Math Captcha - Version 1.2.9

Version Description

Fix: Potential vulnerability bugs
Tweak: Improve getting server host name for comment blocking

Release Info

Developer	dfactory
Plugin	$Icon 128x128$ Math Captcha
Version	1.2.9
Comparing to
See all releases

Code changes from version 1.2.8 to 1.2.9

Files changed (5) hide show

includes/class-cookie-session.php +1 -1
includes/class-core.php +65 -20
includes/integrations/contact-form-7.php +18 -3
readme.txt +9 -5
wp-math-captcha.php +2 -2

includes/class-cookie-session.php CHANGED Viewed

	@@ -24,7 +24,7 @@ class Math_Captcha_Cookie_Session {
24	if ( is_admin() )
25	return;
26
27	- if ( isset( $_COOKIE['mc_session_ids'] ) )
28	$this->session_ids = $_COOKIE['mc_session_ids'];
29	else {
30	foreach ( array( 'default', 'multi' ) as $place ) {


24	if ( is_admin() )
25	return;
26
27	+ if ( isset( $_COOKIE['mc_session_ids'] ) && is_array( $_COOKIE['mc_session_ids'] ) && array_key_exists( 'default', $_COOKIE['mc_session_ids'] ) && array_key_exists( 'multi', $_COOKIE['mc_session_ids'] ) )
28	$this->session_ids = $_COOKIE['mc_session_ids'];
29	else {
30	foreach ( array( 'default', 'multi' ) as $place ) {

includes/class-core.php CHANGED Viewed

	@@ -51,7 +51,7 @@ class Math_Captcha_Core {
51	if ( is_admin() )
52	return;
53
54	- $action = (isset( $_GET['action'] ) && $_GET['action'] !== '' ? $_GET['action'] : null);
55
56	// comments
57	if ( Math_Captcha()->options['general']['enable_for']['comment_form'] ) {
	@@ -121,9 +121,11 @@ class Math_Captcha_Core {
121	$user_data = null;
122
123	// checks captcha
124	- if ( ~~isset~~( $_POST['mc-value'] ) ~~&& $_POST['mc-value'] !== ''~~ ) {


125	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
126	- if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $~~_POST['mc-value']~~ . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
127	$this->errors->add( 'math-captcha-error', $this->error_messages['wrong'] );
128	} else
129	$this->errors->add( 'math-captcha-error', $this->error_messages['time'] );
	@@ -163,9 +165,11 @@ class Math_Captcha_Core {
163	* @return array
164	*/
165	public function add_user_with_captcha( $login, $email, $errors ) {
166	- if ( ~~isset~~( $_POST['mc-value'] ) ~~&& $_POST['mc-value'] !== ''~~ ) {


167	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
168	- if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $~~_POST['mc-value']~~ . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
169	$errors->add( 'math-captcha-error', $this->error_messages['wrong'] );
170	} else
171	$errors->add( 'math-captcha-error', $this->error_messages['time'] );
	@@ -182,9 +186,11 @@ class Math_Captcha_Core {
182	* @return array
183	*/
184	public function validate_user_with_captcha( $result ) {
185	- if ( ~~isset~~( $_POST['mc-value'] ) ~~&& $_POST['mc-value'] !== ''~~ ) {


186	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
187	- if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $~~_POST['mc-value']~~ . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
188	$result['errors']->add( 'math-captcha-error', $this->error_messages['wrong'] );
189	} else
190	$result['errors']->add( 'math-captcha-error', $this->error_messages['time'] );
	@@ -206,9 +212,11 @@ class Math_Captcha_Core {
206	if ( $this->login_failed === false && ! empty( $_POST ) ) {
207	$error = '';
208
209	- if ( ~~isset~~( $_POST['mc-value'] ) ~~&& $_POST['mc-value'] !== ''~~ ) {


210	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
211	- if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $~~_POST['mc-value']~~ . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
212	$error = 'wrong';
213	} else
214	$error = 'time';
	@@ -234,9 +242,11 @@ class Math_Captcha_Core {
234	// user gave us valid login and password
235	if ( ! is_wp_error( $user ) ) {
236	if ( ! empty( $_POST ) ) {
237	- if ( ~~isset~~( $_POST['mc-value'] ) ~~&& $_POST['mc-value'] !== ''~~ ) {


238	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
239	- if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $~~_POST['mc-value']~~ . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
240	$error = 'wrong';
241	} else
242	$error = 'time';
	@@ -278,10 +288,12 @@ class Math_Captcha_Core {
278	* @return array
279	*/
280	public function add_comment_with_captcha( $comment ) {
281	- if ( ~~isset~~( $_POST['mc-value'] ) ~~&& $_POST['mc-value'] !== ''~~ ) {


282	if ( ( ! is_admin() \|\| ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) && ( $comment['comment_type'] === '' \|\| $comment['comment_type'] === 'comment' ) ) {
283	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
284	- if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $~~_POST['mc-value']~~ . Math_Captcha()->cookie_session->session_ids['default'], false ) ) === 0 )
285	return $comment;
286	else
287	wp_die( $this->error_messages['wrong'] );
	@@ -343,9 +355,11 @@ class Math_Captcha_Core {
343	* Validate bbpress topics and replies.
344	*/
345	public function check_bbpress_captcha() {
346	- if ( ~~isset~~( $_POST['mc-value'] ) ~~&& $_POST['mc-value'] !== ''~~ ) {


347	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'bbp_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
348	- if ( strcmp( get_transient( 'bbp_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $~~_POST['mc-value']~~ . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
349	bbp_add_error( 'math-captcha-wrong', $this->error_messages['wrong'] );
350	} else
351	bbp_add_error( 'math-captcha-wrong', $this->error_messages['time'] );
	@@ -608,8 +622,7 @@ class Math_Captcha_Core {
608
609	$transient_name = ($form === 'bbpress' ? 'bbp' : 'mc');
610	$session_id = Math_Captcha()->cookie_session->session_ids['default'];
611	- }
612	- elseif ( $form === 'cf7' ) {
613	$return = array();
614
615	if ( $rnd_input === 0 ) {
	@@ -627,7 +640,13 @@ class Math_Captcha_Core {
627	}
628
629	$transient_name = 'cf7';
630	- ~~$session_id = Math_Captcha()->cookie_session->session_ids['multi'][$this->session_number ++];~~






631	}
632
633	set_transient( $transient_name . '_' . $session_id, sha1( AUTH_KEY . $number[$rnd_input] . $session_id, false ), apply_filters( 'math_captcha_time', Math_Captcha()->options['general']['time'] ) );
	@@ -636,7 +655,7 @@ class Math_Captcha_Core {
636	}
637
638	/**
639	- * ~~FLush~~ rewrite rules.
640	*/
641	public function flush_rewrites() {
642	if ( Math_Captcha()->options['general']['flush_rules'] ) {
	@@ -663,7 +682,7 @@ class Math_Captcha_Core {
663	RewriteEngine On
664	RewriteCond %{REQUEST_METHOD} POST
665	RewriteCond %{REQUEST_URI} .wp-comments-post.php*
666	- RewriteCond %{HTTP_REFERER} !.{$~~_SERVER['HTTP_HOST']~~}. [OR]
667	RewriteCond %{HTTP_USER_AGENT} ^$
668	RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
669	</IfModule>
	@@ -676,4 +695,30 @@ EOT;
676	return $rules;
677	}
678


























679	}


51	if ( is_admin() )
52	return;
53
54	+ $action = isset( $_GET['action'] ) && $_GET['action'] !== '' ? $_GET['action'] : null;
55
56	// comments
57	if ( Math_Captcha()->options['general']['enable_for']['comment_form'] ) {

121	$user_data = null;
122
123	// checks captcha
124	+ if ( ! empty( $_POST['mc-value'] ) ) {
125	+ $mc_value = (int) $_POST['mc-value'];
126	+
127	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
128	+ if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $mc_value . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
129	$this->errors->add( 'math-captcha-error', $this->error_messages['wrong'] );
130	} else
131	$this->errors->add( 'math-captcha-error', $this->error_messages['time'] );

