From 8f98665a1c264a9a6e3c17aabf3cf34fdea76d39 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 29 Jul 2024 20:48:22 +0200
Subject: [PATCH] post.php: make dynamic captcha less prone to misuse

---
 post.php | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/post.php b/post.php
index 172f251e..4c5aec68 100644
--- a/post.php
+++ b/post.php
@@ -727,27 +727,27 @@ function handle_post()
 
 
     if (!$dropped_post) {
-        if ($config['dynamic_captcha'] !== false && $_SERVER['REMOTE_ADDR'] === $config['dynamic_captcha']) {
-            if ($config['recaptcha']) {
-                if (!isset($_POST['g-recaptcha-response'])) {
-                    error($config['error']['bot']);
-                }
-                if (!check_recaptcha($config['recaptcha_private'], $_POST['g-recaptcha-response'], null)) {
-                    error($config['error']['captcha']);
-                }
-            } elseif ($config['turnstile']) {
-                if (!isset($_POST['cf-turnstile-response'])) {
-                    error($config['error']['bot']);
-                }
-                $expected_action = $post['op'] ? 'post-thread' : 'post-reply';
-                if (!check_turnstile($config['turnstile_private'], $_POST['cf-turnstile-response'], null, $expected_action)) {
-                    error($config['error']['captcha']);
+        if ($config['dynamic_captcha'] !== false) {
+            if ($_SERVER['REMOTE_ADDR'] === $config['dynamic_captcha']) {
+                if ($config['recaptcha']) {
+                    if (!isset($_POST['g-recaptcha-response'])) {
+                        error($config['error']['bot']);
+                    }
+                    if (!check_recaptcha($config['recaptcha_private'], $_POST['g-recaptcha-response'], null)) {
+                        error($config['error']['captcha']);
+                    }
+                } elseif ($config['turnstile']) {
+                    if (!isset($_POST['cf-turnstile-response'])) {
+                        error($config['error']['bot']);
+                    }
+                    $expected_action = $post['op'] ? 'post-thread' : 'post-reply';
+                    if (!check_turnstile($config['turnstile_private'], $_POST['cf-turnstile-response'], null, $expected_action)) {
+                        error($config['error']['captcha']);
+                    }
                 }
             }
-        }
-
-        // Check for CAPTCHA right after opening the board so the "return" link is in there.
-        if ($config['dynamic_captcha'] === false) {
+        } else {
+            // Check for CAPTCHA right after opening the board so the "return" link is in there.
             if ($config['recaptcha']) {
                 if (!isset($_POST['g-recaptcha-response'])) {
                     error($config['error']['bot']);