Last active
December 4, 2015 18:54
-
-
Save Traumflug/850fd50085380cb6a6c7 to your computer and use it in GitHub Desktop.
Patches
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 9a236e8c15b86bbfaaa39ccdef7bb0ea12406a5f Mon Sep 17 00:00:00 2001 | |
From: Markus Hitter <mah@jump-ing.de> | |
Date: Fri, 4 Dec 2015 19:08:08 +0100 | |
Subject: Spam protection: require user-agent to be set. | |
While it's easy to set the agent, some spammers don't, so do this | |
simple check to reject them. All legitimate users are expected to | |
actually use a browser, so the field is set and they won't notice | |
the distinction. | |
--- | |
inc/auth.php | 7 +++++++ | |
inc/lang/de/lang.php | 1 + | |
inc/lang/en/lang.php | 1 + | |
3 files changed, 9 insertions(+) | |
diff --git a/inc/auth.php b/inc/auth.php | |
index e62aa65..1ebfb3e 100644 | |
--- a/inc/auth.php | |
+++ b/inc/auth.php | |
@@ -968,6 +968,13 @@ function register() { | |
return false; | |
} | |
+ $browser = $INPUT->server->str('HTTP_USER_AGENT'); | |
+ if(!$browser || !strlen($browser)) { | |
+ msg($lang['regbrowsermissing'], -1); | |
+ return false; | |
+ } | |
+ unset($browser); | |
+ | |
if($conf['autopasswd']) { | |
$pass = auth_pwgen($login); // automatically generate password | |
} elseif(empty($pass) || empty($passchk)) { | |
diff --git a/inc/lang/de/lang.php b/inc/lang/de/lang.php | |
index 111183d..4ebd88b 100644 | |
--- a/inc/lang/de/lang.php | |
+++ b/inc/lang/de/lang.php | |
@@ -94,6 +94,7 @@ $lang['reguexists'] = 'Der Benutzername existiert leider schon.'; | |
$lang['regsuccess'] = 'Der neue Benutzer wurde angelegt und das Passwort per E-Mail versandt.'; | |
$lang['regsuccess2'] = 'Der neue Benutzer wurde angelegt.'; | |
$lang['regfail'] = 'Der Benutzer konnte nicht angelegt werden.'; | |
+$lang['regbrowsermissing'] = 'Die Seite wurde nicht von einem Browser aufgerufen. Als Spam-Bekämpfungsmassnahme wird diese Registrierung nicht akzeptiert.'; | |
$lang['regmailfail'] = 'Offenbar ist ein Fehler beim Versenden der Passwort-E-Mail aufgetreten. Bitte wenden Sie sich an den Wiki-Admin.'; | |
$lang['regbadmail'] = 'Die angegebene E-Mail-Adresse scheint ungültig zu sein. Falls dies ein Fehler ist, wenden Sie sich bitte an den Wiki-Admin.'; | |
$lang['regbadpass'] = 'Die beiden eingegeben Passwörter stimmen nicht überein. Bitte versuchen Sie es noch einmal.'; | |
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php | |
index f894ffc..04989ec 100644 | |
--- a/inc/lang/en/lang.php | |
+++ b/inc/lang/en/lang.php | |
@@ -75,6 +75,7 @@ $lang['reguexists'] = 'Sorry, a user with this login already exists.' | |
$lang['regsuccess'] = 'The user has been created and the password was sent by email.'; | |
$lang['regsuccess2'] = 'The user has been created.'; | |
$lang['regfail'] = 'The user could not be created.'; | |
+$lang['regbrowsermissing'] = 'This page was not opened by a browser. As a spam protection measure we reject this registration attempt.'; | |
$lang['regmailfail'] = 'Looks like there was an error on sending the password mail. Please contact the admin!'; | |
$lang['regbadmail'] = 'The given email address looks invalid - if you think this is an error, contact the admin'; | |
$lang['regbadpass'] = 'The two given passwords are not identical, please try again.'; | |
-- | |
2.5.0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment