A user complained that her zip code filled in the captcha box on Google Chrome. I was able to duplicate this. Not critical, but could be confusing for users.

CommentFileSizeAuthor
#8 mollom.honeypot-autocomplete.8.patch714 bytessun
#2 mollom.captcha-autocomplete.2.patch802 bytessun
#1 mollom.captcha-autocomplete.1.patch801 bytessun
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Version: 7.x-1.0 » 7.x-1.x-dev
Status: Active » Needs review
Issue tags: +Needs backport to D6
FileSize
mollom.captcha-autocomplete.1.patch801 bytes

This means that the user actually entered her zip code into a text field called "captcha" on a site...

Nevertheless, it's a good idea to prevent this.

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Title: zip code fills in the captcha box on Google Chrome when autofill is on » Browser may auto-fill CAPTCHA input with arbitrary values
Status: Needs review » Reviewed & tested by the community
FileSize
mollom.captcha-autocomplete.2.patch802 bytes

d'oh - reversed condition ;)

Dries’s picture

Dries CreditAttribution: Dries commented 
+++ b/mollom.module
@@ -1394,6 +1394,11 @@ function mollom_process_mollom($element, &$form_state, $complete_form) {
+  if (!variable_get('mollom_testing_mode', 0)) {

I'd simply get rid of the if-statement and always disable auto-complete. Other than that, I'm happy with this patch.

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Version: 7.x-1.x-dev » 6.x-1.x-dev

Committed to master.

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Issue tags: -Needs backport to D6

#2: mollom.captcha-autocomplete.2.patch queued for re-testing.

Status: Reviewed & tested by the community » Needs work
Issue tags: +Needs backport to D6

The last submitted patch, mollom.captcha-autocomplete.2.patch, failed testing.

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Status: Needs work » Fixed

Committed to 6.x-1.x

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Version: 6.x-1.x-dev » 7.x-1.x-dev
Status: Fixed » Reviewed & tested by the community
FileSize
mollom.honeypot-autocomplete.8.patch714 bytes
sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented

whoopsie, clicked too fast. ;)

For extra safety, we should also prevent browser autocompletion for the honeypot field.

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Status: Reviewed & tested by the community » Fixed

Committed to all branches.

A new development snapshot will be available within the next 12 hours. This improvement will be available in the next official release.

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 7c8d5a9 on master, fai6, 8.x-2.x, fbajs, actions by sun: 
    - #1204506 by sun: Fixed Browser may auto-fill CAPTCHA input with...
  • Commit e908360 on master, fai6, 8.x-2.x, fbajs, actions by sun:
    - #1204506 by sun: Fixed browser autocompletion for honeypot input field...

  • Commit 7c8d5a9 on master, fai6, 8.x-2.x, fbajs, actions by sun: 
    - #1204506 by sun: Fixed Browser may auto-fill CAPTCHA input with...
  • Commit e908360 on master, fai6, 8.x-2.x, fbajs, actions by sun:
    - #1204506 by sun: Fixed browser autocompletion for honeypot input field...