forked from GithubBackups/vichan
remove extra from being manipulated from query string;
use extra in rand_string;
This commit is contained in:
fowr
parent
0642374c05
commit
1212c18616
@ -10,19 +10,16 @@ class SecureImageCaptchaQuery {
|
||||
private HttpDriver $http;
|
||||
private string $domain;
|
||||
private string $provider_check;
|
||||
private string $extra;
|
||||
|
||||
/**
|
||||
* @param HttpDriver $http The http client.
|
||||
* @param string $domain The server's domain.
|
||||
* @param string $provider_check Path to the endpoint.
|
||||
* @param string $extra Extra http parameters.
|
||||
*/
|
||||
function __construct(HttpDriver $http, string $domain, string $provider_check, string $extra) {
|
||||
function __construct(HttpDriver $http, string $domain, string $provider_check) {
|
||||
$this->http = $http;
|
||||
$this->domain = $domain;
|
||||
$this->provider_check = $provider_check;
|
||||
$this->extra = $extra;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -37,7 +34,6 @@ class SecureImageCaptchaQuery {
|
||||
$data = [
|
||||
'mode' => 'check',
|
||||
'text' => $user_text,
|
||||
'extra' => $this->extra,
|
||||
'cookie' => $user_cookie
|
||||
];
|
||||
|
||||
|
||||
@ -86,8 +86,7 @@ function build_context(array $config): Context {
|
||||
return new SecureImageCaptchaQuery(
|
||||
$c->get(HttpDriver::class),
|
||||
$config['domain'],
|
||||
$config['captcha']['native']['provider_check'],
|
||||
$config['captcha']['native']['extra']
|
||||
$config['captcha']['native']['provider_check']
|
||||
);
|
||||
},
|
||||
CacheDriver::class => function($c) {
|
||||
|
||||
@ -1,27 +1,27 @@
|
||||
var tout;
|
||||
|
||||
function redo_events(provider, extra) {
|
||||
$('.captcha .captcha_text, textarea[id="body"]').off("focus").one("focus", function() { actually_load_captcha(provider, extra); });
|
||||
function redo_events(provider) {
|
||||
$('.captcha .captcha_text, textarea[id="body"]').off("focus").one("focus", function() { actually_load_captcha(provider); });
|
||||
}
|
||||
|
||||
function actually_load_captcha(provider, extra) {
|
||||
function actually_load_captcha(provider) {
|
||||
$('.captcha .captcha_text, textarea[id="body"]').off("focus");
|
||||
|
||||
if (tout !== undefined) {
|
||||
clearTimeout(tout);
|
||||
}
|
||||
|
||||
$.getJSON(provider, {mode: 'get', extra: extra}, function(json) {
|
||||
$.getJSON(provider, {mode: 'get'}, function(json) {
|
||||
$(".captcha .captcha_cookie").val(json.cookie);
|
||||
$(".captcha .captcha_html").html(json.captchahtml);
|
||||
|
||||
setTimeout(function() {
|
||||
redo_events(provider, extra);
|
||||
redo_events(provider);
|
||||
}, json.expires_in * 1000);
|
||||
});
|
||||
}
|
||||
|
||||
function load_captcha(provider, extra) {
|
||||
function load_captcha(provider) {
|
||||
$(function() {
|
||||
$(".captcha>td").html("<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>"+
|
||||
"<input class='captcha_cookie' name='captcha_cookie' type='hidden'>"+
|
||||
@ -29,15 +29,15 @@ function load_captcha(provider, extra) {
|
||||
|
||||
$("#quick-reply .captcha .captcha_text").prop("placeholder", _("Verification"));
|
||||
|
||||
$(".captcha .captcha_html").on("click", function() { actually_load_captcha(provider, extra); });
|
||||
$(document).on("ajax_after_post", function() { actually_load_captcha(provider, extra); });
|
||||
redo_events(provider, extra);
|
||||
$(".captcha .captcha_html").on("click", function() { actually_load_captcha(provider); });
|
||||
$(document).on("ajax_after_post", function() { actually_load_captcha(provider); });
|
||||
redo_events(provider);
|
||||
|
||||
$(window).on("quick-reply", function() {
|
||||
redo_events(provider, extra);
|
||||
redo_events(provider);
|
||||
$("#quick-reply .captcha .captcha_html").html($("form:not(#quick-reply) .captcha .captcha_html").html());
|
||||
$("#quick-reply .captcha .captcha_cookie").val($("form:not(#quick-reply) .captcha .captcha_cookie").html());
|
||||
$("#quick-reply .captcha .captcha_html").on("click", function() { actually_load_captcha(provider, extra); });
|
||||
$("#quick-reply .captcha .captcha_html").on("click", function() { actually_load_captcha(provider); });
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
@ -19,13 +19,9 @@ function cleanup() {
|
||||
$mode = @$_GET['mode'];
|
||||
switch ($mode) {
|
||||
case 'get':
|
||||
if (!isset ($_GET['extra'])) {
|
||||
$_GET['extra'] = $config['captcha']['extra'];
|
||||
}
|
||||
|
||||
header("Content-type: application/json");
|
||||
$extra = $_GET['extra'];
|
||||
$cookie = rand_string(20, "abcdefghijklmnopqrstuvwxyz");
|
||||
$extra = $config['captcha']['native']['extra'];
|
||||
$cookie = rand_string(20, $extra);
|
||||
$i = new Securimage(['send_headers' => false, 'no_exit' => true]);
|
||||
$i->createCode();
|
||||
ob_start();
|
||||
@ -47,12 +43,12 @@ switch ($mode) {
|
||||
break;
|
||||
case 'check':
|
||||
cleanup();
|
||||
if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['extra']) || !isset ($_GET['text'])) {
|
||||
if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['text'])) {
|
||||
die();
|
||||
}
|
||||
|
||||
$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
|
||||
$query->execute([$_GET['cookie'], $_GET['extra']]);
|
||||
$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ?");
|
||||
$query->execute([$_GET['cookie']]);
|
||||
|
||||
$ary = $query->fetchAll();
|
||||
|
||||
@ -60,8 +56,8 @@ switch ($mode) {
|
||||
echo "0";
|
||||
break;
|
||||
} else {
|
||||
$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
|
||||
$query->execute([$_GET['cookie'], $_GET['extra']]);
|
||||
$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ?");
|
||||
$query->execute([$_GET['cookie']]);
|
||||
}
|
||||
|
||||
if ($ary[0]['text'] !== $_GET['text']) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user