Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added: protection against tampering with the form fields (author, ema…

…il, url & comment)
  • Loading branch information...
commit bb80adfacbcc6d57057edca0ce9253099cc27f51 1 parent 4ff895f
@netsensei netsensei authored
Showing with 53 additions and 19 deletions.
  1. +24 −8 includes/cache.inc
  2. +29 −11 wp-mollom.php
View
32 includes/cache.inc
@@ -34,11 +34,11 @@ class MollomCache {
* @param string form_id
* The form id which will be stored
*/
- public function create($created, $form_id) {
+ public function create($created, $form_id, $key) {
global $wpdb;
- $data = array('created' => $created, 'mollom_form_id' => $form_id);
- $result = $wpdb->insert($this->cache_table, $data, array('%d', '%s'));
+ $data = array('created' => $created, 'form_id' => $form_id, 'key' => $key);
+ $result = $wpdb->insert($this->cache_table, $data, array('%d', '%s', '%s'));
return $result;
}
@@ -56,7 +56,7 @@ class MollomCache {
public function exists($form_id) {
global $wpdb;
- $result = $wpdb->get_row($wpdb->prepare("SELECT * FROM $this->cache_table WHERE mollom_form_id = %s", $form_id));
+ $result = $wpdb->get_row($wpdb->prepare("SELECT * FROM $this->cache_table WHERE form_id = %s", $form_id));
if (is_null($result)) {
return FALSE;
@@ -77,7 +77,7 @@ class MollomCache {
public function delete($form_id) {
global $wpdb;
- $count = $wpdb->query($wpdb->prepare("DELETE FROM $this->cache_table WHERE mollom_form_id = %s", $form_id));
+ $count = $wpdb->query($wpdb->prepare("DELETE FROM $this->cache_table WHERE form_id = %s", $form_id));
if (!$count) {
return FALSE;
@@ -89,9 +89,25 @@ class MollomCache {
/**
* Flush the cache
*
- * Flushes the cache table of entries which are older then $created.
+ * Flushes the cache table of entries which are older then a certain interval
+ *
+ * @param int $time
+ * A UNIX timestamp
+ * @param int $interval
+ * The interval in seconds. Will be substracted from $time. All entries
+ * older then $time - $intervall will be deleted
+ * @return boolean TRUE when succesfull, FALSE if not
*/
- public function clear($created) {
- // @todo To be implemented
+ public function clear($time, $interval) {
+ global $wpdb;
+
+ $limit = $time - $interval;
+ $count = $wpdb->query($wpdb->prepare("DELETE FROM $this->cache_table WHERE created < %d", $limit));
+
+ if (!$count) {
+ return FALSE;
+ }
+
+ return TRUE;
}
}
View
40 wp-mollom.php
@@ -43,6 +43,9 @@
/* Define the version of the mollom tables */
define( 'MOLLOM_TABLE_VERSION', '2000');
+/* Define the life time a cached form. */
+define( 'MOLLOM_FORM_ID_LIFE_TIME', 300);
+
class WPMollom {
// Static objects as singletons
@@ -158,10 +161,11 @@ function activate() {
// Tabel definition for MOLLOM_CACHE_TABLE
$mollom_cache_tbl_definition = "
`created` BIGINT( 20 ) UNSIGNED NOT NULL DEFAULT '0',
- `mollom_form_ID` VARCHAR( 40 ) NULL DEFAULT NULL,
+ `form_id` VARCHAR( 40 ) NULL DEFAULT NULL,
+ `key` VARCHAR( 128 ) NULL DEFAULT NULL,
UNIQUE (
`created`,
- `mollom_form_ID`
+ `form_id`
)";
mollom_table_install(MOLLOM_TABLE, MOLLOM_TABLE_VERSION, $mollom_tbl_definition);
@@ -533,7 +537,7 @@ private function mollom_show_captcha($comment) {
$variables['attached_form_fields'] = self::mollom_get_fields($comment);
// 3. Cache the form (assign a unique form ID)
- $variables['form_id'] = self::mollom_form_id();
+ $variables['form_id'] = self::mollom_form_id($comment);
// 4. Show the rendered form and kill any further processing of the comment
mollom_theme('show_captcha', $variables);
@@ -547,7 +551,7 @@ function mollom_check_captcha($comment) {
return FALSE;
}
- if (!self::mollom_check_form_id($comment['form_id'])) {
+ if (!self::mollom_check_form_id($comment)) {
return FALSE;
}
@@ -564,14 +568,19 @@ function mollom_check_captcha($comment) {
*
* @return string A hash of the current time + a random number
*/
- private function mollom_form_id() {
+ private function mollom_form_id($comment) {
self::mollom_include('cache.inc');
- $form_id = wp_hash(microtime() . mt_rand());
$time = current_time('timestamp');
+ // Calculate the HMAC. The key is a random generated salted hash
+ $key = wp_hash(mt_rand() . current_time('timestamp'), 'nonce');
+ $data = $comment['author'] . '|' . $comment['email'] . '|' . $comment['comment'] . '|' . $key;
+ $form_id = hash_hmac('sha1', $data, $key);
+
+ // Store it in the cache
$cache = new MollomCache();
- if (!$cache->create($time, $form_id)) {
+ if (!$cache->create($time, $form_id, $key)) {
return FALSE;
}
@@ -589,13 +598,22 @@ private function mollom_form_id() {
* @param string The form id to be checked
* @return boolean TRUE if valid, FALSE if invalid
*/
- private function mollom_check_form_id($form_id) {
+ private function mollom_check_form_id($comment) {
self::mollom_include('cache.inc');
$cache = new MollomCache();
- if ($data = $cache->exists($form_id)) {
- if (($data->created + 3600) >= current_time('timestamp')) {
- $cache->delete($form_id);
+
+ // Clear the cache table of older entries first
+ // Acts as a sort of Poormans cron to keep things clean
+ $time = current_time('timestamp');
+ $cache->clear($time, MOLLOM_FORM_ID_LIFE_TIME);
+
+ // Perform the check
+ if ($cached_data = $cache->exists($comment['form_id'])) {
+ $data = $comment['author'] . '|' . $comment['email'] . '|' . $comment['comment'] . '|' . $cached_data->key;
+ $hmac = hash_hmac('sha1', $data, $cached_data->key);
+ if (($cached_data->created + MOLLOM_FORM_ID_LIFE_TIME) >= current_time('timestamp') && ($cached_data->form_id == $hmac)) {
+ $cache->delete($cached_data->form_id);
return TRUE;
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.