In each session, keep only the 30 most recent :form_keys generated by form_spam_protection. This should be more than enough for ordinary usage, but prevents the session data from becoming inordinately large. Also, burnt-orange rulz!
37 lines
1 KiB
Ruby
37 lines
1 KiB
Ruby
require 'form_tag_helper_extensions'
|
|
module FormSpamProtection
|
|
module ClassMethods
|
|
def protect_forms_from_spam(*args)
|
|
before_filter :protect_form_from_spam, *args
|
|
before_filter :protect_form_handler_from_spam, *args
|
|
end
|
|
end
|
|
|
|
def protect_form_from_spam
|
|
@protect_form_from_spam = true
|
|
end
|
|
|
|
def protect_form_handler_from_spam
|
|
unless request.get? || request.xml_http_request?
|
|
if params[:_form_key] && session[:form_keys] && session[:form_keys].keys.include?(params[:_form_key])
|
|
session[:form_keys][params[:_form_key]][1] += 1
|
|
if session[:form_keys][params[:_form_key]][1] >= 4
|
|
render :text => "You cannot resubmit this form again.", :layout => 'error', :status => 403
|
|
return false
|
|
end
|
|
else
|
|
render :text => "You must have Javascript on to submit this form.", :layout => 'error', :status => 403
|
|
return false
|
|
end
|
|
end
|
|
end
|
|
|
|
extend ClassMethods
|
|
|
|
def self.included(receiver)
|
|
receiver.extend(ClassMethods)
|
|
end
|
|
|
|
|
|
end
|