CodeIgniter Forums
CI 3.0.3 and Captcha Helper [Problem] - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19)
+--- Thread: CI 3.0.3 and Captcha Helper [Problem] (/showthread.php?tid=63629)



CI 3.0.3 and Captcha Helper [Problem] - Raidenlee - 11-20-2015

Hi all,

I updated from 3.0.2 to 3.0.3 and a problem with the captcha arised. I debugged my code and still my application was not loading.
So i went to the System/Helpers/Captcha Helper file where I noticed a difference in the 3.0.2 and 3.0.3 Captcha Helper files. There are three "if (empty($word))" statements in the 3.0.3 captcha helper file.

Now i know once a $word is set it won't go to the other if statements but the second if statement is what is breaking my application:

Code:
if (empty($word))
{
// Nobody will have a larger character pool than
// 256 characters, but let's handle it just in case ...
//
// No, I do not care that the fallback to mt_rand() can
// handle it; if you trigger this, you're very obviously
// trying to break it. -- Narf
if ($pool_length > 256)
{
return FALSE;
}

// We'll try using the operating system's PRNG first,
// which we can access through CI_Security::get_random_bytes()
$security = get_instance()->security;

// To avoid numerous get_random_bytes() calls, we'll
// just try fetching as much bytes as we need at once.
if (($bytes = $security->get_random_bytes($pool_length)) !== FALSE)
{
$byte_index = $word_index = 0;
while ($word_index < $word_length)
{
if (($rand_index = unpack('C', $bytes[$byte_index++])) > $rand_max)
{
// Was this the last byte we have?
// If so, try to fetch more.
if ($byte_index === $pool_length)
{
// No failures should be possible if
// the first get_random_bytes() call
// didn't return FALSE, but still ...
for ($i = 0; $i < 5; $i++)
{
if (($bytes = $security->get_random_bytes($pool_length)) === FALSE)
{
continue;
}

$byte_index = 0;
break;
}

if ($bytes === FALSE)
{
// Sadly, this means fallback to mt_rand()
$word = '';
break;
}
}

continue;
}

$word .= $pool[$rand_index];
$word_index++;
}
}
}

I commented our the piece of code above and my application worked fine.


RE: CI 3.0.3 and Captcha Helper [Problem] - Narf - 12-11-2015

https://github.com/bcit-ci/CodeIgniter/commit/2fe1a2389aa13c3acde7fb42ab35e79504e89f75