felipebluecaribu / recaptcha

Automatically exported from code.google.com/p/recaptcha
0 stars 0 forks source link

Incorrect NullArgumentException in ASP.NET when Validation occurs and not all Post data has been transmitted #37

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Create a form that includes a file upload and below it is the .NET
Recaptcha control
2. Submit with a large file and during processing, resubmit the form.
3. Not all post data will be submitted resulting in an exception.

----

What is the expected output? What do you see instead?

The expected output is an Invalid response.  The current version generates
a NullArguementException in the RecaptchaValidator's Validate method
because "Challenge" is null. 

The exactly exception generated is:

Message: Value cannot be null. Parameter name: Challenge
Source: Recaptcha
Target Site: Recaptcha.RecaptchaResponse Validate()
Trace:

   at Recaptcha.RecaptchaValidator.Validate()
   at Recaptcha.RecaptchaControl.Validate()
   at System.Web.UI.Page.Validate()
   at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
   at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

----

What version of the product are you using? On what operating system?

ASP.NET Sept 2007 version.  Windows Server.

---

Please provide any additional information below.

Below is a patch to resolve the issue. It removes the CheckIsNull method
from the RecaptchaValidator and replaces the Null checking by using the
String.IsNullOrEmpty method. If any of the parameters are Null or Empty, it
marks the response as Invalid.

Original issue reported on code.google.com by bmanc...@gmail.com on 23 Feb 2009 at 4:56

Attachments:

GoogleCodeExporter commented 8 years ago
I have implemented a different fix. Instead of removing the exception, I have 
placed 
an exception handler on the caller. You may examine the ErrorMessage property 
to see 
the exception message.

Original comment by adrian.g...@gmail.com on 2 May 2009 at 7:30

GoogleCodeExporter commented 8 years ago
@adrian: Please provide more info... Where is the caller?

Original comment by dejas...@gmail.com on 5 Jun 2009 at 4:17

GoogleCodeExporter commented 8 years ago
My workaround:

Add to page:

    private bool m_bRecaptchaValidationException = false;

    // Recaptca throws occaisional null exception.
    // See: http://code.google.com/p/recaptcha/issues/detail?id=37 
    public override void Validate(string validationGroup)
    {
        m_bRecaptchaValidationException = false;
        try
        {
            base.Validate(validationGroup);
        }
        catch (Exception)
        {
            m_bRecaptchaValidationException = true;
            // DIDN'T STICK: recaptcha.IsValid = false;
        }
    }

And then in the button click for the page form:

            if (!recaptcha.IsValid || m_bRecaptchaValidationException)
            {
                txtErrorMsg.Text = "The characters you entered didn't match the word
verification. Please try again. <br />Letters are not case-sensitive.";
                return;
            }

Original comment by dejas...@gmail.com on 5 Jun 2009 at 5:26

GoogleCodeExporter commented 8 years ago
The validator exists to provide a yes/no indication if a value is valid.  Adding
caller exception handling to check for a condition that is invalid is 
inefficient at
best.  

Perform an SVN checkout of the trunk and apply the patch provided above.  
Rebuild the
project and use the new DLL.  I've been using it the past several months on an 
app
that has seen roughly 2 million page views without any problems.

Original comment by bmanc...@gmail.com on 5 Jun 2009 at 3:05

GoogleCodeExporter commented 8 years ago
RecaptchaValidator should not make decision based on incomplete values (that is 
why it 
should throw an exception instead of false).

Instead, the caller of RecaptchaValidator.Validate() should ensure that the 
values 
passed to the validator is complete before calling the method.

I have modified the RecaptchaControl and RecaptchaControlMvc to ensure the 
values are 
complete and return invalid solution if it is incomplete.

Original comment by adrian.g...@gmail.com on 24 May 2010 at 9:00

GoogleCodeExporter commented 8 years ago

Original comment by adrian.g...@gmail.com on 30 Mar 2012 at 6:15