Wrong captcha due to race conditions

[dmitryd]

The code in Classes/Domain/Service/CalculatingCaptchaService.php for the captcha image name is:

    public function setPathAndFilename(Field $field): CalculatingCaptchaService
    {
        $this->pathAndFilename = $this->imagePath . sprintf($this->imageFilenamePrefix, $field->getUid());
        return $this;
    }

So the name of the captcha image always depends on uid. However the content of the captcha is different for each request (see method getStringAndResultForCaptcha). Therefore the following can happen:

1. User 1 comes to the page with captcha, however his connection to the server is not too fast and he does not yet load the image with 13 - 9 string.
2. User 2 comes to the page with captcha and sees 1 + 12 on the image, which has the same name but overwritten since the user 1 requested the page.
3. The browser of user 1 loads the image with 1+12 now.
4. User 2 enters the value 13 and his mail is sent.
5. User 1 enters 13 too because he saw the image from user 2 due to name collision.
6. User 1 sees the error message that he is spamming.

The best way to implement this would be to make a separate action somewhere that outputs the image directly to the browser from php and sets the calculated value of the captcha in session.

Alternatively, modify setPathAndFilename to generate the unique name but then somebody has to clean it up in a scheduler job.