search

blaenk / wp-recaptcha

I gave ownership of this project to Google many years ago
Other
38 stars 16 forks source link

Fix: plugin doesn't works with javascript turned off #50

Open lorextera opened 12 years ago

lorextera commented 12 years ago

The bug allows a spammer to ignore the negative response from check challenge, simply by filling the field "recaptcha_challenge_field" with anything.

A solution:

@@ -302,7 +302,6 @@

             // response is bad, add incorrect response error
             if (!$response->is_valid)
-                if ($response->error == 'incorrect-captcha-sol')
                     $errors->add('captcha_wrong', $this->options['incorrect_response_error']);

            return $errors;
@@ -330,7 +329,7 @@
                 // response is bad, add incorrect response error
                 // todo: why echo the error here? wpmu specific?
                 if (!$response->is_valid)
-                    if ($response->error == 'incorrect-captcha-sol') {
+                    {
                         $result['errors']->add('captcha_wrong', $this->options['incorrect_response_error']);
                         echo '<div class="error">' . $this->options['incorrect_response_error'] . '</div>';
                     }
lorextera commented 11 years ago

Without this fix a bot spammer can bypass reCAPTCHA. Try your plugin with javascript turned off!