/** * Checks the re-captcha response and checks for bad or malicious data * submissions. * * @static * @access public * @uses recaptchalib::recaptcha_check_answer() * @uses recaptchalib::is_valid() * @uses DekoBoko::checkHeader() * @uses DekoBoko::checkEmail() * @returns boolean|array true if message is safe; array of error messages if not */ function checkMessage($recaptcha_options, $headers) { $errors = array(); $resp = recaptcha_check_answer($recaptcha_options['privkey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $errors[] = "<strong>" . __("ReCAPTCHA error", DEKOBOKO_L10N_NAME) . ":</strong> " . __("your captcha response was incorrect - please try again", DEKOBOKO_L10N_NAME); } if (!wp_verify_nonce($_POST['dekoboko_nonce'], 'dekoboko_nonce')) { $errors[] = "<strong>" . __("Invalid Nonce", DEKOBOKO_L10N_NAME) . "</strong>"; } foreach ($headers as $header) { if (DekoBoko::checkHeader($_POST['dekoboko_required'][$header]) === false) { $errors[] = "<strong>{$header}</strong> " . __("header contains malicious data", DEKOBOKO_L10N_NAME); } if (DekoBoko::checkHeader($_POST['dekoboko_optional'][$header]) === false) { $errors[] = "<strong>{$header}</strong> " . __("header contains malicious data", DEKOBOKO_L10N_NAME); } } foreach ($_POST['dekoboko_required'] as $k => $v) { if (!strlen($v)) { $errors[] = __("Required field", DEKOBOKO_L10N_NAME) . " <strong>{$k}</strong> " . __("is blank", DEKOBOKO_L10N_NAME); } if (strlen($v) && $k == 'email') { if (DekoBoko::checkEmail($v) == 0) { // htmlentities for XSS protection $errors[] = "<strong>" . htmlentities($v) . "</strong> " . __("is not a valid email address", DEKOBOKO_L10N_NAME); } } } if (!empty($errors)) { return $errors; } return true; }