Changeset 1202224

Timestamp:

07/20/2015 11:43:27 AM (11 years ago)

Author:

adeptplus

Message:

Fix error where Captcha could be bypassed by disabling Javascript

Location:

no-captcha-recaptcha/trunk

Files:

• comment-form.php (modified) (1 diff)
• login.php (modified) (1 diff)
• no-captcha-recaptcha.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• registration.php (modified) (1 diff)

no-captcha-recaptcha/trunk/comment-form.php

@@ -61 +61 @@
     public static function validate_captcha_comment_field( $commentdata ) {
 
-        if ( isset( $_POST['g-recaptcha-response'] ) && ! (self::captcha_verification()) ) {
+        if ( ! isset( $_POST['g-recaptcha-response'] ) || ! (self::captcha_verification()) ) {
             self::$captcha_error = 'failed';
         }

no-captcha-recaptcha/trunk/login.php

@@ -25 +25 @@
     public static function validate_captcha( $user, $password ) {
 
-        if ( isset( $_POST['g-recaptcha-response'] ) && ! self::captcha_verification() ) {
+        if ( ! isset( $_POST['g-recaptcha-response'] ) || ! self::captcha_verification() ) {
             return new WP_Error( 'empty_captcha', self::$error_message );
         }

no-captcha-recaptcha/trunk/no-captcha-recaptcha.php

@@ -5 +5 @@
 Plugin URI: http://w3guy.com
 Description: Protect WordPress login, registration and comment form from spam with the new No CAPTCHA reCAPTCHA
-Version: 1.0.1
+Version: 1.0.2
 Author: Agbonghama Collins
 Author URI: http://w3guy.com

no-captcha-recaptcha/trunk/readme.txt

@@ -1 +1 @@
 === Plugin Name ===
-Contributors: adeptplus
+Contributors: collizo4sky, adeptplus
 Donate link: https://flattr.com/submit/auto?user_id=tech4sky&url=http%3A%2F%2Fw3guy.com
 Tags: comments, spam, login, registration, captcha, recaptcha, spammers, bot
 Requires at least: 3.4
 Tested up to: 4.0.1
-Stable tag: 1.0.1
+Stable tag: 1.0.2
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -45 +45 @@
 == Changelog ==
 
-= 1.0 =
+= 1.0.2 =
+* Fix error where Captcha could be bypassed by disabling Javascript
+
+= 1.0.1 =
 * Fixed header already sent error
 

no-captcha-recaptcha/trunk/registration.php

@@ -25 +25 @@
      */
     public static function validate_captcha_registration_field( $errors, $sanitized_user_login, $user_email ) {
-        if ( isset( $_POST['g-recaptcha-response'] ) && ! self::captcha_verification() ) {
+        if ( ! isset( $_POST['g-recaptcha-response'] ) || ! self::captcha_verification() ) {
             $errors->add( 'failed_verification', self::$error_message );
         }