Skip to content

Fix reCAPTCHA v3 validation when token is in $_POST['captcha']

messica requested to merge messica/formprotection:messica-main-patch-88031 into main

fixes #15 (closed)

Admittedly didn't spend time looking into where/when/why the token got passed around, but on a client's site $_POST['g-recaptcha-token'] was an empty string and the correct token was in $_POST['captcha']. However the code didn't reach that because $_POST['g-recaptcha-token'] is technically set. Changing to !empty instead fixed this for me.

Edited by messica

Merge request reports