Comments (4)
Fix will be included in the upcoming version 1.4.0
from form_crshield.
Thanks for your report.
When the form is submitted with a valid CR value but server side validation fails, the form is shown with the validation message but with the POSTed (and validated) CR value. The JavaScript then however performs the ROT13 calculation on the CR field again, resulting in the described problem.
This scenario can be catched in JavaScript, because a POSTed CR value does not contain any delay
, which therefore is evaluated to undefined
. I
from form_crshield.
@maxmishyn I created a fix for the issue and added acceptance tests to cover the scenario. Would you mind to test the fix, which has been pushed to the development branch?
from form_crshield.
Hi @derhansen. Thanks for that fast response/fix. I tried to fix it from the server's side as I was not sure if it is intended or not to validate challenge/response on repeated submits.
But the solution if JS is fine. Looks like it is working as it should now.
from form_crshield.
Related Issues (18)
- [FEATURE] Add configurable delay for response calculation
- [TASK] Add invalid default value to CR field
- [TASK] Always write POST data to debug log
- [TASK] Harden HMAC calculation
- [TASK] Obfuscate included JavaScript HOT 1
- TYPO3 10 LTS compatibility HOT 1
- [BUG] Summary step does not validate HOT 1
- [BUG] Form editor preview broken since install of form_crshield HOT 2
- [TASK] Add acceptance test suites
- Message “detected as spam” HOT 4
- [TASK] Clarify extension description
- I always get different expected vs calculated data in Firefox 121 on mac HOT 8
- [TASK] Calculate page cache timeout manually
- [TASK] Avoid usage of EXEC_TIME
- Form does not get sent with version 1.4.0 HOT 1
- Spam prevention doesn’t work anymore since update 1.4.0 -> 1.4.1 HOT 2
- override for given form HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from form_crshield.