https://redmine.gc.cuny.edu/https://redmine.gc.cuny.edu/favicon.ico2015-04-22T04:50:38ZCUNY Graduate Center - Project Tracking SystemCUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191022015-04-22T04:50:38ZMatt Goldmattgold@gmail.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>Boone Gorges</i></li></ul> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191042015-04-22T14:30:10ZBoone Gorgesboone@gorg.es
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Reporter Feedback</i></li></ul><p>Hi Marilynn,</p>
<p>Can you please give more details, including URLs, about exactly what you're doing? The Commons does not have any general CAPTCHA enforcement anywhere that I know of, so this must be something that you've put in place with a plugin. But it's not clear to me how or why a plugin would require a CAPTCHA for a logged-in administrator who is editing a page through the admin interface.</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191062015-04-22T14:35:06ZMatt Goldmattgold@gmail.com
<ul></ul><p>Hi Boone --</p>
<p>This might not be relevant, but aren't we now enforcing CAPTCHA on forms through Daniel's code?</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191072015-04-22T14:40:17ZBoone Gorgesboone@gorg.es
<ul></ul><p>Only on contact form submissions when using a very specific plugin. Marilynn's problem appears to be unconnected, but I would need to know more details about what she's doing to know for sure.</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191092015-04-22T15:50:28ZRaymond Hoh
<ul></ul><p>Looks like this is caused by Jetpack's Protect module:<br /><a class="external" href="https://github.com/Automattic/jetpack/blob/3.4.3/modules/protect/math-fallback.php#L59">https://github.com/Automattic/jetpack/blob/3.4.3/modules/protect/math-fallback.php#L59</a></p>
<p>Perhaps try disabling that module within the Jetpack plugin?</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191102015-04-22T18:06:17ZMatt Goldmattgold@gmail.com
<ul></ul><p>Thanks, Ray. Marilynn, can you please give Ray's suggestion a try and let us know whether that solves the problem?</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191132015-04-22T20:08:53ZBoone Gorgesboone@gorg.es
<ul></ul><p>Thanks, Ray. See also <a class="issue tracker-1 status-8 priority-4 priority-default closed" title="Bug: Math question? (Duplicate)" href="https://redmine.gc.cuny.edu/issues/4013">#4013</a>.</p>
<p>This is pretty infuriating. Jetpack auto-activates new modules. In this case, it introduced the Protect module, which ended up being auto-activated on any of our sites running Jetpack. For some reason that I haven't yet determined, the module is not properly working. So all of the sites running Jetpack on the Commons were silently infected with this bug. I have force-deactivated Protect on all Commons blogs in <a class="external" href="https://github.com/cuny-academic-commons/cac/commit/fbd24b70d8fdeafcdc0ae19f1312373437c2db92">https://github.com/cuny-academic-commons/cac/commit/fbd24b70d8fdeafcdc0ae19f1312373437c2db92</a>. At some point, I may try to figure out why the protection isn't working. At some point, we should also install something that prevents Jetpack from auto-activating new features, as it's quite obnoxious for it to do so.</p>
<p>Marilynn, can you please verify that you're now able to log in? Thanks.</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191142015-04-22T20:26:05ZMatt Goldmattgold@gmail.com
<ul></ul><p>Yikes. Thanks for figuring this out, Boone.</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191202015-04-23T20:44:45ZMarilynn Johnsonmjohnson@gc.cuny.edu
<ul></ul><p>Hi,</p>
<p>Yes, I am able to log in now! Thank you all for figuring out the problem.</p>
<p>~Marilynn</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=191252015-04-24T12:57:06ZBoone Gorgesboone@gorg.es
<ul><li><strong>Category name</strong> set to <i>WordPress Plugins</i></li><li><strong>Status</strong> changed from <i>Reporter Feedback</i> to <i>Resolved</i></li><li><strong>Target version</strong> set to <i>1.7.20</i></li></ul><p>Great! Thanks for reporting back.</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=193762015-05-25T00:37:19ZMarilynn Johnsonmjohnson@gc.cuny.edu
<ul></ul><p>Hi again Boone,</p>
<p>I am trying to update my site philosophy.commons.gc.cuny.edu again and am having the same captcha loop struggles I described here a month ago. Any help to get past it would be great.</p>
<p>Thank you! <br />Marilynn</p> CUNY Academic Commons - Bug #4011: Captcha Loophttps://redmine.gc.cuny.edu/issues/4011?journal_id=193842015-05-26T13:32:12ZBoone Gorgesboone@gorg.es
<ul></ul><p>Sorry about the issue, Marilynn. The previous fix got lost in a bad merge. It should be fixed again.</p>