165	* @return array
166	*/
167	public function add_user_with_captcha( $login, $email, $errors ) {
168	+ if ( ! empty( $_POST['mc-value'] ) ) {
169	+ $mc_value = (int) $_POST['mc-value'];
170	+
171	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
172	+ if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $mc_value . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
173	$errors->add( 'math-captcha-error', $this->error_messages['wrong'] );
174	} else
175	$errors->add( 'math-captcha-error', $this->error_messages['time'] );

186	* @return array
187	*/
188	public function validate_user_with_captcha( $result ) {
189	+ if ( ! empty( $_POST['mc-value'] ) ) {
190	+ $mc_value = (int) $_POST['mc-value'];
191	+
192	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
193	+ if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $mc_value . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
194	$result['errors']->add( 'math-captcha-error', $this->error_messages['wrong'] );
195	} else
196	$result['errors']->add( 'math-captcha-error', $this->error_messages['time'] );

212	if ( $this->login_failed === false && ! empty( $_POST ) ) {
213	$error = '';
214
215	+ if ( ! empty( $_POST['mc-value'] ) ) {
216	+ $mc_value = (int) $_POST['mc-value'];
217	+
218	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
219	+ if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $mc_value . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
220	$error = 'wrong';
221	} else
222	$error = 'time';

242	// user gave us valid login and password
243	if ( ! is_wp_error( $user ) ) {
244	if ( ! empty( $_POST ) ) {
245	+ if ( ! empty( $_POST['mc-value'] ) ) {
246	+ $mc_value = (int) $_POST['mc-value'];
247	+
248	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
249	+ if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $mc_value . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
250	$error = 'wrong';
251	} else
252	$error = 'time';

288	* @return array
289	*/
290	public function add_comment_with_captcha( $comment ) {
291	+ if ( ! empty( $_POST['mc-value'] ) ) {
292	+ $mc_value = (int) $_POST['mc-value'];
293	+
294	if ( ( ! is_admin() \|\| ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) && ( $comment['comment_type'] === '' \|\| $comment['comment_type'] === 'comment' ) ) {
295	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
296	+ if ( strcmp( get_transient( 'mc_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $mc_value . Math_Captcha()->cookie_session->session_ids['default'], false ) ) === 0 )
297	return $comment;
298	else
299	wp_die( $this->error_messages['wrong'] );

355	* Validate bbpress topics and replies.
356	*/
357	public function check_bbpress_captcha() {
358	+ if ( ! empty( $_POST['mc-value'] ) ) {
359	+ $mc_value = (int) $_POST['mc-value'];
360	+
361	if ( Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient( 'bbp_' . Math_Captcha()->cookie_session->session_ids['default'] ) !== false ) {
362	+ if ( strcmp( get_transient( 'bbp_' . Math_Captcha()->cookie_session->session_ids['default'] ), sha1( AUTH_KEY . $mc_value . Math_Captcha()->cookie_session->session_ids['default'], false ) ) !== 0 )
363	bbp_add_error( 'math-captcha-wrong', $this->error_messages['wrong'] );
364	} else
365	bbp_add_error( 'math-captcha-wrong', $this->error_messages['time'] );

622
623	$transient_name = ($form === 'bbpress' ? 'bbp' : 'mc');
624	$session_id = Math_Captcha()->cookie_session->session_ids['default'];
625	+ } elseif ( $form === 'cf7' ) {

626	$return = array();
627
628	if ( $rnd_input === 0 ) {

640	}
641
642	$transient_name = 'cf7';
643	+
644	+ if ( array_key_exists( $this->session_number, Math_Captcha()->cookie_session->session_ids['multi'] ) )
645	+ $session_id = Math_Captcha()->cookie_session->session_ids['multi'][$this->session_number];
646	+ else
647	+ $session_id = '';
648	+
649	+ $this->session_number++;
650	}
651
652	set_transient( $transient_name . '_' . $session_id, sha1( AUTH_KEY . $number[$rnd_input] . $session_id, false ), apply_filters( 'math_captcha_time', Math_Captcha()->options['general']['time'] ) );

