Prevent XSS attacks with wmd using the google-caja html sanitizer.

[osqa.git] / forum_modules / recaptcha / lib / captcha.py

diff --git a/forum_modules/recaptcha/lib/captcha.py b/forum_modules/recaptcha/lib/captcha.py
index 03323eeaaaecaef16369d3753946e4b6bdb26316..74ec8aac52e35d65052a1eb8dd5a03ca905a557c 100644 (file)
--- a/forum_modules/recaptcha/lib/captcha.py
+++ b/forum_modules/recaptcha/lib/captcha.py
@@ -1,43 +1,32 @@
+# -*- coding: utf-8 -*-
+
 import urllib2, urllib
 
-API_SSL_SERVER="https://api-secure.recaptcha.net"
-API_SERVER="http://api.recaptcha.net"
-VERIFY_SERVER="api-verify.recaptcha.net"
+API_SSL_SERVER="https://www.google.com/recaptcha/api"
+API_SERVER="http://www.google.com/recaptcha/api"
+VERIFY_SERVER="www.google.com"
 
 class RecaptchaResponse(object):
     def __init__(self, is_valid, error_code=None):
         self.is_valid = is_valid
         self.error_code = error_code
 
-def displayhtml (public_key,
-                 use_ssl = False,
-                 error = None):
-    """Gets the HTML to display for reCAPTCHA
-
-    public_key -- The public api key
-    use_ssl -- Should the request be sent over ssl?
-    error -- An error message to display (from RecaptchaResponse.error_code)"""
+def displayhtml (public_key):
 
-    error_param = ''
-    if error:
-        error_param = '&error=%s' % error
-
-    if use_ssl:
-        server = API_SSL_SERVER
-    else:
-        server = API_SERVER
+    return """
+    <div id="recaptcha_field"></div>
+    <script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
 
-    return """<script type="text/javascript" src="%(ApiServer)s/challenge?k=%(PublicKey)s%(ErrorParam)s"></script>
+    <script type="text/javascript">
+         $(function(){
+             Recaptcha.create("%(PublicKey)s", 'recaptcha_field', {
+             theme: "red",
+             callback: Recaptcha.focus_response_field});
+         });
+    </script>
 
-<noscript>
-  <iframe src="%(ApiServer)s/noscript?k=%(PublicKey)s%(ErrorParam)s" height="300" width="500" frameborder="0"></iframe><br />
-  <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
-  <input type='hidden' name='recaptcha_response_field' value='manual_challenge' />
-</noscript>
 """ % {
-        'ApiServer' : server,
         'PublicKey' : public_key,
-        'ErrorParam' : error_param,
         }
 
 
@@ -45,15 +34,6 @@ def submit (recaptcha_challenge_field,
             recaptcha_response_field,
             private_key,
             remoteip):
-    """
-    Submits a reCAPTCHA request for verification. Returns RecaptchaResponse
-    for the request
-
-    recaptcha_challenge_field -- The value of recaptcha_challenge_field from the form
-    recaptcha_response_field -- The value of recaptcha_response_field from the form
-    private_key -- your reCAPTCHA private key
-    remoteip -- the user's ip address
-    """
 
     if not (recaptcha_response_field and recaptcha_challenge_field and
             len (recaptcha_response_field) and len (recaptcha_challenge_field)):
@@ -66,31 +46,29 @@ def submit (recaptcha_challenge_field,
         return s
 
     params = urllib.urlencode ({
-            'privatekey': encode_if_necessary(private_key),
-            'remoteip' :  encode_if_necessary(remoteip),
-            'challenge':  encode_if_necessary(recaptcha_challenge_field),
-            'response' :  encode_if_necessary(recaptcha_response_field),
-            })
+        'privatekey': encode_if_necessary(private_key),
+        'remoteip' :  encode_if_necessary(remoteip),
+        'challenge':  encode_if_necessary(recaptcha_challenge_field),
+        'response' :  encode_if_necessary(recaptcha_response_field),
+        })
 
     request = urllib2.Request (
-        url = "http://%s/verify" % VERIFY_SERVER,
+        url = "http://%s/recaptcha/api/verify" % VERIFY_SERVER,
         data = params,
         headers = {
             "Content-type": "application/x-www-form-urlencoded",
             "User-agent": "reCAPTCHA Python"
-            }
-        )
+        }
+    )
 
-    httpresp = urllib2.urlopen (request)
+    httpresp = urllib2.urlopen(request)
 
-    return_values = httpresp.read ().splitlines ();
-    httpresp.close();
+    return_values = httpresp.read().splitlines()
+    httpresp.close()
 
-    return_code = return_values [0]
+    return_code = return_values[0]
 
-    if (return_code == "true"):
-        return RecaptchaResponse (is_valid=True)
+    if return_code == "true":
+        return RecaptchaResponse(is_valid = True)
     else:
-        return RecaptchaResponse (is_valid=False, error_code = return_values [1])
-
-
+        return RecaptchaResponse(is_valid = False, error_code = return_values[1])