Empty basic-captcha field allows bypassing the captcha

Question

Empty basic-captcha field allows bypassing the captcha

vedranmiletic opened this issue 2 years ago · 3 comments

I copied everything from the Basic Captcha documentation, so I'm using defaults. When I enter the wrong text into the basic captcha field, form processing behaves as expected and the error message is shown. When I enter nothing (the field stays empty), the form is submitted successfully.

Answer 1 · 2022-10-23T07:52:28.000Z

For some reason the $this->setSession() function call in getCaptchaCode() function seems to have no effect, i.e. the session data for the captcha is not there when the page loads.

Answer 2 · 2022-11-29T23:00:44.000Z

Do you have sessions disabled in Grav?

Answer 3 · 2022-11-29T23:01:51.000Z

It uses Grav's built-in session logic:

    public function __construct()
    {
        $this->session = Grav::instance()['session'];
    }