Forgot to clear used captcha info from the session after answering.
authorBrion Vibber <brion@users.mediawiki.org>
Sun, 29 Jan 2006 02:25:04 +0000 (02:25 +0000)
committerBrion Vibber <brion@users.mediawiki.org>
Sun, 29 Jan 2006 02:25:04 +0000 (02:25 +0000)
ConfirmEdit.php
FancyCaptcha.php

index aec3a35bc56ce63aedd80ec7679382fbab7e93f3..0693b118e2d54a6de682f1405360c790647c3101 100644 (file)
@@ -261,8 +261,10 @@ class SimpleCaptcha {
                                global $wgRequest;
                                if( $this->keyMatch( $wgRequest, $info ) ) {
                                        $this->log( "passed" );
+                                       $this->clearCaptcha( $info );
                                        return true;
                                } else {
+                                       $this->clearCaptcha( $info );
                                        $this->log( "bad form input" );
                                }
                        } else {
@@ -289,16 +291,15 @@ class SimpleCaptcha {
         * Pass the returned id value into the edit form as wpCaptchaId.
         *
         * @param array $info data to store
-        * @param string $index optional, to overwrite used session
         * @return string captcha ID key
         */
-       function storeCaptcha( $info, $index=null ) {
-               if( is_null( $index ) ) {
-                       $index = strval( mt_rand() );
-                       $info['index'] = $index;
+       function storeCaptcha( $info ) {
+               if( !isset( $info['index'] ) ) {
+                       // Assign random index if we're not udpating
+                       $info['index'] = strval( mt_rand() );
                }
-               $_SESSION['captcha' . $index] = $info;
-               return $index;
+               $_SESSION['captcha' . $info['index']] = $info;
+               return $info['index'];
        }
        
        /**
@@ -315,6 +316,14 @@ class SimpleCaptcha {
                }
        }
        
+       /**
+        * Clear out existing captcha info from the session, to ensure
+        * it can't be reused.
+        */
+       function clearCaptcha( $info ) {
+               unset( $_SESSION['captcha' . $info['index']] );
+       }
+       
        /**
         * Retrieve the current version of the page or section being edited...
         * @param EditPage $editPage
index e6363281d1acb251226fa5490d6a21fb24ca856f..f10cf093897816265f5a7c72b577413d233e0728 100644 (file)
@@ -163,7 +163,7 @@ class FancyCaptcha extends SimpleCaptcha {
                        }
                        
                        $info['viewed'] = wfTimestamp();
-                       $this->storeCaptcha( $info, $info['index'] );
+                       $this->storeCaptcha( $info );
                        
                        $salt = $info['salt'];
                        $hash = $info['hash'];