From 6fefcce83570b853a4009198d25281ece0f8e9f6 Mon Sep 17 00:00:00 2001 From: Dac Chartrand Date: Thu, 20 Sep 2018 15:19:41 -0400 Subject: [PATCH] Simple honeypot (fixes #134) (#135) --- inc/helpers/namespace.php | 9 ++++++++- partials/contact-form.php | 7 +++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/inc/helpers/namespace.php b/inc/helpers/namespace.php index 8f521ba..cdb448e 100644 --- a/inc/helpers/namespace.php +++ b/inc/helpers/namespace.php @@ -9,6 +9,7 @@ namespace Aldine\Helpers; use function \Pressbooks\Metadata\book_information_to_schema; use function \Pressbooks\Metadata\is_bisac; +use function \Pressbooks\Utility\str_starts_with; use Pressbooks\Book; /** @@ -259,6 +260,12 @@ function handle_contact_form_submission() { return false; // Security check failed. } if ( isset( $_POST['submitted'] ) ) { + // Check the fake anti-spam honeypot field. + foreach ( $_POST as $pkey => $pval ) { + if ( str_starts_with( $pkey, 'firstname' ) && ! empty( $pval ) ) { + return false; // Honeypot failed. + } + } $contact_email = get_option( 'pb_network_contact_email', get_option( 'admin_email' ) ); $output = []; $name = ( isset( $_POST['visitor_name'] ) ) ? $_POST['visitor_name'] : ''; @@ -315,7 +322,7 @@ function handle_contact_form_submission() { } return $output; } - return; + return false; } /** diff --git a/partials/contact-form.php b/partials/contact-form.php index 67f7e10..c52baf2 100644 --- a/partials/contact-form.php +++ b/partials/contact-form.php @@ -11,6 +11,7 @@ $pb_network_contact_form_title = get_option( 'pb_network_contact_form_title' ); $contact_form_title = ( ! empty( $pb_network_contact_form_title ) ) ? $pb_network_contact_form_title : __( 'Contact Us', 'pressbooks-aldine' ); $contact_form_response = \Aldine\Helpers\handle_contact_form_submission(); +$honeypot = 'firstname' . rand(); ?> @@ -22,6 +23,12 @@ $contact_form_response = \Aldine\Helpers\handle_contact_form_submission(); +