diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2021-05-28 11:13:28 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-28 11:13:28 +0300 |
commit | fd5fa561389b1e72ddc966e6f575ddfb46072c67 (patch) | |
tree | 7023ee8f11382ac4ff72d312f7b1bcb77b719c0a /page-ionos.php | |
parent | 32f5772c9fdd641ba68112dbf29074fe05758c43 (diff) |
Fix several security concerns (#1471)
* Use REMOTE_ADDR field
The other ones are not used at all. This would allow someone to spoof
the configured IP address and bypass any rate limit.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add basic ratelimiting class
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Remove Mautic submission form
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Replace captcha with ratelimiter
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Space + tabs
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Dont check if no REDIS is defined in config
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'page-ionos.php')
-rw-r--r-- | page-ionos.php | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/page-ionos.php b/page-ionos.php index ce3aca62..32a51a88 100644 --- a/page-ionos.php +++ b/page-ionos.php @@ -1,6 +1,5 @@ <head> <link href="<?php echo get_template_directory_uri(); ?>/assets/css/pages/ionos.css?v=4" rel="stylesheet"> -<!-- <script src='https://www.google.com/recaptcha/api.js'></script> --> <!-- I need this for the last script on the page to work, require.js seems to not make jquery available in the page js :( --> <script src='<?php echo get_template_directory_uri(); ?>/assets/js/old/vendor/jquery-1.10.2.min.js'></script> @@ -22,26 +21,6 @@ </div> </section> -<?php - -$int1 = random_int(0, 15); -$int2 = random_int(0, 50); -$salt = bin2hex(random_bytes(5)); -$hash = hash('sha256', $salt . ($int1 + $int2)); -$checksum = $salt . ':' . $hash; - -$image = imagecreate(100, 20); -$background_color = imagecolorallocate($image, 255, 255, 255); -$text_color = imagecolorallocate($image, 0, 0, 0); -imagestring($image, 5, 3, 2, $int1 . ' + ' . $int2, $text_color); - -ob_start(); -imagepng($image); -$imagestring = ob_get_contents(); -ob_end_clean(); -imagedestroy($image); -?> - <section class="section--intro"> <div class="container"> <div class="row"> @@ -279,12 +258,6 @@ imagedestroy($image); <textarea name="comments" maxlength="2000" cols="80" rows="8" placeholder="<?php echo $l->t('Questions, comments, special needs? Do you represent a government, educational or charitable business or need more than 200 users? Let us know and we can provide you a custom offer or answers to your questions.');?>"></textarea></label></p> <p><input type="checkbox" name="terms" value="terms" onChange="doCalculation()"> <?php echo $l->t('I have read and agree to the');?> <a class="hyperlink" href="<?php echo get_template_directory_uri(); ?>/assets/files/termsfornextcloudorder.pdf"><?php echo $l->t('terms and conditions');?> <i class="fa fa-external-link" aria-hidden="true"></i></a> <?php echo $l->t('and understand and agree we share your details with our partners Viakom and IONOS for processing.');?></p> <p><?php echo $l->t('Note: all prices excl. VAT');?></p> - <p><label for="captcha"><?php echo $l->t('Please calculate the following sum');?> <span></span><br> - <img src="data:image/png;base64,<?php echo base64_encode($imagestring); ?>"><br> - <input type="text" name="captcha" maxlength="20" size="20" placeholder="13"></label></p> - <input type="hidden" name="checksum" value="<?php echo $checksum;?>"> - <td colspan="2" style="text-align:center"> - <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITEKEY; ?>"></div> <input type="submit" name="submit" value=" Order Now " disabled="disabled" class="button button--blue"><br /> <span id="form-error"><?php echo $l->t('Some required fields are not filled. Scroll up to check what the problem is. Note the form does not support special characters.'); ?></span> </form> |