Index: trunk/CHANGELOG
===================================================================
--- trunk/CHANGELOG (revision 639)
+++ trunk/CHANGELOG (revision 640)
@@ -12,7 +12,7 @@
------------------------------------- 2.7.0 -------------------------------------
29-Jan-2008 Thomas Hornik
-# Security bugfix: Text file for text-captcha was readable from everywhere
+# Security bugfix: Text file for text-captcha was world-readable. Moved to database.
# Text-captcha: empty line in test file, following a question, was accepted as answer. Fixed.
28-Jan-2008 Matthias Gallas
# Replaced all special chars in language files with htmlentities or unicode
Index: trunk/wb/include/captcha/captchas/text.php
===================================================================
--- trunk/wb/include/captcha/captchas/text.php (revision 639)
+++ trunk/wb/include/captcha/captchas/text.php (revision 640)
@@ -27,6 +27,7 @@
if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
global $admin;
+global $database;
$name = 'text';
$file = WB_PATH."/temp/.captcha_$name.php";
@@ -34,13 +35,14 @@
$_SESSION['captcha'] = rand(0,99999);
// get questions and answers
-$qa = array();
-@$content = file($file);
-if($content===FALSE) {
- echo 'Error: Can not read text! Enter 0 to solve this captcha';
- $_SESSION['captcha'] = '0';
- return;
+$text_qa='';
+$table = TABLE_PREFIX.'mod_captcha_control';
+if($query = $database->query("SELECT ct_text FROM $table")) {
+ $data = $query->fetchRow();
+ $text_qa = $admin->strip_slashes($data['ct_text']);
}
+$content = explode("\n", $text_qa);
+
reset($content);
while($s = current($content)) {
// get question
@@ -56,6 +58,10 @@
} else {
$lang='XX';
$q=substr($s,1);
+ if($q=='') {
+ next($content);
+ continue;
+ }
}
// get answer
$s=next($content);
@@ -67,7 +73,7 @@
next($content);
}
}
-if($qa == array()) {
+if(!isset($qa) || $qa == array()) {
echo 'Error: no text defined! Enter 0 to solve this captcha';
$_SESSION['captcha'] = '0';
return;
@@ -91,4 +97,4 @@
echo $k;
-?>
\ No newline at end of file
+?>
Index: trunk/wb/modules/captcha_control/tool.php
===================================================================
--- trunk/wb/modules/captcha_control/tool.php (revision 639)
+++ trunk/wb/modules/captcha_control/tool.php (revision 640)
@@ -52,15 +52,11 @@
");
// save text-captchas
- if($_POST['captcha_type'] == 'text') {
+ if($_POST['captcha_type'] == 'text') { // ct_text
$text_qa=$_POST['text_qa'];
if(strpos($text_qa, '### example ###') === FALSE) {
$text_qa=$admin->add_slashes($text_qa);
- $text_qa="\n".$text_qa;
- if($fh = fopen(WB_PATH.'/temp/.captcha_text.php', 'wb')) {
- fwrite($fh, $text_qa);
- fclose($fh);
- }
+ $database->query("UPDATE $table SET ct_text = '$text_qa'");
}
}
@@ -78,14 +74,9 @@
// load text-captchas
$text_qa='';
- if(file_exists(WB_PATH.'/include/captcha/captchas/text.php')) {
- if(file_exists(WB_PATH.'/temp/.captcha_text.php')) {
- @$content = file(WB_PATH.'/temp/.captcha_text.php');
- if($content!==FALSE) {
- $content[0]='';
- $text_qa = $admin->strip_slashes(implode('', $content));
- }
- }
+ if($query = $database->query("SELECT ct_text FROM $table")) {
+ $data = $query->fetchRow();
+ $text_qa = $admin->strip_slashes($data['ct_text']);
}
if($text_qa == '')
$text_qa = $MOD_CAPTCHA_CONTROL['CAPTCHA_TEXT_DESC'];
@@ -199,4 +190,4 @@
\ No newline at end of file
+?>
Index: trunk/wb/modules/captcha_control/install.php
===================================================================
--- trunk/wb/modules/captcha_control/install.php (revision 639)
+++ trunk/wb/modules/captcha_control/install.php (revision 640)
@@ -35,7 +35,8 @@
`captcha_type` VARCHAR(255) NOT NULL DEFAULT 'calc_text',
`asp_session_min_age` INT(11) NOT NULL DEFAULT '20',
`asp_view_min_age` INT(11) NOT NULL DEFAULT '10',
- `asp_input_min_age` INT(11) NOT NULL DEFAULT '5'
+ `asp_input_min_age` INT(11) NOT NULL DEFAULT '5',
+ `ct_text` LONGTEXT NOT NULL DEFAULT ''
)"
);