From 2f1d68448facdca8be088ee2d0d0d16ed67af2f2 Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Thu, 6 Feb 2014 10:19:58 +0100
Subject: [PATCH] [FIX] CSRF/Re-captcha on Contactform

Fixes #1666
---
 public/include/config/admin_settings.inc.php  |  7 +++
 public/include/pages/contactform.inc.php      |  2 +-
 .../pages/contactform/contactform.inc.php     | 44 +++++--------------
 .../mpos/contactform/contactform/default.tpl  |  3 +-
 public/templates/mpos/contactform/default.tpl |  3 +-
 5 files changed, 21 insertions(+), 38 deletions(-)

diff --git a/public/include/config/admin_settings.inc.php b/public/include/config/admin_settings.inc.php
index 27e95c3b..c89eb99f 100644
--- a/public/include/config/admin_settings.inc.php
+++ b/public/include/config/admin_settings.inc.php
@@ -362,6 +362,13 @@ $aSettings['recaptcha'][] = array(
   'name' => 'recaptcha_enabled_registrations', 'value' => $setting->getValue('recaptcha_enabled_registrations'),
   'tooltip' => 'Enable or Disable re-Captcha. Adds a re-Captcha to the registration form.'
 );
+$aSettings['recaptcha'][] = array(
+  'display' => 'Enable re-Captcha Contactform', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes' ),
+  'default' => 0,
+  'name' => 'recaptcha_enabled_contactform', 'value' => $setting->getValue('recaptcha_enabled_contactform'),
+  'tooltip' => 'Enable or Disable re-Captcha. Adds a re-Captcha to the contact form.'
+);
 $aSettings['recaptcha'][] = array(
   'display' => 'Enable re-Captcha Logins', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes' ),
diff --git a/public/include/pages/contactform.inc.php b/public/include/pages/contactform.inc.php
index fdbf26da..3a9d06c6 100644
--- a/public/include/pages/contactform.inc.php
+++ b/public/include/pages/contactform.inc.php
@@ -8,7 +8,7 @@ if ($setting->getValue('disable_contactform')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is disabled for guests.', 'TYPE' => 'errormsg');
   $smarty->assign("CONTENT", "disabled.tpl");
 } else {
-  if ($setting->getValue('recaptcha_enabled')) {
+  if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_contactform')) {
     require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
     $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key')));
   }
diff --git a/public/include/pages/contactform/contactform.inc.php b/public/include/pages/contactform/contactform.inc.php
index f0aa6f9f..9bf1493b 100644
--- a/public/include/pages/contactform/contactform.inc.php
+++ b/public/include/pages/contactform/contactform.inc.php
@@ -1,15 +1,18 @@
 <?php
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
-if ($setting->getValue('recaptcha_enabled')) {
-  // Load re-captcha specific data
+// ReCaptcha handling if enabled
+if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_contactform')) {
   require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
+  // Load re-captcha specific data
   $rsp = recaptcha_check_answer (
     $setting->getValue('recaptcha_private_key'),
     $_SERVER["REMOTE_ADDR"],
-    $_POST["recaptcha_challenge_field"],
-    $_POST["recaptcha_response_field"]
+    ( (isset($_POST["recaptcha_challenge_field"])) ? $_POST["recaptcha_challenge_field"] : null ),
+    ( (isset($_POST["recaptcha_response_field"])) ? $_POST["recaptcha_response_field"] : null )
   );
+  $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error, true));
+  if (!$rsp->is_valid) $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again.', 'TYPE' => 'errormsg');
 }
 
 if ($setting->getValue('disable_contactform')) {
@@ -17,34 +20,9 @@ if ($setting->getValue('disable_contactform')) {
 } else if ($setting->getValue('disable_contactform') && !$user->isAuthenticated(false)) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is disabled for guests.', 'TYPE' => 'errormsg');
 } else {
-   if ($setting->getValue('recaptcha_enabled') && $_POST["recaptcha_response_field"] && $_POST["recaptcha_response_field"]!=''){
-    // Check if recaptcha is enabled, process form data if valid
-    if ($rsp->is_valid) {
-      // Check if csrf is enabled and fail if token is invalid
-      if ($config['csrf']['enabled'] && $csrftoken->valid) {
-        $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
-      } else {
-        $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key')));
-        if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
-          $_SESSION['POPUP'][] = array('CONTENT' => 'Thanks for sending your message! We will get back to you shortly');
-        } else {
-          $_SESSION['POPUP'][] = array('CONTENT' => 'There was a problem sending your message. Please try again.' . $user->getError(), 'TYPE' => 'errormsg');
-        }
-      }
-    } else {
-      $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error));
-      $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again. (' . $rsp->error . ')', 'TYPE' => 'errormsg');
-    }
-    // Empty captcha
-  } else if ($setting->getValue('recaptcha_enabled')) {
-    $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error));
-    $_SESSION['POPUP'][] = array('CONTENT' => 'Empty Captcha, please try again.', 'TYPE' => 'errormsg');
-    // Captcha disabled
-  } else {
-    // Check if csrf is enabled and fail if token is invalid
-    if ($config['csrf']['enabled'] && !$csrftoken->valid) {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
-    } else if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
+  // Check if recaptcha is enabled, process form data if valid
+  if ($setting->getValue('recaptcha_enabled') != 1 || $setting->getValue('recaptcha_enabled_contactform') != 1 || $rsp->is_valid) {
+    if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
       $_SESSION['POPUP'][] = array('CONTENT' => 'Thanks for sending your message! We will get back to you shortly');
     } else {
       $_SESSION['POPUP'][] = array('CONTENT' => 'There was a problem sending your message. Please try again. ' . $user->getError(), 'TYPE' => 'errormsg');
@@ -55,4 +33,4 @@ if ($setting->getValue('disable_contactform')) {
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
 
-?>
\ No newline at end of file
+?>
diff --git a/public/templates/mpos/contactform/contactform/default.tpl b/public/templates/mpos/contactform/contactform/default.tpl
index 97397b74..d0bfd1bd 100644
--- a/public/templates/mpos/contactform/contactform/default.tpl
+++ b/public/templates/mpos/contactform/contactform/default.tpl
@@ -1,7 +1,6 @@
 <form action="{$smarty.server.SCRIPT_NAME}" method="post">
   <input type="hidden" name="page" value="{$smarty.request.page|escape}">
   <input type="hidden" name="action" value="contactform">
-  <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <article class="module width_3_quarter">
     <header><h3>Contact Us</h3></header>
     <div class="module_content">
@@ -21,7 +20,7 @@
         <label for="message">Your Message</label>
         <textarea type="text" name="senderMessage" cols="80" rows="10" maxlength="10000" required>{$smarty.request.senderMessage|escape|default:""}</textarea>
       </fieldset>
-      <center>{nocache}{$RECAPTCHA|default:""}{/nocache}</center>
+      <center>{nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}</center>
     </div>
     <footer>
       <div class="submit_link"><input type="submit" class="alt_btn" name="sendMessage" value="Send Email" /></div>
diff --git a/public/templates/mpos/contactform/default.tpl b/public/templates/mpos/contactform/default.tpl
index 39aa3277..40e0471b 100644
--- a/public/templates/mpos/contactform/default.tpl
+++ b/public/templates/mpos/contactform/default.tpl
@@ -1,7 +1,6 @@
 <form action="{$smarty.server.SCRIPT_NAME}" method="post">
   <input type="hidden" name="page" value="{$smarty.request.page|escape}">
   <input type="hidden" name="action" value="contactform">
-  <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <article class="module width_3_quarter">
     <header><h3>Contact Us</h3></header>
     <div class="module_content">
@@ -21,7 +20,7 @@
         <label for="message">Your Message</label>
         <textarea type="text" name="senderMessage" cols="80" rows="10" maxlength="10000" required>{$smarty.request.senderMessage|escape|default:""}</textarea>
       </fieldset>
-      <center>{nocache}{$RECAPTCHA|default:""}{/nocache}</center>
+      <center>{nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}</center>
     </div>
     <footer>
       <div class="submit_link"><input type="submit" class="alt_btn" name="sendMessage" value="Send Email" /></div>