Page MenuHomePhabricator
Create Task
Maniphest T48759

difficult to parse or restyle CAPTCHA output
Open, MediumPublic
Actions

Description

ConfirmEdit adds a blob of plain HTML to the template header in response to the UserCreateForm hook. It appears at the top of the form and doesn't fit with the form's layout in divs or table rows. The ACUX experiment and initial version of the Agora create account form use jQuery to restyle this into more attractive HTML lower down in the form. Meanwhile the Mobile front end parses the header HTML in PHP and builds a more attractive input field from it. Both approaches are fragile and don't work with other CAPTCHA providers.

The create account form could run the proposed APICreateAccountBeforeCreate hook to get the pieces of the CAPTCHA (gerrit 53793 and gerrit 53794), but then it would have to discourage ConfirmEdit from responding to UserCreateForm hook as well. Another possibility is ConfirmEdit could run its own hook within UserCreateForm handling that supplies structured CAPTCHA data.

See Also:

Details

Reference
bz46759

Related Objects
Search...

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
StatusSubtypeAssignedTask
· · ·
ResolvedNoneT49372 Other image CAPTCHAs can be confusing without intended message
OpenNoneT48759 difficult to parse or restyle CAPTCHA output
· · ·

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:33 AM
bzimport added a project: ConfirmEdit (CAPTCHA extension).
bzimport set Reference to bz46759.
bzimport added a subscriber: Unknown Object (MLST).
Spage created this task.Apr 1 2013, 7:03 PM
brion added a comment.Apr 2 2013, 5:50 PM

I like the idea of using the internal API format to build the form more generically...

Mattflaschen-WMF added a comment.Apr 19 2013, 9:06 PM

As S noted on bug 47372, we should already be able to use addCaptchaAPI for this. We could perhaps add a class the CAPTCHA output, so it could be removed easily from the header (and eventually phase out the HTML injection into the header entirely).

gerritbot added a comment.Aug 13 2014, 9:20 PM

Change 60350 abandoned by Spage:
Use addCaptchaAPI to supply info to signup form

Reason:
I'm not working on this.

https://gerrit.wikimedia.org/r/60350

Florian subscribed.Jan 15 2015, 12:10 PM

See also: T85192

Florian moved this task from Backlog to In discussion on the ConfirmEdit (CAPTCHA extension) board.Jan 15 2015, 12:10 PM
Mattflaschen-WMF unsubscribed.Jan 18 2015, 5:08 AM
Tgr subscribed.Jun 9 2016, 8:19 PM

AuthManager replaces the old login/signup form with HTMLForm; ConfirmEdit now adds some kind of HTMLFormField (each of the complex captchas has it's own). As long as another extension takes care to register its AuthChangeFormFields hook to run last, it can change the class of that field and so arbitrarily alter the markup.

Tgr added a comment.Nov 3 2017, 3:30 AM
In T48759#2369383, @Tgr wrote:

AuthManager replaces the old login/signup form with HTMLForm; ConfirmEdit now adds some kind of HTMLFormField (each of the complex captchas has it's own). As long as another extension takes care to register its AuthChangeFormFields hook to run last, it can change the class of that field and so arbitrarily alter the markup.

In hindsight I feel that turned out OK. Something similar could be done for the edit page, but that would require rewriting it to use HTMLForm. Filed T179634: EditPage should use HTMLForm.

Tgr updated the task description. (Show Details)Nov 3 2017, 3:31 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL