diff options
Diffstat (limited to 'plugins/jetpack/modules/protect/math-fallback.php')
-rw-r--r-- | plugins/jetpack/modules/protect/math-fallback.php | 70 |
1 files changed, 44 insertions, 26 deletions
diff --git a/plugins/jetpack/modules/protect/math-fallback.php b/plugins/jetpack/modules/protect/math-fallback.php index 583358f7..bc29fa86 100644 --- a/plugins/jetpack/modules/protect/math-fallback.php +++ b/plugins/jetpack/modules/protect/math-fallback.php @@ -23,6 +23,10 @@ if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) { } } + private static function time_window() { + return ceil( time() / ( MINUTE_IN_SECONDS * 2 ) ); + } + /** * Verifies that a user answered the math problem correctly while logging in. * @@ -31,11 +35,6 @@ if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) { * @throws Error message if the math is wrong */ static function math_authenticate() { - $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); - $ans = isset( $_POST['jetpack_protect_num'] ) ? (int) $_POST['jetpack_protect_num'] : '' ; - $salted_ans = sha1( $salt . $ans ); - $correct_ans = isset( $_POST[ 'jetpack_protect_answer' ] ) ? $_POST[ 'jetpack_protect_answer' ] : '' ; - if( isset( $_COOKIE[ 'jpp_math_pass' ] ) ) { $jetpack_protect = Jetpack_Protect_Module::instance(); $transient = $jetpack_protect->get_transient( 'jpp_math_pass_' . $_COOKIE[ 'jpp_math_pass' ] ); @@ -46,9 +45,17 @@ if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) { return true; } - if ( ! $correct_ans || !$_POST['jetpack_protect_num'] ) { + $ans = isset( $_POST['jetpack_protect_num'] ) ? (int) $_POST['jetpack_protect_num'] : '' ; + $correct_ans = isset( $_POST[ 'jetpack_protect_answer' ] ) ? $_POST[ 'jetpack_protect_answer' ] : '' ; + + $time_window = Jetpack_Protect_Math_Authenticate::time_window(); + $salt = get_site_option( 'jetpack_protect_key' ) . '|' . get_site_option( 'admin_email' ) . '|'; + $salted_ans_1 = hash_hmac( 'sha1', $ans, $salt . $time_window ); + $salted_ans_2 = hash_hmac( 'sha1', $ans, $salt . ( $time_window - 1 ) ); + + if ( ! $correct_ans || ! $ans ) { Jetpack_Protect_Math_Authenticate::generate_math_page(); - } elseif ( $salted_ans != $correct_ans ) { + } elseif ( ! hash_equals( $salted_ans_1, $correct_ans ) && ! hash_equals( $salted_ans_2, $correct_ans ) ) { wp_die( __( '<strong>You failed to correctly answer the math problem.</strong> This is used to combat spam when the Protect API is unavailable. Please use your browser\'s back button to return to the login form, press the "refresh" button to generate a new math problem, and try to log in again.', 'jetpack' ), '', @@ -65,22 +72,17 @@ if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) { * @return none, execution stopped */ static function generate_math_page( $error = false ) { - $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); - $num1 = rand( 0, 10 ); - $num2 = rand( 1, 10 ); - $sum = $num1 + $num2; - $ans = sha1( $salt . $sum ); ob_start(); ?> - <h2><?php _e( 'Please solve this math problem to prove that you are not a bot. Once you solve it, you will need to log in again.', 'jetpack' ); ?></h2> + <h2><?php esc_html_e( 'Please solve this math problem to prove that you are not a bot. Once you solve it, you will need to log in again.', 'jetpack' ); ?></h2> <?php if ($error): ?> - <h3><?php _e( 'Your answer was incorrect, please try again.', 'jetpack' ); ?></h3> + <h3><?php esc_html_e( 'Your answer was incorrect, please try again.', 'jetpack' ); ?></h3> <?php endif ?> <form action="<?php echo wp_login_url(); ?>" method="post" accept-charset="utf-8"> <?php Jetpack_Protect_Math_Authenticate::math_form(); ?> <input type="hidden" name="jetpack_protect_process_math_form" value="1" id="jetpack_protect_process_math_form" /> - <p><input type="submit" value="<?php esc_html_e( 'Continue →', 'jetpack' ); ?>"></p> + <p><input type="submit" value="<?php esc_attr_e( 'Continue →', 'jetpack' ); ?>"></p> </form> <?php $mathpage = ob_get_contents(); @@ -93,19 +95,23 @@ if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) { } public function process_generate_math_page() { - $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); - $ans = (int)$_POST['jetpack_protect_num']; - $salted_ans = sha1( $salt . $ans ); - $correct_ans = $_POST[ 'jetpack_protect_answer' ]; + $ans = isset( $_POST['jetpack_protect_num'] ) ? (int)$_POST['jetpack_protect_num'] : ''; + $correct_ans = isset( $_POST[ 'jetpack_protect_answer' ] ) ? $_POST[ 'jetpack_protect_answer' ] : '' ; + + $time_window = Jetpack_Protect_Math_Authenticate::time_window(); + $salt = get_site_option( 'jetpack_protect_key' ) . '|' . get_site_option( 'admin_email' ) . '|'; + $salted_ans_1 = hash_hmac( 'sha1', $ans, $salt . $time_window ); + $salted_ans_2 = hash_hmac( 'sha1', $ans, $salt . ( $time_window - 1 ) ); - if ( $salted_ans != $correct_ans ) { + if ( ! hash_equals( $salted_ans_1, $correct_ans ) && ! hash_equals( $salted_ans_2, $correct_ans ) ) { Jetpack_Protect_Math_Authenticate::generate_math_page(true); } else { - $temp_pass = substr( sha1( rand( 1, 100000000 ) . get_site_option( 'jetpack_protect_key' ) ), 5, 25 ); + $temp_pass = substr( hash_hmac( 'sha1', rand( 1, 100000000 ), get_site_option( 'jetpack_protect_key' ) ), 5, 25 ); $jetpack_protect = Jetpack_Protect_Module::instance(); $jetpack_protect->set_transient( 'jpp_math_pass_' . $temp_pass, 3, DAY_IN_SECONDS ); setcookie('jpp_math_pass', $temp_pass, time() + DAY_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN, false); + remove_action( 'login_form', array( $this, 'math_form' ) ); return true; } } @@ -116,11 +122,23 @@ if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) { * @return VOID outputs html */ static function math_form() { - $salt = get_site_option( 'jetpack_protect_key' ) . get_site_option( 'admin_email' ); + // Check if jpp_math_pass cookie is set and it matches valid transient + if( isset( $_COOKIE[ 'jpp_math_pass' ] ) ) { + $jetpack_protect = Jetpack_Protect_Module::instance(); + $transient = $jetpack_protect->get_transient( 'jpp_math_pass_' . $_COOKIE[ 'jpp_math_pass' ] ); + + if( $transient && $transient > 0 ) { + return ''; + } + } + $num1 = rand( 0, 10 ); $num2 = rand( 1, 10 ); - $sum = $num1 + $num2; - $ans = sha1( $salt . $sum ); + $ans = $num1 + $num2; + + $time_window = Jetpack_Protect_Math_Authenticate::time_window(); + $salt = get_site_option( 'jetpack_protect_key' ) . '|' . get_site_option( 'admin_email' ) . '|'; + $salted_ans = hash_hmac( 'sha1', $ans, $salt . $time_window ); ?> <div style="margin: 5px 0 20px;"> <label for="jetpack_protect_answer"> @@ -128,10 +146,10 @@ if ( ! class_exists( 'Jetpack_Protect_Math_Authenticate' ) ) { </label> <br/> <span style="vertical-align:super;"> - <?php echo "$num1 + $num2 = "; ?> + <?php echo esc_html( "$num1 + $num2 = " ); ?> </span> <input type="text" id="jetpack_protect_answer" name="jetpack_protect_num" value="" size="2" style="width:30px;height:25px;vertical-align:middle;font-size:13px;" class="input" /> - <input type="hidden" name="jetpack_protect_answer" value="<?php echo $ans; ?>" /> + <input type="hidden" name="jetpack_protect_answer" value="<?php echo esc_attr( $salted_ans ); ?>" /> </div> <?php } |