Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Open sidebar
drupal.org
captcha
Commits
6731656f
Commit
6731656f
authored
Feb 20, 2020
by
nlohar
Committed by
Fabiano Sant'Ana
Feb 20, 2020
Browse files
Issue #3103145 by omkar06, nileshlohar, wundo, Heine: Weak algorithms usage should be avoided
parent
a1f552f0
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
5 additions
and
3 deletions
+5
-3
captcha.module
captcha.module
+1
-1
image_captcha/src/Controller/CaptchaImageRefresh.php
image_captcha/src/Controller/CaptchaImageRefresh.php
+2
-1
src/Element/Captcha.php
src/Element/Captcha.php
+2
-1
No files found.
captcha.module
View file @
6731656f
...
...
@@ -396,7 +396,7 @@ function _captcha_get_posted_captcha_info(array $element, FormStateInterface $fo
(
int
)
$input
[
'captcha_sid'
]
:
NULL
;
$posted_captcha_token
=
isset
(
$input
[
'captcha_token'
])
?
preg_replace
(
"/[^a-zA-Z0-9]/"
,
""
,
(
string
)
$input
[
'captcha_token'
])
preg_replace
(
"/[^a-zA-Z0-9
-_
]/"
,
""
,
(
string
)
$input
[
'captcha_token'
])
:
NULL
;
if
(
$posted_form_id
==
$this_form_id
)
{
...
...
image_captcha/src/Controller/CaptchaImageRefresh.php
View file @
6731656f
...
...
@@ -12,6 +12,7 @@ use Drupal\Core\Database\Database;
use
Drupal\Core\Url
;
use
Symfony\Component\DependencyInjection\ContainerInterface
;
use
Symfony\Component\HttpFoundation\JsonResponse
;
use
Drupal\Component\Utility\Crypt
;
/**
* Description of CaptchaImageRefresh.
...
...
@@ -56,7 +57,7 @@ class CaptchaImageRefresh extends ControllerBase {
module_load_include
(
'inc'
,
'captcha'
,
'captcha'
);
$config
=
$this
->
config
(
'image_captcha.settings'
);
$captcha_sid
=
_captcha_generate_captcha_session
(
$form_id
);
$captcha_token
=
md5
(
mt_rand
()
);
$captcha_token
=
Crypt
::
randomBytesBase64
(
);
$allowed_chars
=
_image_captcha_utf8_split
(
$config
->
get
(
'image_captcha_image_allowed_chars'
,
IMAGE_CAPTCHA_ALLOWED_CHARACTERS
));
$code_length
=
(
int
)
$config
->
get
(
'image_captcha_code_length'
);
$code
=
''
;
...
...
src/Element/Captcha.php
View file @
6731656f
...
...
@@ -7,6 +7,7 @@ use Drupal\Core\Form\FormStateInterface;
use
Drupal\Core\Plugin\ContainerFactoryPluginInterface
;
use
Drupal\Core\Render\Element\FormElement
;
use
Symfony\Component\DependencyInjection\ContainerInterface
;
use
Drupal\Component\Utility\Crypt
;
/**
* Defines the CAPTCHA form element with default properties.
...
...
@@ -114,7 +115,7 @@ class Captcha extends FormElement implements ContainerFactoryPluginInterface {
// Generate a new CAPTCHA session if we could
// not reuse one from a posted form.
$captcha_sid
=
_captcha_generate_captcha_session
(
$this_form_id
,
CAPTCHA_STATUS_UNSOLVED
);
$captcha_token
=
md5
(
mt_rand
()
);
$captcha_token
=
Crypt
::
randomBytesBase64
(
);
\
Drupal
::
database
()
->
update
(
'captcha_sessions'
)
->
fields
([
'token'
=>
$captcha_token
])
->
condition
(
'csid'
,
$captcha_sid
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment