From ab6ed324f952cff178be386966e8bbeec9adfb40 Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Mon, 12 Aug 2024 16:20:19 +0200
Subject: [PATCH 1/9] Fix: prevent forbidden characters in captcha id and
 double use of captcha

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 src/AbstractWord.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/AbstractWord.php b/src/AbstractWord.php
index 31e865fa..c3e7c932 100644
--- a/src/AbstractWord.php
+++ b/src/AbstractWord.php
@@ -394,7 +394,7 @@ public function isValid($value, $context = null)
         $input = strtolower($value['input']);
         $this->setValue($input);
 
-        if (! isset($value['id'])) {
+        if (!preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', $value['id'])) {
             $this->error(self::MISSING_ID);
             return false;
         }
@@ -404,7 +404,9 @@ public function isValid($value, $context = null)
             $this->error(self::BAD_CAPTCHA);
             return false;
         }
-
+        //Invalidate the captcha after successful use
+        $this->generate();
+        
         return true;
     }
 

From 50b630b5272e4ddbd74991dcf75603b446fff353 Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Mon, 12 Aug 2024 16:31:53 +0200
Subject: [PATCH 2/9] Fix: failing test for figlet when id is empty

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 src/AbstractWord.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/AbstractWord.php b/src/AbstractWord.php
index c3e7c932..7ad147e3 100644
--- a/src/AbstractWord.php
+++ b/src/AbstractWord.php
@@ -394,7 +394,7 @@ public function isValid($value, $context = null)
         $input = strtolower($value['input']);
         $this->setValue($input);
 
-        if (!preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', $value['id'])) {
+        if (!isset($value['id']) || ! preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', (string) $value['id'])) {
             $this->error(self::MISSING_ID);
             return false;
         }

From 46c7e2ee8e218f7151ee280aa8472cdac3c0221e Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Mon, 12 Aug 2024 17:21:53 +0200
Subject: [PATCH 3/9] Fix: Use of function ci check and useless spaces

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 src/AbstractWord.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/AbstractWord.php b/src/AbstractWord.php
index 7ad147e3..9e056d71 100644
--- a/src/AbstractWord.php
+++ b/src/AbstractWord.php
@@ -15,6 +15,7 @@
 use function strlen;
 use function strtolower;
 use function substr;
+use function preg_match;
 
 /**
  * AbstractWord-based captcha adapter
@@ -394,7 +395,7 @@ public function isValid($value, $context = null)
         $input = strtolower($value['input']);
         $this->setValue($input);
 
-        if (!isset($value['id']) || ! preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', (string) $value['id'])) {
+        if (! isset($value['id']) || ! preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', (string) $value['id'])) {
             $this->error(self::MISSING_ID);
             return false;
         }
@@ -406,7 +407,7 @@ public function isValid($value, $context = null)
         }
         //Invalidate the captcha after successful use
         $this->generate();
-        
+
         return true;
     }
 

From 596588e68d1fa3abef0d8b1368b3528ba17938e9 Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Mon, 12 Aug 2024 17:29:05 +0200
Subject: [PATCH 4/9] Fix: Order of functionscheck.

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 src/AbstractWord.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/AbstractWord.php b/src/AbstractWord.php
index 7ad147e3..201c40c7 100644
--- a/src/AbstractWord.php
+++ b/src/AbstractWord.php
@@ -10,6 +10,7 @@
 use function count;
 use function is_array;
 use function md5;
+use function preg_match;
 use function random_bytes;
 use function random_int;
 use function strlen;
@@ -394,7 +395,7 @@ public function isValid($value, $context = null)
         $input = strtolower($value['input']);
         $this->setValue($input);
 
-        if (!isset($value['id']) || ! preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', (string) $value['id'])) {
+        if (! isset($value['id']) || ! preg_match('/^[a-f0-9][a-f0-9_\\\\]+$/i', (string) $value['id'])) {
             $this->error(self::MISSING_ID);
             return false;
         }
@@ -406,7 +407,7 @@ public function isValid($value, $context = null)
         }
         //Invalidate the captcha after successful use
         $this->generate();
-        
+
         return true;
     }
 

From 4d5d6a86641f497426591df78ff66d604eea1de3 Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Mon, 12 Aug 2024 17:29:50 +0200
Subject: [PATCH 5/9] Fix: Order of functionscheck

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 src/AbstractWord.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/AbstractWord.php b/src/AbstractWord.php
index 693f6510..201c40c7 100644
--- a/src/AbstractWord.php
+++ b/src/AbstractWord.php
@@ -16,7 +16,6 @@
 use function strlen;
 use function strtolower;
 use function substr;
-use function preg_match;
 
