Google Captcha (reCAPTCHA) by BestWebSoft

Version Description

07.08.2014 =
Bugfix : Security Exploit was fixed.
Bugfix : The display of private key in the front-end was removed.

Release Info

Developer	bestwebsoft
Plugin	Google Captcha (reCAPTCHA) by BestWebSoft
Version	1.06
Comparing to
See all releases

Code changes from version 1.05 to 1.06

Files changed (16) hide show

bws_menu/bws_menu.php +51 -20
bws_menu/icons/bws-google-analytics.png +0 -0
bws_menu/icons/bws-google-maps.png +0 -0
bws_menu/icons/contact-form-multi.png +0 -0
bws_menu/icons/db-manager.png +0 -0
bws_menu/icons/job-board.png +0 -0
bws_menu/icons/limit-attempts.png +0 -0
bws_menu/icons/subscriber.png +0 -0
google-captcha.php +7 -8
google_captcha_check.php +6 -1
js/script.js +1 -1
languages/google_captcha-pl_PL.mo +0 -0
languages/google_captcha-pl_PL.po +0 -0
languages/google_captcha-uk.mo +0 -0
languages/google_captcha-uk.po +0 -0
readme.txt +9 -2

bws_menu/bws_menu.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	* Function for displaying BestWebSoft menu
4	- * Version: 1.3.4
5	*/
6
7	if ( ! function_exists( 'bws_add_menu_render' ) ) {
	@@ -259,6 +259,23 @@ if ( ! function_exists( 'bws_add_menu_render' ) ) {
259	'download' => 'http://bestwebsoft.com/plugin/email-queue/?k=e345e1b6623f0dca119bc2d9433b130b&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#download',
260	'wp_install' => '/wp-admin/plugin-install.php?tab=search&s=Email+Queue+BestWebSoft&plugin-search-input=Search+Plugins',
261	'settings' => 'admin.php?page=mlq_settings'

















262	)
263	);
264	$bws_plugins_pro = array(
	@@ -359,6 +376,13 @@ if ( ! function_exists( 'bws_add_menu_render' ) ) {
359	'link' => 'http://bestwebsoft.com/plugin/sender-pro/?k=dc5d1a87bdc8aeab2de40ffb99b38054&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
360	'purchase' => 'http://bestwebsoft.com/plugin/sender-pro/?k=dc5d1a87bdc8aeab2de40ffb99b38054&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#purchase',
361	'settings' => 'admin.php?page=sndrpr_settings'







362	)
363	);
364
	@@ -491,8 +515,8 @@ if ( ! function_exists( 'bws_add_menu_render' ) ) {
491	if ( ( isset( $_REQUEST['bwsmn_form_submit'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit' ) ) \|\|
492	( isset( $_REQUEST['bwsmn_form_submit_custom_email'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit_custom_email' ) ) ) {
493	if ( isset( $_REQUEST['bwsmn_form_email'] ) ) {
494	- $bwsmn_form_email = trim( $_REQUEST['bwsmn_form_email'] );
495	- if ( $bwsmn_form_email == "" \|\| !~~preg_match(~~ ~~"/^~~(~~(?:[a-z0-9']+(?:[a-z0-9\-_\.']+)?@[a-z0-9]+(?:[a-z0-9\-\.]+)?\.[a-z]{2,5})[,~~ ~~]*)+$/i",~~ $bwsmn_form_email ) ) {
496	$error = __( "Please enter a valid email address.", 'bestwebsoft' );
497	} else {
498	$email = $bwsmn_form_email;
	@@ -514,19 +538,24 @@ if ( ! function_exists( 'bws_add_menu_render' ) ) {
514	foreach ( $system_info['system_info'] as $key => $value ) {
515	$message_text .= '<tr><td>'. $key .'</td><td>'. $value .'</td></tr>';
516	}
517	- $message_text .= '</table>
518	- ~~<h4>Active~~ ~~Plugins</h4>~~
519	- <~~table~~>';
520	- ~~foreach ( $system_info[~~'~~active_plugins'] as $key => $value ) {~~
521	- ~~$message_text~~ .= '~~<tr><td scope="row">~~'. $key ~~.'</td><td~~ ~~scope="row">'.~~ $value ~~.'</td></tr>';~~



522	}
523	- $~~message_text~~ .= ~~'</table>~~
524	- <h4>Inactive Plugins</h4>
525	- <table>';
526	- foreach ( $system_info['inactive_plugins'] as $key => $value ) {
527	- $message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';


