Closed (fixed)
Project:
Drupal 6 Long Term Support
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
4 Mar 2022 at 20:11 UTC
Updated:
4 Jul 2022 at 23:14 UTC
Jump to comment: Most recent
Problem/Motivation
This appears to have re-emerged more recently as an issue with the captcha-6.x-2.7 version. When Captcha is used it fails with the error:
- CAPTCHA session reuse attack detected.
- The answer you entered for the CAPTCHA was not correct.
A similar problem was reported before and committed on 2010-11-09 for version 2.3 #810534: Fix CAPTCHA session reuse. The work around described in comment #12 to change settings and enable "Always add a challenge" does not solve the problem.
There is also another issue #2474959: CAPTCHA session reuse attack detected with a patch for D7 in comment #19 that may need to be back ported.
Steps to reproduce
Use captcha on a site where it is enabled with PHP 7.4.x
Proposed resolution
Develop and test back port from #2474959: CAPTCHA session reuse attack detected
Comments
Comment #2
izmeez commentedUpdated title.
Comment #3
izmeez commentedThe cause of this has been identified to be the result of adding a patch to the site from the github d6lts issues, https://github.com/d6lts/drupal/pull/61
The patch was reversed and everything is working fine as it was before.
Comment #5
roderikWhen I was seeing this message, I concluded that it was introduced in captcha version 2.6.
Patch is uploaded to #2463125-3: CAPTCHA Session Reuse message on Node Add with preview before save. See the patch: the return value from
db_result()is either the value from the query or FALSE, so the code since 2.6 (testing for!isset()) just doesn't make any sense.Comment #6
izmeez commented@roderik Thanks for the reply. You make a good point and the patch you reference is quite simple. We will have to revisit this. It is curious that it continues to work until one hunk in your patch with the pull request exposes it.