Commit 1c2632a7 authored by MiroslavBanov's avatar MiroslavBanov Committed by wundo

Issue #2974083 by MiroslavBanov, Fabianx, Mixologic: Port to D8: support for...

Issue #2974083 by MiroslavBanov, Fabianx, Mixologic: Port to D8: support for cacheable captcha (recaptcha)
parent c6223cbc
......@@ -404,7 +404,9 @@ function _captcha_get_posted_captcha_info(array $element, FormStateInterface $fo
->fetchField();
if ($expected_captcha_token !== $posted_captcha_token) {
drupal_set_message(t('CAPTCHA session reuse attack detected.'), 'error');
if (empty($input['captcha_cacheable'])) {
drupal_set_message(t('CAPTCHA session reuse attack detected.'), 'error');
}
// Invalidate the CAPTCHA session.
$posted_captcha_sid = NULL;
}
......
......@@ -228,6 +228,19 @@ class Captcha extends FormElement implements ContainerFactoryPluginInterface {
// Store the solution in the #captcha_info array.
$element['#captcha_info']['solution'] = $captcha['solution'];
// Store if this captcha type is cacheable:
// A cacheable captcha must not depend on the sid or solution, but be
// independent - like for example recaptcha.
$element['#captcha_info']['cacheable'] = !empty($captcha['cacheable']);
if (!empty($element['#captcha_info']['cacheable'])) {
// This is only used to avoid the re-use message.
$element['captcha_cacheable'] = [
'#type' => 'hidden',
'#value' => 1,
];
}
// Make sure we can use a top level form value
// $form_state->getValue('captcha_response'),
// even if the form has #tree=true.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment