Changeset 655941
- Timestamp:
- 01/20/2013 09:42:40 PM (13 years ago)
- Location:
- wp-no-bot-question/trunk
- Files:
-
- 2 edited
-
readme.txt (modified) (1 diff)
-
wp_nobot_question.php (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wp-no-bot-question/trunk/readme.txt
r646559 r655941 38 38 39 39 == Changelog == 40 = 0.1.3 = 41 * 883ed15 Add a basic hashing mechanism to the question 42 * 9214d36 Support questions/answers with quotation marks 43 * 3b35ca3 Escape HTML special characters in admin 44 * 787b294 Validate the existance of the wp_nobot_answer_question field 45 40 46 = 0.1.2 = 41 47 * c911cc4 Update fr-FR translation -
wp-no-bot-question/trunk/wp_nobot_question.php
r646559 r655941 4 4 Plugin URI: http://www.compdigitec.com/apps/wpnobot/ 5 5 Description: Simple question that blocks most spambots (and paid robots) by making them answer a common sense question 6 Version: 0.1. 26 Version: 0.1.3 7 7 Author: Compdigitec 8 8 Author URI: http://www.compdigitec.com/ … … 10 10 Text Domain: wp_nobot_question 11 11 */ 12 define('wp_nobot_question_version','0.1. 2');12 define('wp_nobot_question_version','0.1.3'); 13 13 /* 14 14 * Redistribution and use in source and binary forms, with or without … … 109 109 <?php 110 110 $questions = wp_nobot_question_get_option('questions'); 111 $answers = wp_nobot_question_get_option('answers'); 111 112 $selected_id = rand(0,count($questions)-1); 112 113 ?> … … 121 122 /> 122 123 <input type="hidden" name="wp_nobot_answer_question" value="<?php echo $selected_id; ?>" /> 124 <input type="hidden" name="wp_nobot_answer_question_hash" value="<?php echo wp_nobot_question_security_hash($selected_id, $questions[$selected_id], $answers[$selected_id]); ?>" /> 123 125 </p> 124 126 <?php … … 132 134 return $x; 133 135 } 134 if(!array_key_exists('wp_nobot_answer',$_POST) || trim($_POST['wp_nobot_answer']) == '') {136 if(!array_key_exists('wp_nobot_answer',$_POST) || !array_key_exists('wp_nobot_answer_question',$_POST) || trim($_POST['wp_nobot_answer']) == '') { 135 137 wp_die(__('Error: Please fill in the required question.','wp_nobot_question')); 136 138 } 137 139 $question_id = intval($_POST['wp_nobot_answer_question']); 140 $questions_all = wp_nobot_question_get_option('questions'); 138 141 $answers_all = wp_nobot_question_get_option('answers'); 142 // Hash verification to make sure the bot isn't picking on one answer. 143 // This does not mean that they got the question right. 144 if(trim($_POST['wp_nobot_answer_question_hash']) != wp_nobot_question_security_hash($question_id,$questions_all[$question_id],$answers_all[$question_id])) { 145 wp_die(__('Error: Please fill in the correct answer to the question.','wp_nobot_question')); 146 } 147 // Verify the answer. 139 148 if($question_id < count($answers_all)) { 140 149 $answers = $answers_all[$question_id]; … … 169 178 } 170 179 180 function wp_nobot_question_security_hash($id,$question,$answer) { 181 /* 182 * Hash format: SHA256( Question ID + Question Title + serialize( Question Answers ) ) 183 */ 184 $hash_string = strval($id) . strval($question) . serialize($answer); 185 return hash('sha256',$hash_string); 186 } 187 171 188 function wp_nobot_question_template($id_,$question,$answers) { 172 189 $id = intval($id_); … … 175 192 <th scope="row"><?php _e('Question to present to bot','wp_nobot_question'); ?></th> 176 193 <td> 177 <input type="input" name="wp_nobot_question_question_<?php echo $id; ?>" size="70" value="<?php echo $question; ?>" placeholder="<?php _e('Type here to add a new question','wp_nobot_question'); ?>" /><a href="javascript:void(0)" onclick="wp_nobot_question_delete_entire_question("<?php echo $id ?>")"><?php echo __('Delete Question'); ?></a>194 <input type="input" name="wp_nobot_question_question_<?php echo $id; ?>" size="70" value="<?php echo htmlspecialchars($question); ?>" placeholder="<?php _e('Type here to add a new question','wp_nobot_question'); ?>" /><a href="javascript:void(0)" onclick="wp_nobot_question_delete_entire_question("<?php echo $id ?>")"><?php echo __('Delete Question'); ?></a> 178 195 </td> 179 196 </tr> … … 185 202 foreach($answers as $value) { 186 203 echo "<span id=\"wp_nobot_question_line_{$id}_$i\">"; 187 printf('<input type="input" id="wp_nobot_question_answer_%1$d_%2$d" name="wp_nobot_question_answers_%1$d[]" size="70" value="%3$s" />', $id, $i, $value);204 printf('<input type="input" id="wp_nobot_question_answer_%1$d_%2$d" name="wp_nobot_question_answers_%1$d[]" size="70" value="%3$s" />', $id, $i, htmlspecialchars($value)); 188 205 echo "<a href=\"javascript:void(0)\" onclick=\"wp_nobot_question_delete("$id", "$i")\">" . __('Delete') . "</a>"; 189 206 echo "<br /></span>\n"; … … 208 225 $q_id = str_replace('wp_nobot_question_question_','',$key); 209 226 if(trim(strval($value)) != '') { // if not empty 210 $questions[] = trim(strval($value)); 211 $answers[] = array_filter($_POST['wp_nobot_question_answers_' . $q_id]); 227 $question_slashed = trim(strval($value)); 228 // WordPress seems to add quotes by default, see: 229 // http://stackoverflow.com/questions/1746078/wordpress-2-8-6-foobars-my-theme-options-with-escape-slashes#answers-header 230 // http://core.trac.wordpress.org/ticket/18322 231 $questions[] = stripslashes($question_slashed); 232 $answers_slashed = array_filter($_POST['wp_nobot_question_answers_' . $q_id]); 233 foreach($answers_slashed as $key => $value) { 234 $answers_slashed[$key] = stripslashes($value); 235 } 236 $answers[] = $answers_slashed; 212 237 } 213 238 }
Note: See TracChangeset
for help on using the changeset viewer.