5 =
+*Release Date - 11 July 2022*
+
+* Fixed a bug that added unnecessary comment history entries after comment rechecks.
+* Added a notice that displays when WP-Cron is disabled and might be affecting comment rechecks.
+
 = 4.2.4 =
 *Release Date - 20 May 2022*
 
@@ -65,48 +76,4 @@ Upload the Akismet plugin to your blog, activate it, and then enter your Akismet
 * Improved compatibility with the most popular contact form plugins.
 * Improved API usage buttons for clarity on what upgrade is needed.
 
-= 4.1.12 =
-*Release Date - 3 September 2021*
-
-* Fixed "Use of undefined constant" notice.
-* Improved styling of alert notices.
-
-= 4.1.11 =
-*Release Date - 23 August 2021*
-
-* Added support for Akismet API usage notifications on Akismet settings and edit-comments admin pages.
-* Added support for the deleted_comment action when bulk-deleting comments from Spam.
- 
-= 4.1.10 =
-*Release Date - 6 July 2021*
-
-* Simplified the code around checking comments in REST API and XML-RPC requests.
-* Updated Plus plan terminology in notices to match current subscription names.
-* Added `rel="noopener"` to the widget link to avoid warnings in Google Lighthouse.
-* Set the Akismet JavaScript as deferred instead of async to improve responsiveness.
-* Improved the preloading of screenshot popups on the edit comments admin page.
-
-= 4.1.9 =
-*Release Date - 2 March 2021*
-
-* Improved handling of pingbacks in XML-RPC multicalls
-
-= 4.1.8 =
-*Release Date - 6 January 2021*
-
-* Fixed missing fields in submit-spam and submit-ham calls that could lead to reduced accuracy.
-* Fixed usage of deprecated jQuery function.
-
-= 4.1.7 =
-*Release Date - 22 October 2020*
-
-* Show the "Set up your Akismet account" banner on the comments admin screen, where it's relevant to mention if Akismet hasn't been configured.
-* Don't use wp_blacklist_check when the new wp_check_comment_disallowed_list function is available.
-
-= 4.1.6 =
-*Release Date - 4 June 2020*
-
-* Disable "Check for Spam" button until the page is loaded to avoid errors with clicking through to queue recheck endpoint directly.
-* Added filter "akismet_enable_mshots" to allow disabling screenshot popups on the edit comments admin page.
-
 For older changelog entries, please see the [additional changelog.txt file](https://plugins.svn.wordpress.org/akismet/trunk/changelog.txt) delivered with the plugin.

wp-content/plugins/akismet/views/notice.php

@@ -26,6 +26,11 @@
 		<p><?php echo $link_text; ?></p>
 	<?php } ?>
 </div>
+<?php elseif ( $type == 'spam-check-cron-disabled' ) : ?>
+<div class="notice notice-warning">
+	<p><strong><?php esc_html_e( 'Akismet has detected a problem.', 'akismet' ); ?></strong></p>
+	<p><?php esc_html_e( 'WP-Cron has been disabled using the DISABLE_WP_CRON constant. Comment rechecks may not work properly.', 'akismet' ); ?></p>
+</div>
 <?php elseif ( $type == 'alert' ) : ?>
 <div class='error'>
 	<p><strong><?php printf( esc_html__( 'Akismet Error Code: %s', 'akismet' ), $code ); ?></strong></p>

wp-content/plugins/site-reviews/assets/styles/inline-styles.css

-.gl-star-rating--stars[class*=" s"]>span,.glsr-star-empty{background-image:url(:star-empty)!important}.glsr-field-is-invalid .gl-star-rating--stars[class*=" s"]>span{background-image:url(:star-error)!important}.glsr-star-half{background-image:url(:star-half)!important}.gl-star-rating--stars.s100>span,.gl-star-rating--stars.s10>span:first-child,.gl-star-rating--stars.s20>span:nth-child(-1n+2),.gl-star-rating--stars.s30>span:nth-child(-1n+3),.gl-star-rating--stars.s40>span:nth-child(-1n+4),.gl-star-rating--stars.s50>span:nth-child(-1n+5),.gl-star-rating--stars.s60>span:nth-child(-1n+6),.gl-star-rating--stars.s70>span:nth-child(-1n+7),.gl-star-rating--stars.s80>span:nth-child(-1n+8),.gl-star-rating--stars.s90>span:nth-child(-1n+9),.glsr-star-full{background-image:url(:star-full)!important}
+.gl-star-rating--stars[class*=" s"]>span,.glsr-star-empty{background-image:url(:star-empty)!important}.glsr-field-is-invalid .gl-star-rating--stars[class*=" s"]>span{background-image:url(:star-error)!important}.glsr-star-half{background-image:url(:star-half)!important}.gl-star-rating--stars.s100>span,.gl-star-rating--stars.s10>span:first-child,.gl-star-rating--stars.s20>span:nth-child(-1n+2),.gl-star-rating--stars.s30>span:nth-child(-1n+3),.gl-star-rating--stars.s40>span:nth-child(-1n+4),.gl-star-rating--stars.s50>span:nth-child(-1n+5),.gl-star-rating--stars.s60>span:nth-child(-1n+6),.gl-star-rating--stars.s70>span:nth-child(-1n+7),.gl-star-rating--stars.s80>span:nth-child(-1n+8),.gl-star-rating--stars.s90>span:nth-child(-1n+9),.glsr-star-full{background-image:url(:star-full)!important}.glsr-captcha-holder iframe{margin:0!important}

wp-content/plugins/site-reviews/compatibility.php

@@ -56,13 +56,16 @@ add_action('plugins_loaded', function () {
 });
 
 /**
- * Exclude the reCAPTCHA script from being defered
+ * Exclude the CAPTCHA scripts from being defered
  * @param array $scriptHandles
  * @return array
  * @see https://wordpress.org/plugins/speed-booster-pack/
  */
 add_filter('sbp_exclude_defer_scripts', function ($scriptHandles) {
-    $scriptHandles[] = 'site-reviews/google-recaptcha';
+    $scriptHandles[] = glsr()->id.'/hcaptcha';
+    $scriptHandles[] = glsr()->id.'/friendlycaptcha-module';
+    $scriptHandles[] = glsr()->id.'/friendlycaptcha-nomodule';
+    $scriptHandles[] = glsr()->id.'/google-recaptcha';
     return array_keys(array_flip($scriptHandles));
 });
 

wp-content/plugins/site-reviews/plugin/Commands/CreateReview.php

@@ -46,7 +46,6 @@ class CreateReview implements Contract
 
     protected $errors;
     protected $message;
-    protected $recaptcha;
     protected $review;
 
     public function __construct(Request $request)
@@ -95,7 +94,6 @@ class CreateReview implements Contract
             'errors' => $this->errors,
             'html' => (string) $this->review,
             'message' => $this->message,
-            'recaptcha' => $this->recaptcha,
             'redirect' => $this->redirect(),
             'review' => Cast::toArray($this->review),
         ];
@@ -132,7 +130,6 @@ class CreateReview implements Contract
         $this->blacklisted = $validator->blacklisted;
         $this->errors = $validator->errors;
         $this->message = $validator->message;
-        $this->recaptcha = $validator->recaptcha;
         return $validator->isValid();
     }
 

wp-content/plugins/site-reviews/plugin/Commands/EnqueuePublicAssets.php

@@ -5,6 +5,7 @@ namespace GeminiLabs\SiteReviews\Commands;
 use GeminiLabs\SiteReviews\Contracts\CommandContract as Contract;
 use GeminiLabs\SiteReviews\Database\OptionManager;
 use GeminiLabs\SiteReviews\Defaults\ValidationStringsDefaults;
+use GeminiLabs\SiteReviews\Modules\Captcha;
 use GeminiLabs\SiteReviews\Modules\Style;
 
 class EnqueuePublicAssets implements Contract
@@ -15,8 +16,8 @@ class EnqueuePublicAssets implements Contract
     public function handle()
     {
         $this->enqueueAssets();
+        $this->enqueueCaptcha();
         $this->enqueuePolyfillService();
-        $this->enqueueRecaptchaScript();
     }
 
     /**
@@ -39,6 +40,35 @@ class EnqueuePublicAssets implements Contract
         }
     }
 
+    /**
+     * wpforms-recaptcha
+     * google-recaptcha
+     * nf-google-recaptcha.
+     * @return void
+     */
+    public function enqueueCaptcha()
+    {
+        if (!glsr(Captcha::class)->isEnabled()) {
+            return;
+        }
+        $integration = glsr_get_option('submissions.captcha.integration');
+        $language = glsr()->filterString('captcha/language', get_locale());
+        $apiUrl = 'https://www.google.com/recaptcha/api.js';
+        $handle = glsr()->id.'/google-recaptcha';
+        if ('hcaptcha' === $integration) {
+            $apiUrl = 'https://js.hcaptcha.com/1/api.js';
+            $handle = glsr()->id.'/hcaptcha';
+        }
+        if ('friendlycaptcha' === $integration) {
+            $moduleUrl = 'https://unpkg.com/friendly-challenge@0.9.4/widget.module.min.js';
+            $nomoduleUrl = 'https://unpkg.com/friendly-challenge@0.9.4/widget.min.js';
+            wp_enqueue_script(glsr()->id.'/friendlycaptcha-module', $moduleUrl);
+            wp_enqueue_script(glsr()->id.'/friendlycaptcha-nomodule', $nomoduleUrl);
+        } else {
+            wp_enqueue_script($handle, add_query_arg(['hl' => $language, 'render' => 'explicit'], $apiUrl));
+        }
+    }
+
     /**
      * @return void
      */
@@ -68,24 +98,6 @@ class EnqueuePublicAssets implements Contract
         ], 'https://polyfill.io/v3/polyfill.min.js?version=3.109.0'));
     }
 
-    /**
-     * @return void
-     */
-    public function enqueueRecaptchaScript()
-    {
-        // wpforms-recaptcha
-        // google-recaptcha
-        // nf-google-recaptcha
-        if (!glsr(OptionManager::class)->isRecaptchaEnabled()) {
-            return;
-        }
-        $language = glsr()->filterString('recaptcha/language', get_locale());
-        wp_enqueue_script(glsr()->id.'/google-recaptcha', add_query_arg([
-            'hl' => $language,
-            'render' => 'explicit',
-        ], 'https://www.google.com/recaptcha/api.js'));
-    }
-
     /**
      * @return string
      */
@@ -95,6 +107,7 @@ class EnqueuePublicAssets implements Contract
             'action' => glsr()->prefix.'action',
             'ajaxpagination' => $this->getFixedSelectorsForPagination(),
             'ajaxurl' => admin_url('admin-ajax.php'),
+            'captcha' => glsr(Captcha::class)->config(),
             'nameprefix' => glsr()->id,
             'stars' => [
                 'clearable' => false,

wp-content/plugins/site-reviews/plugin/Controllers/PublicController.php

@@ -44,18 +44,28 @@ class PublicController extends Controller
     /**
      * @param string $tag
      * @param string $handle
+     * @param string $src
      * @return string
      * @filter script_loader_tag
      */
-    public function filterEnqueuedScriptTags($tag, $handle)
+    public function filterEnqueuedScriptTags($tag, $handle, $src)
     {
-        $scripts = [glsr()->id.'/google-recaptcha'];
+        $scripts = [
+            glsr()->id.'/hcaptcha',
+            glsr()->id.'/google-recaptcha',
+        ];
         if (in_array($handle, glsr()->filterArray('async-scripts', $scripts))) {
             $tag = str_replace(' src=', ' async src=', $tag);
         }
         if (in_array($handle, glsr()->filterArray('defer-scripts', $scripts))) {
             $tag = str_replace(' src=', ' defer src=', $tag);
         }
+        if (glsr()->id.'/friendlycaptcha-module' === $handle) {
+            $tag = sprintf('<script type="module" src="%s" async defer></script>', esc_url($src));
+        }
+        if (glsr()->id.'/friendlycaptcha-nomodule' === $handle) {
+            $tag = sprintf('<script nomodule src="%s" async defer></script>', esc_url($src));
+        }
         return $tag;
     }
 

wp-content/plugins/site-reviews/plugin/Controllers/ReviewController.php

@@ -89,6 +89,9 @@ class ReviewController extends Controller
         $search = 'id="review-';
         $dataType = Arr::get($data, 'review.type', 'local');
         $replace = sprintf('data-type="%s" %s', $dataType, $search);
+        if (Arr::get($data, 'review.is_pinned')) {
+            $replace = 'data-pinned="1" '.$replace;
+        }
         return str_replace($search, $replace, $template);
     }
 

wp-content/plugins/site-reviews/plugin/Modules/Html/Tags/FormFieldsTag.php

@@ -50,7 +50,6 @@ class FormFieldsTag extends FormTag
         $referer = glsr()->filterString('review-form/referer', $referer);
         $hiddenFields = [
             '_action' => 'submit-review',
-            '_counter' => null,
             '_nonce' => wp_create_nonce('submit-review'),
             '_post_id' => get_the_ID(),
             '_referer' => wp_unslash($referer),

