Fixed feedback form protection.

CleanTalk · Jul 18, 2014 · 43be4fa · 43be4fa
1 parent c562c7c
commit 43be4fa
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 2 deletions.
diff --git a/engine/modules/cleantalk/feedback.php b/engine/modules/cleantalk/feedback.php
@@ -5,7 +5,6 @@
 
 require_once ENGINE_DIR . '/modules/cleantalk/ct_functions.php';
 list($ct_config, $ct_config_serialized) = ct_get_config($db);
-$ct_request_id = null;
 if ($stop == '' && $ct_config['ct_enable_feedback']) {
 
     require_once ENGINE_DIR . '/modules/cleantalk/cleantalk.class.php';
@@ -38,6 +37,17 @@
     }
     $sender_ip = ($_IP == '127.0.0.1' && !empty($forwarded_for)) ? $forwarded_for : $_IP;
 
+    $ct_check_key = ct_generation_check_key();
+    $checkjs = 0;
+    if (isset($_POST['ct_checkjs']) && preg_match("/$ct_check_key/", $_POST['ct_checkjs'])) {
+        $checkjs = 1;
+    }
+
+    $ct_submit_register_time = time() - $_SESSION['ct_submit_register_time'];
+
+    $post_info['comment_type'] = 'feedback';
+    $post_info = json_encode($post_info);
+
     $ct_request = new CleantalkRequest();
     $ct_request->auth_key = $ct_config['ct_key'];
     $ct_request->message = $message;
@@ -47,6 +57,9 @@
     $ct_request->sender_ip = $sender_ip;
     $ct_request->agent = 'dle-'.$ct_config['ct_version'];
     $ct_request->sender_info = $sender_info;
+    $ct_request->js_on = $checkjs;
+    $ct_request->submit_time = $ct_submit_register_time;
+    $ct_request->post_info = $post_info;
 
     // Принудительно отключаем проверку стоп-слов, т.к. сообщения с формы обратной связи не являются публичной информацией
     $ct_request->stoplist_check = 0;

diff --git a/engine/modules/cleantalk/xml/250.xml → engine/modules/cleantalk/xml/251.xml b/engine/modules/cleantalk/xml/250.xml → engine/modules/cleantalk/xml/251.xml
@@ -1,7 +1,7 @@
 <modification>
 
     <id>CleanTalk for DLE</id>
-    <version>250</version>
+    <version>251</version>
     <vqmver>2.3.2</vqmver>
     <author>CleanTalk team</author>
 
@@ -318,6 +318,24 @@ require_once ENGINE_DIR . '/modules/cleantalk/feedback.php';
 // Begin: cleantalk.ru
 require_once ENGINE_DIR . '/modules/cleantalk/feedback.php';
 // End: cleantalk.ru
+]]></add>
+        </operation>
+        <operation>
+            <search position="after"><![CDATA[$tpl->set_block( "'\\[not-logged\\](.*?)\\[/not-logged\\]'si", "" );]]></search>
+            <add><![CDATA[
+// Begin: cleantalk.ru
+require_once ENGINE_DIR . '/modules/cleantalk/ct_functions.php';
+list($ct_config, $ct_config_serialized) = ct_get_config($db);
+ 
+$ct_check_value = ct_generation_check_key();
+$tpl->copy_template .= "
+<input type=\"hidden\" name=\"ct_checkjs\" id=\"ct_checkjs\" value=\"0\" />
+
+<script type=\"text/javascript\">
+document.getElementById(\"ct_checkjs\").value = document.getElementById(\"ct_checkjs\").value.replace('0', '{$ct_check_value}');
+</script>";
+$_SESSION['ct_submit_register_time'] = time();
+// End: cleantalk.ru
 ]]></add>
         </operation>
     </file>