Skip to content

Commit

Permalink
Fix: non-scalar value submitted as recaptcha value
Browse files Browse the repository at this point in the history
  • Loading branch information
@glaubinix
glaubinix committed Feb 26, 2024
1 parent 6db1a17 commit 9f633e6
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/Recaptcha/RecaptchaVerifier.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

use ReCaptcha\ReCaptcha;
use ReCaptcha\Response;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;

Expand All @@ -30,7 +31,11 @@ public function verify(?string $recaptchaValue = null): void
// If empty, we use the default input drawn by google JS we need to get
// the value with hardcoded variable
if (empty($recaptchaValue) && $request->request->has(self::GOOGLE_DEFAULT_INPUT)) {
$recaptchaValue = $request->request->get(self::GOOGLE_DEFAULT_INPUT);
try {
$recaptchaValue = $request->request->get(self::GOOGLE_DEFAULT_INPUT);
} catch (BadRequestException) {
throw new RecaptchaException(new Response(false));
}
}

if (!is_string($recaptchaValue)) {
Expand Down
18 changes: 18 additions & 0 deletions tests/Recaptcha/RecaptchaVerifierTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,4 +73,22 @@ public function testVerifyFailure(): void
$verifier = new RecaptchaVerifier($this->recaptcha, $this->stack);
$verifier->verify('captcha-response');
}

public function testVerifyRecaptchaValueSubmitted(): void
{
$this->expectException(RecaptchaException::class);

$request = new Request();
$request->request->set('g-recaptcha-response', []);

if (\is_callable([$this->stack, 'getMainRequest'])) {
$this->stack->expects(self::once())->method('getMainRequest')->willReturn($request);
} else {
$this->stack->expects(self::once())->method('getMasterRequest')->willReturn($request);
}
$this->request->expects(self::never())->method('getClientIp');

$verifier = new RecaptchaVerifier($this->recaptcha, $this->stack);
$verifier->verify();
}
}

0 comments on commit 9f633e6

Please sign in to comment.