Merge pull request #55 from GravityKit/develop

mrcasual · web-flow · commit 2b272f76f0a3 · 2026-03-12T10:19:22.000-04:00
Release 1.7.2
diff --git a/assets/js/token-injection.js b/assets/js/token-injection.js
@@ -0,0 +1,108 @@
+/**
+ * Gravity Forms Zero Spam — token injection.
+ *
+ * Registers an async pre-submission filter (GF 2.9+) or a submit-event
+ * listener (older GF) for each form configured in gfZeroSpamConfig.
+ *
+ * @since TBD
+ */
+(() => {
+	if (typeof gfZeroSpamConfig === 'undefined') {
+		return;
+	}
+
+	const forms = gfZeroSpamConfig.forms;
+
+	if (!forms || !forms.length) {
+		return;
+	}
+
+	/**
+	 * Fetches a fresh token, falling back through REST → admin-ajax → embedded fallback.
+	 */
+	function fetchToken(cfg) {
+		return fetch(cfg.restUrl + '?form_id=' + cfg.formId, {
+			signal: AbortSignal.timeout(cfg.timeout)
+		})
+			.then((res) => {
+				if (!res.ok) {
+					throw new Error('REST failed');
+				}
+				return res.json();
+			})
+			.then((json) => json.token)
+			.catch(() => fetch(cfg.ajaxUrl + '?action=gf_zero_spam_token&form_id=' + cfg.formId, {
+					signal: AbortSignal.timeout(cfg.timeout)
+				})
+					.then((res) => {
+						if (!res.ok) {
+							throw new Error('AJAX failed');
+						}
+						return res.json();
+					})
+					.then((json) => json.token)
+					.catch(() => cfg.fallbackToken));
+	}
+
+	/**
+	 * Injects the token hidden input into the form element.
+	 */
+	function injectToken(formEl, token) {
+		const old = formEl.querySelector('input[name="gf_zero_spam_token"]');
+
+		if (old) {
+			old.remove();
+		}
+
+		const input = document.createElement('input');
+		input.type = 'hidden';
+		input.name = 'gf_zero_spam_token';
+		input.value = token;
+		input.setAttribute('autocomplete', 'new-password');
+		formEl.appendChild(input);
+	}
+
+	// GF 2.9+ path: register a global async pre-submission filter.
+	if (typeof gform !== 'undefined' && gform.utils && gform.utils.addAsyncFilter) {
+		const formIds = {};
+
+		forms.forEach((cfg) => {
+			formIds[cfg.formId] = cfg;
+		});
+
+		gform.utils.addAsyncFilter('gform/submission/pre_submission', (data) => {
+			const id = parseInt(data.form.dataset.formid, 10);
+			const cfg = formIds[id];
+
+			if (!cfg) {
+				return Promise.resolve(data);
+			}
+
+			return fetchToken(cfg).then((token) => {
+				injectToken(data.form, token);
+				return data;
+			});
+		});
+
+		return;
+	}
+
+	// Legacy path (GF < 2.9): attach submit handlers per form.
+	forms.forEach((cfg) => {
+		const formEl = document.getElementById('gform_' + cfg.formId);
+
+		if (!formEl || formEl.dataset.gfzsBound) {
+			return;
+		}
+
+		formEl.dataset.gfzsBound = '1';
+		formEl.addEventListener('submit', function (e) {
+			e.preventDefault();
+
+			fetchToken(cfg).then((token) => {
+				injectToken(this, token);
+				this.submit();
+			});
+		});
+	});
+})();
diff --git a/gravityforms-zero-spam.php b/gravityforms-zero-spam.php
@@ -3,7 +3,7 @@
  * Plugin Name:       Gravity Forms Zero Spam
  * Plugin URI:        https://www.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=pluginuri
  * Description:       Enhance Gravity Forms to include effective anti-spam measures—without using a CAPTCHA.
- * Version:           1.7.1
+ * Version:           1.7.2
  * Author:            GravityKit
  * Author URI:        https://www.gravitykit.com?utm_source=plugin&utm_campaign=zero-spam&utm_content=authoruri
  * Requires PHP:      7.4
diff --git a/includes/class-email-rejection-field-settings.php b/includes/class-email-rejection-field-settings.php
@@ -64,7 +64,7 @@ public function maybe_enqueue_assets() {
 
 		wp_enqueue_script(
 			'gf-zero-spam',
-			$plugin_dir . 'dist/js/gf-zero-spam.js',
+			$plugin_dir . 'dist/js/gf-zero-spam-admin.js',
 			[],
 			$version,
 			true
diff --git a/includes/class-email-rejection-settings.php b/includes/class-email-rejection-settings.php
@@ -124,19 +124,12 @@ private static function sanitize_rule( $rule ) {
 	/**
 	 * Gets the asset version string for cache-busting.
 	 *
-	 * Uses the plugin version constant when available, falls back to
-	 * the JS file's modification time.
-	 *
 	 * @since 1.5.0
 	 *
 	 * @return string
 	 */
 	public static function get_asset_version() {
-		if ( defined( 'GF_ZERO_SPAM_VERSION' ) ) {
-			return GF_ZERO_SPAM_VERSION;
-		}
-
-		$mtime = @filemtime( dirname( __DIR__ ) . '/dist/js/gf-zero-spam.js' ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged -- Graceful fallback when file is missing.
+		$mtime = @filemtime( dirname( __DIR__ ) . '/dist/js/gf-zero-spam-admin.js' ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged -- Graceful fallback when file is missing.
 
