grav-plugin-form icon indicating copy to clipboard operation
grav-plugin-form copied to clipboard

Published 20 hours ago verified publisher icon getgrav

Empty basic-captcha field allows bypassing the captcha

Open vedranmiletic opened this issue 1 year ago • 3 comments

I copied everything from the Basic Captcha documentation, so I'm using defaults. When I enter the wrong text into the basic captcha field, form processing behaves as expected and the error message is shown. When I enter nothing (the field stays empty), the form is submitted successfully.

vedranmiletic avatar Oct 23 '22 07:10 vedranmiletic

For some reason the $this->setSession() function call in getCaptchaCode() function seems to have no effect, i.e. the session data for the captcha is not there when the page loads.

vedranmiletic avatar Oct 23 '22 07:10 vedranmiletic

Do you have sessions disabled in Grav?

rhukster avatar Nov 29 '22 23:11 rhukster

It uses Grav's built-in session logic:

    public function __construct()
    {
        $this->session = Grav::instance()['session'];
    }

rhukster avatar Nov 29 '22 23:11 rhukster