655	}
656
657	/**
658	+ * Flush rewrite rules.
659	*/
660	public function flush_rewrites() {
661	if ( Math_Captcha()->options['general']['flush_rules'] ) {

682	RewriteEngine On
683	RewriteCond %{REQUEST_METHOD} POST
684	RewriteCond %{REQUEST_URI} .wp-comments-post.php*
685	+ RewriteCond %{HTTP_REFERER} !.{$this->get_host()}. [OR]
686	RewriteCond %{HTTP_USER_AGENT} ^$
687	RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
688	</IfModule>

695	return $rules;
696	}
697
698	+ /**
699	+ * Get host.
700	+ *
701	+ * @return string
702	+ */
703	+ private function get_host() {
704	+ $host = '';
705	+
706	+ foreach ( array( 'HTTP_X_FORWARDED_HOST', 'HTTP_HOST', 'SERVER_NAME', 'SERVER_ADDR' ) as $source ) {
707	+ if ( ! empty( $host ) )
708	+ break;
709	+
710	+ if ( empty( $_SERVER[$source] ) )
711	+ continue;
712	+
713	+ $host = $_SERVER[$source];
714	+
715	+ if ( $source === 'HTTP_X_FORWARDED_HOST' ) {
716	+ $elements = explode( ',', $host );
717	+ $host = trim( end( $elements ) );
718	+ }
719	+ }
720	+
721	+ // remove port number from host and return it
722	+ return trim( preg_replace( '/:\d+$/', '', $host ) );
723	+ }
724	}

includes/integrations/contact-form-7.php CHANGED Viewed

	@@ -52,10 +52,20 @@ function wpcf7_mathcaptcha_validation_filter( $result, $tag ) {
52	$name = $tag->name;
53
54	if ( isset( $_POST[$name] ) && $_POST[$name] !== '' && ! is_admin() ) {
55	- $~~session_id~~ = ~~isset~~( ~~$_POST[$name . '-sn']~~ ) && $_POST[$name ~~. '-sn'~~] ~~!== '' ? Math_Captcha()->cookie_session->session_ids['multi'][$_POST[$name . '-sn']] : ''~~;










56
57	if ( $session_id !== '' && get_transient( 'cf7_' . $session_id ) !== false ) {
58	- if ( strcmp( get_transient( 'cf7_' . $session_id ), sha1( AUTH_KEY . $~~_POST[$name]~~ . $session_id, false ) ) !== 0 ) {
59	if ( version_compare( WPCF7_VERSION, '4.1.0', '>=' ) )
60	$result->invalidate( $tag, wpcf7_get_message( 'wrong_mathcaptcha' ) );
61	else {
	@@ -110,7 +120,12 @@ function wpcf7_mathcaptcha_messages( $messages ) {
110	add_action( 'wpcf7_admin_notices', 'wpcf7_mathcaptcha_display_warning_message' );
111
112	function wpcf7_mathcaptcha_display_warning_message() {
113	- if ( ~~empty( $_GET['post'] ) \|\|~~ ! ( $~~contact_form = wpcf7_contact_form( $~~_GET['post'] ) ) )





114	return;
115
116	if ( version_compare( WPCF7_VERSION, '4.6.0', '>=' ) )


