Changeset 3208894

Timestamp:

12/17/2024 05:49:08 AM (14 months ago)

Author:

pkthree

Message:

Peter's Custom Anti-Spam Image Version 3.2.4

Location:

peters-custom-anti-spam-image/trunk

Files:

• custom_anti_spam.php (modified) (4 diffs)
• readme.txt (modified) (1 diff)

peters-custom-anti-spam-image/trunk/custom_anti_spam.php

@@ -5 +5 @@
 Description: Stop a lot of spambots from polluting your site by making visitors identify a random word displayed as an image before commenting. You can customize the pool of words to display.
 Author: Peter Keung
-Version: 3.2.3
+Version: 3.2.4
 Author URI: https://www.theblog.ca/
 Change Log:
+2024-12-16  Version 3.2.4  Fix CSRF vulnerability on register
 2023-08-30  Version 3.2.3  Fix back-end XSS vulnerability
 2014-02-08  Version 3.2.2  Minor code cleanup (thanks koc!)
@@ -89 +90 @@
 
 global $cas_version;
-$cas_version = '3.2.2';
+$cas_version = '3.2.4';
 
 $cas_text = casFunctionCollection::get_settings( 'text' );
@@ -1066 +1067 @@
     echo( '<input type="text" name="securitycode" id="securitycode" size="30" />'."\n\t\t\t\t" );
     echo( '<input type="hidden" name="matchthis" value="' . $cas_rowid . "\" />\n\t\t\t\t" );
+    wp_nonce_field( 'cas_register_form' );
     if( $cas_wav )
     {
@@ -1087 +1089 @@
 
         // Validate the form input values
+        check_admin_referer( 'cas_register_form' );
         if( isset( $_POST['securitycode'] ) )
         {

peters-custom-anti-spam-image/trunk/readme.txt

@@ -64 +64 @@
 == Changelog ==
 
+= 3.2.4 =
+* 2024-12-16: Fix CSRF vulnerability on register
+
 = 3.2.3 =
 * 2023-08-30: Fix back-end XSS vulnerability