prepare release 1.6.3

PHPUnit 10 fails with old configuration schema while older releases only
print a warning.

Stick with at most v9 for now, as we are testing against older PHP
versions that to not support the new scheme.

.distignore

@@ -3,6 +3,7 @@
 /assets
 /test
 /.distignore
+/.editorconfig
 /.gitattributes
 /.gitignore
 /.travis.yml

.editorconfig

@@ -0,0 +1,21 @@
+# This file is for unifying the coding style for different editors and IDEs
+# editorconfig.org
+
+# WordPress Coding Standards
+# https://make.wordpress.org/core/handbook/coding-standards/
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = tab
+
+[{.jshintrc,*.json,*.yml,*.feature}]
+indent_style = space
+indent_size = 2
+
+[{*.txt,wp-config-sample.php}]
+end_of_line = crlf

.github/workflows/test.yml

@@ -5,10 +5,10 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: [ '5.6', '7.3', '7.4', '8.0' ]
+        php: [ '5.6', '7.4', '8.0', '8.1', '8.2' ]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Setup PHP
@@ -23,7 +23,7 @@ jobs:
           composer test
           sed -i "s#<file name=\"${GITHUB_WORKSPACE}#<file name=\"/github/workspace#g" tests-clover.xml
       - name: Analyze with SonarCloud
-        if: matrix.php == '8.0' && github.event_name != 'pull_request'
+        if: matrix.php == '8.0'
         uses: sonarsource/sonarcloud-github-action@master
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -42,7 +42,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:

.github/workflows/wordpress-plugin-asset-update.yml

@@ -8,7 +8,7 @@ jobs:
     name: Push to stable
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Clean README.md
         run: tail -n +6 README.md > README.md.tmp && mv README.md.tmp README.md
       - name: WordPress.org plugin asset/readme update

.github/workflows/wordpress-plugin-deploy.yml

@@ -9,7 +9,7 @@ jobs:
     name: New tag
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Clean README.md
         run: tail -n +6 README.md > README.md.tmp && mv README.md.tmp README.md
       - name: WordPress Plugin Deploy

README.md

@@ -6,14 +6,14 @@
 # Statify Filter #
 * Contributors:      Stefan Kalscheuer
 * Requires at least: 4.7
-* Tested up to:      5.7
+* Tested up to:      6.3
 * Requires PHP:      5.5
-* Stable tag:        1.6.1
+* Stable tag:        1.6.3
 * License:           GPLv2 or later
 * License URI:       https://www.gnu.org/licenses/gpl-2.0.html
 
 ## Description ##
-A filter extension for the famous [Statify](https://wordpress.org/plugins/statify/) Wordpress plugin.
+A filter extension for the famous [Statify](https://wordpress.org/plugins/statify/) WordPress plugin.
 
 This plugin adds customizable filters to Statify to allow blocking of referer spam or internal interactions.
 
@@ -62,7 +62,7 @@ The plugin is capable of handling multisite installations.
 ### What is blocked by default? ###
 Nothing. By default, all filters are empty and disabled. They can and have to be filled by the blog administrator.
 
-A default filter is not provided, as the plugin itself is totally neutral. If you want to filter out referer spam, 
+A default filter is not provided, as the plugin itself is totally neutral. If you want to filter out referer spam,
 visitors from search engines, just "false" referrers from 301 redirects or you own IP address used for testing only depends on you.
 
 ### Does the filter effect user experience? ###
@@ -71,7 +71,7 @@ No. It only prevents _Statify_ from tracking, nothing more or less.
 ### Does live filtering impact performance? ###
 Yes, but probably not noticeable. Checking a single referer string against a (usually small) list should be negligible compared to the total loading procedure.
 If this still is an issue for you, consider deactivating the filter and only run the one-time-cleanup or activate the cron job.
- 
+
 ### Is any personal data collected? ###
 No. The privacy policy of _Statify_ is untouched. Data is only processed, not stored or exposed to anyone.
 
@@ -93,6 +93,12 @@ Same for IPv6 prefixes like _2001:db8:a0b:12f0::/64_.
 
 ## Upgrade Notice ##
 
+### 1.6.3 ###
+This is a service release with minor internal corrections and WP 6.3 compatibility.
+
+### 1.6.2 ###
+This is a service release with minor internal corrections and PHP 8.2 compatibility.
+
 ### 1.6.1 ###
 This is a bugfix release that corrects storage and evaluation of the user agent filter list.
 
