From 72b4f97382969b1bcbccf0834139173a0bdefd6d Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Thu, 17 Jan 2008 03:20:19 -0600
Subject: [PATCH] Garbage Collection of :form_keys

In each session, keep only the 30 most recent :form_keys generated by form_spam_protection.
This should be more than enough for ordinary usage, but prevents the session data from
becoming inordinately large.

Also, burnt-orange rulz!
---
 app/views/admin/edit_web.rhtml                         |  2 +-
 .../form_spam_protection/lib/form_spam_protection.rb   | 10 +++++-----
 .../lib/form_tag_helper_extensions.rb                  |  4 +++-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/views/admin/edit_web.rhtml b/app/views/admin/edit_web.rhtml
index c91f1778..57cedd41 100644
--- a/app/views/admin/edit_web.rhtml
+++ b/app/views/admin/edit_web.rhtml
@@ -34,7 +34,7 @@
     <label for="color">Color:</label>
     <select id="color" name="color">
       <%= html_options({ 'Green' => '008B26', 'Purple' => '504685', 'Red' => 'DA0006', 
-                         'Orange' => 'FA6F00', 'Grey' => '8BA2B0' }, @web.color) %>
+                         'Orange' => 'C50', 'Grey' => '8BA2B0' }, @web.color) %>
     </select>
     <br/>
     <p>
diff --git a/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb b/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb
index 8df38835..36580be4 100644
--- a/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb
+++ b/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb
@@ -14,13 +14,13 @@ module FormSpamProtection
   def protect_form_handler_from_spam
     unless request.get? || request.xml_http_request?
       if params[:_form_key] && session[:form_keys] && session[:form_keys].keys.include?(params[:_form_key])
-        session[:form_keys][params[:_form_key]] += 1
-        if session[:form_keys][params[:_form_key]] >= 4
-          render :text => "You cannot resubmit this form again.", :layout => false, :status => 403
+        session[:form_keys][params[:_form_key]][1] += 1
+        if session[:form_keys][params[:_form_key]][1] >= 4
+          render :text => "You cannot resubmit this form again.", :layout => 'error', :status => 403
           return false
         end
       else
-        render :text => "You must have Javascript on to submit this form.", :layout => false, :status => 403
+        render :text => "You must have Javascript on to submit this form.", :layout => 'error', :status => 403
         return false
       end
     end
@@ -33,4 +33,4 @@ module FormSpamProtection
   end
   
   
-end
\ No newline at end of file
+end
diff --git a/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb b/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb
index 4786297f..63daec37 100644
--- a/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb
+++ b/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb
@@ -8,7 +8,9 @@ module ActionView
           if name == :form && @protect_form_from_spam
             session[:form_keys] ||= {}
             form_key = Digest::SHA1.hexdigest(self.object_id.to_s + rand.to_s)
-            session[:form_keys][form_key] = 0
+            session[:form_keys][form_key] = [Time.now, 0]
+            first = session[:form_keys].values.sort { |a,b| a[0] <=> b[0] } [0]
+            session[:form_keys].delete(session[:form_keys].index(first)) if session[:form_keys].length > 30
             out << domEnkode(form_key)
           end
         end