52	$name = $tag->name;
53
54	if ( isset( $_POST[$name] ) && $_POST[$name] !== '' && ! is_admin() ) {
55	+ $val = (int) $_POST[$name];
56	+
57	+ if ( isset( $_POST[$name . '-sn'] ) && $_POST[$name . '-sn'] !== '' ) {
58	+ $val_sn = (int) $_POST[$name . '-sn'];
59	+
60	+ if ( array_key_exists( $val_sn, Math_Captcha()->cookie_session->session_ids['multi'] ) )
61	+ $session_id = Math_Captcha()->cookie_session->session_ids['multi'][$val_sn];
62	+ else
63	+ $session_id = '';
64	+ } else
65	+ $session_id = '';
66
67	if ( $session_id !== '' && get_transient( 'cf7_' . $session_id ) !== false ) {
68	+ if ( strcmp( get_transient( 'cf7_' . $session_id ), sha1( AUTH_KEY . $val . $session_id, false ) ) !== 0 ) {
69	if ( version_compare( WPCF7_VERSION, '4.1.0', '>=' ) )
70	$result->invalidate( $tag, wpcf7_get_message( 'wrong_mathcaptcha' ) );
71	else {

120	add_action( 'wpcf7_admin_notices', 'wpcf7_mathcaptcha_display_warning_message' );
121
122	function wpcf7_mathcaptcha_display_warning_message() {
123	+ if ( ! empty( $_GET['post'] ) )
124	+ $id = (int) $_GET['post'];
125	+ else
126	+ return;
127	+
128	+ if ( ! ( $contact_form = wpcf7_contact_form( $id ) ) )
129	return;
130
131	if ( version_compare( WPCF7_VERSION, '4.6.0', '>=' ) )

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: dfactory
3	Donate link: http://www.dfactory.eu/
4	Tags: antispam, capcha, captcha, spam, security, cf7, contact form 7
5	Requires at least: 4.0
6	- Tested up to: 4.9.7
7	- Stable tag: 1.2.8
8	License: MIT License
9	License URI: http://opensource.org/licenses/MIT
10
	@@ -48,6 +48,10 @@ A. Chances are, someone else has asked it. Check out the support forum at: http:
48
49
50




51	= 1.2.8 =
52	* Fix: Potential vulnerability bug
53
	@@ -132,6 +136,6 @@ A. Chances are, someone else has asked it. Check out the support forum at: http:
132
133	== Upgrade Notice ==
134
135	- = 1.2.8 =
136	- * Fix: Potential vulnerability ~~bug~~
137	- * Tweak: ~~Contact~~ ~~Form~~ 7 ~~compatibility~~


3	Donate link: http://www.dfactory.eu/
4	Tags: antispam, capcha, captcha, spam, security, cf7, contact form 7
5	Requires at least: 4.0
6	+ Tested up to: 4.9.8
7	+ Stable tag: 1.2.9
8	License: MIT License
9	License URI: http://opensource.org/licenses/MIT
10

48
49
50
51	+ = 1.2.9 =
52	+ * Fix: Potential vulnerability bugs
53	+ * Tweak: Improve getting server host name for comment blocking
54	+
55	= 1.2.8 =
56	* Fix: Potential vulnerability bug
57

136
137	== Upgrade Notice ==
138
139	+ = 1.2.9 =
140	+ * Fix: Potential vulnerability bugs
141	+ * Tweak: Improve getting server host name for comment blocking

wp-math-captcha.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: Math Captcha
4	Description: Math Captcha is a <strong>100% effective CAPTCHA for WordPress</strong> that integrates into login, registration, comments, Contact Form 7 and bbPress.
5	- Version: 1.2.8
6	Author: dFactory
7	Author URI: http://www.dfactory.eu/
8	Plugin URI: http://www.dfactory.eu/plugins/math-captcha/
	@@ -73,7 +73,7 @@ class Math_Captcha {
73	'deactivation_delete' => false,
74	'flush_rules' => false
75	),
76	- 'version' => '1.2.8'
77	);
78
79	public static function instance() {


2	/*
3	Plugin Name: Math Captcha
4	Description: Math Captcha is a <strong>100% effective CAPTCHA for WordPress</strong> that integrates into login, registration, comments, Contact Form 7 and bbPress.
5	+ Version: 1.2.9
6	Author: dFactory
7	Author URI: http://www.dfactory.eu/
8	Plugin URI: http://www.dfactory.eu/plugins/math-captcha/

73	'deactivation_delete' => false,
74	'flush_rules' => false
75	),
76	+ 'version' => '1.2.9'
77	);
78
79	public static function instance() {