On Fri, 2008-01-25 at 06:53 +0000, Matt S Trout wrote: > If you're outside, then either forcing the captcha to a particular string or > disabling it entirely are probably your only options - but that wasn't the > case here if you read carefully :) >
For me, it was important to test whether the same captcha could be used twice, as I forgot to clear the captcha for the session after using it (as far as I remember, Catalyst::Plugin::Captcha does not enforce you to do so, neither does it encourage you to do so in the example) You cannot automatically test for this exploit with a static string for the captcha. As I am running all my test cases over fastcgi (for various reasons), I have a test action which returns the captcha of the current session. This action is of course only defined if some environment variable is set. Sébastien _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
