Commit 952b9b77 authored by aaron.ferris's avatar aaron.ferris Committed by Jelle Sebreghts
Browse files

Issue #2907951 by aaron.ferris, tombsage: Captcha field validating error

parent b5b3ea2d
......@@ -1061,7 +1061,7 @@
'type': "POST",
'data': {
'value': value,
'param': [sid, param.validate, param.token]
'param': [sid, param.captcha_validate, param.token, param.captcha_token]
},
'dataType': 'json',
'async': false,
......
......@@ -226,7 +226,9 @@ function _clientside_validation_ajax_captcha() {
$csid = $_POST['param'][0];
$captcha_validate = $_POST['param'][1];
$token = $_POST['param'][2];
if (!drupal_valid_token($token, $captcha_validate)) {
$captcha_token = $_POST['param'][3];
if (!clientside_validation_valid_token($token, $captcha_validate, $captcha_token)) {
return drupal_access_denied();
}
$solution = db_query(
......@@ -1329,12 +1331,18 @@ function _clientside_validation_set_date($name, $title, $format, &$js_rules, $me
$js_rules[$name]['messages']['dateFormat'] = theme('clientside_error', $variables);
}
function _clientside_validation_set_captcha($name, $title, $validate, &$js_rules, $message) {
function _clientside_validation_set_captcha($name, $title, $validate, &$js_rules, $message, $captcha_token) {
$title = _clientside_validation_set_title($title);
// Generate a token to validate the AJAX post values.
$token = clientside_validation_generate_token($validate, $captcha_token);
$js_rules[$name]['captcha'] = array(
'validate' => $validate,
'token' => drupal_get_token($validate),
'captcha_validate' => $validate,
'token' => $token,
'captcha_token' => $captcha_token,
);
$variables = array(
'message' => empty($message) ? 'Wrong answer for !title.' : $message,
'placeholders' => empty($message) ? array('!title' => $title) : array(),
......@@ -1661,3 +1669,38 @@ function _clientside_validation_url_validation_callback() {
drupal_json_output($result);
}
/**
* Generate a token to validate AJAX post parameters.
*
* @param string $captcha_validate
* The Captcha validation method.
*
* @param string $captcha_token
* A token generated from Captcha.
*
* @return string
* The generated validation token.
*/
function clientside_validation_generate_token($captcha_validate, $captcha_token) {
return drupal_hmac_base64($captcha_validate, $captcha_token . drupal_get_private_key() . drupal_get_hash_salt());
}
/**
* Validate a token during AJAX post.
*
* @param string $token
* The generated validation token.
*
* @param string $captcha_validate
* The Captcha validation method.
*
* @param string $captcha_token
* A token generated from Captcha.
*
* @return boolean
* TRUE if the token validates successfully.
*/
function clientside_validation_valid_token($token, $captcha_validate, $captcha_token) {
return ($token === clientside_validation_generate_token($captcha_validate, $captcha_token));
}
......@@ -226,7 +226,7 @@ function clientside_validation_regular($form_id, $element, &$js_rules, $form_sta
$title = _clientside_validation_set_title(isset($element['captcha_widgets']['captcha_response']['#title']) ? $element['captcha_widgets']['captcha_response']['#title'] : $element['#name']);
$message = t('Wrong answer for !title', array('!title' => $title));
$case_sensitive = strpos($element['#captcha_validate'], 'insensitive') === FALSE;
_clientside_validation_set_captcha($element['captcha_widgets']['captcha_response']['#name'], $title, $element['#captcha_validate'], $js_rules, $message);
_clientside_validation_set_captcha($element['captcha_widgets']['captcha_response']['#name'], $title, $element['#captcha_validate'], $js_rules, $message, $element['captcha_token']['#value']);
}
break;
}
......
......@@ -124,7 +124,7 @@ function clientside_validation_webform_after_build_recurse($form_id, &$form, &$f
$title = _clientside_validation_set_title(isset($element['captcha_widgets']['captcha_response']['#title']) ? $element['captcha_widgets']['captcha_response']['#title'] : $element['#name']);
$message = t('Wrong answer for !title', array('!title' => $title));
if (isset($element['captcha_widgets'])) {
_clientside_validation_set_captcha($element['captcha_widgets']['captcha_response']['#name'], $title, $element['#captcha_validate'], $js_rules, $message);
_clientside_validation_set_captcha($element['captcha_widgets']['captcha_response']['#name'], $title, $element['#captcha_validate'], $js_rules, $message, $element['captcha_token']['#value']);
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment