Garbage Collection of :form_keys
In each session, keep only the 30 most recent :form_keys generated by form_spam_protection. This should be more than enough for ordinary usage, but prevents the session data from becoming inordinately large. Also, burnt-orange rulz!
This commit is contained in:
Jacques Distler
parent
6359d06ed1
commit
72b4f97382
|
|
@ -34,7 +34,7 @@
|
||||||
<label for="color">Color:</label>
|
<label for="color">Color:</label>
|
||||||
<select id="color" name="color">
|
<select id="color" name="color">
|
||||||
<%= html_options({ 'Green' => '008B26', 'Purple' => '504685', 'Red' => 'DA0006',
|
<%= html_options({ 'Green' => '008B26', 'Purple' => '504685', 'Red' => 'DA0006',
|
||||||
'Orange' => 'FA6F00', 'Grey' => '8BA2B0' }, @web.color) %>
|
'Orange' => 'C50', 'Grey' => '8BA2B0' }, @web.color) %>
|
||||||
</select>
|
</select>
|
||||||
<br/>
|
<br/>
|
||||||
<p>
|
<p>
|
||||||
|
|
|
||||||
|
|
@ -14,13 +14,13 @@ module FormSpamProtection
|
||||||
def protect_form_handler_from_spam
|
def protect_form_handler_from_spam
|
||||||
unless request.get? || request.xml_http_request?
|
unless request.get? || request.xml_http_request?
|
||||||
if params[:_form_key] && session[:form_keys] && session[:form_keys].keys.include?(params[:_form_key])
|
if params[:_form_key] && session[:form_keys] && session[:form_keys].keys.include?(params[:_form_key])
|
||||||
session[:form_keys][params[:_form_key]] += 1
|
session[:form_keys][params[:_form_key]][1] += 1
|
||||||
if session[:form_keys][params[:_form_key]] >= 4
|
if session[:form_keys][params[:_form_key]][1] >= 4
|
||||||
render :text => "You cannot resubmit this form again.", :layout => false, :status => 403
|
render :text => "You cannot resubmit this form again.", :layout => 'error', :status => 403
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
render :text => "You must have Javascript on to submit this form.", :layout => false, :status => 403
|
render :text => "You must have Javascript on to submit this form.", :layout => 'error', :status => 403
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,9 @@ module ActionView
|
||||||
if name == :form && @protect_form_from_spam
|
if name == :form && @protect_form_from_spam
|
||||||
session[:form_keys] ||= {}
|
session[:form_keys] ||= {}
|
||||||
form_key = Digest::SHA1.hexdigest(self.object_id.to_s + rand.to_s)
|
form_key = Digest::SHA1.hexdigest(self.object_id.to_s + rand.to_s)
|
||||||
session[:form_keys][form_key] = 0
|
session[:form_keys][form_key] = [Time.now, 0]
|
||||||
|
first = session[:form_keys].values.sort { |a,b| a[0] <=> b[0] } [0]
|
||||||
|
session[:form_keys].delete(session[:form_keys].index(first)) if session[:form_keys].length > 30
|
||||||
out << domEnkode(form_key)
|
out << domEnkode(form_key)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue