improve custom form integration by validating User-Agent and Referrer…

… HTTP headers
ibericode · Aug 12, 2024 · aa75f0d · aa75f0d
1 parent 6d2e73b
commit aa75f0d
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/integrations/custom/class-custom.php b/integrations/custom/class-custom.php
@@ -46,13 +46,31 @@ public function checkbox_was_checked()
 
     /**
      * Maybe fire a general subscription request
+     *
+     * @return bool|string
      */
     public function listen()
     {
         if (! $this->checkbox_was_checked()) {
             return false;
         }
 
+		// ignore requests from bots, crawlers and link previews
+	    if (empty($_SERVER['HTTP_USER_AGENT']) || preg_match("/bot|crawl|spider|seo|lighthouse|facebookexternalhit|preview/i", $_SERVER['HTTP_USER_AGENT'])) {
+	        return false;
+	    }
+
+	    // ignore requests without an HTTP referrer
+	    if (empty($_SERVER['HTTP_REFERER'])) {
+	    	return false;
+	    }
+
+	    // ignore requests where HTTP Referer does not contain hostname from home_url
+	    $site_hostname = parse_url(get_home_url(), PHP_URL_HOST);
+	    if (strpos($_SERVER['HTTP_REFERER'], $site_hostname) === false) {
+	    	return false;
+	    }
+
         $data = $this->get_data();
 
         // don't run for CF7 or Events Manager requests