ZF-4245: Zend_Captcha_Figlet validation problem

Description

I have captcha form element:


$captcha = new Zend_Form_Element_Captcha('captcha', array(
            'label' => "Please verify you're a human",
            'captcha' => array(
            'captcha' => 'Figlet',
            'wordLen' => 6,
            'timeout' => 300,
        ),));

When not fill the edit box, and submit form, I get "Captcha value is wrong" message, ok.

But if I now resend this form by pressing F5, or Ctrl+R, form is validated successfully with empty captcha text box !!!!

Here a test form and controller:

 
class CaptchaForm extends Zend_Form
{
    public function init()
    {
        $captcha = new Zend_Form_Element_Captcha('captcha', array(
            'label' => "Please verify you're a human",
            'captcha' => array(
            'captcha' => 'Figlet',
            'wordLen' => 6,
            'timeout' => 300,
        ),));
        $submit = new Zend_Form_Element_Submit('submit');
        $this->addElements(array($captcha, $submit));
    }
}

class CaptchaTestController extends Zend_Controller_Action
{
    function indexAction()
    {
        $form = new CaptchaForm(array(
            'action' => $this->view->url(array('controller' => 'captchatest')),
            'method' => 'post'));

        $this->view->form = $form;

        if($this->_request->getParam('submit'))
        {
            if ($form->isValid($this->_request->getParams()))
            {
                echo "valid form";
            }
            else
            {
                echo "invalid form";
            }
        }
    }
}

Comments

upped to "Blocker" because this effectively renders Zend_Captcha_Figlet useless

Assigning by ralph

This Problem occurs not only by using the Figlet Adapter. All Adapter shows the same behaviour. Hopefully we have a fix as soon as possible because this error make the whole ZEND_CAPTCHA useless.

Thorsten is right, I can at least verify this for all Zend_Captcha_Word based implementations. I haven't tested Zend_Captcha_ReCaptcha yet.

The problem was actually in Zend_Captcha_Word. Comparison was too weak, the error occured because '' == null. Used the !== operator instead.

Added Unit test.

NOTE: BOTH MY PATCHES are relative to their respective parent directory, meaning the patch to Zend_Captcha_Word must be applied when in the /standard/trunk/library directory in SVN and the patch to Zend_Captcha_FigletTest must be applied in /standard/trunk/tests

Assigning to Matthew for inclusion

Fixed.

Changing issues in preparation for the 1.7.0 release.