Zend Framework

Zend_Service_ReCaptcha and Zend_Captcha_ReCaptcha fail to handle empty response values.

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.6.0RC2
  • Fix Version/s: 1.6.0
  • Component/s: Zend_Service_ReCaptcha
  • Labels:
    None
  • Fix Version Priority:
    Must Have

Description

When using Zend_Form_Element_Captcha to add reCAPTCHA to a form, submitting the form with an empty response causes an uncaught exception thrown by Zend_Service_ReCaptcha.

Zend_Captcha_Recaptcha tries to check the response and challenge values inside its isValid function:

if (!isset($context[$this->_CHALLENGE]) || !isset($context[$this->_RESPONSE])) {
$this->_error(self::MISSING_VALUE);
return false;
}

but this will fail when the challenge or response are set to '', causing the error further down the stack inside Zend_Service_Recaptcha. This could be changed to:

if (!isset($context[$this->_CHALLENGE]) || !isset($context[$this->_RESPONSE])

empty($context[$this->_CHALLENGE]) empty($context[$this->_RESPONSE])) {
$this->_error(self::MISSING_VALUE);
return false;
}

Or could be fixed higher up on the Form side of things, if necessary

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Matthew Weier O'Phinney added a comment -

Scheduling for RC3

Show
Matthew Weier O'Phinney added a comment - Scheduling for RC3
Hide
Permalink
Matthew Weier O'Phinney added a comment -

Fixed in trunk and 1.6 release branch.

Show
Matthew Weier O'Phinney added a comment - Fixed in trunk and 1.6 release branch.
Hide
Permalink
Wil Sinclair added a comment -

Updating for the 1.6.0 release.

Show
Wil Sinclair added a comment - Updating for the 1.6.0 release.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.