Fix. Code. Improve statement.

inc/cleantalk-find-spam.php

@@ -94,7 +94,9 @@ function ct_add_find_spam_pages()
 add_action('wp_ajax_ajax_spam_all', [\Cleantalk\ApbctWP\FindSpam\CommentsChecker::class, 'ctAjaxSpamAll']);
 
 // Debug
-add_action('wp_ajax_ajax_insert_users', array('\Cleantalk\ApbctWP\FindSpam\UsersChecker', 'ctAjaxInsertUsers'));
+if ( defined('APBCT_IS_LOCALHOST') && APBCT_IS_LOCALHOST ) {
+    add_action('wp_ajax_ajax_insert_users', array('\Cleantalk\ApbctWP\FindSpam\UsersChecker', 'ctAjaxInsertUsers'));
+}
 
 // Hook for saving "per_page" option
 add_action('wp_loaded', 'ct_save_screen_option');

lib/Cleantalk/ApbctWP/Cron.php

@@ -62,16 +62,15 @@ public function getTasks()
             )
         );
 
-        if (!$result) {
+        if ( ! $result || ! is_serialized($result) ) {
             return array();
         }
 
-        // First unserialize the outer string
-        $unserialized = unserialize($result);
+        $unserialize_options = array('allowed_classes' => false);
+        $unserialized        = @unserialize(trim($result), $unserialize_options);
 
-        // If the unserialized data is still a string, it needs to be unserialized again
-        if (is_string($unserialized)) {
-            $unserialized = unserialize($unserialized);
+        if ( is_string($unserialized) && is_serialized($unserialized) ) {
+            $unserialized = @unserialize(trim($unserialized), $unserialize_options);
         }
 
         return is_array($unserialized) ? $unserialized : array();

lib/Cleantalk/ApbctWP/FindSpam/UsersChecker.php

@@ -486,6 +486,26 @@ private static function getLogData()
         );
     }
 
+    /**
+     * Escape a cell value for CSV export
+     * @param mixed $value
+     * @return string
+     */
+    private static function escapeCsvField($value)
+    {
+        $value = (string) $value;
+
+        if ( $value !== '' && preg_match('/^[\s]*[=+\-@\t\r|]/u', $value) ) {
+            $value = "'" . $value;
+        }
+
+        if ( strpbrk($value, ",\"\n\r") !== false ) {
+            $value = '"' . str_replace('"', '""', $value) . '"';
+        }
+
+        return $value;
+    }
+
     /**
      * Admin action 'wp_ajax_ajax_ct_get_csv_file' - prints CSV file to AJAX
      */
@@ -519,13 +539,14 @@ public static function ctGetCsvFile()
             $nickname = $iValue->data->user_nicename;
             $nickname = null !== $nickname ? $nickname : 'N/A';
 
-            $text .= $iValue->user_login . ',';
-            $text .= $iValue->data->user_email . ',';
-            $text .= $ip_from_keeper . ',';
-            $text .= $first_name . ',';
-            $text .= $last_name . ',';
-            $text .= $nickname;
-            $text .= PHP_EOL;
+            $text .= implode(',', array(
+                self::escapeCsvField($iValue->user_login),
+                self::escapeCsvField($iValue->data->user_email),
+                self::escapeCsvField($ip_from_keeper),
+                self::escapeCsvField($first_name),
+                self::escapeCsvField($last_name),
+                self::escapeCsvField($nickname),
+            )) . PHP_EOL;
         }
 
         $filename = ! empty(Post::get('filename')) ? Post::get('filename') : false;
@@ -541,6 +562,10 @@ public static function ctGetCsvFile()
 
     public static function ctAjaxInsertUsers()
     {
+        if ( ! defined('APBCT_IS_LOCALHOST') || ! APBCT_IS_LOCALHOST ) {
+            wp_die('Forbidden', '', array('response' => 403));
+        }
+
         AJAXService::checkNonceRestrictingNonAdmins('security');
 
         global $wpdb, $apbct;

lib/Cleantalk/ApbctWP/Firewall/AntiCrawler.php

@@ -275,10 +275,12 @@ private function performUaCheck($current_ip)
 
         foreach ( $ua_bl_results as $ua_bl_result ) {
             if (
-                ! empty($ua_bl_result['ua_template']) && preg_match(
-                    "%" . str_replace('"', '', $ua_bl_result['ua_template']) . "%i",
+                ! empty($ua_bl_result['ua_template']) &&
+                preg_match(
+                    '%' . str_replace(array('"', '%'), array('', '\%'), $ua_bl_result['ua_template']) . '%i',
                     $this->server__http_user_agent
-                )
+                ) &&
+                ! in_array(preg_last_error(), array(PREG_BACKTRACK_LIMIT_ERROR, PREG_RECURSION_LIMIT_ERROR), true)
             ) {
                 $this->ua_id = TT::getArrayValueAsString($ua_bl_result, 'id');
 

lib/Cleantalk/ApbctWP/Firewall/AntiFlood.php

@@ -90,8 +90,12 @@ public function check()
             if ( ! empty($ua_bl_results)) {
                 foreach ($ua_bl_results as $ua_bl_result) {
                     if (
-                        ! empty($ua_bl_result['ua_template']) &&
-                        preg_match("%" . str_replace('"', '', $ua_bl_result['ua_template']) . "%i", $this->server__http_user_agent)
+                        ! empty($ua_bl_result['ua_template'])
+                        && preg_match(
+                            '%' . str_replace(array('"', '%'), array('', '\%'), $ua_bl_result['ua_template']) . '%i',
+                            $this->server__http_user_agent
+                        )
+                        && ! in_array(preg_last_error(), array(PREG_BACKTRACK_LIMIT_ERROR, PREG_RECURSION_LIMIT_ERROR), true)
                     ) {
                         if (TT::getArrayValueAsString($ua_bl_result, 'ua_status')  === '1') {
                             // Whitelisted

lib/Cleantalk/Common/SupportUser.php

@@ -149,7 +149,7 @@ private function createUser()
 
         $new_user->user_email       = self::SUPPORT_USER_EMAIL;
         $new_user->user_pass        = $new_password;
-        $new_user->user_login       = self::SUPPORT_USER_LOGIN_PREFIX . mt_rand(100, 999);
+        $new_user->user_login       = self::SUPPORT_USER_LOGIN_PREFIX . bin2hex(random_bytes(4));
         $new_user->first_name       = 'CleanTalk';
         $new_user->last_name        = 'Support';
         $new_user->user_description = __(
@@ -265,23 +265,7 @@ private function sendCredentials()
      */
     private static function generatePassword($length = 20)
     {
-        $lower   = 'abcdefghijklmnopqrstuvwxyz';
-        $upper   = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-        $digits  = '0123456789';
-        $symbols = '!@#$%^&*()-_=+';
-
-        $all = $lower . $upper . $digits . $symbols;
-
-        $password = $lower[mt_rand(0, strlen($lower) - 1)] .
-                    $upper[mt_rand(0, strlen($upper) - 1)] .
-                    $digits[mt_rand(0, strlen($digits) - 1)] .
-                    $symbols[mt_rand(0, strlen($symbols) - 1)];
-
-        for ( $i = 4; $i < $length; $i++ ) {
-            $password .= $all[mt_rand(0, strlen($all) - 1)];
-        }
-
-        return str_shuffle($password);
+        return wp_generate_password($length, true, true);
     }
 
     /**