Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

handling recaptcha on the PHP side

Browse Source
This commit is contained in:
Amine Ben hammou
2017-12-18 18:28:42 +00:00
parent a05f9bf97b
commit caa0623112
4 changed files with 50 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/API/JSON/API.php
View File

@ -2,6 +2,7 @@
namespace MailPoet\API\JSON;
use MailPoet\Config\AccessControl;
use MailPoet\Models\Setting;
use MailPoet\Util\Helpers;
use MailPoet\Util\Security;
use MailPoet\WP\Hooks;
@ -56,7 +57,13 @@ class API {
Hooks::doAction('mailpoet_api_setup', array($this));
$this->setRequestData($_POST);
if($this->checkToken() === false) {
$ignoreToken = (
Setting::getValue('re_captcha.enabled') &&
$this->_request_endpoint == 'subscribers' &&
$this->_request_method == 'subscribe'
);
if(!$ignoreToken && $this->checkToken() === false) {
$error_message = __('Sorry, but we couldn\'t connect to the MailPoet server. Please refresh the web page and try again.', 'mailpoet');
$error_response = $this->createErrorResponse(Error::UNAUTHORIZED, $error_message, Response::STATUS_UNAUTHORIZED);
return $error_response->send();

25
lib/API/JSON/v1/Subscribers.php
View File

@ -5,9 +5,10 @@ namespace MailPoet\API\JSON\v1;
use MailPoet\API\JSON\Endpoint as APIEndpoint;
use MailPoet\API\JSON\Error as APIError;
use MailPoet\Config\AccessControl;
use MailPoet\Listing;
use MailPoet\Form\Util\FieldNameObfuscator;
use MailPoet\Listing;
use MailPoet\Models\Form;
use MailPoet\Models\Setting;
use MailPoet\Models\StatisticsForms;
use MailPoet\Models\Subscriber;
use MailPoet\Newsletter\Scheduler\Scheduler;
@ -76,6 +77,8 @@ class Subscribers extends APIEndpoint {
$form = Form::findOne($form_id);
unset($data['form_id']);
$recaptcha = Setting::getValue('re_captcha');
if(!$form) {
return $this->badRequest(array(
APIError::BAD_REQUEST => __('Please specify a valid form ID.', 'mailpoet')
@ -87,6 +90,26 @@ class Subscribers extends APIEndpoint {
));
}
if($recaptcha['enabled'] && !isset($data['recaptcha'])) {
return $this->badRequest(array(
APIError::BAD_REQUEST => __('Please check the reCAPTCHA.', 'mailpoet')
));
}
if($recaptcha['enabled']) {
$res = wp_remote_post('https://www.google.com/recaptcha/api/siteverify', array(
'body' => array(
'secret' => $recaptcha['secret_token'],
'response' => $data['recaptcha']
)
));
if(is_wp_error($res) || !$res['body']['success']) {
return $this->badRequest(array(
APIError::BAD_REQUEST => __('Error while validating the reCAPTCHA.', 'mailpoet')
));
}
}
$data = $this->deobfuscateFormPayload($data);
$segment_ids = (!empty($data['segments'])