Recaptcha Issue in Form Plugin not solved via update

For a long time I posted error-validating-the-captcha a post about solving the captcha misbehaviour on some servers and offered a solution for it. Now I had just updated one of my GRAV projects and had to realize that this error is still contained in the form-plugin core script.
That makes me very sad. At that time I had invested a lot of time in finding a solution and had hoped to be able to contribute to making GRAV more stable. But even back then, my proposal failed without comment and therefore did not find a way into the core. Maybe a member of the core team will find time to take a look at my code proposal and check if it is valid.

Of course, my code proposal from that time is no longer valid for the current version of new 2.10.x version of the script user/plugins/form/form.php, so here are the lines like I replaced them in my project:

Original version of form.php line 300:
$query = http_build_query([
‘secret’ => $recaptchaSecret,
‘response’ => $form->value(‘g-recaptcha-response’, true)
]);

and my modified code:
$query = ‘’;
$queryArr = array(
‘secret’ => $recaptchaSecret,
‘response’ => $form->value(‘g-recaptcha-response’, true),
‘remoteip’ => $_SERVER[‘REMOTE_ADDR’],
‘v’ => ‘php_1.0’,
);
foreach ($queryArr as $key => $value) {
$query .= $key . ‘=’ . urlencode(stripslashes($value)) . ‘&’;
}
$query = substr($query, 0, strlen($query) - 1);

1 Like

Could you please open an issue, or better yet, create a PR with your solution for the form plugin here:

Hello Andy, thank you for your answer to my forum entry.
I am very sorry, but unfortunately I am not familiar with GITHUB. I have
an account and I often read there, but I don’t know how to publish a
pull request. I’m afraid to cause confusion there, and somehow I can’t
get it to work either.

You may be able to understand my two publications in the forums and post
them in the GITHUB.

Here is another explanation for my modication:

I have different servers (live system, dev system, customer hosting
etc.). On some of them the ReCaptcha in form plugin works without
problems. The same project suddenly causes problems after moving to
another server. I had compared why this happened and Google did not
accept the request. The reason for this is that the php function
http_build_query () probably encodes the “&” on some servers and
then inserts it into the request as “&”. Google-ReCaptcha cannot
cope with this, I have tested it repeatedly.

I also have many Joomla projects on these servers. No problem with
ReCaptcha, never. That’s why I investigated what makes Joomla different
here and found out that the query is generated more safely in this way:
$query. = $key. ‘=’. urlencode (stripslashes ($value)). ‘&’;

So an “&” is always used and this works in GRAV on all my servers.

You can see how I modified the form.php in my code snippet in the forum
post.

Best regards

Hey mD.SK,

I just read through all of your posts about the recaptcha validation not working properly. Firstly, thank you so much for persisting! I have the same issue. Form sends even if you don’t click check mark. Validation behavior is not triggering.

I’d love to get your thoughts on how to fix this.

The Form Plugin has updated recently but the problem is still there. I have tried replacing:

‘secret’ => $recaptchaSecret,
‘response’ => $form->value(‘g-recaptcha-response’, true)
]); 

With:

$query = ‘’;
$queryArr = array(
‘secret’ => $recaptchaSecret,
‘response’ => $form->value(‘g-recaptcha-response’, true),
‘remoteip’ => $_SERVER[‘REMOTE_ADDR’],
‘v’ => ‘php_1.0’,
);
foreach ($queryArr as $key => $value) {
$query .= $key . ‘=’ . urlencode(stripslashes($value)) . ‘&’;
}
$query = substr($query, 0, strlen($query) - 1);


But this breaks Grav.