diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2021-05-28 11:13:28 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-28 11:13:28 +0300 |
commit | fd5fa561389b1e72ddc966e6f575ddfb46072c67 (patch) | |
tree | 7023ee8f11382ac4ff72d312f7b1bcb77b719c0a /page-encryption.php | |
parent | 32f5772c9fdd641ba68112dbf29074fe05758c43 (diff) |
Fix several security concerns (#1471)
* Use REMOTE_ADDR field
The other ones are not used at all. This would allow someone to spoof
the configured IP address and bypass any rate limit.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add basic ratelimiting class
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Remove Mautic submission form
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Replace captcha with ratelimiter
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Space + tabs
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Dont check if no REDIS is defined in config
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'page-encryption.php')
-rw-r--r-- | page-encryption.php | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/page-encryption.php b/page-encryption.php index 90450a7f..3cd89ccc 100644 --- a/page-encryption.php +++ b/page-encryption.php @@ -65,11 +65,6 @@ <h2><?php echo $l->t('Server-side Encryption');?></h2> <form name="whitepaper" method="post" action="<?php echo home_url('whitepaper-submit') ?>"> <p><label for="email"><?php echo $l->t('Download our free whitepaper');?><br> - <td colspan="2" style="text-align:center"> - <div class=""> - <div id="RecaptchaField2"></div> - </div> - </td> <input type="hidden" name="segmentId" value="11"> <input type="hidden" name="firstname" value=""> <input type="hidden" name="requesttime" value="<?php echo time(); ?>"> |