laminas-captcha icon indicating copy to clipboard operation
laminas-captcha copied to clipboard
verified publisher icon laminas

Fix: prevent forbidden characters in captcha id and double use of captcha

Open mkrasselt1 opened this issue 1 year ago • 2 comments

Solves this bug: https://github.com/laminas/laminas-captcha/issues/13 and another one where attackers could just resend the last captcha over and over again, until the expiration period has passed. Thats not what i would expect a captcha class to allow

BREAKING CHANGE: prevents double sending of captchas - invalidates them after successful validation by regeneration of words

mkrasselt1 avatar Aug 12 '24 14:08 mkrasselt1

@mkrasselt1 First: Thank you for your time and this contribution! 👍

Your changes would also have to be tested accordingly. Could you add the tests?

froschdesign avatar Aug 14 '24 08:08 froschdesign

I can an I will :) (never worked with tests bevore but I will figure it out :))

mkrasselt1 avatar Aug 14 '24 14:08 mkrasselt1

Your changes would also have to be tested accordingly. Could you add the tests?

added two tests, should cover both new functions (reuse and id-injection)

mkrasselt1 avatar Sep 26 '24 01:09 mkrasselt1

are my tests sufficient ?

mkrasselt1 avatar Nov 27 '24 14:11 mkrasselt1

Let's give it a try, thank you @mkrasselt1

samsonasik avatar Jan 06 '25 20:01 samsonasik