The reCAPTCHA HTTPS API URL has been moved. More information here: https://groups.google.com/forum/#!topic/recaptcha/V7qswqBnA1o

D6 patch to follow.

Comments

StatusFileSize
new507 bytes

Patch for 6.x-1.x that corrects the URL for the secure API.

You can read more about the changes here: https://groups.google.com/forum/#!topic/recaptcha/V7qswqBnA1o

Priority:Major» Critical
Status:Active» Reviewed & tested by the community

Confirmed working. The API address change prevents recaptcha from working without this patch preventing any users without bypass captcha from submitting the form. Elevated to critical for this reason.

Subscribing.

Subscribing.

Thanks for the patch - it worked a treat.

patch works

Patch works. Thanks.

Status:Reviewed & tested by the community» Needs review
StatusFileSize
new4.81 KB

*sigh* this is exactly why modules shouldn't ship with included libraries.

here's a patch which actually upgrades the bundled copy of recaptchalib.php to the latest version, 1.11, from http://code.google.com/p/recaptcha/downloads/list there are changes to several other URLs as well.

that said, this library doesn't declare a version number in a constant, so even if this library was unbundled this module wouldn't be able to easily check for the right version. i've reported this issue upstream: http://code.google.com/p/recaptcha/issues/detail?id=110
if google fixes that, we can patch this to unbundle the library and place it in sites/all/libraries, like the wysiwyg module does.

I can confirm that the patch worked with 6.x-1.5. Thanks!

Status:Needs review» Needs work

The patch should get rid of the last

+
+
+?>

(Even if the upstream changes have the closing PHP tag). In Drupal the convention is to ommit last closing PHP tag at the end of the file, so any end-of-line characters won't create "headers already sent" situation.

I've tested without closing tag.

Confirm, patch works. If not the closing tag, would state RTBC.

Status:Needs work» Needs review
StatusFileSize
new4.8 KB

*shrug* okay, here you go

Status:Needs review» Reviewed & tested by the community

Great! Tested and works - fixes the problem.

Nice I did use this patch and it works well. It'd be cool to have a stable release soon enough to avoid keeping a patched version of this module on production sites.

Status:Reviewed & tested by the community» Needs review
StatusFileSize
new7.3 KB

I've just noticed that this patch isn't complete, since a URL is hardcoded in the .module file too: #1132420: Insecure loading of recaptcha_ajax.js causes security warning in Chrome browsers

This new patch fixes that as well; please test.

StatusFileSize
new7.3 KB

oops, i forgot to remove ?> , please use this version

StatusFileSize
new6.69 KB

I see that folks have produced various patches. I'm attaching my own patch which I created before finding this ticket. It updates recaptchalib.php to 1.11 (which updates the urls) and also updates URLs in recaptcha_mailhide.module and recaptcha.module.

Edit: forgot to mention that this patch is against version 6.x-1.5

sub

Version:6.x-1.x-dev» 7.x-1.x-dev
Component:General» reCAPTCHA Captcha
Assigned:Unassigned» RobLoach
Status:Needs review» Patch (to be ported)

Status:Patch (to be ported)» Fixed

Oh, this is already part of Drupal 7 :-).

Nice, thanks for the release.

Priority:Critical» Normal
Status:Fixed» Needs review
StatusFileSize
new7.58 KB

actually, a few URLs still need to be changed in 7.x-1.x-dev. among other things this is required for #1132420: Insecure loading of recaptcha_ajax.js causes security warning in Chrome browsers. some of these URLs are currently being redirected by google, but not all.

Subscribing.

subscribing

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.