Merge pull request #36 from mkrasselt1/2.18.x

Fix: prevent forbidden characters in captcha id and double use of captcha
laminas · Jan 6, 2025 · 4c0965b · 4c0965b
2 parents 84df304 + 30c51f3
commit 4c0965b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/src/AbstractWord.php b/src/AbstractWord.php
@@ -10,6 +10,7 @@
 use function count;
 use function is_array;
 use function md5;
+use function preg_match;
 use function random_bytes;
 use function random_int;
 use function strlen;
@@ -394,7 +395,7 @@ public function isValid($value, $context = null)
         $input = strtolower($value['input']);
         $this->setValue($input);
 
-        if (! isset($value['id'])) {
+        if (! isset($value['id']) || ! preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', (string) $value['id'])) {
             $this->error(self::MISSING_ID);
             return false;
         }
@@ -404,6 +405,8 @@ public function isValid($value, $context = null)
             $this->error(self::BAD_CAPTCHA);
             return false;
         }
+        //Invalidate the captcha by generating a new word after successful use
+        $this->setWord($this->generateWord());
 
         return true;
     }

diff --git a/test/ImageTest.php b/test/ImageTest.php
@@ -21,6 +21,7 @@
 use function mkdir;
 use function sleep;
 use function strlen;
+use function substr;
 use function sys_get_temp_dir;
 use function unlink;
 
@@ -226,6 +227,24 @@ public function testMissingNotValid(): void
         $this->assertFalse($this->captcha->isValid($input));
     }
 
+    public function testDoubleSubmitNotValidates(): void
+    {
+        $this->captcha->generate();
+        $input = ["id" => $this->captcha->getId(), "input" => $this->captcha->getWord()];
+        $this->assertTrue($this->captcha->isValid($input));
+        $this->assertFalse($this->captcha->isValid($input));
+    }
+
+    public function testInvalidIDCharactersSubmittedNotValidates(): void
+    {
+        $this->captcha->generate();
+        $id    = $this->captcha->getId();
+        $input = ["id" => substr($id, 0, strlen($id) - 1) . "+", "input" => $this->captcha->getWord()];
+        $this->assertFalse($this->captcha->isValid($input));
+        $input = ["id" => substr($id, 0, strlen($id) - 1) . "-", "input" => $this->captcha->getWord()];
+        $this->assertFalse($this->captcha->isValid($input));
+    }
+
     public function testWrongWordNotValid(): void
     {
         $this->captcha->generate();