Contrib.social

recaptcha-php/examples sends unvalidated data to a web browser

Open on Drupal.org β†’
Created on 8 November 2024, 6 months ago

This issue was discussed by the Drupal Security Team, and their decision was that this can be solved in a public issue.

Problem/Motivation

When the issue was reported to the security team, @cilefen made the following observation:

> However, there are a few example files in the library, such as recaptcha-v2-checkbox-explicit.php, which contains the follow, which is basically identical to the example-captcha.php file you attached:

    // The POST data here is unfiltered because this is an example.
    // In production, *always* sanitise and validate your input'
    ?>
        <h2><kbd>POST</kbd> data</h2>
        <kbd><pre><?php var_export($_POST);?></pre></kbd>

Original report by @sarswatsudhakar references files in 7.x-2.2 which were later removed (https://git.drupalcode.org/project/recaptcha/-/blob/7.x-2.2/recaptcha-ph...)

> Line 76 of example-captcha.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. in below mention files

Steps to reproduce

@larowlan attempted to exploit this on nginx and apache and was unable to.

Proposed resolution

From @poker10: remove the recaptcha-php/examples folder from 7.x-2.x version of the module. This is recommended so that the example code will not communicate insecure patterns.

Remaining tasks

User interface changes

API changes

Data model changes

πŸ“Œ Task
Status

Active

Version

2.0

Component

General

Created by

πŸ‡ΊπŸ‡ΈUnited States akalata

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024