The reCAPTCHA HTTPS API URL has been moved. More information here: https://groups.google.com/forum/#!topic/recaptcha/V7qswqBnA1o

D6 patch to follow.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

pifantastic’s picture

Patch for 6.x-1.x that corrects the URL for the secure API.

Aaron Stanush’s picture

You can read more about the changes here: https://groups.google.com/forum/#!topic/recaptcha/V7qswqBnA1o

codycraven’s picture

Priority: Major » Critical
Status: Active » Reviewed & tested by the community

Confirmed working. The API address change prevents recaptcha from working without this patch preventing any users without bypass captcha from submitting the form. Elevated to critical for this reason.

quinns’s picture

Subscribing.

j0nathan’s picture

Subscribing.

LGLC’s picture

Thanks for the patch - it worked a treat.

divbox’s picture

patch works

mlaw’s picture

Patch works. Thanks.

mvc’s picture

Status: Reviewed & tested by the community » Needs review
FileSize
4.81 KB

*sigh* this is exactly why modules shouldn't ship with included libraries.

here's a patch which actually upgrades the bundled copy of recaptchalib.php to the latest version, 1.11, from http://code.google.com/p/recaptcha/downloads/list there are changes to several other URLs as well.

that said, this library doesn't declare a version number in a constant, so even if this library was unbundled this module wouldn't be able to easily check for the right version. i've reported this issue upstream: http://code.google.com/p/recaptcha/issues/detail?id=110
if google fixes that, we can patch this to unbundle the library and place it in sites/all/libraries, like the wysiwyg module does.

chadhester’s picture

I can confirm that the patch worked with 6.x-1.5. Thanks!

iva2k’s picture

Status: Needs review » Needs work

The patch should get rid of the last

+
+
+?>

(Even if the upstream changes have the closing PHP tag). In Drupal the convention is to ommit last closing PHP tag at the end of the file, so any end-of-line characters won't create "headers already sent" situation.

I've tested without closing tag.

Confirm, patch works. If not the closing tag, would state RTBC.

mvc’s picture

Status: Needs work » Needs review
FileSize
4.8 KB

*shrug* okay, here you go

iva2k’s picture

Status: Needs review » Reviewed & tested by the community

Great! Tested and works - fixes the problem.

pounard’s picture

Nice I did use this patch and it works well. It'd be cool to have a stable release soon enough to avoid keeping a patched version of this module on production sites.

mvc’s picture

Status: Reviewed & tested by the community » Needs review
FileSize
7.3 KB

I've just noticed that this patch isn't complete, since a URL is hardcoded in the .module file too: #1132420: Insecure loading of recaptcha_ajax.js causes security warning in Chrome browsers

This new patch fixes that as well; please test.

mvc’s picture

FileSize
7.3 KB

oops, i forgot to remove ?> , please use this version

atodorov’s picture

FileSize
6.69 KB

I see that folks have produced various patches. I'm attaching my own patch which I created before finding this ticket. It updates recaptchalib.php to 1.11 (which updates the urls) and also updates URLs in recaptcha_mailhide.module and recaptcha.module.

Edit: forgot to mention that this patch is against version 6.x-1.5

dstol’s picture

sub

RobLoach’s picture

Version: 6.x-1.x-dev » 7.x-1.x-dev
Component: General » reCAPTCHA Captcha
Assigned: Unassigned » RobLoach
Status: Needs review » Patch (to be ported)
RobLoach’s picture

Status: Patch (to be ported) » Fixed

Oh, this is already part of Drupal 7 :-).

pounard’s picture

Nice, thanks for the release.

mvc’s picture

Priority: Critical » Normal
Status: Fixed » Needs review
FileSize
7.58 KB

actually, a few URLs still need to be changed in 7.x-1.x-dev. among other things this is required for #1132420: Insecure loading of recaptcha_ajax.js causes security warning in Chrome browsers. some of these URLs are currently being redirected by google, but not all.

Vacilando’s picture

Subscribing.

RobLoach’s picture

Status: Needs review » Fixed
avskip’s picture

subscribing

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.