 		return $mtime ? (string) $mtime : '1.0.0';
 	}
@@ -241,7 +234,7 @@ public function maybe_enqueue_assets() {
 
 		wp_enqueue_script(
 			'gf-zero-spam',
-			$plugin_dir . 'dist/js/gf-zero-spam.js',
+			$plugin_dir . 'dist/js/gf-zero-spam-admin.js',
 			[],
 			$version,
 			true
diff --git a/includes/class-gf-zero-spam.php b/includes/class-gf-zero-spam.php
@@ -6,6 +6,15 @@
 
 class GF_Zero_Spam {
 
+	/**
+	 * Scripts queued for output after each form.
+	 *
+	 * @since TBD
+	 *
+	 * @var array<int, string> Keyed by form ID.
+	 */
+	private $pending_scripts = [];
+
 	/**
 	 * Instantiates the plugin on Gravity Forms loading.
 	 *
@@ -47,6 +56,7 @@ public function __construct() {
 		new GF_Zero_Spam_Token_Endpoint();
 
 		add_action( 'gform_register_init_scripts', [ $this, 'add_key_field' ], 1 );
+		add_filter( 'gform_get_form_filter', [ $this, 'enqueue_script' ], 10, 2 );
 		add_filter( 'gform_entry_is_spam', [ $this, 'check_key_field' ], 10, 3 );
 		add_filter( 'gform_incomplete_submission_pre_save', [ $this, 'add_zero_spam_key_to_entry' ], 10, 3 );
 		add_filter( 'gform_abort_submission_with_confirmation', [ $this, 'maybe_abort_submission' ], 20, 2 );
@@ -167,11 +177,13 @@ public function get_key() {
 	}
 
 	/**
-	 * Injects the hidden field and key into the form at submission.
+	 * Collects the Zero Spam configuration for a form.
 	 *
-	 * @since 1.0
+	 * The configuration is passed to a separate JavaScript file via
+	 * wp_localize_script to avoid breaking Gravity Forms' conditional logic
+	 * if a JS optimization plugin mangles the inline script.
 	 *
-	 * @uses GFFormDisplay::add_init_script() to inject the code into the `gform_post_render` hook.
+	 * @since 1.0
 	 *
 	 * @param array $form The Form Object.
 	 *
@@ -200,10 +212,6 @@ public function add_key_field( $form ) {
 
 		$form_id = (int) $form['id'];
 
-		$fallback_token = GF_Zero_Spam_Token::mint( $form_id, DAY_IN_SECONDS );
-		$rest_url       = esc_url( rest_url( 'gf-zero-spam/v1/token' ) );
-		$ajax_url       = esc_url( admin_url( 'admin-ajax.php' ) );
-
 		/**
 		 * Filters the timeout (in milliseconds) for AJAX token fetch attempts.
 		 *
@@ -213,131 +221,57 @@ public function add_key_field( $form ) {
 		 */
 		$timeout = (int) apply_filters( 'gf_zero_spam_token_fetch_timeout', 3000 );
 
-		// Embedded as a JS object literal since add_init_script doesn't use a registered script handle.
-		$config = wp_json_encode(
-            [
-				'restUrl'       => $rest_url,
-				'ajaxUrl'       => $ajax_url,
-				'fallbackToken' => $fallback_token,
-				'formId'        => $form_id,
-				'timeout'       => $timeout,
-			]
-        );
-
-		if ( version_compare( GFForms::$version, '2.9.0', '>=' ) ) {
-			$script = <<<EOD
-				gform.utils.addAsyncFilter('gform/submission/pre_submission', async (data) => {
-				    const cfg = {$config};
-
-				    // Only process the form this filter was registered for.
-				    if (parseInt(data.form.dataset.formid, 10) !== cfg.formId) {
-				        return data;
-				    }
-
-				    let token = cfg.fallbackToken;
-
-				    try {
-				        const ctrl = new AbortController();
-				        const timer = setTimeout(() => ctrl.abort(), cfg.timeout);
-				        const res = await fetch(cfg.restUrl + '?form_id=' + cfg.formId, { signal: ctrl.signal });
-
-				        clearTimeout(timer);
-
-				        if (res.ok) {
-				            const json = await res.json();
-				            token = json.token;
-				        } else {
-				            throw new Error('REST failed');
-				        }
-				    } catch (e) {
-				        try {
-				            const ctrl2 = new AbortController();
-				            const timer2 = setTimeout(() => ctrl2.abort(), cfg.timeout);
-				            const res2 = await fetch(cfg.ajaxUrl + '?action=gf_zero_spam_token&form_id=' + cfg.formId, { signal: ctrl2.signal });
-
-				            clearTimeout(timer2);
-
-				            if (res2.ok) {
-				                const json2 = await res2.json();
-				                token = json2.token;
-				            }
-				        } catch (e2) {
-				            // Both endpoints failed; use fallback token.
-				        }
-				    }
-
-				    const old = data.form.querySelector('input[name="gf_zero_spam_token"]');
-				    if (old) { old.remove(); }
-
-				    const input = document.createElement('input');
-				    input.type = 'hidden';
-				    input.name = 'gf_zero_spam_token';
-				    input.value = token;
-				    input.setAttribute('autocomplete', 'new-password');
-				    data.form.appendChild(input);
-
-				    return data;
-				});
-EOD;
-		} else {
-			$script = <<<EOD
-				const gfzsForm = document.getElementById('gform_{$form_id}');
-
-				if (gfzsForm && !gfzsForm.dataset.gfzsBound) {
-				    gfzsForm.dataset.gfzsBound = '1';
-				    gfzsForm.addEventListener('submit', async function(e) {
-				        e.preventDefault();
-
-				        const cfg = {$config};
-				        let token = cfg.fallbackToken;
-
-				        try {
-				            const ctrl = new AbortController();
-				            const timer = setTimeout(() => ctrl.abort(), cfg.timeout);
-				            const res = await fetch(cfg.restUrl + '?form_id=' + cfg.formId, { signal: ctrl.signal });
-
-				            clearTimeout(timer);
-
-				            if (res.ok) {
-				                const json = await res.json();
-				                token = json.token;
-				            } else {
-				                throw new Error('REST failed');
-				            }
-				        } catch (e1) {
-				            try {
-				                const ctrl2 = new AbortController();
-				                const timer2 = setTimeout(() => ctrl2.abort(), cfg.timeout);
-				                const res2 = await fetch(cfg.ajaxUrl + '?action=gf_zero_spam_token&form_id=' + cfg.formId, { signal: ctrl2.signal });
-
-				                clearTimeout(timer2);
-
-				                if (res2.ok) {
-				                    const json2 = await res2.json();
-				                    token = json2.token;
-				                }
-				            } catch (e2) {
-				                // Both endpoints failed; use fallback token.
-				            }
-				        }
-
-				        const old = this.querySelector('input[name="gf_zero_spam_token"]');
-				        if (old) { old.remove(); }
-
-				        const input = document.createElement('input');
-				        input.type = 'hidden';
-				        input.name = 'gf_zero_spam_token';
-				        input.value = token;
-				        input.setAttribute('autocomplete', 'new-password');
-				        this.appendChild(input);
-
-				        this.submit();
-				    });
-				}
-EOD;
-		}
-
-		GFFormDisplay::add_init_script( $form_id, 'gf-zero-spam', GFFormDisplay::ON_PAGE_RENDER, $script );
+		$this->pending_scripts[ $form_id ] = [
+			'restUrl'       => esc_url_raw( rest_url( 'gf-zero-spam/v1/token' ) ),
+			'ajaxUrl'       => esc_url_raw( admin_url( 'admin-ajax.php' ) ),
+			'fallbackToken' => GF_Zero_Spam_Token::mint( $form_id, DAY_IN_SECONDS ),
+			'formId'        => $form_id,
+			'timeout'       => $timeout,
+		];
+	}
+
+	/**
+	 * Enqueues the Zero Spam script with collected form configurations.
+	 *
+	 * Uses a separate JavaScript file loaded after Gravity Forms' scripts so
+	 * that any error does not prevent conditional logic from executing, which
+	 * would leave the form hidden with display:none.
+	 *
+	 * @since TBD
+	 *
+	 * @param string $form_string The form HTML.
+	 * @param array  $form        The Form Object.
+	 *
+	 * @return string The unmodified form HTML.
+	 */
+	public function enqueue_script( $form_string, $form ) {
+		if ( empty( $this->pending_scripts ) ) {
+			return $form_string;
+		}
+
+		if ( wp_script_is( 'gf-zero-spam', 'enqueued' ) ) {
+			return $form_string;
+		}
+
+		$handle = version_compare( GFForms::$version, '2.9.0', '>=' )
+			? 'gform_gravityforms_utils'
+			: 'gform_gravityforms';
+
+		wp_enqueue_script(
+			'gf-zero-spam',
+			plugins_url( 'dist/js/gf-zero-spam.js', GF_ZERO_SPAM_FILE ),
+			[ $handle ],
+			(string) @filemtime( GF_ZERO_SPAM_DIR . 'dist/js/gf-zero-spam.js' ), // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged -- Graceful fallback when file is missing.
+			true
+		);
+
+		wp_localize_script(
+			'gf-zero-spam',
+			'gfZeroSpamConfig',
+			[ 'forms' => array_values( $this->pending_scripts ) ]
+		);
+
+		return $form_string;
 	}
 
 	/**
diff --git a/package.json b/package.json
diff --git a/readme.txt b/readme.txt
