Sessions are now stored in a cookie (signed and Base-64 encoded). Form_spam_protection stores form_keys in the session. Make sure spambots implement both cookies and javascript, by storing hashed (with salt) keys in the session.
40 lines
1.1 KiB
Ruby
40 lines
1.1 KiB
Ruby
require 'form_tag_helper_extensions'
|
|
module FormSpamProtection
|
|
module ClassMethods
|
|
def protect_forms_from_spam(*args)
|
|
before_filter :protect_form_from_spam, *args
|
|
before_filter :protect_form_handler_from_spam, *args
|
|
end
|
|
end
|
|
|
|
def protect_form_from_spam
|
|
@protect_form_from_spam = true
|
|
end
|
|
|
|
def protect_form_handler_from_spam
|
|
unless request.get? || request.xml_http_request?
|
|
if params[:_form_key] && session[:form_keys]
|
|
key = session.dbman.generate_digest(params[:_form_key])
|
|
if session[:form_keys].keys.include?(key)
|
|
session[:form_keys][key][1] += 1
|
|
if session[:form_keys][key][1] >= 4
|
|
render :text => "You cannot resubmit this form again.", :layout => 'error', :status => 403
|
|
return false
|
|
end
|
|
end
|
|
else
|
|
render :text => "You must have Javascript on to submit this form.", :layout => 'error', :status => 403
|
|
return false
|
|
end
|
|
end
|
|
end
|
|
|
|
extend ClassMethods
|
|
|
|
def self.included(receiver)
|
|
receiver.extend(ClassMethods)
|
|
end
|
|
|
|
|
|
end
|