[up] Captcha 7.x-1.4

sites/all/modules/captcha/captcha.admin.inc

@@ -41,7 +41,7 @@ function _captcha_available_challenge_types($add_special_options = TRUE) {
 function captcha_admin_settings() {
   module_load_include('inc', 'captcha');
 
-  // Use javascript for some added usability on admin form.
+  // Use JavaScript for some added usability on admin form.
   drupal_add_js(drupal_get_path('module', 'captcha') . '/captcha.js');
 
   // Configuration of which forms to protect, with what challenge.

sites/all/modules/captcha/captcha.inc

@@ -39,7 +39,7 @@ function captcha_set_form_id_setting($form_id, $captcha_type) {
     db_delete('captcha_points')->condition('form_id', $form_id)->execute();
   }
   // Handle a captcha_type object.
-  elseif (is_object($captcha_type) && isset($captcha_type->module) && isset($captcha_type->captcha_type)) {
+  elseif (is_object($captcha_type) && !empty($captcha_type->module) && !empty($captcha_type->captcha_type)) {
     db_merge('captcha_points')
       ->key(array('form_id' => $form_id))
       ->fields(array('module' => $captcha_type->module, 'captcha_type' => $captcha_type->captcha_type))
@@ -104,7 +104,7 @@ function captcha_get_form_id_setting($form_id, $symbolic = FALSE) {
   if (!$captcha_point) {
     $captcha_point = NULL;
   }
-  elseif ($captcha_point->captcha_type == 'default') {
+  elseif (!empty($captcha_point->captcha_type) && $captcha_point->captcha_type == 'default') {
     if (!$symbolic) {
       list($module, $type) = explode('/', variable_get('captcha_default_challenge', 'captcha/Math'));
       $captcha_point->module = $module;
@@ -114,12 +114,13 @@ function captcha_get_form_id_setting($form_id, $symbolic = FALSE) {
       $captcha_point = 'default';
     }
   }
-  elseif ($captcha_point->module == NULL && $captcha_point->captcha_type == NULL && $symbolic) {
+  elseif (empty($captcha_point->module) && empty($captcha_point->captcha_type) && $symbolic) {
     $captcha_point = 'none';
   }
   elseif ($symbolic) {
     $captcha_point = $captcha_point->module . '/' . $captcha_point->captcha_type;
   }
+
   return $captcha_point;
 }
 

sites/all/modules/captcha/captcha.info

@@ -10,9 +10,9 @@ files[] = captcha.admin.inc
 files[] = captcha.install
 files[] = captcha.test
 
-; Information added by Drupal.org packaging script on 2015-03-27
-version = "7.x-1.3"
+; Information added by Drupal.org packaging script on 2017-02-15
+version = "7.x-1.4"
 core = "7.x"
 project = "captcha"
-datestamp = "1427464219"
+datestamp = "1487198287"
 

sites/all/modules/captcha/captcha.js

@@ -4,7 +4,7 @@
     attach: function (context) {
 
       // Turn off autocompletion for the CAPTCHA response field.
-      // We do it here with Javascript (instead of directly in the markup)
+      // We do it here with JavaScript (instead of directly in the markup)
       // because this autocomplete attribute is not standard and
       // it would break (X)HTML compliance.
       $("#edit-captcha-response").attr("autocomplete", "off");

sites/all/modules/captcha/captcha.module

@@ -157,6 +157,8 @@ function captcha_element_info() {
     '#process' => array('captcha_element_process'),
     // The type of challenge: e.g. 'default', 'none', 'captcha/Math', 'image_captcha/Image'.
     '#captcha_type' => 'default',
+    // Forces captcha validation for all cases if TRUE.
+    '#captcha_always' => FALSE,
     '#default_value' => '',
     // CAPTCHA in admin mode: presolve the CAPTCHA and always show it (despite previous successful responses).
     '#captcha_admin_mode' => FALSE,
@@ -179,15 +181,14 @@ function captcha_element_process($element, &$form_state, $complete_form) {
 
   module_load_include('inc', 'captcha');
 
-  // Add Javascript for general CAPTCHA functionality.
+  // Add JavaScript for general CAPTCHA functionality.
   drupal_add_js(drupal_get_path('module', 'captcha') . '/captcha.js');
 
   // Prevent caching of the page with CAPTCHA elements.
   // This needs to be done even if the CAPTCHA will be ommitted later:
   // other untrusted users should not get a cached page when
   // the current untrusted user can skip the current CAPTCHA.
-  global $conf;
-  $conf['cache'] = FALSE;
+  drupal_page_is_cacheable(FALSE);
 
   // Get the form ID of the form we are currently processing (which is not
   // necessary the same form that is submitted (if any).
@@ -254,7 +255,7 @@ function captcha_element_process($element, &$form_state, $complete_form) {
     'captcha_sid' => $captcha_sid,
   );
 
-  if (_captcha_required_for_user($captcha_sid, $this_form_id) || $element['#captcha_admin_mode']) {
+  if (_captcha_required_for_user($captcha_sid, $this_form_id) || $element['#captcha_admin_mode'] || $element['#captcha_always']) {
     // Generate a CAPTCHA and its solution
     // (note that the CAPTCHA session ID is given as third argument).
     $captcha = module_invoke($captcha_type_module, 'captcha', 'generate', $captcha_type_challenge, $captcha_sid);
@@ -594,7 +595,18 @@ function captcha_validate_case_insensitive_ignore_spaces($solution, $response) {
  *     if the values could not be found, e.g. for a fresh form).
  */
 function _captcha_get_posted_captcha_info($element, $form_state, $this_form_id) {
-  if ($form_state['submitted'] && isset($form_state['captcha_info'])) {
+  //Handle Ajax scenarios
+  if (!empty($form_state['rebuild_info'])) {
+    if (!empty($form_state['captcha_info']['posted_form_id'])) {
+      $posted_form_id = $form_state['captcha_info']['posted_form_id'];
+    }
+    else {
+      $posted_form_id = $form_state['input']['form_id'];
+    }
+
+    $posted_captcha_sid = $form_state['captcha_info']['captcha_sid'];
+  }
+  else if ($form_state['submitted'] && isset($form_state['captcha_info'])) {
     // We are handling (or rebuilding) an already submitted form,
     // so we already determined the posted form ID and CAPTCHA session ID
     // for this form (from before submitting). Reuse this info.
@@ -764,7 +776,7 @@ function captcha_pre_render_process($element) {
   // of multi-page forms. Take previewing a node submission for example:
   // when the challenge is solved correctely on preview, the form is still
   // not completely submitted, but the CAPTCHA can be skipped.
-  if (_captcha_required_for_user($captcha_sid, $form_id) || $element['#captcha_admin_mode']) {
+  if (_captcha_required_for_user($captcha_sid, $form_id) || $element['#captcha_admin_mode'] || $element['#captcha_always']) {
     // Update captcha_sessions table: store the solution of the generated CAPTCHA.
     _captcha_update_captcha_session($captcha_sid, $captcha_info['solution']);
 

sites/all/modules/captcha/captcha.test

@@ -60,7 +60,11 @@ abstract class CaptchaBaseWebTestCase extends DrupalWebTestCase {
 
   function setUp() {
     // Load two modules: the captcha module itself and the comment module for testing anonymous comments.
-    parent::setUp('captcha', 'comment');
+    $modules = func_get_args();
+    if (isset($modules[0]) && is_array($modules[0])) {
+      $modules = $modules[0];
+    }
+    parent::setUp(array_merge(array('captcha', 'comment'), $modules));
     module_load_include('inc', 'captcha');
 
     // Create a normal user.
@@ -602,16 +606,16 @@ class CaptchaAdminTestCase extends CaptchaBaseWebTestCase {
     // Set CAPTCHA on user register form.
     captcha_set_form_id_setting('user_register', 'captcha/Math');
 
-    // Put Javascript snippet in CAPTCHA description.
+    // Put JavaScript snippet in CAPTCHA description.
     $this->drupalLogin($this->admin_user);
     $xss = '<script type="text/javascript">alert("xss")</script>';
     $edit = array('captcha_description' => $xss);
     $this->drupalPost(self::CAPTCHA_ADMIN_PATH, $edit, 'Save configuration');
 
-    // Visit user register form and check if Javascript snippet is there.
+    // Visit user register form and check if JavaScript snippet is there.
     $this->drupalLogout();
     $this->drupalGet('user/register');
-    $this->assertNoRaw($xss, 'Javascript should not be allowed in CAPTCHA description.', 'CAPTCHA');
+    $this->assertNoRaw($xss, 'JavaScript should not be allowed in CAPTCHA description.', 'CAPTCHA');
 
   }
 

sites/all/modules/captcha/image_captcha/image_captcha.admin.inc

@@ -14,7 +14,7 @@ function image_captcha_settings_form() {
 
   // Add CSS for theming of admin form.
   $form['#attached']['css'] = array(drupal_get_path('module', 'image_captcha') . '/image_captcha.css');
-  // Use javascript for some added usability on admin form.
+  // Use JavaScript for some added usability on admin form.
   $form['#attached']['js'] = array(drupal_get_path('module', 'image_captcha') . '/image_captcha.js');
 
   // First some error checking.

sites/all/modules/captcha/image_captcha/image_captcha.info

@@ -9,10 +9,11 @@ files[] = image_captcha.install
 files[] = image_captcha.module
 files[] = image_captcha.admin.inc
 files[] = image_captcha.user.inc
+files[] = image_captcha.test
 
-; Information added by Drupal.org packaging script on 2015-03-27
-version = "7.x-1.3"
+; Information added by Drupal.org packaging script on 2017-02-15
+version = "7.x-1.4"
 core = "7.x"
 project = "captcha"
-datestamp = "1427464219"
+datestamp = "1487198287"
 

sites/all/modules/captcha/image_captcha/image_captcha.module

@@ -244,7 +244,7 @@ function image_captcha_captcha($op, $captcha_type = '', $captcha_sid = NULL) {
             'ts' => REQUEST_TIME,
           ),
         );
-        $img_src = check_url(url("image_captcha", $options));
+        $img_src = drupal_strip_dangerous_protocols(url("image_captcha", $options));
         list($width, $height) = _image_captcha_image_size($code);
         $result['form']['captcha_image'] = array(
           '#theme' => 'image',

sites/all/modules/captcha/image_captcha/image_captcha.test

@@ -0,0 +1,72 @@
+<?php
+
+/**
+ * @file
+ * Tests for the Image CAPTCHA module.
+ */
+
+class ImageCaptchaWebTestCase extends CaptchaBaseWebTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'General Image CAPTCHA functionality',
+      'description' => 'Testing of the basic Image CAPTCHA functions.',
+      'group' => 'CAPTCHA',
+    );
+  }
+
+  public function setUp() {
+    parent::setUp('image_captcha');
+  }
+
+  /**
+   * Helper function to get the CAPTCHA image element from the current form.
+   */
+  protected function getCaptchaImageFromForm() {
+    $elements = $this->xpath('//input[@name="captcha_sid"]/../img');
+    return $elements[0];
+  }
+
+  /**
+   * Helper function to get a CAPTCHA form.
+   */
+  protected function getImageCaptchaForm($form_id = 'user_login', $page = 'user') {
+    // Set a CAPTCHA on supplied form.
+    captcha_set_form_id_setting($form_id, 'image_captcha/Image');
+
+    // Fetch the page and make sure that we got a CAPTCHA.
+    $this->drupalGet($page);
+    $this->assertCaptchaPresence(TRUE);
+  }
+
+  /**
+   * Asserts that the image URL actually returns an image.
+   */
+  protected function assertNonEmptyImage() {
+    $img = $this->getCaptchaImageFromForm();
+
+    // Try to fetch the image.
+    $this->drupalGet($this->getAbsoluteUrl($img['src']));
+    $this->assertTrue($this->drupalGetHeader('Content-Length') > 0,
+                      'Image CAPTCHA image is not empty.');
+  }
+
+  /**
+   * Tests if the image URL actually returns an image with clean URLs enabled.
+   */
+  public function testNonEmptyImageCleanURLs() {
+    variable_set('clean_url', 1);
+    $this->getImageCaptchaForm();
+    $this->assertNonEmptyImage();
+  }
+
+  /**
+   * Tests if the image URL actually returns an image with clean URLs disabled.
+   */
+  public function testNonEmptyImageDirtyURLs() {
+    variable_set('clean_url', 0);
+    $this->getImageCaptchaForm();
+    $this->assertNonEmptyImage();
+  }
+
+}