#4 — captcha time periods are incorrectly calculated
by
Martijn Pieters
—
last modified
May 21, 2010 03:55 PM
| State | Resolved |
|---|---|
| Version: | 1.4 |
| Area | Functionality |
| Issue type | Bug |
| Severity | Medium |
| Submitted by | Martijn Pieters |
| Submitted on | Jul 15, 2009 |
| Responsible | Martijn Pieters |
| Target release: |
—
|
collective/captcha/browser/captcha.py has a subtle bug in _generate_words: the intent was to allow a captcha to be used within a 10-minute window but the current time is converted to 5 minute intervals before subtracting for the previous time period in minutes:
nowish = _TEST_TIME or int(time.time() / 300)
secret = getUtility(IKeyManager).secret()
seeds = [sha.new(secret + session + str(nowish)).digest(),
sha.new(secret + session + str(nowish - 5)).digest()]
This should be the number of 5-minute intervals ago:
nowish = _TEST_TIME or int(time.time() / 300)
secret = getUtility(IKeyManager).secret()
seeds = [sha.new(secret + session + str(nowish)).digest(),
sha.new(secret + session + str(nowish - 1)).digest()]
nowish = _TEST_TIME or int(time.time() / 300)
secret = getUtility(IKeyManager).secret()
seeds = [sha.new(secret + session + str(nowish)).digest(),
sha.new(secret + session + str(nowish - 5)).digest()]
This should be the number of 5-minute intervals ago:
nowish = _TEST_TIME or int(time.time() / 300)
secret = getUtility(IKeyManager).secret()
seeds = [sha.new(secret + session + str(nowish)).digest(),
sha.new(secret + session + str(nowish - 1)).digest()]
Added by
Martijn Pieters
on
May 21, 2010 03:55 PM
Fixed with http://dev.plone.org/collective/changeset/117977. Thanks!
Issue state:
Unconfirmed
→
Resolved
Responsible manager:
(UNASSIGNED)
→
mj
No responses can be added.
If you can, please log in before submitting a reaction.