From 18aed77ecc7995a08e73507d5d6733bbe2f36dcb Mon Sep 17 00:00:00 2001
From: Daniel Saunders <dsaunders@dansaunders.me>
Date: Mon, 24 Jul 2017 13:24:44 -0400
Subject: [PATCH] urlencode reCAPTCHA response for safety

---
 post.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/post.php b/post.php
index aca524fd..bef4b3c2 100644
--- a/post.php
+++ b/post.php
@@ -385,10 +385,11 @@ if (isset($_POST['delete'])) {
 		if ($config['recaptcha']) {
 			if (!isset($_POST['g-recaptcha-response']))
 				error($config['error']['bot']);	
-				// Check what reCAPTCHA has to say...
+
+			// Check what reCAPTCHA has to say...
 			$resp = json_decode(file_get_contents(sprintf('https://www.google.com/recaptcha/api/siteverify?secret=%s&response=%s&remoteip=%s',
 				$config['recaptcha_private'],
-				$_POST['g-recaptcha-response'],
+				urlencode($_POST['g-recaptcha-response']),
 				$_SERVER['REMOTE_ADDR'])), true);
 
 			if (!$resp['success']) {