Skip to content

Finalize removal of Mage_Captcha module from OpenMage LTS #4926

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 1 commit into from
Closed

Finalize removal of Mage_Captcha module from OpenMage LTS #4926

Copilot wants to merge 1 commit into from

Conversation

Copy link
Contributor

Copilot AI commented Sep 9, 2025
edited
Loading

This PR completes the removal of the legacy Mage_Captcha module from OpenMage LTS due to security and maintenance concerns. The module has been identified as outdated and potentially vulnerable, making its removal necessary for the security and maintainability of the codebase.

Changes Made

Module Files Removed

  • Complete removal of app/code/core/Mage/Captcha/ directory and all PHP files
  • Removed js/mage/captcha.js JavaScript file
  • Removed skin/frontend/rwd/default/scss/module/_captcha.scss stylesheet
  • Removed module definition app/etc/modules/Mage_Captcha.xml

Template and Layout Files Removed

  • app/design/frontend/rwd/default/template/captcha/zend.phtml
  • app/design/frontend/base/default/template/captcha/zend.phtml
  • app/design/adminhtml/default/default/template/captcha/zend.phtml
  • app/design/frontend/base/default/layout/captcha.xml
  • app/design/adminhtml/default/default/layout/captcha.xml

References Cleaned Up

  • Removed Mage_Captcha entry from core module configuration in app/code/core/Mage/Core/Model/Config.php
  • Removed captcha.js script references from admin login templates (login, forgot password, reset password)
  • Removed @import "module/captcha" from SCSS core file
  • Cleaned captcha references from PHPStorm metadata files
  • Updated test traits to remove module references

Documentation Updates

  • Updated docs/content/users/modules/captcha.md to inform users about the removal
  • Added section to README.md explaining the removal and recommending modern alternatives
  • Provided links to recommended alternatives: Cloudflare Turnstile, Google reCaptcha, and HoneySpam
  • Referenced the legacy backup repository at openmage/module-mage-captcha

Recommended Alternatives

For users who need CAPTCHA functionality, we recommend these modern, secure alternatives:

Backward Compatibility

This is a breaking change for sites that rely on the built-in CAPTCHA functionality. Site owners using this module should:

  1. Install one of the recommended alternatives before upgrading
  2. Update any custom code that references Mage_Captcha classes
  3. Review and update any custom templates that included captcha functionality

The legacy module code is preserved in the openmage/module-mage-captcha repository for reference purposes.

Testing

  • Verified complete removal of all Mage_Captcha references except for one generic security comment in contacts configuration
  • Ensured admin login pages no longer reference the removed captcha.js file
  • Confirmed documentation accurately reflects the changes and provides clear migration guidance

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/5b5e3821314f947dd040c70f7992a64eac89025c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/PHPCSStandards/composer-installer/zipball/e9cf5e4bbf7eeaf9ef5db34938942602838fc2b1
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/cweagans/composer-patches/zipball/e190d4466fe2b103a55467dfa83fc2fecfcaf2db
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/eloquent/enumeration/zipball/0242859435d9b135939816858348556d3cde9e3c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/jsonrainbow/json-schema/zipball/feb2ca6dd1cebdaf1ed60a4c8de2e53ce11c4fd8
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/php-fig/container/zipball/c71ecc56dfe541dbd90c5360474fbc405f8d5963
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/console/zipball/c4ba980ca61a9eb18ee6bcc73f28e475852bb1ed
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/filesystem/zipball/75ae2edb7cdcc0c53766c30b0a2512b8df574bd8
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/polyfill-ctype/zipball/a3cc8b044a6ea513310cbd48ef7333b384945638
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6d857f4d76bd4b343eac26d6b539585d2bc56493
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/polyfill-php73/zipball/0f68c03565dcaaf25a890667542e8bd75fe7e5bb
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/polyfill-php80/zipball/0cc9dd0f17f61d8131e7df6b84bd344899fe2608
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/service-contracts/zipball/f021b05a130d35510bd6b25fe9053c2a8a15d5d4
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/symfony/string/zipball/f0ce0bd36a3accb4a225435be077b4b4875587f4
    • Triggering command: /usr/bin/php8.3 -n -c /tmp/ewAePi /usr/bin/composer install --no-interaction (http block)

If you need me to access, download, or install something from one of these locations, you can either:

This pull request was created as a result of the following prompt from Copilot chat.

Finalize removal of Mage_Captcha from OpenMage/magento-lts:

  • Delete all PHP files from app/code/core/Mage/Captcha/
  • Remove js/mage/captcha.js
  • Remove skin/frontend/rwd/default/scss/module/_captcha.scss
  • Remove app/design/frontend/rwd/default/template/captcha/zend.phtml
  • Remove all layout, config, event observer, and reference entries for Mage_Captcha
  • Update documentation and README to mention the removal, recommend modern alternatives (reCaptcha, Cloudflare Turnstile, HoneySpam), and link to the legacy backup repository (openmage/module-mage-captcha)
  • Ensure all changes are clean and ready for review

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@addison74 addison74 closed this Sep 9, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 9, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI changed the title [WIP] Finalize Mage_Captcha removal and documentation update for review Finalize removal of Mage_Captcha module from OpenMage LTS Sep 9, 2025
Copilot AI requested a review from addison74 September 9, 2025 14:08
@addison74 addison74 removed their assignment Sep 10, 2025
@addison74 addison74 removed their request for review September 10, 2025 06:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@addison74