[5.0] Remove outdated captcha for new installation

[Fedik]

Pull Request for Issue #39909 .

Summary of Changes

Remove outdated captcha from core.
This still will keep the invisible captcha for existing installations, and uninstall old recaptcha.

Testing Instructions

Do new installation.
Try update from 4.4.

Actual result BEFORE applying this Pull Request

Old Cpatcha still there.

Expected result AFTER applying this Pull Request

Do new installation: no captcha
Try update from 4.4: Invisible cpatcha still there, and old recaptcha is uninstalled

Link to documentations

Please select:

• Documentation link for docs.joomla.org:
• No documentation changes for docs.joomla.org needed
• Pull Request link for manual.joomla.org: Recaptcha plugins Manual#182 Someone have to write a good explanation, and what to do for Users.
• No documentation changes for manual.joomla.org needed

[wilsonge]

OK I don't get the original issue. I could understand (kinda) standardizing on one of the captcha implementations (I guess invisible) but I really don't understand why we are removing invisible? It's not deprecated by google as far as I can tell so what's the issue?

[Fedik]

I really don't understand why we are removing invisible?

We can keep it. As you guys decide. For me no difference.

Invisible captcha is not deprecated but it is outdated and pretty useless against spam, there already recaptcha v3.

upd: Presonaly I think Joomla should provide a captcha, no matter if it will be 3rd service or own image-generated.

[brianteeman]

previously I had opened an issue for this #39909 but I closed it yesterday after 6 months with no interest.

PS v3 is a different thing to v2 and invisible and not a direct replacement

[richard67]

@Fedik For really uninstalling an extension tt does not need the update SQL scripts for unlocking the extensions. We have a method for that in script.php:

https://github.com/joomla/joomla-cms/blob/5.0-dev/administrator/components/com_admin/script.php#L214

You just have to add the extension to be uninstalled to this array:

https://github.com/joomla/joomla-cms/blob/5.0-dev/administrator/components/com_admin/script.php#L221-L234

That's all. The extension will be unlocked and uninstalled.

Would be the right thing to do with the (visible) recaptcha. It should the also be removed from the list of core extensions in the ExtensionsHelper.

The invisible one we could handle like you propose with this PR.

[rdeutz]

We discussed it in todays maintainers meeting and decided: We remove it for new installations, unlock it and deinstall the not working one.

[brianteeman]

if only the maintainers published reports then interested parties would have a clue wha\t was going on :(

[Fedik]

I have updated the PR, recaptcha is uninstalled, and invisible one is unlocked

[HLeithner]

if only the maintainers published reports then interested parties would have a clue wha\t was going on :(

The issue get my attention because you closed it and got into my inbox. it's hard to review 800 open issues for a release. So it was simple luck that it triggered my attention.

[brianteeman]

What happens if a site is using recaptcha? Is it still uninstalled?

Should an update server not be added for the remaining captcha? Otherwise if there was a security issue with it we wouldn't be able to resolve it.

Should there be a conditional post installation message?

[Fedik]

What happens if a site is using recaptcha? Is it still uninstalled?

Yes

Should an update server not be added for the remaining captcha?

This captcha also should be removed/replaced.
Someone have to write a good explanation, and what to do for Users.

Should there be a conditional post installation message?

If someone write it, I try to add it to the PR.

[HLeithner]

We would need a "What's new in joomla 5.0" splash screen after upgrade like other software has but nobody wrote it yet.

Postinstallation messages are not the coolest thing tbh. but better then nothing

[brianteeman]

I'm confused. Fedik says both should be removed but I read that Robert says just one of them

[Fedik]

Fedik says both should be removed but I read that Robert says just one of them

It not conflicting. The invisible captcha will stay after update.

What I mean, it should be replaced by User to better captcha, because it is useles against spam.

[HLeithner]

thanks, could you please add this to the migration documentation, thanks.

[Fedik]

There it is joomla/Manual#182

[uzielweb]

Ok, guys. but WHY I have no one captcha as default now????????????