PDA

View Full Version : reCaptcha Plugin



Shane Brinkerhoff
August 20, 2013, 08:16 PM
Still broken even after update!

I am a PHP developer. Did a little debugging. In request.php in the plugin there is a line that resembles the following (Sorry, can't provide line number. I accidentally deleted the plugin folder and now can't reinstall. I have a ticket open right now.) ...


$url .= 'response=' . $response;

No effort is made to url encode the $response value (the recaptcha answer) and when the response has spaces (recaptcha asks for two words afterall) google recaptcha returns a 400 status and an error stating that the request was "malformed or illegal."

This causes the AJAX script call to return nothing and not even an error message is given!

When I modified the page with the following:


$url .= 'response=' . urlencode($response);

...the + in the URI was added and I got the corresponding "success" message from recaptcha.

Here is some stack info:


PHP Version 5.3.3-7+squeeze9


System Linux classifieds01 2.6.32-5-amd64 #1 SMP Fri May 10 08:43:19 UTC 2013 x86_64
Build Date May 8 2012 10:26:51
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php5/apache2
Loaded Configuration File /etc/php5/apache2/php.ini
Scan this dir for additional .ini files /etc/php5/apache2/conf.d
Additional .ini files parsed /etc/php5/apache2/conf.d/apc.ini, /etc/php5/apache2/conf.d/curl.ini, /etc/php5/apache2/conf.d/gd.ini, /etc/php5/apache2/conf.d/ioncube.ini, /etc/php5/apache2/conf.d/mysql.ini, /etc/php5/apache2/conf.d/mysqli.ini, /etc/php5/apache2/conf.d/pdo.ini, /etc/php5/apache2/conf.d/pdo_mysql.ini, /etc/php5/apache2/conf.d/suhosin.ini, /etc/php5/apache2/conf.d/xmlrpc.ini, /etc/php5/apache2/conf.d/xsl.ini, /etc/php5/apache2/conf.d/zendguardloader.ini, /etc/php5/apache2/conf.d/zendoptimizer.ini
PHP API 20090626
PHP Extension 20090626
Zend Extension 220090626
Zend Extension Build API220090626,NTS
PHP Extension Build API20090626,NTS
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
Zend Multibyte Support disabled
IPv6 Support enabled
Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, zip, phar
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk

This server is protected with the Suhosin Patch 0.9.9.1
Copyright (c) 2006-2007 Hardened-PHP Project Copyright (c) 2007-2009 SektionEins GmbH

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with the ionCube PHP Loader v4.0.14, Copyright (c) 2002-2011, by ionCube Ltd.
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH



cURL support enabled
cURL Information 7.21.0
Age 3
Features
AsynchDNS No
Debug No
GSS-Negotiate Yes
IDN Yes
IPv6 Yes
Largefile Yes
NTLM Yes
SPNEGO No
SSL Yes
SSPI No
krb4 No
libz Yes
CharConv No
Protocols dict, file, ftp, ftps, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp
Host x86_64-pc-linux-gnu
SSL Version OpenSSL/0.9.8o
ZLib Version 1.2.3.4
libSSH Version libssh2/1.2.6

John
August 21, 2013, 04:45 AM
Hello Shane,
Your ticket already replied. I want to note you that described problem was solved in
the 1.2.3 plugin version update. Also you should create the reCaptcha access keys (public and private) for
your domain and insert them to the corresponding settings in the Flynax Admin Panel.

Here the address of the keys generator page: http://www.google.com/recaptcha/whyrecaptcha

John