It's an improvement. I don't really like an alternative like ´Your submission was flagged as possibly from an automated spam submission agent / bot. Please try again, or contact us if the problem persists.'
Just adding support for concept behind this. We are currently running into spam donations trying to validate card numbers on a client site and are wanting different defences in depth; shifting from Google recaptcha v2 to v3 is setting off problems with false positives for people who get message about recaptcha failing but not having seen anything in their UI. Would be nice to have an alternative to go with tighter firewall and honeypot, etc.
There are ongoing debates about good UX for failed invisible CAPTCHA errors but I don't like the existing answers. And the more I look at my suggested replacement in this MR, the less enthused I am about it. I was trying to avoid ReCAPTCHA
as a term not everyone knows, but I don't know that bot
is any better. And behavior
requires l10n for non-US English, which feels unnecessary.
So consider this an open bikeshed question - what can we tell the user that feels actionable to them, in non-technical language? I'll mull this for a day or two, but maybe the answer is jumping out at you.
Sorry for the delay. I did a drush cr and cv flush and the site/pages seem to work now. I did get errors on the cv flush for what appears to be other extensions (see below). I also checked for the folder and it exists.
Thx.
root@argon:# cv flush PHP Notice: Indirect modification of overloaded property CRM_Core_Smarty::$template_dir has no effect in /web/sites/default/files/civicrm/ext/sweetalert/sweetalert.civix.php on line 100 Notice: Indirect modification of overloaded property CRM_Core_Smarty::$template_dir has no effect in /web/sites/default/files/civicrm/ext/sweetalert/sweetalert.civix.php on line 100 PHP Notice: Indirect modification of overloaded property CRM_Core_Smarty::$template_dir has no effect in /web/sites/default/files/civicrm/ext/com.joineryhq.activityical/activityical.civix.php on line 100 Notice: Indirect modification of overloaded property CRM_Core_Smarty::$template_dir has no effect in /web/sites/default/files/civicrm/ext/com.joineryhq.activityical/activityical.civix.php on line 100 PHP Notice: Indirect modification of overloaded property CRM_Core_Smarty::$template_dir has no effect in /web/sites/default/files/civicrm/ext/summernote/summernote.civix.php on line 100 Notice: Indirect modification of overloaded property CRM_Core_Smarty::$template_dir has no effect in /web/sites/default/files/civicrm/ext/summernote/summernote.civix.php on line 100 Flushing system caches
@sannsllc have you tried clearing Drupal's cache, it could be that the symfony container needs a bit of a kick along. Also can you confirm if in the vendor/civicrm/civicrm-core/mixin there is a folder called "smarty-v2@1"
I tried updating to smarty v3 and on contrib pages, I get the error below, even after updating form protection to 1.6. Oddly, I get the error when testing as an anonymous user (Drupal CMS) but I don't when testing as an admin.
===================================
$Fatal Error Details = array:3 [ "message" => "Unable to load template 'file:CRM/common/ReCAPTCHA.tpl'" "code" => null "exception" => SmartyException {#3557 #message: "Unable to load template 'file:CRM/common/ReCAPTCHA.tpl'" #code: 0 #file: "//vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php" #line: 195 trace: { //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php:195 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatebase.php:232 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatebase.php:116 { …} //vendor/civicrm/civicrm-core/CRM/Core/Region.php:81 { …} //vendor/civicrm/civicrm-core/CRM/Core/Region.php:157 { …} //vendor/civicrm/civicrm-core/CRM/Core/Smarty/plugins/block.crmRegion.php:26 { …} //web/sites/default/files/civicrm/templates_c/en_US/d8/b3/06/d8b306b89dd33b0c1180ce116a1f43098225d84e_0.file.default.tpl.php:67 { content_65ad3b3fb96a47_67696674(Smarty_Internal_Template $_smarty_tpl) › $_block_repeat=false; › echo smarty_block_crmRegion(array('name'=>'form-bottom'), ob_get_clean(), $_smarty_tpl, $_block_repeat); › } } //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_template_resource_base.php:123 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_template_compiled.php:114 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php:216 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php:385 { …} //web/sites/default/files/civicrm/templates_c/en_US/f3/13/53/f313536a9b3601d61e0da484f3778cb16ac613f1_0.file.CMSPrint.tpl.php:100 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_template_resource_base.php:123 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_template_compiled.php:114 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php:216 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php:385 { …} //web/sites/default/files/civicrm/templates_c/en_US/18/e0/0c/18e00ce8c05f236954630d220d722131bb46fd20_0.file.drupal8.tpl.php:31 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_template_resource_base.php:123 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_template_compiled.php:114 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php:216 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatebase.php:232 { …} //vendor/civicrm/civicrm-packages/smarty3/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatebase.php:116 { …} //vendor/civicrm/civicrm-core/CRM/Core/QuickForm/Action/Display.php:117 { …} //vendor/civicrm/civicrm-core/CRM/Core/QuickForm/Action/Display.php:83 { …} //vendor/civicrm/civicrm-packages/HTML/QuickForm/Controller.php:203 { …} //vendor/civicrm/civicrm-packages/HTML/QuickForm/Page.php:103 { …} //vendor/civicrm/civicrm-core/CRM/Core/Controller.php:355 { …} //vendor/civicrm/civicrm-core/CRM/Core/Invoke.php:322 { …} //vendor/civicrm/civicrm-core/CRM/Core/Invoke.php:69 { …} //vendor/civicrm/civicrm-core/CRM/Core/Invoke.php:36 { …} //web/modules/contrib/civicrm/src/Civicrm.php:88 { …} //web/modules/contrib/civicrm/src/Controller/CivicrmController.php:83 { …} Drupal\civicrm\Controller\CivicrmController->main() {} //web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php:123 { …} //web/core/lib/Drupal/Core/Render/Renderer.php:627 { …} //web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php:121 { …} //web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php:97 { …} //vendor/symfony/http-kernel/HttpKernel.php:181 { …} //vendor/symfony/http-kernel/HttpKernel.php:76 { …} //web/core/lib/Drupal/Core/StackMiddleware/Session.php:58 { …} //web/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php:48 { …} //web/core/lib/Drupal/Core/StackMiddleware/ContentLength.php:28 { …} //web/core/modules/big_pipe/src/StackMiddleware/ContentLength.php:32 { …} //web/core/modules/page_cache/src/StackMiddleware/PageCache.php:106 { …} //web/core/modules/page_cache/src/StackMiddleware/PageCache.php:85 { …} //web/core/modules/ban/src/BanMiddleware.php:50 { …} //web/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php:48 { …} //web/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php:51 { …} //web/core/lib/Drupal/Core/StackMiddleware/AjaxPageState.php:36 { …} //web/core/lib/Drupal/Core/StackMiddleware/StackedHttpKernel.php:51 { …} //web/core/lib/Drupal/Core/DrupalKernel.php:704 { …} //web/index.php:19 { …} } } ]
mattwire (31519b75) at 19 Jan 19:29
Release 1.6.1
mattwire (31519b75) at 19 Jan 19:29
Release 1.6.1
When Form Protection is enabled, cv
will fail with this error:
[Drupal\Core\DependencyInjection\ContainerNotInitializedException]
\Drupal::$container is not initialized yet. \Drupal::setContainer() must be called with a real container.
This is because the settings
files are called very early in the bootstrap, and the settings file has this line:
'description' => E::ts('Display a <a href="%1">ReCAPTCHA</a> when there are errors.', [1 => CRM_Utils_System::url('civicrm/admin/setting/recaptcha', 'reset=1')]),
CRM_Utils_System::url()
is...not great on D9+, and it's something I've spent a lot of time trying to fix (with limited success). But essentially, url()
is getting passed off to Drupal itself, which isn't bootstrapped here.
Looking at this line - I'm even wondering if this description is still accurate. It links to /civicrm/admin/setting/recaptcha
- but doesn't modern Form Protection use its own ReCAPTCHA?
A quick test suggests this path is invalid. I'll submit a MR to amend the description.
Closes #24. Removes a URL that is no longer valid, fixes cv
on D9+.
Closes #24. Removes a URL that is no longer valid, fixes cv
on D9+.
When Form Protection is enabled, cv
will fail with this error:
[Drupal\Core\DependencyInjection\ContainerNotInitializedException]
\Drupal::$container is not initialized yet. \Drupal::setContainer() must be called with a real container.
This is because the settings
files are called very early in the bootstrap, and the settings file has this line:
'description' => E::ts('Display a <a href="%1">ReCAPTCHA</a> when there are errors.', [1 => CRM_Utils_System::url('civicrm/admin/setting/recaptcha', 'reset=1')]),
CRM_Utils_System::url()
is...not great on D9+, and it's something I've spent a lot of time trying to fix (with limited success). But essentially, url()
is getting passed off to Drupal itself, which isn't bootstrapped here.
Looking at this line - I'm even wondering if this description is still accurate. It links to /civicrm/admin/setting/recaptcha
- but doesn't modern Form Protection use its own ReCAPTCHA?
A quick test suggests this path is invalid. I'll submit a MR to amend the description.
In the past week, I've had three different sites experience ReCAPTCHA v3 false positives after previously having had none.
This also reveals another issue - when ReCAPTCHA v3 fails, depending on the configuration the visitor may or may not see an error message, but it's not actionable in any way - e.g. there's no fallback CAPTCHA.
I don't have any steps to take right now, but I'm starting this conversation because I presume others are seeing the same.
Resolved in 1.6 via !19 (merged)
mattwire (fa1ff074) at 18 Jan 14:58
Release 1.6
mattwire (fa1ff074) at 18 Jan 14:57
Release 1.6
Overview Inserting a honey pot field before a price set field can cause a conflict with how the dynamically added field is displayed; mainly that it displays the field to front end users when it should be hidden. This styling problem was noted on Issue 21, but rather than style the field differently, this PR proposed changing what elements are eligible to have a honey pot field inserted before it.
Before
Previously, $insertBefore
was set by a somewhat complicated call to rand()
that wrapped several different form scenarios into one line of code. But mainly, the randomization only concerned itself with not placing the honey pot field before the first element or the last, unless there was only one element on the form.*
After
With this PR, $insertBefore
is set by determining how many elements are on the form, and if there is more than one, it avoids selecting an element that coordinates with a price set/recurring button field so as not to encounter the display issue.
Testing
*In my testing, I was not able to replicate a scenario in which $inputElementCount === 1
was one. Even on a standalone Profile with only one field, $inputElementCount
evaluated to 6.
mattwire (306fc923) at 18 Jan 14:49
Merge branch 'candidate_parts' into 'main'
... and 1 more commit
This is my response to #22. By allowing admins to configure the ReCAPTCHA sensitivity, we should be able to address the concerns of folks with false positives. @AllenShaw you expressed a need for this, making sure you see this.