Update captcha.go

Captcha must be deleted if the user entered a "challenge" with a different length than the captcha.

Update captcha.go
Captcha must be deleted if the user entered a "challenge" with a different length than the captcha.
58ac0d5e · Francois · 2773fda8 · 58ac0d5e
Commit 58ac0d5e authored Aug 09, 2014 by Francois
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

captcha.go utils/captcha/captcha.go +5 -1

No files found.
--- a/utils/captcha/captcha.go
+++ b/utils/captcha/captcha.go
@@ -200,7 +200,7 @@ func (c *Captcha) Verify(id string, challenge string) (success bool) {

 	key := c.key(id)

-	if v, ok := c.store.Get(key).([]byte); ok && len(v) == len(challenge) {
+	if v, ok := c.store.Get(key).([]byte); ok {
 		chars = v
 	} else {
 		return
@@ -211,6 +211,9 @@ func (c *Captcha) Verify(id string, challenge string) (success bool) {
 		c.store.Delete(key)
 	}()

+	if len(chars) != len(challenge) {
+		return
+	}
 	// verify challenge
 	for i, c := range chars {
 		if c != challenge[i]-48 {
@@ -221,6 +224,7 @@ func (c *Captcha) Verify(id string, challenge string) (success bool) {
 	return true
 }

+
 // create a new captcha.Captcha
 func NewCaptcha(urlPrefix string, store cache.Cache) *Captcha {
 	cpt := &Captcha{}