From 915df38a3d441480db037aefadcc177982a50baa Mon Sep 17 00:00:00 2001 From: dapphp Date: Sat, 30 May 2020 02:12:17 -0700 Subject: [PATCH 1/3] Fix #87 - Improve handling of wordlists in different charsets --- securimage.php | 48 +++++++++++++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/securimage.php b/securimage.php index 696c472..8bccb6c 100644 --- a/securimage.php +++ b/securimage.php @@ -2519,33 +2519,43 @@ protected function readCodeFromFile($numWords = 1) if (!$fp) return false; $fsize = filesize($this->wordlist_file); - if ($fsize < 128) return false; // too small of a list to be effective + if ($fsize < 512) return false; // too small of a list to be effective if ((int)$numWords < 1 || (int)$numWords > 5) $numWords = 1; $words = array(); - $i = 0; + $w = 0; + $tries = 0; do { - fseek($fp, mt_rand(0, $fsize - 128), SEEK_SET); // seek to a random position of file from 0 to filesize-128 - $data = fread($fp, 128); // read a chunk from our random position + fseek($fp, mt_rand(0, $fsize - 512), SEEK_SET); // seek to a random position of file from 0 to filesize - 512 bytes + $data = fread($fp, 512); // read a chunk from our random position - if ($mb_support !== false) { - $data = mb_ereg_replace("\r?\n", "\n", $data); - } else { - $data = preg_replace("/\r?\n/", "\n", $data); + if ( ($p = $this->strpos($data, "\n")) !== false) { + $data = $this->substr($data, $p + 1); + } + + if ( ($start = @$this->strpos($data, "\n", mt_rand(0, $this->strlen($data) / 2))) === false) { + continue; } - $start = @$this->strpos($data, "\n", mt_rand(0, 56)) + 1; // random start position - $end = @$this->strpos($data, "\n", $start); // find end of word + $data = $this->substr($data,$start + 1); + $word = ''; + + for ($i = 0; $i < $this->strlen($data); ++$i) { + $c = $this->substr($data, $i, 1); + if ($c == "\r") continue; + if ($c == "\n") break; - if ($start === false) { - // picked start position at end of file + $word .= $c; + } + + $word = trim($word); + + if (empty($word)) { continue; - } else if ($end === false) { - $end = $this->strlen($data); } - $word = $strtolower_func($this->substr($data, $start, $end - $start)); // return a line of the file + $word = $strtolower_func($word); if ($mb_support) { // convert to UTF-8 for imagettftext @@ -2553,11 +2563,15 @@ protected function readCodeFromFile($numWords = 1) } $words[] = $word; - } while (++$i < $numWords); + } while (++$w < $numWords && $tries++ < $numWords * 2); fclose($fp); - if ($numWords < 2) { + if (count($words) < $numWords) { + return false; + } + + if ($numWords == 1) { return $words[0]; } else { return $words; From 2849f7c5f7a8c929287495ddfad210193ac6be41 Mon Sep 17 00:00:00 2001 From: dapphp Date: Sat, 30 May 2020 02:25:57 -0700 Subject: [PATCH 2/3] Fix #77 - Bump version numbers --- securimage.php | 2 +- securimage_play.php | 4 ++-- securimage_show.php | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/securimage.php b/securimage.php index 8bccb6c..46746bc 100644 --- a/securimage.php +++ b/securimage.php @@ -39,7 +39,7 @@ * @link https://www.phpcaptcha.org/Securimage_Docs/ Online Documentation * @copyright 2018 Drew Phillips * @author Drew Phillips - * @version 3.6.9 (May 2020) + * @version 3.6.8 (May 2020) * @package Securimage * */ diff --git a/securimage_play.php b/securimage_play.php index b028c2b..cc75545 100644 --- a/securimage_play.php +++ b/securimage_play.php @@ -27,9 +27,9 @@ * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA * @link http://www.phpcaptcha.org/latest.zip Download Latest Version * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation - * @copyright 2012 Drew Phillips + * @copyright 2018 Drew Phillips * @author Drew Phillips - * @version 3.6.6 (Nov 20 2017) + * @version 3.6.8 (May 2020) * @package Securimage * */ diff --git a/securimage_show.php b/securimage_show.php index f352f76..c660e68 100644 --- a/securimage_show.php +++ b/securimage_show.php @@ -4,7 +4,7 @@ * Project: Securimage: A PHP class for creating and managing form CAPTCHA images
* File: securimage_show.php
* - * Copyright (c) 2013, Drew Phillips + * Copyright (c) 2018, Drew Phillips * All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, @@ -37,9 +37,9 @@ * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA * @link http://www.phpcaptcha.org/latest.zip Download Latest Version * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation - * @copyright 2013 Drew Phillips + * @copyright 2018 Drew Phillips * @author Drew Phillips - * @version 3.6.6 (Nov 20 2017) + * @version 3.6.8 (May 2020) * @package Securimage * */ From 5fc5953c4ffba1eb214cc83100672f238c184ca4 Mon Sep 17 00:00:00 2001 From: dapphp Date: Sat, 30 May 2020 02:43:22 -0700 Subject: [PATCH 3/3] Update changes --- securimage.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/securimage.php b/securimage.php index 46746bc..c55e980 100644 --- a/securimage.php +++ b/securimage.php @@ -52,7 +52,8 @@ - Fix division by zero if captcha length is 1 (#88) - Add options to getCaptchaHtml input_required (#82) and js_url (#95) - PHP 7.3/7.4 compat fixes (#101) - - Project status: + - Project status: https://github.com/dapphp/securimage/issues/99 + - Improve handling of multi-byte wordlists (#87) 3.6.7 - Merge changes from 4.0.1-nextgen