Bypassed validation via admin-ajax.php

  • Resolved Arlind Nushi

    (@arl1nd)


    1 year, 5 months ago

    Hello,

    I see you have added a check in gglcptch_is_recaptcha_required function which is causing issues in my theme.

    I use your plugin for captcha verification via WP AJAX requests (admin-ajax.php) but this check prevents the form from being validated because it always returns true:

    if ( wp_is_json_request() ) {
    return false;
    }

    I use jQuery to submit the contact form $.post( url, data, ... )

    You should exclude jQuery requests done in admin-ajax.php in this place.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support andrewsupport

    (@andrewsupport)

    Please clarify the problem. You have a form that is submitted via admin-ajax.php. It contains our captcha.
    And it always passes the test, because this condition is triggered

    if ( wp_is_json_request() ) { return false;}

    Did I understand the problem correctly?

    Thread Starter Arlind Nushi

    (@arl1nd)

    Hi @andrewsupport

    Here I will describe in details what happens:

    I use captcha in my contact form (which is standalone and not uses any lib)

    To add support for custom contact form, I have added this PHP:

    function kalium_contact_form_recaptcha_support( $forms ) {
	$forms['kalium-contact-form'] = [
		'form_name' => 'Kalium Contact Form',
	];

	return $forms;
}

add_action( 'gglcptch_add_custom_form', 'kalium_contact_form_recaptcha_support' );

    Then in admin page I have selected Recaptcha v2 plugin and checked Kalium Contact Form to use:

    Then in contact form I use the she hook as described in your documentation:

    echo apply_filters( 'gglcptch_display_recaptcha', '', 'kalium-contact-form' );

    The form is submitted via AJAX and so it gets the g-recaptcha-response field on post request. Then in wp_ajax_process_contact_form hook I try to validate the captcha using this hook:

    $success = apply_filters( 'gglcptch_verify_recaptcha', true, 'bool', 'kalium-contact-form' );

    It used to work in the past and returned false when captcha was invalid, but now it returns always true, and after investigating I have found that the issue is related here:

    So the real problem stands here:

    If I comment this line it works as expected.

    The problem is that the request in AJAX from jQuery is sent using $.post( … ) as JSON type becuase it expects the response to be given in JSON as well.

    My advice is that you should differentiate the requests made in the REST API and admin-ajax.php file.

    Hopefully I was clear on my explanation

    Plugin Support andrewsupport

    (@andrewsupport)

    Thank you.
    Could you please send us your entire $_POST so that we can highlight some feature and allow us to apply a filter or throw an exception?
    Thank you.

    Plugin Support andrewsupport

    (@andrewsupport)

    Hi,

    Since there is no reply from you, we consider this topic as resolved. We hope you’ve found the solution. Have a nice day.

    dark_diesel

    (@dark_diesel)

    Hello! I have the same problem and validation filter every time success even i don’t to click captcha checkbox.

    My post request is:

    {
	"action": "fimgpt-subscribe-user",
	"form[0][name]": "email",
	"form[0][value]": "a",
	"form[1][name]": "g-recaptcha-response",
	"form[1][value]": "03AFcWeA7dHWB84iDKTuUl77_z24ygqD2pOFNrSnv85cAwmSwsOrROptgeeNGmUrV8MYaXali8syXkXkaOHF2n7f5GFwpDrSpGeaAJLuFH2w_OCGiS7VmqAp0jbNXntsVlbFJs0DFH2VSBf9yfi3QhhP03U8Pl6bVPVzl2iJANBcA27gABsxNRGDe7WBltP8H_hR3jWLrk3_14Gl66qCCJZ6ydrIC4APe7s-HxYKVyM-AEdyKrmJtpdjdoWPyXrfsv36lEN_FMI4OglATIatSYYAjcmk9RZpoDZMewMJSZJtRoZ3uM_qLNFxb1Ofq8W1IDR7gj6dR5NQEn0XuO4DSOCQUXDK6VajYuFpSXjYpCPIqLGQULqODjhC5z5_oktAXXP-yVBu1ox-70MLZz1-R_3P8dFhqK5XKNaDE6SGCpebDvbTnV2rzfjXnSaTc8YTn6fo-DNcP5O20wrrTaSimtKZelhWcLKUrt-iBA1CxxQaPkcCc8fv9lcolLNeCDTfN2cRCkIpF56DiU5xkHvLnLlK57UML3QPsS7RKW-pM-dAgodCO4lSrAPQh2Hh91bWsRQoSHg2r-rzIQ1bjmQ4dYTg6F58mpuJnOxuZX8tEYtQ3MQJNane0_dlgwsCZB3HLEgPV_Q8v3VgpuIKCllsgbMSLLjwPDwCWUjk8SOfWZswkOjOkcNQGCYlhtmk1h1za4AR4EamxH_RCgBmRQITJKALeZw0hrqWqAFl0LD2BrZ1WTa55LqDdzStgLATqFIH2SLNNcodns4vOP7MHlay2XEfErs-DQDQzhIR-47w00Zr2IGIfP_BW86pZGGDeCEuecqlGhE9TuHLBmFu_t4PdUrpXUSeBi79KUVNsdS2iiUEwbEe9nhlydqix3qPQAgnQPgbg6kPzBWUu_tJhH9-kggceW-EOswG9egXnBbpAeicMTAIq8gQKAvniweqXB2b92I9bfoi4_zyV6i--8sQlQ1S4NyGGjA-Qv6esNG0Y1Kz6OkbgqIKX0uVBU4rC_1VZxike-7mjJVS7VPA17gL0DMjz37HXl5kOpERnVmQVH52EFGCFXSZve0bKC5q5IJzESZBXT_i1DYMi9AGUen2ioIk8bQtfcehJ92RhJWLP50O-h7ZF0Ba7EGQym1O13Rf-5rfh0GyVfEF7Htq1ChumjyWszAqHguJKzNWXWW1eFr78mWKJgc6D6V3EdnbEhVqJMJbTPiqIuxRvb3lxRYvthpIKpBObmd3MImQn3IoFt_DNQJV86_OzN87nk3xKEWA5evh040Yd1j1Tw0rgOb2kfHrV3PngZX9CO12QIRb6Ppj77U387Vq3ScBcshbqxw4oNwFqCQMP7HaaLjwO7-nMCpY5S4YW6_coadVqzUkTQz-LxPGtbx_257e5vJr8towh3YHHS8tJ5eYsTUwwIN5zGaGiX3LolvIgdGCTOOjpDz5RNrpmM91M5C6k3smRzKxvHKxchlII91KRdX9MLwEz17rJuQtL6v7xFDq6pT-Pdlb89tTmCfFF-ceKxmIRt51reHRIBvEz1I8QogWcN33I9GMybBszVLlOlD62xIEDHBLO2IAVWahGoL1xA7F6MayC3eU-lRNzNbCR9B7hdBF6E7_pzCZxeo8mtdQihMfTrYRwsQGGaZgDc2oOXmmAS8j8omI5uGOzpfF-o"
}

    I have this values on my form. I don’t spent much time to learn code of you plugin (will do this later if will not find solution), but which function from plugin i can use and past this value and check result? Or you can suggest any other solutions for custom ajax forms? Thank you.

    • This reply was modified 12 months ago by James Huff.
    • This reply was modified 12 months ago by dark_diesel.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Bypassed validation via admin-ajax.php’ is closed to new replies.