wp-content/plugins/site-reviews/plugin/Router.php

@@ -100,7 +100,9 @@ class Router
             $request['_ajax_request'] = true;
         }
         if ('submit-review' == Helper::filterInput('_action', $request)) {
-            $request['_recaptcha-token'] = Helper::filterInput('g-recaptcha-response');
+            $request['_frcaptcha'] = Helper::filterInput('frc-captcha-solution');
+            $request['_hcaptcha'] = Helper::filterInput('h-captcha-response');
+            $request['_recaptcha'] = Helper::filterInput('g-recaptcha-response');
         }
         return new Request($request);
     }

wp-content/plugins/site-reviews/site-reviews.php

@@ -7,7 +7,7 @@
  * Plugin Name:       Site Reviews
  * Plugin URI:        https://wordpress.org/plugins/site-reviews
  * Description:       Receive and display reviews on your website
- * Version:           5.24.3
+ * Version:           5.25.1
  * Author:            Paul Ryley
  * Author URI:        https://geminilabs.io
  * License:           GPL2

wp-content/plugins/wordpress-seo/admin/class-gutenberg-compatibility.php

@@ -15,14 +15,14 @@ class WPSEO_Gutenberg_Compatibility {
 	 *
 	 * @var string
 	 */
-	const CURRENT_RELEASE = '13.5.0';
+	const CURRENT_RELEASE = '13.7.2';
 
 	/**
 	 * The minimally supported version of Gutenberg by the plugin.
 	 *
 	 * @var string
 	 */
-	const MINIMUM_SUPPORTED = '13.5.0';
+	const MINIMUM_SUPPORTED = '13.7.2';
 
 	/**
 	 * Holds the current version.

wp-content/plugins/wordpress-seo/admin/formatter/class-term-metabox-formatter.php

@@ -88,6 +88,7 @@ class WPSEO_Term_Metabox_Formatter implements WPSEO_Metabox_Formatter_Interface
 				'social_description_template' => $this->get_social_description_template(),
 				'social_image_template'       => $this->get_social_image_template(),
 				'wincherIntegrationActive'    => 0,
+				'isInsightsEnabled'           => $this->is_insights_enabled(),
 			];
 		}
 
@@ -227,4 +228,13 @@ class WPSEO_Term_Metabox_Formatter implements WPSEO_Metabox_Formatter_Interface
 		$needed_option = $template_option_name . '-tax-' . $this->term->taxonomy;
 		return WPSEO_Options::get( $needed_option, '' );
 	}
+
+	/**
+	 * Determines whether the insights feature is enabled for this taxonomy.
+	 *
+	 * @return bool
+	 */
+	protected function is_insights_enabled() {
+		return WPSEO_Options::get( 'enable_metabox_insights', false );
+	}
 }

wp-content/plugins/wordpress-seo/admin/views/tabs/dashboard/first-time-configuration.php

@@ -11,4 +11,4 @@ if ( ! defined( 'WPSEO_VERSION' ) ) {
 	exit();
 }
 
-echo '<div id="wpseo-first-time-configuration" class="yst-root"></div>';
+echo '<div id="wpseo-first-time-configuration"></div>';

wp-content/plugins/wordpress-seo/css/dist/alerts-1920-rtl.css

-.yoast-alert{display:flex;align-items:flex-start;padding:16px;border:1px solid rgba(0,0,0,.2);font-size:13px;line-height:1.5;margin:16px 0}.yoast-alert--error{color:#8f1919;background:#f9dcdc}.yoast-alert--info{color:#00468f;background:#cce5ff}.yoast-alert--success{color:#395315;background:#e2f2cc}.yoast-alert--warning{color:#674e00;background:#fff3cd}.yoast-alert__icon.yoast-alert__icon{display:block;margin-top:.1rem;margin-left:8px;height:16px;width:16px;max-width:none}.yoast-alert a{color:#004973}
\ No newline at end of file

wp-content/plugins/wordpress-seo/css/dist/alerts-1920.css

-.yoast-alert{display:flex;align-items:flex-start;padding:16px;border:1px solid rgba(0,0,0,.2);font-size:13px;line-height:1.5;margin:16px 0}.yoast-alert--error{color:#8f1919;background:#f9dcdc}.yoast-alert--info{color:#00468f;background:#cce5ff}.yoast-alert--success{color:#395315;background:#e2f2cc}.yoast-alert--warning{color:#674e00;background:#fff3cd}.yoast-alert__icon.yoast-alert__icon{display:block;margin-top:.1rem;margin-right:8px;height:16px;width:16px;max-width:none}.yoast-alert a{color:#004973}
\ No newline at end of file