Thalassa CMS logo

Thalassa CMS

Thalassa 0.2.00

Sat Feb 24 14:21:51 2024 UTC

New “major” release, 0.2.00, is available. In this release, another token (nonce) is added to the CAPTCHA test procedure. For every successful test, the pair of the time and the nonce is stored on the server (for at least the time of test validity) disallowing to reuse the same CAPTCHA challenge for creating more than one session. Configuraton files of existing sites need to be slightly updated; hence the version number change. Also in this version:

Migration to 0.2.00

If you use the Smoky template, simply update the base/ subdirectory's content, and (hopefully) you're done. Otherwise, find the CAPTCHA form in your thalcgi.ini file; the set of “hidden” fields, which for earlier versions looked like this:

  +<input type="hidden" name="captcha_ip" value=%[q:%[captcha:ip]] />
  +<input type="hidden" name="captcha_time" value=%[q:%[captcha:time]] />
  +<input type="hidden" name="captcha_token" value=%[q:%[captcha:token]] />

must now include one more field, captcha_nonce, sending the value returned by %[captcha:nonce]; the following line is to be added:

  +<input type="hidden" name="captcha_nonce" value=%[q:%[captcha:nonce]] />

The whole thing will now look like this:

  +<input type="hidden" name="captcha_ip" value=%[q:%[captcha:ip]] />
  +<input type="hidden" name="captcha_time" value=%[q:%[captcha:time]] />
  +<input type="hidden" name="captcha_nonce" value=%[q:%[captcha:nonce]] />
  +<input type="hidden" name="captcha_token" value=%[q:%[captcha:token]] />

© Andrey V. Stolyarov, 2023, 2024