Making WordPress.org

Changeset 11631


Ignore:
Timestamp:
03/03/2022 07:56:16 AM (2 years ago)
Author:
dd32
Message:

Login: Properly block/require manual approval of signup attempts where reCaptcha v3 fails on the create step.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php

    r11620 r11631  
    6969        unset( $_POST['user_pass'] );
    7070        $error_recapcha_status = true;
     71    }
    7172
    72         // Store for reference.
    73         if ( isset( $_POST['_reCaptcha_v3_token'] ) ) {
    74             $recaptcha_api = wporg_login_recaptcha_api(
    75                 $_POST['_reCaptcha_v3_token'],
    76                 RECAPTCHA_V3_PRIVKEY
    77             );
    78             if ( $recaptcha_api && $recaptcha_api['success'] && 'pending_create' == $recaptcha_api['action'] ) {
    79                 $pending_user['scores']['create_attempt'] = $recaptcha_api['score'];
    80             } // else: probably `timeout-or-duplicate` or w.org network error.
    81         }
     73    // Store for reference.
     74    if ( isset( $_POST['_reCaptcha_v3_token'] ) ) {
     75        $recaptcha_api = wporg_login_recaptcha_api(
     76            $_POST['_reCaptcha_v3_token'],
     77            RECAPTCHA_V3_PRIVKEY
     78        );
     79        if ( $recaptcha_api && $recaptcha_api['success'] && 'pending_create' == $recaptcha_api['action'] ) {
     80            $pending_user['scores']['create_attempt'] = $recaptcha_api['score'];
     81        } // else: probably `timeout-or-duplicate` or w.org network error.
     82    }
    8283
    83         // Allow a recaptcha fail to try again, but if they're blocked due to low score, mark them as needing approval.
    84         if (
    85             ! empty( $pending_user['scores']['create_attempt'] ) &&
    86             (float) $pending_user['scores']['create_attempt'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 )
    87         ) {
    88             $pending_user['cleared'] = 0;
    89         }
     84    // Allow a recaptcha fail to try again, but if they're blocked due to low score, mark them as needing approval.
     85    if (
     86        $error_recapcha_status &&
     87        ! empty( $pending_user['scores']['create_attempt'] ) &&
     88        (float) $pending_user['scores']['create_attempt'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 )
     89    ) {
     90        $pending_user['cleared'] = 0;
    9091    }
    9192
Note: See TracChangeset for help on using the changeset viewer.