forked from GithubBackups/vichan
remove extra from being manipulated from query string;
use extra in rand_string;
This commit is contained in:
fowr
parent
0642374c05
commit
1212c18616
@ -10,19 +10,16 @@ class SecureImageCaptchaQuery {
|
|||||||
private HttpDriver $http;
|
private HttpDriver $http;
|
||||||
private string $domain;
|
private string $domain;
|
||||||
private string $provider_check;
|
private string $provider_check;
|
||||||
private string $extra;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param HttpDriver $http The http client.
|
* @param HttpDriver $http The http client.
|
||||||
* @param string $domain The server's domain.
|
* @param string $domain The server's domain.
|
||||||
* @param string $provider_check Path to the endpoint.
|
* @param string $provider_check Path to the endpoint.
|
||||||
* @param string $extra Extra http parameters.
|
|
||||||
*/
|
*/
|
||||||
function __construct(HttpDriver $http, string $domain, string $provider_check, string $extra) {
|
function __construct(HttpDriver $http, string $domain, string $provider_check) {
|
||||||
$this->http = $http;
|
$this->http = $http;
|
||||||
$this->domain = $domain;
|
$this->domain = $domain;
|
||||||
$this->provider_check = $provider_check;
|
$this->provider_check = $provider_check;
|
||||||
$this->extra = $extra;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -37,7 +34,6 @@ class SecureImageCaptchaQuery {
|
|||||||
$data = [
|
$data = [
|
||||||
'mode' => 'check',
|
'mode' => 'check',
|
||||||
'text' => $user_text,
|
'text' => $user_text,
|
||||||
'extra' => $this->extra,
|
|
||||||
'cookie' => $user_cookie
|
'cookie' => $user_cookie
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|||||||
@ -86,8 +86,7 @@ function build_context(array $config): Context {
|
|||||||
return new SecureImageCaptchaQuery(
|
return new SecureImageCaptchaQuery(
|
||||||
$c->get(HttpDriver::class),
|
$c->get(HttpDriver::class),
|
||||||
$config['domain'],
|
$config['domain'],
|
||||||
$config['captcha']['native']['provider_check'],
|
$config['captcha']['native']['provider_check']
|
||||||
$config['captcha']['native']['extra']
|
|
||||||
);
|
);
|
||||||
},
|
},
|
||||||
CacheDriver::class => function($c) {
|
CacheDriver::class => function($c) {
|
||||||
|
|||||||
@ -1,27 +1,27 @@
|
|||||||
var tout;
|
var tout;
|
||||||
|
|
||||||
function redo_events(provider, extra) {
|
function redo_events(provider) {
|
||||||
$('.captcha .captcha_text, textarea[id="body"]').off("focus").one("focus", function() { actually_load_captcha(provider, extra); });
|
$('.captcha .captcha_text, textarea[id="body"]').off("focus").one("focus", function() { actually_load_captcha(provider); });
|
||||||
}
|
}
|
||||||
|
|
||||||
function actually_load_captcha(provider, extra) {
|
function actually_load_captcha(provider) {
|
||||||
$('.captcha .captcha_text, textarea[id="body"]').off("focus");
|
$('.captcha .captcha_text, textarea[id="body"]').off("focus");
|
||||||
|
|
||||||
if (tout !== undefined) {
|
if (tout !== undefined) {
|
||||||
clearTimeout(tout);
|
clearTimeout(tout);
|
||||||
}
|
}
|
||||||
|
|
||||||
$.getJSON(provider, {mode: 'get', extra: extra}, function(json) {
|
$.getJSON(provider, {mode: 'get'}, function(json) {
|
||||||
$(".captcha .captcha_cookie").val(json.cookie);
|
$(".captcha .captcha_cookie").val(json.cookie);
|
||||||
$(".captcha .captcha_html").html(json.captchahtml);
|
$(".captcha .captcha_html").html(json.captchahtml);
|
||||||
|
|
||||||
setTimeout(function() {
|
setTimeout(function() {
|
||||||
redo_events(provider, extra);
|
redo_events(provider);
|
||||||
}, json.expires_in * 1000);
|
}, json.expires_in * 1000);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function load_captcha(provider, extra) {
|
function load_captcha(provider) {
|
||||||
$(function() {
|
$(function() {
|
||||||
$(".captcha>td").html("<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>"+
|
$(".captcha>td").html("<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>"+
|
||||||
"<input class='captcha_cookie' name='captcha_cookie' type='hidden'>"+
|
"<input class='captcha_cookie' name='captcha_cookie' type='hidden'>"+
|
||||||
@ -29,15 +29,15 @@ function load_captcha(provider, extra) {
|
|||||||
|
|
||||||
$("#quick-reply .captcha .captcha_text").prop("placeholder", _("Verification"));
|
$("#quick-reply .captcha .captcha_text").prop("placeholder", _("Verification"));
|
||||||
|
|
||||||
$(".captcha .captcha_html").on("click", function() { actually_load_captcha(provider, extra); });
|
$(".captcha .captcha_html").on("click", function() { actually_load_captcha(provider); });
|
||||||
$(document).on("ajax_after_post", function() { actually_load_captcha(provider, extra); });
|
$(document).on("ajax_after_post", function() { actually_load_captcha(provider); });
|
||||||
redo_events(provider, extra);
|
redo_events(provider);
|
||||||
|
|
||||||
$(window).on("quick-reply", function() {
|
$(window).on("quick-reply", function() {
|
||||||
redo_events(provider, extra);
|
redo_events(provider);
|
||||||
$("#quick-reply .captcha .captcha_html").html($("form:not(#quick-reply) .captcha .captcha_html").html());
|
$("#quick-reply .captcha .captcha_html").html($("form:not(#quick-reply) .captcha .captcha_html").html());
|
||||||
$("#quick-reply .captcha .captcha_cookie").val($("form:not(#quick-reply) .captcha .captcha_cookie").html());
|
$("#quick-reply .captcha .captcha_cookie").val($("form:not(#quick-reply) .captcha .captcha_cookie").html());
|
||||||
$("#quick-reply .captcha .captcha_html").on("click", function() { actually_load_captcha(provider, extra); });
|
$("#quick-reply .captcha .captcha_html").on("click", function() { actually_load_captcha(provider); });
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -19,13 +19,9 @@ function cleanup() {
|
|||||||
$mode = @$_GET['mode'];
|
$mode = @$_GET['mode'];
|
||||||
switch ($mode) {
|
switch ($mode) {
|
||||||
case 'get':
|
case 'get':
|
||||||
if (!isset ($_GET['extra'])) {
|
|
||||||
$_GET['extra'] = $config['captcha']['extra'];
|
|
||||||
}
|
|
||||||
|
|
||||||
header("Content-type: application/json");
|
header("Content-type: application/json");
|
||||||
$extra = $_GET['extra'];
|
$extra = $config['captcha']['native']['extra'];
|
||||||
$cookie = rand_string(20, "abcdefghijklmnopqrstuvwxyz");
|
$cookie = rand_string(20, $extra);
|
||||||
$i = new Securimage(['send_headers' => false, 'no_exit' => true]);
|
$i = new Securimage(['send_headers' => false, 'no_exit' => true]);
|
||||||
$i->createCode();
|
$i->createCode();
|
||||||
ob_start();
|
ob_start();
|
||||||
@ -47,12 +43,12 @@ switch ($mode) {
|
|||||||
break;
|
break;
|
||||||
case 'check':
|
case 'check':
|
||||||
cleanup();
|
cleanup();
|
||||||
if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['extra']) || !isset ($_GET['text'])) {
|
if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['text'])) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
|
$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ?");
|
||||||
$query->execute([$_GET['cookie'], $_GET['extra']]);
|
$query->execute([$_GET['cookie']]);
|
||||||
|
|
||||||
$ary = $query->fetchAll();
|
$ary = $query->fetchAll();
|
||||||
|
|
||||||
@ -60,8 +56,8 @@ switch ($mode) {
|
|||||||
echo "0";
|
echo "0";
|
||||||
break;
|
break;
|
||||||
} else {
|
} else {
|
||||||
$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
|
$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ?");
|
||||||
$query->execute([$_GET['cookie'], $_GET['extra']]);
|
$query->execute([$_GET['cookie']]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($ary[0]['text'] !== $_GET['text']) {
|
if ($ary[0]['text'] !== $_GET['text']) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user