/**
* Checks the re-captcha response and checks for bad or malicious data
* submissions.
*
* @static
* @access public
* @uses recaptchalib::recaptcha_check_answer()
* @uses recaptchalib::is_valid()
* @uses DekoBoko::checkHeader()
* @uses DekoBoko::checkEmail()
* @returns boolean|array true if message is safe; array of error messages if not
*/
function checkMessage($recaptcha_options, $headers)
{
$errors = array();
$resp = recaptcha_check_answer($recaptcha_options['privkey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$errors[] = "<strong>" . __("ReCAPTCHA error", DEKOBOKO_L10N_NAME) . ":</strong> " . __("your captcha response was incorrect - please try again", DEKOBOKO_L10N_NAME);
}
if (!wp_verify_nonce($_POST['dekoboko_nonce'], 'dekoboko_nonce')) {
$errors[] = "<strong>" . __("Invalid Nonce", DEKOBOKO_L10N_NAME) . "</strong>";
}
foreach ($headers as $header) {
if (DekoBoko::checkHeader($_POST['dekoboko_required'][$header]) === false) {
$errors[] = "<strong>{$header}</strong> " . __("header contains malicious data", DEKOBOKO_L10N_NAME);
}
if (DekoBoko::checkHeader($_POST['dekoboko_optional'][$header]) === false) {
$errors[] = "<strong>{$header}</strong> " . __("header contains malicious data", DEKOBOKO_L10N_NAME);
}
}
foreach ($_POST['dekoboko_required'] as $k => $v) {
if (!strlen($v)) {
$errors[] = __("Required field", DEKOBOKO_L10N_NAME) . " <strong>{$k}</strong> " . __("is blank", DEKOBOKO_L10N_NAME);
}
if (strlen($v) && $k == 'email') {
if (DekoBoko::checkEmail($v) == 0) {
// htmlentities for XSS protection
$errors[] = "<strong>" . htmlentities($v) . "</strong> " . __("is not a valid email address", DEKOBOKO_L10N_NAME);
}
}
}
if (!empty($errors)) {
return $errors;
}
return true;
}
