Skip to content

reCaptcha v3 not validating

Trying to make reCaptcha v3 works on a contribution page with Moneris gateway, I noticed a few problems leading to always failing the validation. The recaptcha token is not passed in the $_POST.

Reading the code, I see that :

  1. the template file get loaded 2 times
  2. there is double declaration of <input id="g-recaptcha-token"> in the template + in Civi/Formprotection/Forms.php
  3. the recaptcha token input is not added between the form tags, so the captcha token is never passed in the $_POST

My current hacks are :

  1. temporary disabling the multiple call of CRM_Utils_ReCAPTCHA::enableCaptchaOnForm :
diff --git a/Civi/Formprotection/Floodcontrol.php b/Civi/Formprotection/Floodcontrol.php
index e47f5d3..d1ee7ea 100644
--- a/Civi/Formprotection/Floodcontrol.php
+++ b/Civi/Formprotection/Floodcontrol.php
@@ -55,7 +55,7 @@ class Floodcontrol {
     }
 
     if (!\CRM_Core_Session::getLoggedInContactID() && is_callable(['CRM_Utils_ReCAPTCHA', 'enableCaptchaOnForm'])) {
-      \CRM_Utils_ReCAPTCHA::enableCaptchaOnForm($form);
+      //\CRM_Utils_ReCAPTCHA::enableCaptchaOnForm($form);
     }
   }
 
@@ -93,7 +93,7 @@ class Floodcontrol {
 
     if ($max_count_recaptcha && $data['success'] >= $max_count_recaptcha) {
       \Civi::log()->warning("floodcontrol: enabling captcha [{$data['success']} success of $max_count_recaptcha]");
-      \CRM_Utils_ReCAPTCHA::enableCaptchaOnForm($form);
+      //\CRM_Utils_ReCAPTCHA::enableCaptchaOnForm($form);
     }
   }
  1. remove the one from Civi/Formprotection/Forms.php :
diff --git a/Civi/Formprotection/Recaptcha.php b/Civi/Formprotection/Recaptcha.php
index d34363d..fae7523 100644
--- a/Civi/Formprotection/Recaptcha.php
+++ b/Civi/Formprotection/Recaptcha.php
@@ -204,9 +205,6 @@ class Recaptcha {
     }
 
     return '
-  <form method="post" action="#">
-  <input type="hidden" id="g-recaptcha-token" name="g-recaptcha-token">
-  </form>
   <script src="' . self::$apiURL . '?render=' . $pubkey . '"></script>
   <script type="text/javascript">
   function reloadReCAPTCHA() {
  1. move to the region form-bottom instead of page-body and remove <form> :
diff --git a/CRM/Utils/ReCAPTCHA.php b/CRM/Utils/ReCAPTCHA.php
index 22c8912..9e34c8d 100644
--- a/CRM/Utils/ReCAPTCHA.php
+++ b/CRM/Utils/ReCAPTCHA.php
@@ -100,7 +100,7 @@ class CRM_Utils_ReCAPTCHA {
     if (Recaptcha::hasSettingsAvailable()) {
       $captcha->add($form);
       $form->assign('isCaptcha', TRUE);
-      CRM_Core_Region::instance('page-body')->add(['template' => 'CRM/common/ReCAPTCHA.tpl']);
+      CRM_Core_Region::instance('form-bottom')->add(['template' => 'CRM/common/ReCAPTCHA.tpl']);
     }
   }

diff --git a/templates/CRM/common/ReCAPTCHA.tpl b/templates/CRM/common/ReCAPTCHA.tpl
index 3e3d492..737d55b 100644
--- a/templates/CRM/common/ReCAPTCHA.tpl
+++ b/templates/CRM/common/ReCAPTCHA.tpl
@@ -18,10 +18,8 @@
       <tr>
         <td class="recaptcha_label">&nbsp;</td>
         <td>
-          <form id="form_id" method="post">
             <input type="hidden" id="g-recaptcha-token" name="g-recaptcha-token">
             <input type="hidden" name="action" value="validate_captcha">
-          </form>
         </td>
         <td>{$recaptchaHTML}</td>
       </tr>
Edited by samuelsov