Sync with latest (2/13/2007) Instiki svn.

2007-02-13 09:55:26 -06:00 · 2007-02-13 09:55:26 -06:00 · d291318f3e
commit d291318f3e
parent f896f8fbdc
29 changed files with 3212 additions and 1338 deletions
--- a/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb
+++ b/vendor/plugins/form_spam_protection/lib/form_spam_protection.rb
@ -0,0 +1,36 @@
+require 'form_tag_helper_extensions'
+module FormSpamProtection
+  module ClassMethods
+    def protect_forms_from_spam(*args)
+      before_filter :protect_form_from_spam, *args
+      before_filter :protect_form_handler_from_spam, *args
+    end
+  end
+
+  def protect_form_from_spam
+      @protect_form_from_spam = true
+  end
+  
+  def protect_form_handler_from_spam
+    unless request.get? || request.xml_http_request?
+      if params[:_form_key] && session[:form_keys] && session[:form_keys].keys.include?(params[:_form_key])
+        session[:form_keys][params[:_form_key]] += 1
+        if session[:form_keys][params[:_form_key]] >= 4
+          render :text => "You cannot resubmit this form again.", :layout => false, :status => 403
+          return false
+        end
+      else
+        render :text => "You must have Javascript on to submit this form.", :layout => false, :status => 403
+        return false
+      end
+    end
+  end
+  
+  extend ClassMethods
+  
+  def self.included(receiver)
+    receiver.extend(ClassMethods)
+  end
+  
+  
+end
--- a/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb
+++ b/vendor/plugins/form_spam_protection/lib/form_tag_helper_extensions.rb
@ -0,0 +1,56 @@
+require 'digest/sha1'
+module ActionView
+  module Helpers
+    module TagHelper
+      # Now that form_tag accepts blocks, it was easier to alias tag when name == :form
+      def tag_with_form_spam_protection(name, *args)
+        returning tag_without_form_spam_protection(name, *args) do |out|
+          if name == :form && @protect_form_from_spam
+            session[:form_keys] ||= {}
+            form_key = Digest::SHA1.hexdigest(self.object_id.to_s + rand.to_s)
+            session[:form_keys][form_key] = 0
+            out << enkode(hidden_field_tag('_form_key', form_key))
+          end
+        end
+      end
+      
+      alias_method :tag_without_form_spam_protection, :tag
+      alias_method :tag, :tag_with_form_spam_protection
+    end
+    
+    # module FormTagHelper
+    #   def form_tag_with_spam_protection(*args, &proc)
+    #     form_tag_method_with_spam_protection :form_tag, *args, &proc
+    #   end
+    #   
+    #   # alias_method_chain :form_tag, :spam_protection
+    #   alias_method :form_tag_without_spam_protection, :form_tag
+    #   alias_method :form_tag, :form_tag_with_spam_protection
+    #   
+    #   protected
+    #     def form_tag_method_with_spam_protection(method_name, *args, &proc)
+    #       old_method_name = "#{method_name}_without_spam_protection"
+    #       returning send(old_method_name, *args) do |out|
+    #         if @protect_form_from_spam
+    #           session[:form_keys] ||= {}
+    #           form_key = Digest::SHA1.hexdigest(self.object_id.to_s + rand.to_s)
+    #           session[:form_keys][form_key] = 0
+    #           out << enkode(hidden_field_tag('_form_key', form_key))
+    #         end
+    #       end
+    #     end
+    #     
+    # 
+    # end
+    #
+    # module PrototypeHelper
+    #   def form_remote_tag_with_spam_protection(*args, &proc)
+    #     form_tag_method_with_spam_protection :form_remote_tag, *args, &proc
+    #   end
+    # 
+    #   # alias_method_chain :form_remote_tag, :spam_protection
+    #   alias_method :form_remote_tag_without_spam_protection, :form_remote_tag
+    #   alias_method :form_remote_tag, :form_remote_tag_with_spam_protection
+    # end
+  end
+end