The patch on https://www.drupal.org/node/1395184 checks whether $form_state->getTriggeringElement()['#limit_validation_errors'] is not empty. This will be an empty array if the ajax call doesn't want any validation to occur (https://api.drupal.org/api/drupal/developer!topics!forms_api_reference.h...)

Instead it should check if it is an array.

CommentFileSizeAuthor
#9 captcha-session-reuse-attack-detected-2814137-9-D8.patch999 bytesB N Pandey
#4 captcha-session-reuse-attack-detected-2814137-4-D8.patch1.24 KBB N Pandey
#2 ajax_in_forms_still-2814137-2.patch853 bytesarknoll
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

arknoll created an issue. See original summary.

arknoll’s picture

arknoll CreditAttribution: arknoll commented
Status: Active » Needs review
FileSize
ajax_in_forms_still-2814137-2.patch853 bytes
sk33lz’s picture

sk33lz CreditAttribution: sk33lz at Zivtech commented
Status: Needs review » Reviewed & tested by the community

#2 applies cleanly and fixes the error even on 8.x-1.0-alpha1. I think this is RTBC in my book.

B N Pandey’s picture

B N Pandey CreditAttribution: B N Pandey at TO THE NEW commented
Assigned: arknoll » B N Pandey
Status: Reviewed & tested by the community » Needs review
FileSize
captcha-session-reuse-attack-detected-2814137-4-D8.patch1.24 KB

I fixed my issue in a different way.
Providing patch here.

Status: Needs review » Needs work

The last submitted patch, 4: captcha-session-reuse-attack-detected-2814137-4-D8.patch, failed testing.

Sam152’s picture

Sam152 CreditAttribution: Sam152 as a volunteer and at PreviousNext commented
Status: Needs work » Reviewed & tested by the community

As #4 points out, it seems strange to me there is a db_update which is never executed. This was cropping up for me when click "Remove" on an inline_entity_form entity on a registration page. #2 does indeed solve the problem for me, so +1 to RTBC.

wundo’s picture

wundo CreditAttribution: wundo at Chuva Inc. for Chuva Inc. commented
Status: Reviewed & tested by the community » Needs work

My impression is that we should commit #2 not #4.

Can we get the test passing before committing this please? Looks like the patch needs a re-roll.

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented
Status: Needs work » Reviewed & tested by the community

Agreed, #2 worked for us. It is also still still passing, I'll request another test after posting this to be sure.

B N Pandey’s picture

B N Pandey CreditAttribution: B N Pandey at TO THE NEW commented
Status: Reviewed & tested by the community » Needs review
FileSize
captcha-session-reuse-attack-detected-2814137-9-D8.patch999 bytes

I got this error when I submit registration form. I applied the patch provided in comment #2 but it does not work for me. So I fixed my issue in a new way. Please review it.

Status: Needs review » Needs work

The last submitted patch, 9: captcha-session-reuse-attack-detected-2814137-9-D8.patch, failed testing.

elachlan’s picture

elachlan CreditAttribution: elachlan commented
Related issues: +#810534: Fix CAPTCHA session reuse

Is this a duplicate of #810534: Fix CAPTCHA session reuse?

B N Pandey’s picture

B N Pandey CreditAttribution: B N Pandey at TO THE NEW commented

Hi @elachlan,

May be both are related because issue in both the case are same.

elachlan’s picture

elachlan CreditAttribution: elachlan commented

Could you re-roll the patch?

B N Pandey’s picture

B N Pandey CreditAttribution: B N Pandey at TO THE NEW commented

Hi @elachlan,

Please explain how to re-roll path and why it's required?

  • elachlan committed d6d81bc on 8.x-1.x authored by arknoll 
    Issue #2814137 by B N Pandey, arknoll: Ajax in forms still creates...
Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented
Status: Needs work » Fixed

Looks like this was committed but not closed?

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.