[Bug]: CSRF disabled is not working
sascha-hendel opened this issue · 2 comments
sascha-hendel commented
Bug report requirements
- I have confirmed that this is a bug and not a configuration/user error.
- I have searched for existing issues and confirmed that my issue has not been reported before.
IconCaptcha version
latest
PHP version
8.1
Browsers affected
Microsoft Edge, Other (specify in "Additional Information")
Actual behaviour
If You disable CSRF with 'token' => null in captcha-config.php and don't include <?php \IconCaptcha\Token\IconCaptchaToken::render(); ?> in the HTML form, You get a PHP fatal error (see below).
Relevant log information
AH01071: Got error 'PHP message: PHP Fatal error: Uncaught TypeError: IconCaptcha\\Challenge\\Validator::validateToken(): Argument #1 ($payloadToken) must be of type string, null given, called in /vendor/fabianwennink/iconcaptcha/src/Challenge/Validator.php on line 96 and defined in /vendor/fabianwennink/iconcaptcha/src/Challenge/Validator.php:151\nStack trace:\n#0 /vendor/fabianwennink/iconcaptcha/src/Challenge/Validator.php(96): IconCaptcha\\Challenge\\Validator->validateToken(NULL)\n#1 /home/nar192cot/vendor/fabianwennink/iconcaptcha/src/IconCaptcha.php(89): IconCaptcha\\Challenge\\Validator->validate(Array)\n#2 ...Additional information
--
fabianwennink commented
Hi @sascha-hendel! Thanks for submitting the bug report. This indeed seems to be a bug. I'll fix this and release a new minor version later today.
fabianwennink commented
I just released a fix for this bug. Version 4.0.2 will no longer throw this exception.