diff --git a/inc/contrib/Twig/Extensions/Extension/Tinyboard.php b/inc/contrib/Twig/Extensions/Extension/Tinyboard.php
index 5748c0d3..5c6621f6 100644
--- a/inc/contrib/Twig/Extensions/Extension/Tinyboard.php
+++ b/inc/contrib/Twig/Extensions/Extension/Tinyboard.php
@@ -33,7 +33,8 @@ class Twig_Extensions_Extension_Tinyboard extends Twig_Extension
public function getFunctions()
{
return Array(
- 'time' => new Twig_Filter_Function('time', array('needs_environment' => false))
+ 'time' => new Twig_Filter_Function('time', array('needs_environment' => false)),
+ 'createHiddenInputs' => new Twig_Filter_Function('createHiddenInputs', array('needs_environment' => false))
);
}
diff --git a/inc/functions.php b/inc/functions.php
index 7412f49f..c968ff69 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1048,9 +1048,16 @@
}
}
- function createHiddenInputs() {
+ function createHiddenInputs($extra_salt = Array()) {
global $config;
+ if(!empty($extra_salt)) {
+ // create a salted hash of the "extra salt"
+ $extra_salt = implode(':', $extra_salt);
+ } else {
+ $extra_salt = '';
+ }
+
$inputs = Array();
shuffle($config['spam']['hidden_input_names']);
@@ -1139,7 +1146,7 @@
$hash .= $config['cookies']['salt'];
// Use SHA1 for the hash
- $hash = sha1($hash);
+ $hash = sha1($hash . $extra_salt);
// Append it to the HTML
$content .= '';
@@ -1147,7 +1154,7 @@
return $content;
}
- function checkSpam() {
+ function checkSpam($extra_salt = Array()) {
global $config;
if(!isset($_POST['hash']))
@@ -1155,6 +1162,13 @@
$hash = $_POST['hash'];
+ if(!empty($extra_salt)) {
+ // create a salted hash of the "extra salt"
+ $extra_salt = implode(':', $extra_salt);
+ } else {
+ $extra_salt = '';
+ }
+
// Reconsturct the $inputs array
$inputs = Array();
@@ -1179,7 +1193,7 @@
$_hash .= $config['cookies']['salt'];
// Use SHA1 for the hash
- $_hash = sha1($_hash);
+ $_hash = sha1($_hash . $extra_salt);
return $hash != $_hash;
}
@@ -1197,7 +1211,6 @@
$content['pages'] = $pages;
$content['pages'][$page-1]['selected'] = true;
$content['btn'] = getPageButtons($content['pages']);
- $content['hidden_inputs'] = createHiddenInputs();
file_write($filename, Element('index.html', $content));
if(isset($md5) && $md5 == md5_file($filename)) {
@@ -1460,7 +1473,6 @@
'id' => $id,
'mod' => $mod,
'boardlist' => createBoardlist($mod),
- 'hidden_inputs' => $content['hidden_inputs'] = createHiddenInputs(),
'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['uri'] . '/' . $config['file_index'])
));
diff --git a/mod.php b/mod.php
index 9aedf0d2..0bf144ed 100644
--- a/mod.php
+++ b/mod.php
@@ -1954,7 +1954,6 @@
$page['pages'] = getPages(true);
$page['pages'][$page_no-1]['selected'] = true;
$page['btn'] = getPageButtons($page['pages'], true);
- $page['hidden_inputs'] = createHiddenInputs();
$page['mod'] = true;
echo Element('index.html', $page);
diff --git a/post.php b/post.php
index 04df089d..596e8938 100644
--- a/post.php
+++ b/post.php
@@ -197,7 +197,7 @@
}
}
- if(checkSpam())
+ if(checkSpam(Array($board['uri'], isset($post['thread']) ? $post['thread'] : null)))
error($config['error']['spam']);
if($config['robot_enable'] && $config['robot_mute']) {
@@ -250,7 +250,7 @@
error($config['error']['noimage']);
}
- $post['name'] = (!empty($_POST['name'])?$_POST['name']:$config['anonymous']);
+ $post['name'] = !empty($_POST['name']) ? $_POST['name'] : $config['anonymous'];
$post['subject'] = $_POST['subject'];
$post['email'] = utf8tohtml($_POST['email']);
$post['body'] = $_POST['body'];
@@ -306,7 +306,7 @@
if($mod && $mod['type'] >= MOD && preg_match('/^((.+) )?## (.+)$/', $post['name'], $match)) {
if(($mod['type'] == MOD && $match[3] == 'Mod') || $mod['type'] >= ADMIN) {
$post['capcode'] = utf8tohtml($match[3]);
- $post['name'] = !empty($match[2])?$match[2]:$config['anonymous'];
+ $post['name'] = !empty($match[2]) ? $match[2] : $config['anonymous'];
}
} else {
$post['capcode'] = false;
@@ -314,7 +314,7 @@
$trip = generate_tripcode($post['name']);
$post['name'] = $trip[0];
- $post['trip'] = (isset($trip[1])?$trip[1]:'');
+ $post['trip'] = isset($trip[1]) ? $trip[1] : '';
if(strtolower($post['email']) == 'noko') {
$noko = true;
@@ -583,7 +583,7 @@
}
}
- buildThread(($OP?$id:$post['thread']));
+ buildThread($OP ? $id : $post['thread']);
if(!$OP && strtolower($post['email']) != 'sage' && !$thread['sage'] && ($config['reply_limit'] == 0 || numPosts($post['thread']) < $config['reply_limit'])) {
bumpThread($post['thread']);
@@ -603,20 +603,20 @@
// Tell it to delete the cached post for referer
$js->{$_SERVER['HTTP_REFERER']} = true;
// Encode and set cookie
- setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, false);
+ setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false);
}
$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
if($config['always_noko'] || $noko) {
- $redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP?$id:$post['thread']) . (!$OP?'#'.$id:'');
+ $redirect = $root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP ? $id:$post['thread']) . (!$OP ? '#' . $id : '');
} else {
$redirect = $root . $board['dir'] . $config['file_index'];
}
if($config['syslog'])
- _syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP?$id:$post['thread']) . (!$OP?'#'.$id:''));
+ _syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $OP?$id:$post['thread']) . (!$OP ? '#' . $id : ''));
rebuildThemes('post');
header('Location: ' . $redirect, true, $config['redirect_http']);
diff --git a/templates/post_form.html b/templates/post_form.html
index d60039ba..d4dca20c 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -1,5 +1,5 @@