Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
If we put '0' (Zero) as value in honeypot element, honeypot is not able to restrict the form for submit.
What I see in code, honeypot element check as !empty to show a error and 0 not satisfied the condition hence not detecting the value and pass the same for submit.
Thanks in advance
Comments
Comment #2
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedCan you give a little more detail, like a set of steps I could follow to reproduce this issue?
Are you adding
0
as the 'Honeypot element name' on the configuration page? Or for the time limit? Or is it something you're doing in a custom API integration?Comment #3
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedOr maybe do you mean that on the site's frontend, if you visit a Honeypot-protected form, and enter
0
as the value in the invisible honeypot field, then Honeypot allows the form to be submitted, even though there technically was a value in the field?Comment #4
only4kaustav CreditAttribution: only4kaustav commentedHi @geerlingguy,
Your assumption of #3 is right.
Thanks
Comment #5
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedSounds like a bug! Strict typing would catch that, but in the meantime, this should be fixed and a test case added to make sure it doesn’t happen again. Switching to 'bug report'.
Comment #6
only4kaustav CreditAttribution: only4kaustav commentedComment #7
only4kaustav CreditAttribution: only4kaustav as a volunteer commentedThis patch restrict 0 value of honeypot field element, which was allowed before but should not be.
Comment #9
only4kaustav CreditAttribution: only4kaustav as a volunteer commentedRectify the 5 test case fauled issue.
Comment #10
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedLooks good, just needs a test. Then we'll need to port this test and fix to Drupal 8 as well.
Comment #11
only4kaustav CreditAttribution: only4kaustav as a volunteer commentedComment #12
Chris Matthews CreditAttribution: Chris Matthews commented@only4kaustav, the status of this issue should be 'Needs work' as it still needs a test.
Comment #13
mr.baileysTest added.
Comment #14
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedLGTM, going to merge this patch to D7, and once that's done change version on this to D8 for the port.
Comment #16
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedPatch is in 7.x-dev, needs to be ported now to D8.
Comment #17
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedAttaching ported patches; worked locally, just want to see what testbot thinks.
Comment #18
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedEh... uploaded the same patch twice. I hate patch workflows :P — correct full patch attached to _this_ comment.
Comment #20
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedFixed in 7.x and 8.x.
Comment #22
ciss CreditAttribution: ciss at yousign GmbH commentedI feel like this solution is needlessly convoluted. In my opinion this check should suffice: