diff options
Diffstat (limited to 'plugins/jetpack/modules/sharedaddy/recaptcha.php')
-rw-r--r-- | plugins/jetpack/modules/sharedaddy/recaptcha.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/plugins/jetpack/modules/sharedaddy/recaptcha.php b/plugins/jetpack/modules/sharedaddy/recaptcha.php index 3e4fc915..58ae6563 100644 --- a/plugins/jetpack/modules/sharedaddy/recaptcha.php +++ b/plugins/jetpack/modules/sharedaddy/recaptcha.php @@ -61,6 +61,7 @@ class Jetpack_ReCaptcha { 'invalid-input-response' => __( 'The response parameter is invalid or malformed', 'jetpack' ), 'invalid-json' => __( 'Invalid JSON', 'jetpack' ), 'unexpected-response' => __( 'Unexpected response', 'jetpack' ), + 'unexpected-hostname' => __( 'Unexpected hostname', 'jetpack' ), ); } @@ -128,6 +129,14 @@ class Jetpack_ReCaptcha { return new WP_Error( $error_code, $error_message ); } + // Validate the hostname matches expected source + if ( isset( $resp_decoded['hostname'] ) ) { + $url = wp_parse_url( get_home_url() ); + if ( $url['host'] !== $resp_decoded['hostname'] ) { + return new WP_Error( 'unexpected-host', $this->error_codes['unexpected-hostname'] ); + } + } + return true; } |