posted 17 years ago
I've noticed that there's no Captcha required for Quick Reply even if captcha.posts=true. It's possible it has to do with some customization I've been doing. Has anyone else experienced this? (It seems that UserSession.validateCaptchaResponse doesn't validate if the user session's captcha image is null, which it is after a quick reply.)
(There's also some strange (but expected based on the code) behavior if you go to the regular post page, then hit back and try to do a quick reply without completing the regular post page. In that case the user session does have a captcha image (created on the regular post page) and so the quick reply causes UserSession.validateCaptchaResponse to throw a null pointer exception because the form variable is null, the captcha image is not, and captcha.posts = true.)
It seems like either a) a captcha should be created for any action which results in a page with a quick reply and the page should display it, or b) there should be an intermediate captcha page that comes up if the form variable is null or the captcha image is null but captch.posts=true in the config file (perhaps using the preview page). Maybe both could be done, and if any pages are missed in (a), it could be rectified by (b).
[originally posted on jforum.net by mlovell]