From f7073d5d7ef6c923437ad36df0cb1b90b092d91f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:22:58 +0200
Subject: [PATCH] post.php: do not verify the poster IP if the captcha is
 dynamic

---
 post.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/post.php b/post.php
index f937f06c..b461c47e 100644
--- a/post.php
+++ b/post.php
@@ -661,8 +661,13 @@ if (isset($_POST['delete'])) {
 					error($config['error']['bot']);
 				}
 				$response = $_POST[$field];
+				/*
+				 * Do not query with the IP if the mode is dynamic. This config is meant for proxies and internal
+				 * loopback addresses.
+				 */
+				$ip = $dynamic ? null : $_SERVER['REMOTE_ADDR'];
 
-				$success = $query->verify($response, $_SERVER['REMOTE_ADDR']);
+				$success = $query->verify($response, $ip);
 				if (!$success) {
 					error($config['error']['captcha']);
 				}