Posted by Nathan Goulding on April 7, 2010 at 5:44pm
3 followers
Jump to:
| Project: | reCAPTCHA |
| Version: | 6.x-1.x-dev |
| Component: | reCAPTCHA Captcha |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
The reCAPTCHA module uses $_SERVER['REMOTE_ADDR'] when performing the validation. It should instead use $user->hostname, which is the IP address of the client. This makes reCAPTCHA compatible with reverse proxies. Patch attached.
| Attachment | Size |
|---|---|
| recaptcha.module.patch | 754 bytes |
Comments
#1
Perhaps even better would be to use the function ip_address() instead which respects the X-Forwarded-For header and reverse-proxy settings.
#2
Can this patch get applied please? This is a bug. I'm using a reverse proxy and reCAPTCHA doesn't work using $_SERVER['REMOTE_ADDR'].
#3
Thanks a lot for the patch, I've committed it to both Drupal 6 and 7 and it will be part of version 1.7:
http://drupalcode.org/project/recaptcha.git/commit/a602875
http://drupalcode.org/project/recaptcha.git/commit/81243b7
#4
Automatically closed -- issue fixed for 2 weeks with no activity.