Merge pull request #76 from aboutcode-org/secure-captcha

keshav-space · web-flow · commit b4738792b73b · 2025-02-03T16:17:16.000+05:30
Prevent leaking field validation errors on captcha failure
diff --git a/fedcode/templates/admin_login.html b/fedcode/templates/admin_login.html
@@ -20,9 +20,13 @@
 {% block content %}
 
 {% if form.errors %}
-{% for error in form.errors.values %}
-    <p>{{ error }}</p>
-{% endfor %}
+    {% if form.errors.captcha %}
+        {{ form.errors.captcha }}
+    {% else %}
+        {% for error in form.errors.values %}
+            {{ error }}
+        {% endfor %}
+    {% endif %}
 {% endif %}
 
 
diff --git a/fedcode/templates/login.html b/fedcode/templates/login.html
@@ -11,9 +11,13 @@
             <div class="notification is-danger">
                   <button class="delete"></button>
                   <strong>Error!</strong>
-                  {% for error in form.errors.values %}
-                        {{ error }}
-                  {% endfor %}
+                  {% if form.errors.captcha %}
+                        {{ form.errors.captcha }}
+                  {% else %}
+                        {% for error in form.errors.values %}
+                              {{ error }}
+                        {% endfor %}
+                  {% endif %}
             </div>
             {% endif %}
 
diff --git a/fedcode/templates/user_sign_up.html b/fedcode/templates/user_sign_up.html
@@ -17,9 +17,13 @@
           <p>Error</p>
         </div>
         <div class="message-body">
-          {% for error in form.errors.values %}
-            {{ error }}
-          {% endfor %}
+          {% if form.errors.captcha %}
+            {{ form.errors.captcha }}
+          {% else %}
+            {% for error in form.errors.values %}
+              {{ error }}
+            {% endfor %}
+          {% endif %}
         </div>
       </article>
     </div>