528	}
529	- $message_text .= '</~~table></~~body></html>';
530	$result = wp_mail( $email, 'System Info From ' . $home_url, $message_text, $headers );
531	if ( $result != true )
532	$error = __( "Sorry, email message could not be delivered.", 'bestwebsoft' );
	@@ -874,12 +903,14 @@ if ( ! function_exists( 'bws_add_menu_render' ) ) {
874	<table class="bws_system_info">
875	<thead><tr><th><?php _e( 'Active Plugins', 'bestwebsoft' ); ?></th><th></th></tr></thead>
876	<tbody>
877	- <?php ~~foreach~~ ( $system_info['active_plugins'] as ~~$key => $value~~ ) { ?>
878	- ~~<tr>~~
879	- <~~td scope="row"><?php echo $key; ?></td~~>
880	- <td scope="row"><?php echo $~~value~~; ?></td>
881	- ~~</tr~~>
882	- ~~<?php } ?>~~


883	</tbody>
884	</table>
885	<table class="bws_system_info">


1	<?php
2	/*
3	* Function for displaying BestWebSoft menu
4	+ * Version: 1.3.7
5	*/
6
7	if ( ! function_exists( 'bws_add_menu_render' ) ) {

259	'download' => 'http://bestwebsoft.com/plugin/email-queue/?k=e345e1b6623f0dca119bc2d9433b130b&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#download',
260	'wp_install' => '/wp-admin/plugin-install.php?tab=search&s=Email+Queue+BestWebSoft&plugin-search-input=Search+Plugins',
261	'settings' => 'admin.php?page=mlq_settings'
262	+ ),
263	+ 'limit-attempts/limit-attempts.php' => array(
264	+ 'name' => 'Limit Attempts',
265	+ 'description' => 'Allows you to limit rate of login attempts by the ip, and create whitelist and blacklist.',
266	+ 'link' => 'http://bestwebsoft.com/plugin/limit-attempts/?k=b14e1697ee4d008abcd4bd34d492573a&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
267	+ 'download' => 'http://bestwebsoft.com/plugin/limit-attempts/?k=b14e1697ee4d008abcd4bd34d492573a&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#download',
268	+ 'wp_install' => '/wp-admin/plugin-install.php?tab=search&s=Limit+Attempts+BestWebSoft&plugin-search-input=Search+Plugins',
269	+ 'settings' => 'admin.php?page=limit-attempts.php',
270	+ 'pro_version' => 'limit-attempts-pro/limit-attempts-pro.php'
271	+ ),
272	+ 'job-board/job-board.php' => array(
273	+ 'name' => 'Job board',
274	+ 'description' => 'Allows to create a job-board page on your site.',
275	+ 'link' => 'http://bestwebsoft.com/plugin/job-board/?k=b0c504c9ce6edd6692e04222af3fed6f&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
276	+ 'download' => 'http://bestwebsoft.com/plugin/job-board/?k=b0c504c9ce6edd6692e04222af3fed6f&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#download',
277	+ 'wp_install' => '/wp-admin/plugin-install.php?tab=search&type=term&s=Job+board+BestWebSoft&plugin-search-input=Search+Plugins',
278	+ 'settings' => 'admin.php?page=job-board.php'
279	)
280	);
281	$bws_plugins_pro = array(

376	'link' => 'http://bestwebsoft.com/plugin/sender-pro/?k=dc5d1a87bdc8aeab2de40ffb99b38054&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
377	'purchase' => 'http://bestwebsoft.com/plugin/sender-pro/?k=dc5d1a87bdc8aeab2de40ffb99b38054&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#purchase',
378	'settings' => 'admin.php?page=sndrpr_settings'
379	+ ),
380	+ 'limit-attempts-pro/limit-attempts-pro.php' => array(
381	+ 'name' => 'Limit Attempts Pro',
382	+ 'description' => 'Allows you to limit rate of login attempts by the ip, and create whitelist and blacklist.',
383	+ 'link' => 'http://bestwebsoft.com/plugin/limit-attempts-pro/?k=9d42cdf22c7fce2c4b6b447e6a2856e0&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version,
384	+ 'purchase' => 'http://bestwebsoft.com/plugin/limit-attempts-pro/?k=9d42cdf22c7fce2c4b6b447e6a2856e0&pn=' . $bws_plugin_info["id"] . '&v=' . $bws_plugin_info["version"] . '&wp_v=' . $wp_version . '#purchase',
385	+ 'settings' => 'admin.php?page=limit-attempts-pro.php',
386	)
387	);
388

515	if ( ( isset( $_REQUEST['bwsmn_form_submit'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit' ) ) \|\|
516	( isset( $_REQUEST['bwsmn_form_submit_custom_email'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit_custom_email' ) ) ) {
517	if ( isset( $_REQUEST['bwsmn_form_email'] ) ) {
518	+ $bwsmn_form_email = esc_html( trim( $_REQUEST['bwsmn_form_email'] ) );
519	+ if ( $bwsmn_form_email == "" \|\| ! is_email( $bwsmn_form_email ) ) {
520	$error = __( "Please enter a valid email address.", 'bestwebsoft' );
521	} else {
522	$email = $bwsmn_form_email;

538	foreach ( $system_info['system_info'] as $key => $value ) {
539	$message_text .= '<tr><td>'. $key .'</td><td>'. $value .'</td></tr>';
540	}
541	+ $message_text .= '</table>';
542	+ if ( ! empty( $system_info['active_plugins'] ) ) {
543	+ $message_text .= '<h4>Active Plugins</h4>
544	+ <table>';
545	+ foreach ( $system_info['active_plugins'] as $key => $value ) {
546	+ $message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
547	+ }
548	+ $message_text .= '</table>';
549	}
550	+ if ( ! empty( $system_info['inactive_plugins'] ) ) {
551	+ $message_text .= '<h4>Inactive Plugins</h4>
552	+ <table>';
553	+ foreach ( $system_info['inactive_plugins'] as $key => $value ) {
554	+ $message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
555	+ }
556	+ $message_text .= '</table>';
557	}
558	+ $message_text .= '</body></html>';
559	$result = wp_mail( $email, 'System Info From ' . $home_url, $message_text, $headers );
560	if ( $result != true )
561	$error = __( "Sorry, email message could not be delivered.", 'bestwebsoft' );

903	<table class="bws_system_info">
904	<thead><tr><th><?php _e( 'Active Plugins', 'bestwebsoft' ); ?></th><th></th></tr></thead>
905	<tbody>
906	+ <?php if ( ! empty( $system_info['active_plugins'] ) ) {
907	+ foreach ( $system_info['active_plugins'] as $key => $value ) { ?>
908	+ <tr>
909	+ <td scope="row"><?php echo $key; ?></td>
910	+ <td scope="row"><?php echo $value; ?></td>
911	+ </tr>
912	+ <?php }
913	+ } ?>
914	</tbody>
915	</table>
916	<table class="bws_system_info">

bws_menu/icons/bws-google-analytics.png CHANGED Viewed

File without changes

bws_menu/icons/bws-google-maps.png CHANGED Viewed

File without changes

bws_menu/icons/contact-form-multi.png CHANGED Viewed

File without changes

bws_menu/icons/db-manager.png CHANGED Viewed

File without changes

bws_menu/icons/job-board.png ADDED Viewed

Binary file

bws_menu/icons/limit-attempts.png ADDED Viewed

Binary file

bws_menu/icons/subscriber.png CHANGED Viewed

File without changes

google-captcha.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: Google Captcha (reCAPTCHA)
4	Plugin URI: http://bestwebsoft.com/plugin/
5	Description: Plugin Google Captcha intended to prove that the visitor is a human being and not a spam robot.
6	Author: BestWebSoft
7	- Version: 1.05
8	Author URI: http://bestwebsoft.com/
9	License: GPLv3 or later
10	*/
	@@ -12,7 +12,7 @@ License: GPLv3 or later
12	/* © Copyright 2014 BestWebSoft ( http://support.bestwebsoft.com )
13
14	This program is free software; you can redistribute it and/or modify
15	- it under the terms of the GNU General Public License, version 2, as
16	published by the Free Software Foundation.
17
18	This program is distributed in the hope that it will be useful,
	@@ -261,8 +261,8 @@ if ( ! function_exists( 'gglcptch_settings_page' ) ) {
261	} else
262	$gglcptch_keys['private']['error_msg'] = '';
263
264	- $gglcptch_options['public_key'] = $_POST['gglcptch_public_key'];
265	- $gglcptch_options['private_key'] = $_POST['gglcptch_private_key'];
266	$gglcptch_options['login_form'] = isset( $_POST['gglcptch_login_form'] ) ? 1 : 0;
267	$gglcptch_options['registration_form'] = isset( $_POST['gglcptch_registration_form'] ) ? 1 : 0;
268	$gglcptch_options['reset_pwd_form'] = isset( $_POST['gglcptch_reset_pwd_form'] ) ? 1 : 0;
	@@ -350,11 +350,11 @@ if ( ! function_exists( 'gglcptch_settings_page' ) ) {
350	</form>
351	<div class="bws-plugin-reviews">
352	<div class="bws-plugin-reviews-rate">
353	- <?php _e( 'If you enjoy our plugin, please give it 5 stars on WordPress', 'google_captcha' ); ?>:
354	<a href="http://wordpress.org/support/view/plugin-reviews/google-captcha" target="_blank" title="Google Captcha reviews"><?php _e( 'Rate the plugin', 'google_captcha' ); ?></a>
355	</div>
356	<div class="bws-plugin-reviews-support">
357	- <?php _e( 'If there is something wrong about it, please contact us', 'google_captcha' ); ?>:
358	<a href="http://support.bestwebsoft.com">http://support.bestwebsoft.com</a>
359	</div>
360	</div>
	@@ -393,8 +393,7 @@ if ( ! function_exists( 'gglcptch_display' ) ) {
393	<script type='text/javascript'>
394	var RecaptchaOptions = { theme : "<?php echo $gglcptch_options['theme']; ?>" },
395	gglcptch_path = "<?php echo plugins_url( 'google_captcha_check.php', __FILE__ ); ?>",
396	- gglcptch_error_msg = "<?php _e( 'Error: You have entered an incorrect CAPTCHA value.', 'google_captcha' ); ?>",
397	- gglcptch_private_key = "<?php echo $privatekey; ?>";
398	</script>
399	<?php
400	if ( ! $privatekey \|\| ! $publickey ) {


