Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14241

Security bug into Spambot control Questions

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.6
    • Fix Version/s: 3.1.9-RC1
    • Component/s: Other
    • Labels:
      None

      Description

      Spambots can avoid control question.
      phpbb/captcha/plugins/qa.php
      find

         function validate()
         {
            global $config, $db, $user;
      
            $error = '';
            
            if (!sizeof($this->question_ids))
            {
               return false;
            }
      

      Must change to

         function validate()
         {
            global $config;
      
            $error = '';
            
            if (!sizeof($this->question_ids))
            {
               $error = "Wrong question confirmation";
               return $error;
            }
      

        Attachments

          Activity

            People

            • Assignee:
              Marc Marc
              Reporter:
              Boris Berdichevski Boris Berdichevski
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: