From cb9b4db73d332cd7f82adf7aea406f013d626828 Mon Sep 17 00:00:00 2001
From: Bui <bui@bui.pm>
Date: Mon, 6 Oct 2014 19:35:37 +0900
Subject: [PATCH] do security checks *after* checking captcha

---
 post.php | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/post.php b/post.php
index 2763d4d3..223ddd45 100644
--- a/post.php
+++ b/post.php
@@ -187,20 +187,6 @@ if (isset($_POST['delete'])) {
 	} else
 		$post['op'] = true;
 
-	if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
-		(!$post['op'] && $_POST['post'] == $config['button_reply'])))
-		error($config['error']['bot']);
-	
-	// Check the referrer
-	if ($config['referer_match'] !== false &&
-		(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER']))))
-		error($config['error']['referer']);
-	
-	checkDNSBL();
-		
-	// Check if banned
-	checkBan($board['uri']);
-	
 	// Check for CAPTCHA right after opening the board so the "return" link is in there
 	if ($config['recaptcha']) {
 		if (!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field']))
@@ -214,7 +200,21 @@ if (isset($_POST['delete'])) {
 			error($config['error']['captcha']);
 		}
 	}
+
+	if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
+		(!$post['op'] && $_POST['post'] == $config['button_reply'])))
+		error($config['error']['bot']);
+	
+	// Check the referrer
+	if ($config['referer_match'] !== false &&
+		(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER']))))
+		error($config['error']['referer']);
 	
+	checkDNSBL();
+		
+	// Check if banned
+	checkBan($board['uri']);
+
 	if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
 		require 'inc/mod/auth.php';
 		if (!$mod) {