From ebc5e1ead087537fbe764984a99c96e6e7ee7d6e Mon Sep 17 00:00:00 2001 From: wordlesswind Date: Sun, 13 Nov 2022 01:22:01 +0800 Subject: [PATCH 1/4] [ticket/16105] Use Google reCAPTCHA globally PHPBB3-16105 --- phpBB/phpbb/captcha/plugins/recaptcha.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/captcha/plugins/recaptcha.php b/phpBB/phpbb/captcha/plugins/recaptcha.php index b7c0b5f5e2..bc6682b468 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha.php @@ -15,8 +15,8 @@ namespace phpbb\captcha\plugins; class recaptcha extends captcha_abstract { - var $recaptcha_server = 'http://www.google.com/recaptcha/api'; - var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :( + var $recaptcha_server = 'http://www.recaptcha.net/recaptcha/api'; + var $recaptcha_server_secure = 'https://www.recaptcha.net/recaptcha/api'; // class constants :( var $response; From c66923bafc0a35b3da6728dd2b118dc34ca5fe62 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 20 Nov 2022 16:42:52 +0100 Subject: [PATCH 2/4] [ticket/16105] Add domain selection to recaptcha v2 & check against list PHPBB3-16105 --- phpBB/adm/style/captcha_recaptcha_acp.html | 14 ++++++++++++++ phpBB/phpbb/captcha/plugins/recaptcha.php | 14 +++++++++++--- phpBB/phpbb/captcha/plugins/recaptcha_v3.php | 17 +++++++++++++++-- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/phpBB/adm/style/captcha_recaptcha_acp.html b/phpBB/adm/style/captcha_recaptcha_acp.html index 67176ebd07..c31cfa7a1b 100644 --- a/phpBB/adm/style/captcha_recaptcha_acp.html +++ b/phpBB/adm/style/captcha_recaptcha_acp.html @@ -21,6 +21,20 @@
+
+
+ +
{{ lang('RECAPTCHA_V3_DOMAIN_EXPLAIN') }} +
+
+ {% for domain in RECAPTCHA_V2_DOMAINS %} + + {% endfor %} +
+
diff --git a/phpBB/phpbb/captcha/plugins/recaptcha.php b/phpBB/phpbb/captcha/plugins/recaptcha.php index bc6682b468..4cf90b5feb 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha.php @@ -94,6 +94,12 @@ class recaptcha extends captcha_abstract } } + $recaptcha_domain = $request->variable('recaptcha_v2_domain', '', true); + if (in_array($recaptcha_domain, recaptcha_v3::$supported_domains)) + { + $config->set('recaptcha_v2_domain', $recaptcha_domain); + } + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_VISUAL'); trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($module->u_action)); } @@ -110,9 +116,11 @@ class recaptcha extends captcha_abstract } $template->assign_vars(array( - 'CAPTCHA_PREVIEW' => $this->get_demo_template($id), - 'CAPTCHA_NAME' => $this->get_service_name(), - 'U_ACTION' => $module->u_action, + 'CAPTCHA_PREVIEW' => $this->get_demo_template($id), + 'CAPTCHA_NAME' => $this->get_service_name(), + 'RECAPTCHA_V2_DOMAIN' => $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE, + 'RECAPTCHA_V2_DOMAINS' => recaptcha_v3::$supported_domains, + 'U_ACTION' => $module->u_action, )); } diff --git a/phpBB/phpbb/captcha/plugins/recaptcha_v3.php b/phpBB/phpbb/captcha/plugins/recaptcha_v3.php index cc81da7b9d..670be51772 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha_v3.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha_v3.php @@ -30,6 +30,14 @@ class recaptcha_v3 extends captcha_abstract */ const GOOGLE = 'google.com'; const RECAPTCHA = 'recaptcha.net'; + CONST RECAPTCHA_CN = 'recaptcha.google.cn'; + + /** @var string[] List of supported domains */ + static public $supported_domains = [ + self::GOOGLE, + self::RECAPTCHA, + self::RECAPTCHA_CN + ]; /** @var array CAPTCHA types mapped to their action */ static protected $actions = [ @@ -180,9 +188,14 @@ class recaptcha_v3 extends captcha_abstract trigger_error($language->lang('EMPTY_RECAPTCHA_V3_REQUEST_METHOD') . adm_back_link($module->u_action), E_USER_WARNING); } + $recaptcha_domain = $request->variable('recaptcha_v3_domain', '', true); + if (in_array($recaptcha_domain, self::$supported_domains)) + { + $config->set('recaptcha_v3_domain', $recaptcha_domain); + } + $config->set('recaptcha_v3_key', $request->variable('recaptcha_v3_key', '', true)); $config->set('recaptcha_v3_secret', $request->variable('recaptcha_v3_secret', '', true)); - $config->set('recaptcha_v3_domain', $request->variable('recaptcha_v3_domain', '', true)); $config->set('recaptcha_v3_method', $recaptcha_v3_method); foreach (self::$actions as $action) @@ -211,7 +224,7 @@ class recaptcha_v3 extends captcha_abstract 'RECAPTCHA_V3_SECRET' => $config['recaptcha_v3_secret'] ?? '', 'RECAPTCHA_V3_DOMAIN' => $config['recaptcha_v3_domain'] ?? self::GOOGLE, - 'RECAPTCHA_V3_DOMAINS' => [self::GOOGLE, self::RECAPTCHA], + 'RECAPTCHA_V3_DOMAINS' => self::$supported_domains, 'RECAPTCHA_V3_METHOD' => $config['recaptcha_v3_method'] ?? '', 'RECAPTCHA_V3_METHODS' => [ From b828efa9e6dc432b6f3f028be7b5890a6fdb6e65 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 20 Nov 2022 16:51:17 +0100 Subject: [PATCH 3/4] [ticket/16105] Use domain setting for recaptcha v2 as well PHPBB3-16105 --- phpBB/phpbb/captcha/plugins/recaptcha.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/phpBB/phpbb/captcha/plugins/recaptcha.php b/phpBB/phpbb/captcha/plugins/recaptcha.php index 4cf90b5feb..4292080390 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha.php @@ -15,18 +15,13 @@ namespace phpbb\captcha\plugins; class recaptcha extends captcha_abstract { - var $recaptcha_server = 'http://www.recaptcha.net/recaptcha/api'; - var $recaptcha_server_secure = 'https://www.recaptcha.net/recaptcha/api'; // class constants :( - - var $response; + private $response; /** * Constructor */ public function __construct() { - global $request; - $this->recaptcha_server = $request->is_secure() ? $this->recaptcha_server_secure : $this->recaptcha_server; } function init($type) @@ -148,9 +143,10 @@ class recaptcha extends captcha_abstract { $contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx); $explain = $user->lang(($this->type != CONFIRM_POST) ? 'CONFIRM_EXPLAIN' : 'POST_CONFIRM_EXPLAIN', '', ''); + $domain = $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE; $template->assign_vars(array( - 'RECAPTCHA_SERVER' => $this->recaptcha_server, + 'RECAPTCHA_SERVER' => sprintf('//%1$s/recaptcha/api', $domain), 'RECAPTCHA_PUBKEY' => isset($config['recaptcha_pubkey']) ? $config['recaptcha_pubkey'] : '', 'S_RECAPTCHA_AVAILABLE' => self::is_available(), 'S_CONFIRM_CODE' => true, From ad9e5e68910a96bb0090083ae7de0bebb0116fa0 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 20 Nov 2022 20:01:23 +0100 Subject: [PATCH 4/4] [ticket/16105] Replace const with lowercase version PHPBB3-16105 --- phpBB/phpbb/captcha/plugins/recaptcha_v3.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/captcha/plugins/recaptcha_v3.php b/phpBB/phpbb/captcha/plugins/recaptcha_v3.php index 670be51772..6afa18691f 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha_v3.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha_v3.php @@ -30,7 +30,7 @@ class recaptcha_v3 extends captcha_abstract */ const GOOGLE = 'google.com'; const RECAPTCHA = 'recaptcha.net'; - CONST RECAPTCHA_CN = 'recaptcha.google.cn'; + const RECAPTCHA_CN = 'recaptcha.google.cn'; /** @var string[] List of supported domains */ static public $supported_domains = [