From abb0a681fc96849761542b3051867c4bd5a53660 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 30 Aug 2019 20:20:54 +0200 Subject: [PATCH] FIX possibility to bypass captcha if it has been validated otherwise --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 1e92838a0d7..9883f95ad31 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -491,7 +491,7 @@ if (! defined('NOLOGIN')) } // Verification security graphic code - if (GETPOST("username", "alpha", 2) && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) + if (GETPOST("username", "alpha", 2) && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) && ! isset($_SESSION['dol_bypass_antispam'])) { $sessionkey = 'dol_antispam_value'; $ok=(array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));