4	Plugin URI: http://bestwebsoft.com/plugin/
5	Description: Plugin Google Captcha intended to prove that the visitor is a human being and not a spam robot.
6	Author: BestWebSoft
7	+ Version: 1.06
8	Author URI: http://bestwebsoft.com/
9	License: GPLv3 or later
10	*/

12	/* © Copyright 2014 BestWebSoft ( http://support.bestwebsoft.com )
13
14	This program is free software; you can redistribute it and/or modify
15	+ it under the terms of the GNU General Public License, version 2, as
16	published by the Free Software Foundation.
17
18	This program is distributed in the hope that it will be useful,

261	} else
262	$gglcptch_keys['private']['error_msg'] = '';
263
264	+ $gglcptch_options['public_key'] = trim( stripslashes( esc_html( $_POST['gglcptch_public_key'] ) ) );
265	+ $gglcptch_options['private_key'] = trim( stripslashes( esc_html( $_POST['gglcptch_private_key'] ) ) );
266	$gglcptch_options['login_form'] = isset( $_POST['gglcptch_login_form'] ) ? 1 : 0;
267	$gglcptch_options['registration_form'] = isset( $_POST['gglcptch_registration_form'] ) ? 1 : 0;
268	$gglcptch_options['reset_pwd_form'] = isset( $_POST['gglcptch_reset_pwd_form'] ) ? 1 : 0;

350	</form>
351	<div class="bws-plugin-reviews">
352	<div class="bws-plugin-reviews-rate">
353	+ <?php _e( 'If you enjoy our plugin, please give it 5 stars on WordPress', 'google_captcha' ); ?>:
354	<a href="http://wordpress.org/support/view/plugin-reviews/google-captcha" target="_blank" title="Google Captcha reviews"><?php _e( 'Rate the plugin', 'google_captcha' ); ?></a>
355	</div>
356	<div class="bws-plugin-reviews-support">
357	+ <?php _e( 'If there is something wrong about it, please contact us', 'google_captcha' ); ?>:
358	<a href="http://support.bestwebsoft.com">http://support.bestwebsoft.com</a>
359	</div>
360	</div>

393	<script type='text/javascript'>
394	var RecaptchaOptions = { theme : "<?php echo $gglcptch_options['theme']; ?>" },
395	gglcptch_path = "<?php echo plugins_url( 'google_captcha_check.php', __FILE__ ); ?>",
396	+ gglcptch_error_msg = "<?php _e( 'Error: You have entered an incorrect CAPTCHA value.', 'google_captcha' ); ?>";

397	</script>
398	<?php
399	if ( ! $privatekey \|\| ! $publickey ) {

google_captcha_check.php CHANGED Viewed

	@@ -1,7 +1,12 @@
1	<?php
2	/* Check Google Captcha in shortcode and contact form */
3	require_once( 'lib/recaptchalib.php' );
4	- ~~$privatekey~~ = ~~$_POST[~~'~~gglcptch_private_key~~'];





5	$resp = recaptcha_check_answer( $privatekey,
6	$_SERVER['REMOTE_ADDR'],
7	$_POST['recaptcha_challenge_field'],


1	<?php
2	/* Check Google Captcha in shortcode and contact form */
3	require_once( 'lib/recaptchalib.php' );
4	+ if ( defined('ABSPATH') )
5	+ require_once( ABSPATH . 'wp-load.php' );
6	+ else
7	+ require_once( '../../../wp-load.php' );
8	+ $gglcptch_options = get_option( 'gglcptch_options' );
9	+ $privatekey = $gglcptch_options['private_key'];
10	$resp = recaptcha_check_answer( $privatekey,
11	$_SERVER['REMOTE_ADDR'],
12	$_POST['recaptcha_challenge_field'],

js/script.js CHANGED Viewed

	@@ -20,7 +20,7 @@
20	req.open( 'POST', gglcptch_path, false );
21	req.setRequestHeader( 'Content-Type', 'application/x-www-form-urlencoded' );
22	/* sending POST parameters */
23	- req.send( 'recaptcha_challenge_field=' + recaptcha_challenge_field + '&recaptcha_response_field=' + recaptcha_response_field ~~+ '&gglcptch_private_key=' + gglcptch_private_key~~ );
24
25	if ( req.responseText == 'error' ) {
26	/* wrong captcha */


20	req.open( 'POST', gglcptch_path, false );
21	req.setRequestHeader( 'Content-Type', 'application/x-www-form-urlencoded' );
22	/* sending POST parameters */
23	+ req.send( 'recaptcha_challenge_field=' + recaptcha_challenge_field + '&recaptcha_response_field=' + recaptcha_response_field );
24
25	if ( req.responseText == 'error' ) {
26	/* wrong captcha */

languages/google_captcha-pl_PL.mo CHANGED Viewed

File without changes

languages/google_captcha-pl_PL.po CHANGED Viewed

File without changes

languages/google_captcha-uk.mo CHANGED Viewed

File without changes

languages/google_captcha-uk.po CHANGED Viewed

File without changes

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: bestwebsoft
3	Donate link: https://www.2checkout.com/checkout/purchase?sid=1430388&quantity=1&product_id=94
4	Tags: antispam, anti-spam, capcha, anti-spam security, arithmetic actions, captcha, captha, capcha, catcha, cpatcha, captcha theme, comment, digitize books, digitize newspapers, digitize radio shows, google, gogle, google captcha, login, lost password, re captcha, recaptcha, re-captcha, registration, shortcode, site keys, spam, text captcha.
5	Requires at least: 3.0
6	- Tested up to: 3.9.1
7	- Stable tag: 1.05
8	License: GPLv3 or later
9	License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
	@@ -142,6 +142,10 @@ Please make sure that the problem hasn't been discussed yet on our forum (<a hre
142
143	== Changelog ==
144




145	= V1.05 - 21.07.2014 =
146	* Bugfix : Problem with submitting form with Google Captcha is fixed.
147
	@@ -171,6 +175,9 @@ Please make sure that the problem hasn't been discussed yet on our forum (<a hre
171
172	== Upgrade Notice ==
173



174	= V1.05 =
175	Problem with submitting form with Google Captcha is fixed.
176


3	Donate link: https://www.2checkout.com/checkout/purchase?sid=1430388&quantity=1&product_id=94
4	Tags: antispam, anti-spam, capcha, anti-spam security, arithmetic actions, captcha, captha, capcha, catcha, cpatcha, captcha theme, comment, digitize books, digitize newspapers, digitize radio shows, google, gogle, google captcha, login, lost password, re captcha, recaptcha, re-captcha, registration, shortcode, site keys, spam, text captcha.
5	Requires at least: 3.0
6	+ Tested up to: 3.9.2
7	+ Stable tag: 1.06
8	License: GPLv3 or later
9	License URI: http://www.gnu.org/licenses/gpl-3.0.html
10

142
143	== Changelog ==
144
145	+ = V1.06 - 07.08.2014 =
146	+ * Bugfix : Security Exploit was fixed.
147	+ * Bugfix : The display of private key in the front-end was removed.
148	+
149	= V1.05 - 21.07.2014 =
150	* Bugfix : Problem with submitting form with Google Captcha is fixed.
151

175
176	== Upgrade Notice ==
177
178	+ = V1.06 =
179	+ Security Exploit was fixed. The display of private key in the front-end was removed.
180	+
181	= V1.05 =
182	Problem with submitting form with Google Captcha is fixed.
183

Google Captcha (reCAPTCHA) by BestWebSoft - Version 1.06

Version Description

Release Info

Code changes from version 1.05 to 1.06