Changeset 7350 for sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/inc/recaptcha.php
- Timestamp:
- 06/29/2018 08:57:02 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/inc/recaptcha.php
r7218 r7350 2 2 /** 3 3 * Functions for reCAPTCHA. 4 * 5 * @package WordPressdotorg\MainTheme 4 6 */ 7 5 8 namespace WordPressdotorg\MainTheme\reCAPTCHA; 6 9 10 /** 11 * Enqueues reCAPTCHA scripts. 12 * 13 * @param mixed $form_id Form ID. 14 */ 7 15 function enqueue_script( $form_id ) { 8 16 if ( ! defined( 'RECAPTCHA_INVIS_PUBKEY' ) ) { … … 11 19 12 20 wp_enqueue_script( 'recaptcha-api', 'https://www.google.com/recaptcha/api.js', array(), '2' ); 13 wp_add_inline_script( 'recaptcha-api', 'function reCAPTCHAPostSubmit(token) { document.getElementById(' . json_encode( (string)$form_id ) . ').submit(); }' );21 wp_add_inline_script( 'recaptcha-api', 'function reCAPTCHAPostSubmit(token) { document.getElementById(' . wp_json_encode( (string) $form_id ) . ').submit(); }' ); 14 22 } 15 23 24 /** 25 * Displays a submit button. 26 * 27 * @param string $submit_text Button text. 28 * @param string $classes CSS classes. 29 */ 16 30 function display_submit_button( $submit_text = 'Submit', $classes = 'button' ) { 17 31 echo '<input' . … … 25 39 } 26 40 41 // phpcs:disable WordPress.VIP, WordPress.CSRF.NonceVerification.NoNonceVerification 42 43 /** 44 * Response status. 45 * 46 * @return bool 47 */ 27 48 function check_status() { 28 49 // If reCAPTCHA is not setup, skip it. … … 37 58 $verify = array( 38 59 'secret' => RECAPTCHA_INVIS_PRIVKEY, 39 'remoteip' => $_SERVER['REMOTE_ADDR'],40 'response' => $_POST['g-recaptcha-response'],60 'remoteip' => wp_unslash( $_SERVER['REMOTE_ADDR'] ), 61 'response' => wp_unslash( $_POST['g-recaptcha-response'] ), 41 62 ); 42 63 43 64 $resp = wp_remote_post( 'https://www.google.com/recaptcha/api/siteverify', array( 'body' => $verify ) ); 44 65 45 if ( is_wp_error( $resp ) || 200 != wp_remote_retrieve_response_code( $resp ) ) {66 if ( is_wp_error( $resp ) || 200 !== wp_remote_retrieve_response_code( $resp ) ) { 46 67 return false; 47 68 }
Note: See TracChangeset
for help on using the changeset viewer.