ZF-4245 - Issues - Zend Framework

ZF-4245: Zend_Captcha_Figlet validation problem

Issue Type:

Bug

Created:

2008-09-11T01:29:14.000+0000

Last Updated:

2008-11-13T14:10:13.000+0000

Status:

Resolved

Fix version(s):

1.7.0 (17/Nov/08)

Reporter:

Dawid Cieszynski (cieszak)

Assignee:

Matthew Weier O'Phinney (matthew)

Tags:

Zend_Captcha

Related issues:

Attachments:

Description

I have captcha form element:


$captcha = new Zend_Form_Element_Captcha('captcha', array(
            'label' => "Please verify you're a human",
            'captcha' => array(
            'captcha' => 'Figlet',
            'wordLen' => 6,
            'timeout' => 300,
        ),));

When not fill the edit box, and submit form, I get "Captcha value is wrong" message, ok.

But if I now resend this form by pressing F5, or Ctrl+R, form is validated successfully with empty captcha text box !!!!

Here a test form and controller:

 
class CaptchaForm extends Zend_Form
{
    public function init()
    {
        $captcha = new Zend_Form_Element_Captcha('captcha', array(
            'label' => "Please verify you're a human",
            'captcha' => array(
            'captcha' => 'Figlet',
            'wordLen' => 6,
            'timeout' => 300,
        ),));
        $submit = new Zend_Form_Element_Submit('submit');
        $this->addElements(array($captcha, $submit));
    }
}

class CaptchaTestController extends Zend_Controller_Action
{
    function indexAction()
    {
        $form = new CaptchaForm(array(
            'action' => $this->view->url(array('controller' => 'captchatest')),
            'method' => 'post'));

        $this->view->form = $form;

        if($this->_request->getParam('submit'))
        {
            if ($form->isValid($this->_request->getParams()))
            {
                echo "valid form";
            }
            else
            {
                echo "invalid form";
            }
        }
    }
}

Comments

Posted by Tobias Gies (ruunstalker) on 2008-10-08T08:58:31.000+0000

upped to "Blocker" because this effectively renders Zend_Captcha_Figlet useless

Posted by Ralph Schindler (ralph) on 2008-10-08T09:01:54.000+0000

Assigning by ralph

Posted by Thorsten Ruf (saphir2k) on 2008-10-08T12:08:32.000+0000

This Problem occurs not only by using the Figlet Adapter. All Adapter shows the same behaviour. Hopefully we have a fix as soon as possible because this error make the whole ZEND_CAPTCHA useless.

Posted by Tobias Gies (ruunstalker) on 2008-10-08T14:44:38.000+0000

Thorsten is right, I can at least verify this for all Zend_Captcha_Word based implementations. I haven't tested Zend_Captcha_ReCaptcha yet.

Posted by Tobias Gies (ruunstalker) on 2008-10-09T14:05:49.000+0000

The problem was actually in Zend_Captcha_Word. Comparison was too weak, the error occured because '' == null. Used the !== operator instead.

Posted by Tobias Gies (ruunstalker) on 2008-10-09T15:03:01.000+0000

Added Unit test.

NOTE: BOTH MY PATCHES are relative to their respective parent directory, meaning the patch to Zend_Captcha_Word must be applied when in the /standard/trunk/library directory in SVN and the patch to Zend_Captcha_FigletTest must be applied in /standard/trunk/tests

Posted by Tobias Gies (ruunstalker) on 2008-10-09T15:03:38.000+0000

Assigning to Matthew for inclusion

Posted by Alexander Veremyev (alexander) on 2008-10-12T03:26:58.000+0000

Fixed.

Posted by Wil Sinclair (wil) on 2008-11-13T14:10:13.000+0000

Changing issues in preparation for the 1.7.0 release.