Fixed issue #6610: Security captcha does not accept valid values

LimeSurvey · Oct 1, 2012 · 625a3de · 625a3de
1 parent c4e6508
commit 625a3de
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/application/controllers/RegisterController.php b/application/controllers/RegisterController.php
@@ -96,8 +96,8 @@ function actionIndex($surveyid = null)
         if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen',$thissurvey['usecaptcha']) )
         {
             if (!isset($_POST['loadsecurity']) ||
-            !isset(Yii::app()->session['secanswer']) ||
-            Yii::app()->request->getPost('loadsecurity') != Yii::app()->session['secanswer'])
+            !isset($_SESSION['survey_'.$surveyid]['secanswer']) ||
+            Yii::app()->request->getPost('loadsecurity') != $_SESSION['survey_'.$surveyid]['secanswer'])
             {
                 $register_errormsg .= $clang->gT("The answer to the security question is incorrect.")."<br />\n";
             }

diff --git a/application/controllers/survey/index.php b/application/controllers/survey/index.php
@@ -406,8 +406,8 @@ function sendreq(surveyid)
             if (function_exists("ImageCreate") && isCaptchaEnabled('saveandloadscreen',$thissurvey['usecaptcha']))
             {
                 if ( (!isset($_POST['loadsecurity']) ||
-                !isset(Yii::app()->session['secanswer']) ||
-                $_POST['loadsecurity'] != Yii::app()->session['secanswer']) &&
+                !isset($_SESSION['survey_'.$surveyid]['secanswer']) ||
+                $_POST['loadsecurity'] != $_SESSION['survey_'.$surveyid]['secanswer']) &&
                 !isset($_GET['scid']))
                 {
                     $errormsg .= $clang->gT("The answer to the security question is incorrect.")."<br />\n";

diff --git a/application/libraries/Save.php b/application/libraries/Save.php
@@ -121,8 +121,8 @@ function savedcontrol()
         if (function_exists("ImageCreate") && isCaptchaEnabled('saveandloadscreen', $thissurvey['usecaptcha']))
         {
             if (empty($_POST['loadsecurity'])
-             || !isset(Yii::app()->session['secanswer'])
-             || $_POST['loadsecurity'] != Yii::app()->session['secanswer']
+             || !isset($_SESSION['survey_'.$surveyid]['secanswer'])
+             || $_POST['loadsecurity'] != $_SESSION['survey_'.$surveyid]['secanswer']
             )
             {
                 $errormsg .= $clang->gT("The answer to the security question is incorrect.")."<br />\n";