Problem/Motivation

My webform contains a CAPTCHA element that I wanted to disable temporarily. Adding a custom setting, setting #access to FALSE, does hide the form element. However the validation is not disabled, so submitting the form results in the error message "The answer you entered for the CAPTCHA was not correct."

The form:

tagline:
  '#type': webform_markup
  '#markup': '<h3>Subscribe to the newsletter</h3>'
email:
  '#title': Email
  '#placeholder': Email
  '#type': email
  '#required': true
cacptcha:
  '#type': captcha
  '#title': Captcha
  '#captcha_type': recaptcha/reCAPTCHA
  '#access': false
actions:
  '#type': webform_actions
  '#title': 'Submit button(s)'
  '#submit__label': Subscribe

Proposed resolution

Do not validate elements with #access=FALSE.

CommentFileSizeAuthor
#5 bypass_captcha_validation_access_false_1.patch1.79 KBsonvir249
#3 bypass_captcha_validation_access_false.patch1.79 KBsonvir249
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

marcvangend created an issue. See original summary.

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commented
Project: Webform » CAPTCHA
Version: 8.x-5.x-dev » 8.x-1.x-dev

The CAPTCHA module would have to update the captcha_validate to address this issue.

If the CAPTCHA module did ignore elements with #access: false, this might make it possible to include a CAPTCHA on a multistep webform.

I am going to move this issue to the CAPTCHA module's issue queue.

sonvir249’s picture

sonvir249 CreditAttribution: sonvir249 as a volunteer and at QED42 commented
Status: Active » Needs review
FileSize
bypass_captcha_validation_access_false.patch1.79 KB

I have added a new access form element in CAPTCHA form elements.
Then i am validating access element in captcha_validate .

Thank you.

gg24’s picture

gg24 CreditAttribution: gg24 as a volunteer and at QED42 commented
Status: Needs review » Needs work 
+++ b/src/Element/Captcha.php
@@ -155,12 +155,14 @@ class Captcha extends FormElement implements ContainerFactoryPluginInterface {
+    // Added a new access attribute, by default it will be true if access attribute not defined in a custom form.

Please break the comment line as it exceeds the limit.

sonvir249’s picture

sonvir249 CreditAttribution: sonvir249 as a volunteer and at QED42 commented
Status: Needs work » Needs review
FileSize
bypass_captcha_validation_access_false_1.patch1.79 KB

Hi @gg24
Changes done as suggested.

Thank you.

gg24’s picture

gg24 CreditAttribution: gg24 as a volunteer and at QED42 commented
Status: Needs review » Reviewed & tested by the community

Hi @sonvir249,

I have reviewed the patch mentioned above and able to apply it cleanly and works as intended.

Steps followed :-

  1. Added a comment type in Article content type.
  2. Enabled Captcha for comment type and wrote a form_alter for comment type and made #access false for the form.
  3. Able to submit the comment properly.

Hence patch works perfectly fine.

Thanks!

  • elachlan committed 1ece942 on 8.x-1.x authored by sonvir249 
    Issue #2913295 by sonvir249: #access=FALSE should disable validation
elachlan’s picture

elachlan CreditAttribution: elachlan commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.