Comments (4)
Hello,
I'll be honest it's been a very long time since this library was created and I forgot to document fonts provenance. I just did some research using MD5 checksums of files to find the sources which is here:
captcha0.ttf
https://www.dafont.com/bitstream-vera-mono.font ("Public domain")captcha1.ttf
https://www.dafont.com/tgl-0-16.font ("100% free")captcha2.ttf
https://www.dafont.com/code.font ("100% free")captcha3.ttf
https://www.dafont.com/tepeno-sans.font ("100% free")captcha4.ttf
https://www.fontsquirrel.com/fonts/linux-libertine ("100% free for commercial use")captcha5.ttf
: https://www.fontsquirrel.com/fonts/sling ("100% free for commercial use")
from captcha.
@jnahmias asked the Debian fonts team to help out with the situation, I'm responding in that capacity.
Personally, regardless of the provenance/copyright/license situation, I would always suggest to remove all fonts from all projects and just use whatever fonts are available on the system, by using fontconfig to find their files, or using a font rendering system that does that automatically. When specific fonts are wanted, they should be separate projects in their own right that are pulled in by dependencies when need.
@Gregwar thanks for the URLs to the fonts. Often times the licenses listed on font sites are inaccurate, they acquire font files from anywhere and don't look at the metadata in the font nor at website or other license materials and properly record provenance, copyright and licensing, so personally I would never trust them on licensing.
If you load the fonts in FontForge, you can go to Element -> Font Info and click on each of the tabs (especially PS Names
, TTF Names
and FONTLOG
) to find out some of the font metadata. Other font editors probably have similar tools. You can also use ttx
from fonttools to convert fonts to XML and then grep that.
I've done that for each of the five fonts and this is a summary of what I found and the actions I recommend.
captcha0.ttf
and captcha4.ttf
are clearly well established libre font projects. These should be removed from the source repository and depended on instead, and use fontconfig to look up their paths at runtime, or use a font rendering system that does that automatically.
captcha1.ttf
seems to pretty clearly be marked as GPL with font-exception and SIL OFL. The font metadata doesn't have a project URL, but the authors website https://www.peter-wiegel.de/ is mentioned, but it is in German so I can't read it to find the font project URL, font source or other info. Without info about how the font was created and thus what the font source might be, this could be a GPL or DFSG violation, so this is important to track down. It is definitely fine to redistribute and probably fine to add to Debian though.
captcha2.ttf
is Copyright (c) 2010 by Svetoslav Simov. All rights reserved.
and Code Bold is a trademark of Fontfabric.
so it looks like this is proprietary and there is no permission to redistribute this font, so it should be removed from this project. The designer's website is http://fontfabric.com/ and this looks like a commercial font foundry, I don't see any indication they do any libre licensed fonts.
captcha3.ttf
is (c) 2009, 2010, 2011, 2012 GrandChaos9000. Some Rights Reserved.
and has a link to CC-BY-NC-SA 3.0 (Creative Commons Attribution Non-Commercial Share-Alike 3.0) in the license URL field. So non-commercial use is not allowed. Personally I think this makes it unsuitable for use in an open source project, since the Open Source Definition requires allowing commercial use (via the no discrimination items). The designer website was available at http://grandchaos9000.deviantart.com/ in 2014 but the account was marked as inactive in 2015 so there is no hope of relicensing this font and I suggest the font be removed from this project.
captcha5.ttf
is Copyright (c)1994 STAR Retrieval Systems. All Rights Reserved.
and there is no indication of any other license nor the designer or font project website. The only references to the company name I can find on the web using the search "STAR Retrieval Systems" -font
give a website that doesn't connect. Given how old the copyright year is, it seems unlikely to be possible to contact them to get relicensing, but there are indications of their 2014 phone number and address on the web. Looking in the Internet Archive, I found a page mentioning their fonts http://www.starebc.com/ but it is no longer online, mentions payment for the fonts, makes available evaluation copies of the fonts, but none of the evaluation copies were archived, so we can't look at the evaluation licenses. I think there is no hope of relicensing this font and I suggest the font be removed from this project.
from captcha.
PS: some links to Debian font policy/packaging:
https://wiki.debian.org/Fonts#Bugs
https://wiki.debian.org/Fonts/PackagingPolicy
from captcha.
I ended up dropping the font files from the repo/tarball and using the following patch:
--- a/src/Gregwar/Captcha/CaptchaBuilder.php
+++ b/src/Gregwar/Captcha/CaptchaBuilder.php
@@ -59,6 +59,20 @@ class CaptchaBuilder implements CaptchaB
protected $builder;
/**
+ * @var array
+ */
+ static protected $defaultFontList = array(
+ "/usr/share/fonts/opentype/cantarell/Cantarell-Regular.otf",
+ "/usr/share/fonts/truetype/lato/Lato-Medium.ttf",
+ "/usr/share/fonts/opentype/linux-libertine/LinLibertine_R.otf",
+ "/usr/share/fonts/truetype/quicksand/Quicksand-Regular.ttf",
+ "/usr/share/fonts/opentype/radisnoir/RadisSans-medium.otf",
+ "/usr/share/fonts/truetype/staypuft/StayPuft.ttf",
+ "/usr/share/fonts/truetype/summersby/summersby.ttf",
+ "/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf",
+ );
+
+ /**
* @var bool
*/
protected $distortion = true;
@@ -142,6 +156,9 @@ class CaptchaBuilder implements CaptchaB
}
$this->phrase = is_string($phrase) ? $phrase : $this->builder->build($phrase);
+
+ // validate fonts in default list
+ static::$defaultFontList = array_filter(static::$defaultFontList, "is_readable");
}
/**
@@ -415,7 +432,7 @@ class CaptchaBuilder implements CaptchaB
}
if ($font === null) {
- $font = __DIR__ . '/Font/captcha'.$this->rand(0, 5).'.ttf';
+ $font = static::$defaultFontList[array_rand(static::$defaultFontList)];
}
if (empty($this->backgroundImages)) {
from captcha.
Related Issues (20)
- PHP Deprecated: Implicit conversion from float -- to int loses precision in CaptchaBuilder.php on line 365 HOT 4
- Fork HOT 15
- requirements incompatible with php and composer version and require ext-gd * HOT 1
- warning in php8.1 HOT 1
- Deprecation warning in PHP 8.2 HOT 7
- php8.0+ Error:ErrorException:Implicit conversion from float 38.5 to int loses precision HOT 3
- Tag latest commit HOT 1
- transparent background
- Deprecation warning on PHP 8.2.12
- Time to time generated image and phrase have mismatched letter casing HOT 1
- [Feature Request]Add GIF type captcha HOT 2
- Dynamically refresh captcha image
- Call to undefined function imagettfbbox() HOT 2
- Captcha does not work on the first attemp
- Can you implement phrase building and checking without using super globals?
- Is the attribute background useless? HOT 1
- error on php 8. HOT 1
- Hint that "testPhrase" method should be used
- Error when calling build HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from captcha.