[ticket/16105] Add domain selection to recaptcha v2 & check against list

PHPBB3-16105
2025-06-04 21:44:57 +02:00 · 2022-11-20 16:42:52 +01:00 · 2022-11-20 16:42:52 +01:00 · c66923bafc
commit c66923bafc
parent ebc5e1ead0
3 changed files with 40 additions and 5 deletions
--- a/phpBB/adm/style/captcha_recaptcha_acp.html
+++ b/phpBB/adm/style/captcha_recaptcha_acp.html
@ -21,6 +21,20 @@
 	<dd><input id="recaptcha_privkey" name="recaptcha_privkey" value="{RECAPTCHA_PRIVKEY}" size="50" type="text" /></dd>
 </dl>

+<dl>
+	<dt>
+		<label>{{ lang('RECAPTCHA_V3_DOMAIN') ~ lang('COLON') }}</label>
+		<br><span>{{ lang('RECAPTCHA_V3_DOMAIN_EXPLAIN') }}</span>
+	</dt>
+	<dd>
+		{% for domain in RECAPTCHA_V2_DOMAINS %}
+		<label>
+			<input class="radio" name="recaptcha_v2_domain" type="radio" value="{{ domain }}"{{ domain == RECAPTCHA_V2_DOMAIN ? ' checked' }}>
+			<span>{{ domain }}</span>
+		</label>
+		{% endfor %}
+	</dd>
+</dl>

 </fieldset>
 <fieldset>
--- a/phpBB/phpbb/captcha/plugins/recaptcha.php
+++ b/phpBB/phpbb/captcha/plugins/recaptcha.php
@ -94,6 +94,12 @@ class recaptcha extends captcha_abstract
 				}
 			}

+			$recaptcha_domain = $request->variable('recaptcha_v2_domain', '', true);
+			if (in_array($recaptcha_domain, recaptcha_v3::$supported_domains))
+			{
+				$config->set('recaptcha_v2_domain', $recaptcha_domain);
+			}
+
 			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_VISUAL');
 			trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($module->u_action));
 		}
@ -110,9 +116,11 @@ class recaptcha extends captcha_abstract
 			}

 			$template->assign_vars(array(
-				'CAPTCHA_PREVIEW'	=> $this->get_demo_template($id),
-				'CAPTCHA_NAME'		=> $this->get_service_name(),
-				'U_ACTION'			=> $module->u_action,
+				'CAPTCHA_PREVIEW'		=> $this->get_demo_template($id),
+				'CAPTCHA_NAME'			=> $this->get_service_name(),
+				'RECAPTCHA_V2_DOMAIN'	=> $config['recaptcha_v2_domain'] ?? recaptcha_v3::GOOGLE,
+				'RECAPTCHA_V2_DOMAINS'	=> recaptcha_v3::$supported_domains,
+				'U_ACTION'				=> $module->u_action,
 			));

 		}
--- a/phpBB/phpbb/captcha/plugins/recaptcha_v3.php
+++ b/phpBB/phpbb/captcha/plugins/recaptcha_v3.php
@ -30,6 +30,14 @@ class recaptcha_v3 extends captcha_abstract
 	 */
 	const GOOGLE		= 'google.com';
 	const RECAPTCHA		= 'recaptcha.net';
+	CONST RECAPTCHA_CN	= 'recaptcha.google.cn';
+
+	/** @var string[] List of supported domains */
+	static public $supported_domains = [
+		self::GOOGLE,
+		self::RECAPTCHA,
+		self::RECAPTCHA_CN
+	];

 	/** @var array CAPTCHA types mapped to their action */
 	static protected $actions = [
@ -180,9 +188,14 @@ class recaptcha_v3 extends captcha_abstract
 				trigger_error($language->lang('EMPTY_RECAPTCHA_V3_REQUEST_METHOD') . adm_back_link($module->u_action), E_USER_WARNING);
 			}

+			$recaptcha_domain = $request->variable('recaptcha_v3_domain', '', true);
+			if (in_array($recaptcha_domain, self::$supported_domains))
+			{
+				$config->set('recaptcha_v3_domain', $recaptcha_domain);
+			}
+
 			$config->set('recaptcha_v3_key', $request->variable('recaptcha_v3_key', '', true));
 			$config->set('recaptcha_v3_secret', $request->variable('recaptcha_v3_secret', '', true));
-			$config->set('recaptcha_v3_domain', $request->variable('recaptcha_v3_domain', '', true));
 			$config->set('recaptcha_v3_method', $recaptcha_v3_method);

 			foreach (self::$actions as $action)
@ -211,7 +224,7 @@ class recaptcha_v3 extends captcha_abstract
 			'RECAPTCHA_V3_SECRET'		=> $config['recaptcha_v3_secret'] ?? '',

 			'RECAPTCHA_V3_DOMAIN'		=> $config['recaptcha_v3_domain'] ?? self::GOOGLE,
-			'RECAPTCHA_V3_DOMAINS'		=> [self::GOOGLE, self::RECAPTCHA],
+			'RECAPTCHA_V3_DOMAINS'		=> self::$supported_domains,

 			'RECAPTCHA_V3_METHOD'		=> $config['recaptcha_v3_method'] ?? '',
 			'RECAPTCHA_V3_METHODS'		=> [