From 1212c1861616e68f3e683a75d9ff58b96b1d1d85 Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Thu, 9 Jan 2025 14:50:11 -0300
Subject: [PATCH] remove extra from being manipulated from query string; use
extra in rand_string;
---
inc/Service/SecureimageCaptchaQuery.php | 6 +-----
inc/context.php | 3 +--
js/captcha.js | 22 +++++++++++-----------
securimage.php | 18 +++++++-----------
4 files changed, 20 insertions(+), 29 deletions(-)
diff --git a/inc/Service/SecureimageCaptchaQuery.php b/inc/Service/SecureimageCaptchaQuery.php
index f5023899..90dcdbb6 100644
--- a/inc/Service/SecureimageCaptchaQuery.php
+++ b/inc/Service/SecureimageCaptchaQuery.php
@@ -10,19 +10,16 @@ class SecureImageCaptchaQuery {
private HttpDriver $http;
private string $domain;
private string $provider_check;
- private string $extra;
/**
* @param HttpDriver $http The http client.
* @param string $domain The server's domain.
* @param string $provider_check Path to the endpoint.
- * @param string $extra Extra http parameters.
*/
- function __construct(HttpDriver $http, string $domain, string $provider_check, string $extra) {
+ function __construct(HttpDriver $http, string $domain, string $provider_check) {
$this->http = $http;
$this->domain = $domain;
$this->provider_check = $provider_check;
- $this->extra = $extra;
}
/**
@@ -37,7 +34,6 @@ class SecureImageCaptchaQuery {
$data = [
'mode' => 'check',
'text' => $user_text,
- 'extra' => $this->extra,
'cookie' => $user_cookie
];
diff --git a/inc/context.php b/inc/context.php
index d1f74551..63557227 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -86,8 +86,7 @@ function build_context(array $config): Context {
return new SecureImageCaptchaQuery(
$c->get(HttpDriver::class),
$config['domain'],
- $config['captcha']['native']['provider_check'],
- $config['captcha']['native']['extra']
+ $config['captcha']['native']['provider_check']
);
},
CacheDriver::class => function($c) {
diff --git a/js/captcha.js b/js/captcha.js
index 5e0bcf53..b0589d24 100644
--- a/js/captcha.js
+++ b/js/captcha.js
@@ -1,27 +1,27 @@
var tout;
-function redo_events(provider, extra) {
- $('.captcha .captcha_text, textarea[id="body"]').off("focus").one("focus", function() { actually_load_captcha(provider, extra); });
+function redo_events(provider) {
+ $('.captcha .captcha_text, textarea[id="body"]').off("focus").one("focus", function() { actually_load_captcha(provider); });
}
-function actually_load_captcha(provider, extra) {
+function actually_load_captcha(provider) {
$('.captcha .captcha_text, textarea[id="body"]').off("focus");
if (tout !== undefined) {
clearTimeout(tout);
}
- $.getJSON(provider, {mode: 'get', extra: extra}, function(json) {
+ $.getJSON(provider, {mode: 'get'}, function(json) {
$(".captcha .captcha_cookie").val(json.cookie);
$(".captcha .captcha_html").html(json.captchahtml);
setTimeout(function() {
- redo_events(provider, extra);
+ redo_events(provider);
}, json.expires_in * 1000);
});
}
-function load_captcha(provider, extra) {
+function load_captcha(provider) {
$(function() {
$(".captcha>td").html(""+
""+
@@ -29,15 +29,15 @@ function load_captcha(provider, extra) {
$("#quick-reply .captcha .captcha_text").prop("placeholder", _("Verification"));
- $(".captcha .captcha_html").on("click", function() { actually_load_captcha(provider, extra); });
- $(document).on("ajax_after_post", function() { actually_load_captcha(provider, extra); });
- redo_events(provider, extra);
+ $(".captcha .captcha_html").on("click", function() { actually_load_captcha(provider); });
+ $(document).on("ajax_after_post", function() { actually_load_captcha(provider); });
+ redo_events(provider);
$(window).on("quick-reply", function() {
- redo_events(provider, extra);
+ redo_events(provider);
$("#quick-reply .captcha .captcha_html").html($("form:not(#quick-reply) .captcha .captcha_html").html());
$("#quick-reply .captcha .captcha_cookie").val($("form:not(#quick-reply) .captcha .captcha_cookie").html());
- $("#quick-reply .captcha .captcha_html").on("click", function() { actually_load_captcha(provider, extra); });
+ $("#quick-reply .captcha .captcha_html").on("click", function() { actually_load_captcha(provider); });
});
});
}
diff --git a/securimage.php b/securimage.php
index 324ffe44..2d06066e 100644
--- a/securimage.php
+++ b/securimage.php
@@ -19,13 +19,9 @@ function cleanup() {
$mode = @$_GET['mode'];
switch ($mode) {
case 'get':
- if (!isset ($_GET['extra'])) {
- $_GET['extra'] = $config['captcha']['extra'];
- }
-
header("Content-type: application/json");
- $extra = $_GET['extra'];
- $cookie = rand_string(20, "abcdefghijklmnopqrstuvwxyz");
+ $extra = $config['captcha']['native']['extra'];
+ $cookie = rand_string(20, $extra);
$i = new Securimage(['send_headers' => false, 'no_exit' => true]);
$i->createCode();
ob_start();
@@ -47,12 +43,12 @@ switch ($mode) {
break;
case 'check':
cleanup();
- if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['extra']) || !isset ($_GET['text'])) {
+ if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['text'])) {
die();
}
- $query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
- $query->execute([$_GET['cookie'], $_GET['extra']]);
+ $query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ?");
+ $query->execute([$_GET['cookie']]);
$ary = $query->fetchAll();
@@ -60,8 +56,8 @@ switch ($mode) {
echo "0";
break;
} else {
- $query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
- $query->execute([$_GET['cookie'], $_GET['extra']]);
+ $query = prepare("DELETE FROM `captchas` WHERE `cookie` = ?");
+ $query->execute([$_GET['cookie']]);
}
if ($ary[0]['text'] !== $_GET['text']) {