I think that there is an error in captcha.module validation function.
Even when a math answer is correct it comes with an error message.
Captcha seem to return an empty value.
I modified captcha.module as below and it works fine for me.
/**
* Default implementation of the captcha validation function.
*/
function captcha_captchavalidate(&$captcha_word, &$correct) {
$captcha_word = drupal_strtolower($captcha_word);M
if (($_SESSION['captcha'] != '') AND ($captcha_word == $_SESSION['captcha'])) {
$correct = TRUE;
}elseif (($_SESSION['captcha'] != '') AND ($captcha_word != $_SESSION['captcha'])) {
$correct = FALSE;
form_set_error('captcha_response', t('The answer you entered to the math problem is incorrect.'));
}
}
Comment | File | Size | Author |
---|---|---|---|
#2 | captcha_fix_validate.patch | 1.14 KB | dalin |
Comments
Comment #1
desrod CreditAttribution: desrod commentedA unified diff against the latest released captcha module would be best... can you repost with a diff?
Comment #2
dalinI don't think you're poking in the right place. From what I can see, your suggested change would also add a vulnerability.
Here is a patch that I think solves the problem. It also incorporates the fix listed in 114387.
I am patching against the 4-7 version, but it should also apply to the 5 branch.
Comment #3
dalinComment #4
ahmaddani CreditAttribution: ahmaddani commentedPlease make fixed version for this module. Why new comer like me, must install bug version?
Thanks before..
ahmaddani
http://ahmad.indieoffset.com
Comment #5
wundo CreditAttribution: wundo commentedComment #6
dsextonj CreditAttribution: dsextonj commentedSo how does a newbie install this patch other than cut and paste?
Comment #7
dalinThe handbook is your best resource for this stuff. You can find out about patches here:
http://drupal.org/node/60108
Comment #8
csc4 CreditAttribution: csc4 commentedConfirm patch works for 4.7.6 - will it be committed soon as it fixes a really big problem