Garbage Collection of :form_keys

In each session, keep only the 30 most recent :form_keys generated by form_spam_protection. This should be more than enough for ordinary usage, but prevents the session data from becoming inordinately large. Also, burnt-orange rulz!
2008-01-17 03:20:19 -06:00 · 2008-01-17 03:20:19 -06:00 · 72b4f97382
parent 6359d06ed1
commit 72b4f97382
3 changed files with 9 additions and 7 deletions
--- a/app/views/admin/edit_web.rhtml
+++ b/app/views/admin/edit_web.rhtml
@ -34,7 +34,7 @@
    <label for="color">Color:</label>
    <select id="color" name="color">
      <%= html_options({ 'Green' => '008B26', 'Purple' => '504685', 'Red' => 'DA0006', 
-                         'Orange' => 'FA6F00', 'Grey' => '8BA2B0' }, @web.color) %>
+                         'Orange' => 'C50', 'Grey' => '8BA2B0' }, @web.color) %>
    </select>
    <br/>
    <p>
--- a/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb
+++ b/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb
@ -14,13 +14,13 @@ module FormSpamProtection
  def protect_form_handler_from_spam
    unless request.get? || request.xml_http_request?
      if params[:_form_key] && session[:form_keys] && session[:form_keys].keys.include?(params[:_form_key])
-        session[:form_keys][params[:_form_key]] += 1
-        if session[:form_keys][params[:_form_key]] >= 4
-          render :text => "You cannot resubmit this form again.", :layout => false, :status => 403
+        session[:form_keys][params[:_form_key]][1] += 1
+        if session[:form_keys][params[:_form_key]][1] >= 4
+          render :text => "You cannot resubmit this form again.", :layout => 'error', :status => 403
          return false
        end
      else
-        render :text => "You must have Javascript on to submit this form.", :layout => false, :status => 403
+        render :text => "You must have Javascript on to submit this form.", :layout => 'error', :status => 403
        return false
      end
    end
@ -33,4 +33,4 @@ module FormSpamProtection
  end
  
  
-end
+end
--- a/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb
+++ b/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb
@ -8,7 +8,9 @@ module ActionView
          if name == :form && @protect_form_from_spam
            session[:form_keys] ||= {}
            form_key = Digest::SHA1.hexdigest(self.object_id.to_s + rand.to_s)
-            session[:form_keys][form_key] = 0
+            session[:form_keys][form_key] = [Time.now, 0]
+            first = session[:form_keys].values.sort { |a,b| a[0] <=> b[0] } [0]
+            session[:form_keys].delete(session[:form_keys].index(first)) if session[:form_keys].length > 30
            out << domEnkode(form_key)
          end
        end