Commit f36c6abe authored by wundo's avatar wundo

Security fix.

parent d7538ff4
......@@ -175,6 +175,7 @@ function _captcha_validate($captcha_response) {
return FALSE;
}
global $user;
$captcha_type = variable_get("captcha_type", NULL);
$trigger = NULL;
......@@ -209,8 +210,9 @@ function captcha_captchachallenge(&$form, &$captcha) {
* Default implementation of the captcha validation function.
*/
function captcha_captchavalidate(&$captcha_word, &$correct) {
$captcha_word = drupal_strtolower($captcha_word);
if ($captcha_word == $_SESSION['captcha']) {
$captcha_word = drupal_strtolower($captcha_word);
if (($_SESSION['captcha'] != '') && ($captcha_word == $_SESSION['captcha'])) {
$correct = TRUE;
}
else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment