Commit 3ec4ae4a authored by git's avatar git Committed by elachlan

Issue #810534 by soxofaan, MiroslavBanov, Rajamohamed A, Yogesh Pawar,...

Issue #810534 by soxofaan, MiroslavBanov, Rajamohamed A, Yogesh Pawar, sandeepreddyg, 72ls.net, solian: Fix CAPTCHA session reuse
parent 198e7bcd
...@@ -33,7 +33,7 @@ class Captcha extends FormElement { ...@@ -33,7 +33,7 @@ class Captcha extends FormElement {
// insensitive validation. // insensitive validation.
// TODO: shouldn't this be done somewhere else, e.g. in form_alter? // TODO: shouldn't this be done somewhere else, e.g. in form_alter?
if (CAPTCHA_DEFAULT_VALIDATION_CASE_INSENSITIVE == \Drupal::config('captcha.settings') if (CAPTCHA_DEFAULT_VALIDATION_CASE_INSENSITIVE == \Drupal::config('captcha.settings')
->get('default_validation') ->get('default_validation')
) { ) {
$captcha_element['#captcha_validate'] = 'captcha_validate_case_insensitive_equality'; $captcha_element['#captcha_validate'] = 'captcha_validate_case_insensitive_equality';
} }
...@@ -73,6 +73,11 @@ class Captcha extends FormElement { ...@@ -73,6 +73,11 @@ class Captcha extends FormElement {
// Generate a new CAPTCHA session if we could // Generate a new CAPTCHA session if we could
// not reuse one from a posted form. // not reuse one from a posted form.
$captcha_sid = _captcha_generate_captcha_session($this_form_id, CAPTCHA_STATUS_UNSOLVED); $captcha_sid = _captcha_generate_captcha_session($this_form_id, CAPTCHA_STATUS_UNSOLVED);
$captcha_token = md5(mt_rand());
db_update('captcha_sessions')
->fields(['token' => $captcha_token])
->condition('csid', $captcha_sid)
->execute();
} }
// Store CAPTCHA session ID as hidden field. // Store CAPTCHA session ID as hidden field.
...@@ -86,11 +91,12 @@ class Captcha extends FormElement { ...@@ -86,11 +91,12 @@ class Captcha extends FormElement {
]; ];
// Additional one time CAPTCHA token: store in database and send with form. // Additional one time CAPTCHA token: store in database and send with form.
$captcha_token = hash('sha256', mt_rand()); // $captcha_token = hash('sha256', mt_rand());
db_update('captcha_sessions') // db_update('captcha_sessions')
->fields(['token' => $captcha_token]) // ->fields(['token' => $captcha_token])
->condition('csid', $captcha_sid) // ->condition('csid', $captcha_sid)
->execute(); // ->execute();
$captcha_token = db_query("SELECT token FROM {captcha_sessions} WHERE csid = :csid", [':csid' => $captcha_sid])->fetchField();
$element['captcha_token'] = [ $element['captcha_token'] = [
'#type' => 'hidden', '#type' => 'hidden',
'#value' => $captcha_token, '#value' => $captcha_token,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment