commit a42327ff4c4e5dc5853a51afcec6114de01cb4a4
Author: Stefaan Lippens <soxofaan@41478.no-reply.drupal.org>
Date:   Sun Nov 20 16:55:06 2011 +0100

    Issue #893810: refactored captcha_form_alter to make sure CAPTCHA's are also shown on login block on (forbidden) admin pages when needed

diff --git a/captcha.module b/captcha.module
index 676f362..d598d9c 100644
--- a/captcha.module
+++ b/captcha.module
@@ -326,12 +326,9 @@ function theme_captcha($variables) {
  */
 function captcha_form_alter(&$form, &$form_state, $form_id) {
 
-  if (arg(0) != 'admin' || variable_get('captcha_allow_on_admin_pages', FALSE)) {
-
-    module_load_include('inc', 'captcha');
-
     if (!user_access('skip CAPTCHA')) {
-      // Visitor does not have permission to skip the CAPTCHA
+    // Visitor does not have permission to skip CAPTCHAs.
+    module_load_include('inc', 'captcha');
 
       // Get CAPTCHA type and module for given form_id.
       $captcha_point = captcha_get_form_id_setting($form_id);
@@ -350,10 +347,16 @@ function captcha_form_alter(&$form, &$form_state, $form_id) {
         // Get placement in form and insert in form.
         $captcha_placement = _captcha_get_captcha_placement($form_id, $form);
         _captcha_insert_captcha_element($form, $captcha_placement, $captcha_element);
-
       }
     }
-    elseif (user_access('administer CAPTCHA settings') && variable_get('captcha_administration_mode', FALSE)) {
+  else if (
+  variable_get('captcha_administration_mode', FALSE)
+  && user_access('administer CAPTCHA settings')
+  && (arg(0) != 'admin' || variable_get('captcha_allow_on_admin_pages', FALSE))
+  ) {
+    // Add CAPTCHA administration tools.
+    module_load_include('inc', 'captcha');
+
       $captcha_point = captcha_get_form_id_setting($form_id);
       // For administrators: show CAPTCHA info and offer link to configure it
       $captcha_element = array(
@@ -412,7 +415,6 @@ function captcha_form_alter(&$form, &$form_state, $form_id) {
 
     }
   }
-}
 
 /**
  * CAPTCHA validation function to tests strict equality.
diff --git a/captcha.test b/captcha.test
index 1647df2..e92da6a 100644
--- a/captcha.test
+++ b/captcha.test
@@ -376,6 +376,24 @@ class CaptchaTestCase extends CaptchaBaseWebTestCase {
     $this->assertCaptchaPresence(FALSE);
   }
 
+
+  /**
+   * CAPTCHA should also be put on admin pages even if visitor
+   * has no access
+   */
+  function testCaptchaOnLoginBlockOnAdminPagesIssue893810() {
+    // Set a CAPTCHA on login block form
+    captcha_set_form_id_setting('user_login_block', 'captcha/Math');
+
+    // Check if there is a CAPTCHA on home page.
+    $this->drupalGet('node');
+    $this->assertCaptchaPresence(TRUE);
+
+    // Check there is a CAPTCHA on "forbidden" admin pages
+    $this->drupalGet('admin');
+    $this->assertCaptchaPresence(TRUE);
+  }
+
 }