ZF-4009: Zend_Service_ReCaptcha and Zend_Captcha_ReCaptcha fail to handle empty response values.


When using Zend_Form_Element_Captcha to add reCAPTCHA to a form, submitting the form with an empty response causes an uncaught exception thrown by Zend_Service_ReCaptcha.

Zend_Captcha_Recaptcha tries to check the response and challenge values inside its isValid function:

if (!isset($context[$this->_CHALLENGE]) || !isset($context[$this->_RESPONSE])) { $this->_error(self::MISSING_VALUE); return false; }

but this will fail when the challenge or response are set to '', causing the error further down the stack inside Zend_Service_Recaptcha. This could be changed to:

if (!isset($context[$this->_CHALLENGE]) || !isset($context[$this->_RESPONSE]) || empty($context[$this->_CHALLENGE]) || empty($context[$this->_RESPONSE])) { $this->_error(self::MISSING_VALUE); return false; }

Or could be fixed higher up on the Form side of things, if necessary


Scheduling for RC3

Fixed in trunk and 1.6 release branch.

Updating for the 1.6.0 release.