 /**
  * AbstractWord-based captcha adapter

From 094128b6af637f4401263e8dc9856369da4b62f4 Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Wed, 14 Aug 2024 00:45:53 +0200
Subject: [PATCH 6/9] Fix: needs word only regeneration to invalidate captcha

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 src/AbstractWord.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/AbstractWord.php b/src/AbstractWord.php
index 201c40c7..986d8bf6 100644
--- a/src/AbstractWord.php
+++ b/src/AbstractWord.php
@@ -405,8 +405,8 @@ public function isValid($value, $context = null)
             $this->error(self::BAD_CAPTCHA);
             return false;
         }
-        //Invalidate the captcha after successful use
-        $this->generate();
+        //Invalidate the captcha by generating a new word after successful use
+        $this->setWord($this->generateWord());
 
         return true;
     }

From bb2342116260a13f40564317f082e1aed2d766f5 Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Thu, 26 Sep 2024 03:30:14 +0200
Subject: [PATCH 7/9] Add: Test new functionality in 2 test cases

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 test/ImageTest.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/test/ImageTest.php b/test/ImageTest.php
index 2f0c1b41..11e48b7b 100644
--- a/test/ImageTest.php
+++ b/test/ImageTest.php
@@ -226,6 +226,24 @@ public function testMissingNotValid(): void
         $this->assertFalse($this->captcha->isValid($input));
     }
 
+    public function testDoubleSubmitNotValidates(): void
+    {
+        $this->captcha->generate();
+        $input = ["id" => $this->captcha->getId(), "input" => $this->captcha->getWord()];
+        $this->assertTrue($this->captcha->isValid($input));
+        $this->assertFalse($this->captcha->isValid($input));
+    }
+
+    public function testInvalidIDCharactersSubmittedNotValidates(): void
+    {
+        $this->captcha->generate();
+        $id = $this->captcha->getId();
+        $input = ["id" => \substr($id, 0, strlen($id) - 1) . "+", "input" => $this->captcha->getWord()];
+        $this->assertFalse($this->captcha->isValid($input));
+        $input = ["id" => \substr($id, 0, strlen($id) - 1) . "-", "input" => $this->captcha->getWord()];
+        $this->assertFalse($this->captcha->isValid($input));
+    }
+
     public function testWrongWordNotValid(): void
     {
         $this->captcha->generate();

From 3ba99ed04c1431573d3a63536a8121820743cc51 Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Thu, 26 Sep 2024 03:35:35 +0200
Subject: [PATCH 8/9] Fix: code style in tests (cant test locally on windows)

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 test/ImageTest.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/ImageTest.php b/test/ImageTest.php
index 11e48b7b..4df0b8cc 100644
--- a/test/ImageTest.php
+++ b/test/ImageTest.php
@@ -21,6 +21,7 @@
 use function mkdir;
 use function sleep;
 use function strlen;
+use function substr;
 use function sys_get_temp_dir;
 use function unlink;
 
@@ -237,7 +238,7 @@ public function testDoubleSubmitNotValidates(): void
     public function testInvalidIDCharactersSubmittedNotValidates(): void
     {
         $this->captcha->generate();
-        $id = $this->captcha->getId();
+        $id    = $this->captcha->getId();
         $input = ["id" => \substr($id, 0, strlen($id) - 1) . "+", "input" => $this->captcha->getWord()];
         $this->assertFalse($this->captcha->isValid($input));
         $input = ["id" => \substr($id, 0, strlen($id) - 1) . "-", "input" => $this->captcha->getWord()];

From 30c51f30da3c2ab15d692d203664e8017e0b758e Mon Sep 17 00:00:00 2001
From: Michael Krasselt <michael@peanutpay.de>
Date: Thu, 26 Sep 2024 03:38:11 +0200
Subject: [PATCH 9/9] Fix: code style in tests (cant test locally on windows)

Signed-off-by: Michael Krasselt <michael@peanutpay.de>
---
 test/ImageTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/ImageTest.php b/test/ImageTest.php
index 4df0b8cc..f4de589e 100644
--- a/test/ImageTest.php
+++ b/test/ImageTest.php
@@ -239,9 +239,9 @@ public function testInvalidIDCharactersSubmittedNotValidates(): void
     {
         $this->captcha->generate();
         $id    = $this->captcha->getId();
-        $input = ["id" => \substr($id, 0, strlen($id) - 1) . "+", "input" => $this->captcha->getWord()];
+        $input = ["id" => substr($id, 0, strlen($id) - 1) . "+", "input" => $this->captcha->getWord()];
         $this->assertFalse($this->captcha->isValid($input));
-        $input = ["id" => \substr($id, 0, strlen($id) - 1) . "-", "input" => $this->captcha->getWord()];
+        $input = ["id" => substr($id, 0, strlen($id) - 1) . "-", "input" => $this->captcha->getWord()];
         $this->assertFalse($this->captcha->isValid($input));
     }