ZF-4009: Zend_Service_ReCaptcha and Zend_Captcha_ReCaptcha fail to handle empty response values.

Issue Type: Bug Created: 2008-08-20T02:41:05.000+0000 Last Updated: 2008-09-02T10:39:13.000+0000 Status: Resolved Fix version(s): - 1.6.0 (02/Sep/08)

Reporter: Ciaran McNulty (ciaranmcnulty) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Service_ReCaptcha

Related issues: Attachments:


When using Zend_Form_Element_Captcha to add reCAPTCHA to a form, submitting the form with an empty response causes an uncaught exception thrown by Zend_Service_ReCaptcha.

Zend_Captcha_Recaptcha tries to check the response and challenge values inside its isValid function:

if (!isset($context[$this->_CHALLENGE]) || !isset($context[$this->_RESPONSE])) { $this->_error(self::MISSING_VALUE); return false; }

but this will fail when the challenge or response are set to '', causing the error further down the stack inside Zend_Service_Recaptcha. This could be changed to:

if (!isset($context[$this->_CHALLENGE]) || !isset($context[$this->_RESPONSE]) || empty($context[$this->_CHALLENGE]) || empty($context[$this->_RESPONSE])) { $this->_error(self::MISSING_VALUE); return false; }

Or could be fixed higher up on the Form side of things, if necessary


Posted by Matthew Weier O'Phinney (matthew) on 2008-08-22T14:51:13.000+0000

Scheduling for RC3

Posted by Matthew Weier O'Phinney (matthew) on 2008-08-24T15:03:23.000+0000

Fixed in trunk and 1.6 release branch.

Posted by Wil Sinclair (wil) on 2008-09-02T10:39:13.000+0000

Updating for the 1.6.0 release.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.