Fix: prevent forbidden characters in captcha id and double use of captcha

laminas / laminas-captcha

Generate and validate CAPTCHAs using Figlets, images, ReCaptcha, and more

https://docs.laminas.dev/laminas-captcha/

BSD 3-Clause "New" or "Revised" License

24 stars 13 forks source link

Fix: prevent forbidden characters in captcha id and double use of captcha #36

Open mkrasselt1 opened 1 month ago

mkrasselt1 commented 1 month ago

Solves this bug: https://github.com/laminas/laminas-captcha/issues/13 and another one where attackers could just resend the last captcha over and over again, until the expiration period has passed. Thats not what i would expect a captcha class to allow

BREAKING CHANGE: prevents double sending of captchas - invalidates them after successful validation by regeneration of words

froschdesign commented 1 month ago

@mkrasselt1 First: Thank you for your time and this contribution! 👍

Your changes would also have to be tested accordingly. Could you add the tests?

mkrasselt1 commented 1 month ago

I can an I will :) (never worked with tests bevore but I will figure it out :))