diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2021-05-28 11:13:28 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-28 11:13:28 +0300 |
commit | fd5fa561389b1e72ddc966e6f575ddfb46072c67 (patch) | |
tree | 7023ee8f11382ac4ff72d312f7b1bcb77b719c0a /page-healthcare.php | |
parent | 32f5772c9fdd641ba68112dbf29074fe05758c43 (diff) |
Fix several security concerns (#1471)
* Use REMOTE_ADDR field
The other ones are not used at all. This would allow someone to spoof
the configured IP address and bypass any rate limit.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add basic ratelimiting class
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Remove Mautic submission form
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Replace captcha with ratelimiter
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Space + tabs
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Dont check if no REDIS is defined in config
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'page-healthcare.php')
-rw-r--r-- | page-healthcare.php | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/page-healthcare.php b/page-healthcare.php index 776304b1..7f25e509 100644 --- a/page-healthcare.php +++ b/page-healthcare.php @@ -7,13 +7,7 @@ require(["require.config"], function() { require(["pages/education", "modules/submenu", "bootstrap"]) }); </script> -<!--<script src="https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit" async defer></script> -<script type="text/javascript"> - var CaptchaCallback = function() { - grecaptcha.render('RecaptchaField1', {'sitekey' : '<?php echo RECAPTCHA_SITEKEY; ?>'}); - grecaptcha.render('RecaptchaField2', {'sitekey' : '<?php echo RECAPTCHA_SITEKEY; ?>'}); - }; -</script>--> + <meta itemprop="image" content="<?php echo get_template_directory_uri(); ?>/assets/img/headers/dicom.jpg"> <meta name="twitter:image" content="<?php echo get_template_directory_uri(); ?>/assets/img/headers/dicom.jpg"> <meta name="twitter:image:src" content="<?php echo get_template_directory_uri(); ?>/assets/img/headers/dicom.jpg"> @@ -60,11 +54,6 @@ require(["require.config"], function() { <form name="whitepaper" method="post" action="<?php echo home_url('whitepaper-submit') ?>"> <p><label for="email"> - <td colspan="2" style="text-align:center"> - <div class=""> - <div id="RecaptchaField1"></div> - </div> - </td> <input type="hidden" name="segmentId" value="2"> <input type="hidden" name="firstname" value=""> <input type="hidden" name="requesttime" value="<?php echo time(); ?>"> |