From e34341155bb52b30177c295389ca3a2a0cd65970 Mon Sep 17 00:00:00 2001
From: Robert Korulczyk <robert@korulczyk.pl>
Date: Sun, 27 Jul 2025 22:14:06 +0200
Subject: [PATCH] Fix deprecation in `CCaptchaAction` for PHP 8.1+

---
 CHANGELOG                                     |  1 +
 framework/validators/CCaptchaValidator.php    |  4 +-
 .../web/widgets/captcha/CCaptchaAction.php    |  2 +
 .../validators/CCaptchaValidatorTest.php      | 46 +++++++++++++++++++
 4 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 tests/framework/validators/CCaptchaValidatorTest.php

diff --git a/CHANGELOG b/CHANGELOG
index eb601275b..e46426747 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@ Version 1.1.32 under development
 --------------------------------
 
 - Enh #4587: Add socket connection support to `CRedisCache` (mateusmetzker)
+- Bug #4591: Fix deprecation in `CCaptchaAction` for PHP 8.1+ (rob006)
 
 Version 1.1.31 April 10, 2025
 --------------------------------
diff --git a/framework/validators/CCaptchaValidator.php b/framework/validators/CCaptchaValidator.php
index 77d2584b0..6ae1e5f9d 100644
--- a/framework/validators/CCaptchaValidator.php
+++ b/framework/validators/CCaptchaValidator.php
@@ -47,8 +47,7 @@ class CCaptchaValidator extends CValidator
 		if($this->allowEmpty && $this->isEmpty($value))
 			return;
 		$captcha=$this->getCaptchaAction();
-		// reason of array checking is explained here: https://github.com/yiisoft/yii/issues/1955
-		if(is_array($value) || !$captcha->validate($value,$this->caseSensitive))
+		if(!$captcha->validate($value,$this->caseSensitive))
 		{
 			$message=$this->message!==null?$this->message:Yii::t('yii','The verification code is incorrect.');
 			$this->addError($object,$attribute,$message);
@@ -121,4 +120,3 @@ if(jQuery.trim(value)!='') {
 		return $js;
 	}
 }
-
diff --git a/framework/web/widgets/captcha/CCaptchaAction.php b/framework/web/widgets/captcha/CCaptchaAction.php
index 69ac4a50c..62c6129af 100644
--- a/framework/web/widgets/captcha/CCaptchaAction.php
+++ b/framework/web/widgets/captcha/CCaptchaAction.php
@@ -173,6 +173,8 @@ class CCaptchaAction extends CAction
 	 */
 	public function validate($input,$caseSensitive)
 	{
+		if(!is_string($input))
+			return false;
 		$code = $this->getVerifyCode();
 		$valid = $caseSensitive ? ($input === $code) : strcasecmp($input,$code)===0;
 		$session = Yii::app()->session;
diff --git a/tests/framework/validators/CCaptchaValidatorTest.php b/tests/framework/validators/CCaptchaValidatorTest.php
new file mode 100644
index 000000000..2bd6bb588
--- /dev/null
+++ b/tests/framework/validators/CCaptchaValidatorTest.php
@@ -0,0 +1,46 @@
+<?php
+
+require_once 'ModelMock.php';
+
+/**
+ * Class CCaptchaValidatorTest.
+ *
+ * @author Robert Korulczyk <robert@korulczyk.pl>
+ */
+class CCaptchaValidatorTest extends CTestCase
+{
+
+	public function testInvalidInput() {
+		Yii::app()->setController(new CCaptchaValidatorTestController('CCaptchaValidatorTest'));
+
+		$rules = array(
+			array('foo', 'captcha')
+		);
+
+		$stub = $this->getMock('ModelMock', array('rules'));
+		$stub->expects($this->any())
+			->method('rules')
+			->will($this->returnValue($rules));
+
+		$stub->foo = null;
+		$this->assertFalse($stub->validate());
+
+		$stub->foo = array();
+		$this->assertFalse($stub->validate());
+	}
+}
+
+/**
+ * Class CCaptchaValidatorTestController.
+ *
+ * @author Robert Korulczyk <robert@korulczyk.pl>
+ */
+class CCaptchaValidatorTestController extends CController
+{
+	public function actions()
+	{
+		return array(
+			'captcha' => 'CCaptchaAction',
+		);
+	}
+}