0006367: Generated Captcha in pricealaram contains bad characters

ID	Project	Category	View Status	Date Submitted	Last Update

0006367	OXID eShop (all versions)	4.04. Security	public	2016-04-06 12:49	2023-07-07 14:50

Reporter	AlexN	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	open
Product Version	4.9.7 / 5.2.7

Summary	0006367: Generated Captcha in pricealaram contains bad characters
Description	On a detail page of an article the captcha at pricealarm generates bad characters if "$this->captchaKey = '66303bc779b76899eb7340fdb8252439';" is not set in "config.inc.php".
Steps To Reproduce	Well, setup a new OXID eShop CE with version 4.9.7 including sample articles. After that unset "$this->captchaKey = '66303bc779b76899eb7340fdb8252439';" and navigate to any article and check the captcha code. In case you are lucky and the captcha code contains no bad characters reload the page.
Additional Information	In a CE 4.9.4 it seems to work.
Tags	No tags attached.
Attached Files	bad-characters.png (11,318 bytes) bad-characters.png (11,318 bytes)

Theme
Browser	Not defined
PHP Version	Not defined
Database Version	Not defined

hendrikfreytag 2016-04-06 15:22 reporter ~0011522	https://github.com/OXID-eSales/oxideshop_ce/blob/v4.9.7/source/core/utils/verificationimg.php#L122 This will not work because this file is included elsewhere. So change include_once into include. But why are you even creating this funny class oxConfKey? If the value is not set in https://github.com/OXID-eSales/oxideshop_ce/blob/v4.9.7/source/core/utils/verificationimg.php#L95 you can just call oxRegistry::getConfig()->getConfigParam('sConfigKey').

QA 2023-07-07 14:50 administrator ~0015411	Captcha feature is now a module. It is at least in 7.0.0. - mko