Page MenuHomePhabricator
Create Task
Maniphest T266362

ConfirmEdit RecaptchaNoCaptcha Needs POST not GET
Closed, ResolvedPublic
Actions

Description

Using MediaWiki v. 1.32.4. Enabled RecaptchaNoCaptcha (from ConfirmEdit extension) Captcha type in the LocalSettings.php

In the Google reCAPTCHA account, it says

We detected that your site is not verifying reCAPTCHA solutions. This is required for the proper use of reCAPTCHA on your site. Please see our developer site for more information.

It pointed me to this page: https://developers.google.com/recaptcha/docs/verify#api-request

From there, I found that the API request method was set to GET instead of POST. I found two files where this was set to GET:
/ConfirmEdit/ReCaptchaNoCaptcha/includes/ReCaptchaNoCaptcha.php (line 113)
/ConfirmEdit/ReCaptchaNoCaptcha/ReCaptchaNoCaptcha.class.php (line 111)

Also, not sure if this is related, but new users can't seem to create accounts. I'm getting this error message when trying to sign up for our MediaWiki account:

There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please resubmit the form.

Resubmitting the form returns the same message. Also, not sure if this is preventing existing users from logging in.

Details

SubjectRepoBranchLines +/-
ReCaptchaNoCaptcha: Use POST to siteverifymediawiki/extensions/ConfirmEditmaster+1 -1
ReCaptchaNoCaptcha: Use POST to siteverifymediawiki/extensions/ConfirmEditREL1_35+1 -1
ReCaptchaNoCaptcha: Use POST to siteverifymediawiki/extensions/ConfirmEditREL1_31+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Valery_frick created this task.Oct 23 2020, 6:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 23 2020, 6:25 PM
Valery_frick updated the task description. (Show Details)Oct 23 2020, 6:39 PM
gerritbot added a comment.Oct 24 2020, 11:29 PM

Change 636149 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/ConfirmEdit@master] ReCaptchaNoCaptcha: Use POST to siteverify

https://gerrit.wikimedia.org/r/636149

gerritbot added a project: Patch-For-Review.Oct 24 2020, 11:29 PM
Reedy subscribed.Oct 24 2020, 11:30 PM

Just as a heads up, you're using an unsupported version of MediaWiki. 1.32 went "end of life" in January 2020, as per https://www.mediawiki.org/wiki/Version_lifecycle and https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-January/000245.html

Reedy added a comment.Oct 24 2020, 11:32 PM

From there, I found that the API request method was set to GET instead of POST. I found two files where this was set to GET:
/ConfirmEdit/ReCaptchaNoCaptcha/includes/ReCaptchaNoCaptcha.php (line 113)
/ConfirmEdit/ReCaptchaNoCaptcha/ReCaptchaNoCaptcha.class.php (line 111)

It sounds like you've got old unused files laying around. The second file won't be used anymore after rECOE5b7a36a52124: Clean up some phpcs problems

gerritbot added a comment.Oct 24 2020, 11:33 PM

Change 635983 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/ConfirmEdit@REL1_35] ReCaptchaNoCaptcha: Use POST to siteverify

https://gerrit.wikimedia.org/r/635983

gerritbot added a comment.Oct 24 2020, 11:33 PM

Change 635984 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/ConfirmEdit@REL1_31] ReCaptchaNoCaptcha: Use POST to siteverify

https://gerrit.wikimedia.org/r/635984

gerritbot added a comment.Oct 28 2020, 8:36 PM

Change 635984 merged by jenkins-bot:
[mediawiki/extensions/ConfirmEdit@REL1_31] ReCaptchaNoCaptcha: Use POST to siteverify

https://gerrit.wikimedia.org/r/635984

gerritbot added a comment.Oct 28 2020, 8:37 PM

Change 635983 merged by jenkins-bot:
[mediawiki/extensions/ConfirmEdit@REL1_35] ReCaptchaNoCaptcha: Use POST to siteverify

https://gerrit.wikimedia.org/r/635983

gerritbot added a comment.Oct 28 2020, 11:03 PM

Change 636149 merged by jenkins-bot:
[mediawiki/extensions/ConfirmEdit@master] ReCaptchaNoCaptcha: Use POST to siteverify

https://gerrit.wikimedia.org/r/636149

Reedy closed this task as Resolved.Oct 28 2020, 11:04 PM
Reedy claimed this task.
Maintenance_bot removed a project: Patch-For-Review.Oct 28 2020, 11:10 PM
ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.16; 2020-11-03).Oct 29 2020, 12:00 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL