From b763de7acecf7afe2937768060c2d0cb839c193b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Thu, 3 Dec 2020 11:11:43 +0100 Subject: [PATCH] Inline RecaptchaHandlerV2::validate() in RecaptchaHandler --- .../system/captcha/RecaptchaHandler.class.php | 49 +++++++++++++++++-- .../recaptcha/RecaptchaHandlerV2.class.php | 1 + 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php b/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php index cb15d569de..bf77a5eeea 100644 --- a/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php +++ b/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php @@ -1,13 +1,16 @@ * @package WoltLabSuite\Core\System\Captcha */ @@ -81,6 +84,44 @@ class RecaptchaHandler implements ICaptchaHandler { public function validate() { if (WCF::getSession()->getVar('recaptchaDone')) return; - RecaptchaHandlerV2::getInstance()->validate($this->response, $this->challenge ?: 'v2'); + // fail if response is empty to avoid sending api requests + if (empty($this->response)) { + throw new UserInputException('recaptchaString', 'false'); + } + + $type = $this->challenge ?: 'v2'; + + if ($type === 'v2') { + $key = RECAPTCHA_PRIVATEKEY; + } + else if ($type === 'invisible') { + $key = RECAPTCHA_PRIVATEKEY_INVISIBLE; + } + else { + throw new \InvalidArgumentException('$type must be either v2 or invisible.'); + } + + $request = new HTTPRequest('https://www.google.com/recaptcha/api/siteverify?secret='.rawurlencode($key).'&response='.rawurlencode($this->response).'&remoteip='.rawurlencode(UserUtil::getIpAddress()), ['timeout' => 10]); + + try { + $request->execute(); + $reply = $request->getReply(); + $data = JSON::decode($reply['body']); + + if ($data['success']) { + // yeah + } + else { + throw new UserInputException('recaptchaString', 'false'); + } + } + catch (\Exception $e) { + if ($e instanceof UserInputException) throw $e; + + // log error, but accept captcha + \wcf\functions\exception\logThrowable($e); + } + + WCF::getSession()->register('recaptchaDone', true); } } diff --git a/wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandlerV2.class.php b/wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandlerV2.class.php index 6d5941d345..eb50ec2ad2 100644 --- a/wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandlerV2.class.php +++ b/wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandlerV2.class.php @@ -14,6 +14,7 @@ use wcf\util\UserUtil; * @copyright 2001-2019 WoltLab GmbH * @license GNU Lesser General Public License * @package WoltLabSuite\Core\System\Recaptcha + * @deprecated 5.4 - This was an implementation detail of wcf\system\captcha\RecaptchaHandler. */ class RecaptchaHandlerV2 extends SingletonFactory { /** -- 2.20.1