diff --git a/OurUmbraco.Site/Views/Partials/Members/ForgotPassword.cshtml b/OurUmbraco.Site/Views/Partials/Members/ForgotPassword.cshtml index 20abe02d..fc7d4966 100644 --- a/OurUmbraco.Site/Views/Partials/Members/ForgotPassword.cshtml +++ b/OurUmbraco.Site/Views/Partials/Members/ForgotPassword.cshtml @@ -1,11 +1,12 @@ @using OurUmbraco.Our.Controllers +@using reCAPTCHA.MVC @inherits UmbracoViewPage @{ Html.EnableClientValidation(true); Html.EnableUnobtrusiveJavaScript(true); } -@if (TempData["Success"] == null) +@if (Request.QueryString["success"] == null) {
@using (Html.BeginUmbracoForm("ForgotPassword")) @@ -22,6 +23,12 @@

+
+

+ @Html.Recaptcha() + @Html.ValidationMessage("ReCaptcha") +

+
}
diff --git a/OurUmbraco.Site/Views/Partials/Members/Login.cshtml b/OurUmbraco.Site/Views/Partials/Members/Login.cshtml index e5690ae6..7483a54a 100644 --- a/OurUmbraco.Site/Views/Partials/Members/Login.cshtml +++ b/OurUmbraco.Site/Views/Partials/Members/Login.cshtml @@ -1,11 +1,12 @@ @using OurUmbraco.Our.Controllers +@using reCAPTCHA.MVC @inherits UmbracoViewPage @{ Html.EnableClientValidation(true); Html.EnableUnobtrusiveJavaScript(true); } - +
@using (Html.BeginUmbracoForm("Login")) { @Html.ValidationSummary(true) @@ -13,7 +14,7 @@

- @Html.LabelFor(m => m.Username, new { @cless = "inputLabel" })
+ @Html.LabelFor(m => m.Username, new { @class = "inputLabel" })
@Html.ValidationMessageFor(m => m.Username) @Html.TextBoxFor(m => m.Username, new { @class = "email title" }) @@ -22,9 +23,15 @@

- @Html.LabelFor(m => m.Password, new { @cless = "inputLabel" })
+ @Html.LabelFor(m => m.Password, new { @class = "inputLabel" })
@Html.ValidationMessageFor(m => m.Password) - @Html.PasswordFor(m => m.Password, new { @cless = "password title" }) + @Html.PasswordFor(m => m.Password, new { @class = "password title" }) +

+
+
+

+ @Html.Recaptcha() + @Html.ValidationMessage("ReCaptcha")

diff --git a/OurUmbraco/Our/Controllers/SearchController.cs b/OurUmbraco/Our/Controllers/SearchController.cs index aaaed9e9..495ecd34 100644 --- a/OurUmbraco/Our/Controllers/SearchController.cs +++ b/OurUmbraco/Our/Controllers/SearchController.cs @@ -13,6 +13,11 @@ namespace OurUmbraco.Our.Controllers [ChildActionOnly] public ActionResult Render(string q, string cat = "", string order = "", int fid = 0, bool solved = false, bool replies = false) { + // A particular SQL injection attack uses this query which takes very long to process, turning it into and easy DOS attack + // /search?q=999999.9' /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39,0x39313335313435363231352e39 and '0'='0-- + if (q.Contains("0x393133353134353632392e39")) + Response.Redirect("/search?q="); + var umbracoPage = UmbracoContext.PublishedContentRequest.PublishedContent; var nodeTypeAlias = cat;