Closed dogawaf closed 5 years ago
The validator does not use a value that could be handed to the validator instead takes the g-recaptcha-response from the request. If you change "$acceptsEmptyValues = false" you will never get a valid result because the empty check preemptivly denys validity
But, actually, if no g-recaptcha-response is posted, the form is considered valid. It should not.
The input in the form contains always 1 as value. So the validator must always validate this field.
<input id="contact-recaptcha" type="hidden" name="tx_form_formframework[contact][recaptcha]" value="1">
Actually, if this field is omitted (by a robot), then the recaptchaValidator is not called. The form should not be valid if either :
I agree with you for when the normal visible recaptcha is used. But there is also an invisble version configurable and then the field not present. To cover that problem i change the validator to get the g-recaptcha-response as value. Would be nice if you could confirm it on your installation.
IHMO the RecaptchaValidator should have $acceptsEmptyValues = false
Without it, a form is valid even if no captcha challenge is posted.