From 92f84969268e03e179dadedbf778238612dddfd6 Mon Sep 17 00:00:00 2001
From: Stefan Kalscheuer <stefan@stklcode.de>
Date: Sat, 19 May 2018 14:22:15 +0200
Subject: [PATCH] Fix #12: do not skip filter chain on non-matching regex
 filter

Corrected the regular expression methods and unit-tested combined filters.
---
 README.md                      |  3 ++
 inc/class-statifyblacklist.php | 12 +++--
 test/statifyblacklist-test.php | 80 ++++++++++++++++++++++++++++++++++
 3 files changed, 91 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index bceb1bb..7f5b07c 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,9 @@ Because of this, an IP blacklist can only be applied while processing the reques
 
 ## Changelog ##
 
+### 1.4.4 / 19.05.2018 ###
+* Fix live filter chain when regular expressions are active (#12)
+
 ### 1.4.3 / 09.01.2018 ###
 * Fix issues with multisite installation (#11)
 
diff --git a/inc/class-statifyblacklist.php b/inc/class-statifyblacklist.php
index 319752f..3ebea16 100644
--- a/inc/class-statifyblacklist.php
+++ b/inc/class-statifyblacklist.php
@@ -187,8 +187,10 @@ class StatifyBlacklist {
 					$regexp .= 'i';
 				}
 
-				// Check blacklist (return NULL to continue filtering).
-				return ( 1 === preg_match( $regexp, $referer ) ) ? true : null;
+				// Check blacklist (no return to continue filtering #12).
+				if ( 1 === preg_match( $regexp, $referer ) ) {
+					return true;
+				}
 			} else {
 				// Extract relevant domain parts.
 				$referer = wp_parse_url( wp_get_raw_referer() );
@@ -218,8 +220,10 @@ class StatifyBlacklist {
 					$regexp .= 'i';
 				}
 
-				// Check blacklist (return NULL to continue filtering).
-				return ( 1 === preg_match( $regexp, $target ) ) ? true : null;
+				// Check blacklist (no return to continue filtering #12).
+				if ( 1 === preg_match( $regexp, $target ) ) {
+					return true;
+				}
 			} else {
 				// Extract target page.
 				// @codingStandardsIgnoreStart The globals are checked.
diff --git a/test/statifyblacklist-test.php b/test/statifyblacklist-test.php
index aa31aa9..2e71a65 100644
--- a/test/statifyblacklist-test.php
+++ b/test/statifyblacklist-test.php
@@ -472,6 +472,86 @@ class StatifyBlacklist_Test extends PHPUnit\Framework\TestCase {
 	}
 
 	// TODO: Test target regex filter.
+
+
+	/**
+	 * Test combined filters.
+	 *
+	 * @since 1.4.4
+	 *
+	 * @return void
+	 */
+	public function test_combined_filters() {
+		// Prepare Options: simple referer + simple target + ip.
+		StatifyBlacklist::$_options = array(
+			'referer' => array(
+				'active'    => 1,
+				'cron'      => 0,
+				'regexp'    => 0,
+				'blacklist' => array(
+					'example.com' => 0,
+				),
+			),
+			'target'  => array(
+				'active'    => 1,
+				'cron'      => 0,
+				'regexp'    => 0,
+				'blacklist' => array(
+					'/excluded/page/' => 0
+				),
+			),
+			'ip'      => array(
+				'active'    => 1,
+				'blacklist' => array(
+					'192.0.2.123'
+				),
+			),
+			'version' => StatifyBlacklist::VERSION_MAIN,
+		);
+
+		// No multisite.
+		StatifyBlacklist::$multisite = false;
+
+		// No match.
+		$_SERVER['HTTP_REFERER'] = 'https://example.net';
+		$_SERVER['REQUEST_URI'] = '/normal/page/';
+		$_SERVER['REMOTE_ADDR'] = '192.0.2.234';
+		unset( $_SERVER['HTTP_X_FORWARDED_FOR'] );
+		unset( $_SERVER['HTTP_X_REAL_IP'] );
+
+		// Matching Referer.
+		$_SERVER['HTTP_REFERER'] = 'https://example.com';
+		$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
+
+		// Matching target.
+		$_SERVER['HTTP_REFERER'] = 'https://example.net';
+		$_SERVER['REQUEST_URI'] = '/excluded/page/';
+		$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
+
+		// Matching IP.
+		$_SERVER['REQUEST_URI'] = '/normal/page/';
+		$_SERVER['REMOTE_ADDR'] = '192.0.2.123';
+		$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
+		$_SERVER['REMOTE_ADDR'] = '192.0.2.234';
+
+		// Same for RegExp filters.
+		StatifyBlacklist::$_options['referer']['regexp'] = 1;
+		StatifyBlacklist::$_options['referer']['blacklist'] = array( 'example\.com' => 0 );
+		StatifyBlacklist::$_options['target']['regexp'] = 1;
+		StatifyBlacklist::$_options['target']['blacklist'] = array( '\/excluded\/.*' => 0 );
+
+		$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
+		$_SERVER['HTTP_REFERER'] = 'https://example.com';
+		$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
+		$_SERVER['HTTP_REFERER'] = 'https://example.net';
+		$_SERVER['REQUEST_URI'] = '/excluded/page/';
+		$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
+		$_SERVER['REQUEST_URI'] = '/normal/page/';
+		$_SERVER['REMOTE_ADDR'] = '192.0.2.123';
+		$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
+		$_SERVER['REMOTE_ADDR'] = '192.0.2.234';
+
+	}
 }