@@ -106,6 +112,15 @@ This version should be compatible with latest WordPress 5.6.
 
 ## Changelog ##
 
+### 1.6.3 / 14.08.2023 ###
+* Minor internal code cleanup
+* Declared compatibility with WordPress 6.3
+
+### 1.6.2 / 25.02.2023 ###
+* Always process IPv6 addresses lowercase
+* Optimize internally used regular expression
+* Minor adjustments to prevent warnings during user agent filtering with PHP 8.2
+
 ### 1.6.1 / 28.05.2021 ###
 * Fix storage of user agent filter list (#28, props @BananaSquishee)
 

composer.json

@@ -1,6 +1,6 @@
 {
   "name": "stklcode/statify-blacklist",
-  "version": "1.6.1",
+  "version": "1.6.3",
   "description": "A filter extension for the famous Statify WordPress plugin",
   "keywords": [
     "wordpress",
@@ -19,14 +19,14 @@
   "type": "wordpress-plugin",
   "require": {
     "php": ">=5.5",
-    "composer/installers": "~1.11"
+    "composer/installers": "~v1.12|~v2.2"
   },
   "require-dev": {
-    "dealerdirect/phpcodesniffer-composer-installer": "^0.7",
-    "phpunit/phpunit": "*",
+    "dealerdirect/phpcodesniffer-composer-installer": "^v1.0",
+    "phpunit/phpunit": "^5|^6|^7|^8|^9",
     "phpunit/php-code-coverage": "*",
     "slowprog/composer-copy-file": "~0.3",
-    "squizlabs/php_codesniffer": "^3.6",
+    "squizlabs/php_codesniffer": "^3.7",
     "phpcompatibility/phpcompatibility-wp": "^2.1",
     "wp-coding-standards/wpcs": "^2.3"
   },
@@ -44,5 +44,11 @@
     "fix-cs": [
       "phpcbf --standard=phpcs.xml"
     ]
+  },
+  "config": {
+    "allow-plugins": {
+      "composer/installers": true,
+      "dealerdirect/phpcodesniffer-composer-installer": true
+    }
   }
 }

inc/class-statifyblacklist-admin.php

@@ -163,7 +163,6 @@ class StatifyBlacklist_Admin extends StatifyBlacklist {
 				)
 			);
 		}
-
 	}
 
 	/**
@@ -329,14 +328,20 @@ class StatifyBlacklist_Admin extends StatifyBlacklist {
 	 */
 	private static function sanitize_ips( $ips ) {
 		return array_filter(
-			$ips,
+			array_map( 'strtolower', $ips ),
 			function ( $ip ) {
 				return preg_match(
-					'/^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])(\/([0-9]|[1-2][0-9]|3[0-2]))?$/',
+					'/^((25[0-5]|(2[0-4]|1?[0-9])?[0-9])\.){3}(25[0-5]|(2[0-4]|1?[0-9])?[0-9])(\/([0-9]|[1-2][0-9]|3[0-2]))?$/',
 					$ip
 				) ||
 				preg_match(
-					'/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/',
+					'/^(([0-9a-f]{1,4}:){7}[0-9a-f]{1,4}|([0-9a-f]{1,4}:){1,7}:|([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}' .
+					'|([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}' .
+					'|([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}' .
+					'|[0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|:((:[0-9a-f]{1,4}){1,7}|:)' .
+					'|fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?[0-9])?[0-9])\.){3}(25[0-5]|(2[0-4]' .
+					'|1?[0-9])?[0-9])|([0-9a-f]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?[0-9])?[0-9])\.){3}(25[0-5]|(2[0-4]|1?[0-9])?[0-9]))' .
+					'(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/i',
 					$ip
 				);
 			}

inc/class-statifyblacklist.php

@@ -80,7 +80,7 @@ class StatifyBlacklist {
 	 */
 	public static function init() {
 		// Skip on autosave.
-		if ( ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) ) {
+		if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
 			return;
 		}
 
@@ -388,7 +388,7 @@ class StatifyBlacklist {
 	 */
 	private static function get_user_agent() {
 		if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
-			$user_agent = filter_var( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ), FILTER_SANITIZE_STRING );
+			$user_agent = filter_var( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) );
 			if ( $user_agent ) {
 				return $user_agent;
 			}
@@ -436,7 +436,7 @@ class StatifyBlacklist {
 			}
 
 			$ceil = ceil( $mask / 16 );
-			for ( $i = 1; $i <= $ceil; ++ $i ) {
+			for ( $i = 1; $i <= $ceil; ++$i ) {
 				$left   = $mask - 16 * ( $i - 1 );
 				$left   = ( $left <= 16 ) ? $left : 16;
 				$mask_b = ~( 0xffff >> $left ) & 0xffff;

package.json

@@ -1,6 +1,6 @@
 {
   "name": "statify-blacklist",
-  "version": "1.6.1",
+  "version": "1.6.3",
   "description": "A filter extension for the famous Statify WordPress plugin",
   "author": "Stefan Kalscheuer",
   "license": "GPL-2.0+"

statify-blacklist.php

@@ -10,7 +10,7 @@
  * Plugin Name: Statify Filter
  * Plugin URI:  https://wordpress.org/plugins/statify-blacklist/
  * Description: Extension for the Statify plugin to add customizable filters. (formerly "Statify Blacklist)
- * Version:     1.6.1
+ * Version:     1.6.3
  * Author:      Stefan Kalscheuer (@stklcode)
  * Author URI:  https://www.stklcode.de
  * Text Domain: statify-blacklist
@@ -37,7 +37,7 @@ if ( ! defined( 'ABSPATH' ) ) {
 
 // Constants.
 define( 'STATIFYBLACKLIST_FILE', __FILE__ );
-define( 'STATIFYBLACKLIST_DIR', dirname( __FILE__ ) );
+define( 'STATIFYBLACKLIST_DIR', __DIR__ );
 define( 'STATIFYBLACKLIST_BASE', plugin_basename( __FILE__ ) );
 
 // Check for compatibility.

test/StatifyBlacklist_Admin_Test.php

@@ -43,14 +43,17 @@ class StatifyBlacklist_Admin_Test extends PHPUnit\Framework\TestCase {
 			'2001:db8:a0b:12f0::',
 			'2001:db8:a0b:12f0::1',
 			'2001:db8:a0b:12f0::1/128',
-			'2001:db8:a0b:12f0::/64',
+			'2001:DB8:A0B:12F0::/64',
+			'fe80::7645:6de2:ff:1',
+			'::ffff:192.0.2.123',
 		);
 		$invalid = array(
 			'2001:db8:a0b:12f0::x',
 			'2001:db8:a0b:12f0:::',
 			'2001:fffff:a0b:12f0::1',
-			'2001:db8:a0b:12f0::/129',
+			'2001:DB8:A0B:12F0::/129',
 			'1:2:3:4:5:6:7:8:9',
+			'::ffff:12.34.56.789',
 		);
 		$result  = invoke_static( StatifyBlacklist_Admin::class, 'sanitize_ips', array( array_merge( $valid, $invalid ) ) );
 		$this->assertNotFalse( $result );
@@ -59,6 +62,6 @@ class StatifyBlacklist_Admin_Test extends PHPUnit\Framework\TestCase {
 		} else {
 			$this->assertInternalType( 'array', $result );
 		}
-		$this->assertEquals( $valid, $result );
+		$this->assertEquals( array_map( 'strtolower', $valid ), $result );
 	}
 }

test/StatifyBlacklist_Test.php

@@ -283,6 +283,20 @@ class StatifyBlacklist_Test extends PHPUnit\Framework\TestCase {
 				array( '2001:db8:a0b:12f0::123:456', '2001:db8:a0b:12f0::1/96 ' )
 			)
 		);
+		$this->assertTrue(
+			invoke_static(
+				StatifyBlacklist::class,
+				'cidr_match',
+				array( '2001:DB8:A0B:12F0::123:456', '2001:db8:a0b:12f0::1/96 ' )
+			)
+		);
+		$this->assertTrue(
+			invoke_static(
+				StatifyBlacklist::class,
+				'cidr_match',
+				array( '2001:db8:a0b:12f0::123:456', '2001:DB8:A0B:12F0::1/96 ' )
+			)
+		);
 		$this->assertFalse(
 			invoke_static(
 				StatifyBlacklist::class,