[pLog-svn] r7182 - in plugins/branches/lifetype-1.2/hiddeninput: . class/security class/view

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Fri Apr 6 11:43:50 EDT 2012 

Author: jondaley
Date: 2012-04-06 11:43:50 -0400 (Fri, 06 Apr 2012)
New Revision: 7182

Added:
   plugins/branches/lifetype-1.2/hiddeninput/class/view/hiddeninputerrorview.class.php
Modified:
   plugins/branches/lifetype-1.2/hiddeninput/class/security/hiddeninputfilter.class.php
   plugins/branches/lifetype-1.2/hiddeninput/pluginhiddeninput.class.php
Log:
return 403 instead of 404 on hidden input block.  From my sample data points, this seems to discourage spammers more.  We might need to look into making the spam checks less heavy on the system, as spammers are causing quite a bit of load on my servers

Modified: plugins/branches/lifetype-1.2/hiddeninput/class/security/hiddeninputfilter.class.php
===================================================================
--- plugins/branches/lifetype-1.2/hiddeninput/class/security/hiddeninputfilter.class.php	2012-04-06 15:42:03 UTC (rev 7181)
+++ plugins/branches/lifetype-1.2/hiddeninput/class/security/hiddeninputfilter.class.php	2012-04-06 15:43:50 UTC (rev 7182)
@@ -1,6 +1,7 @@
 <?php
 
 	lt_include( PLOG_CLASS_PATH."class/security/pipelinefilter.class.php" );
+    lt_include( PLOG_CLASS_PATH."plugins/hiddeninput/class/view/hiddeninputerrorview.class.php" );
 
     // custom error code that will be returned to the pipeline whenever an
     // error is found... Be careful so as to not to have two different modules
@@ -48,11 +49,16 @@
             if ( $this->_pipelineRequest->getRejectedState() )
                 return new PipelineResult();
 
+            $errorReturn = new PipelineResult( false, HIDDEN_INPUT_MATCH_FOUND,
+                                               $locale->tr("error_hiddeninput_field_missing"));
+            $errorView = new HiddenInputErrorView( $blogInfo );
+            $errorView->setErrorMessage($locale->tr("error_hiddeninput_field_missing"));
+            $errorReturn->setView($errorView);
+            
                 // check if the blog expects to have the topic field filled out
             $noTopic = $blogSettings->getValue( "plugin_hiddeninput_notopic" );
             if($noTopic && $request->getValue("commentTopic")){
-                return new PipelineResult( false, HIDDEN_INPUT_MATCH_FOUND,
-                                           $locale->tr("error_hiddeninput_field_missing"));
+                return $errorReturn;
             }
 
 			$hiddenFields = $blogSettings->getValue( "plugin_hiddeninput_hiddenfields" );
@@ -64,8 +70,7 @@
             	$commentHiddenField = $request->getValue($hiddenField);
                 if($commentHiddenField != HiddenInput::generateValue($blogSettings, $hiddenField)){
                 	// if there is a match, we can quit and reject this request
-                    $result = new PipelineResult( false, HIDDEN_INPUT_MATCH_FOUND, $locale->tr("error_hiddeninput_field_missing"));
-                    return $result;
+                    return $errorReturn;
                 }                                                    
             }
 

Copied: plugins/branches/lifetype-1.2/hiddeninput/class/view/hiddeninputerrorview.class.php (from rev 7175, plog/branches/lifetype-1.2/class/view/errorview.class.php)
===================================================================
--- plugins/branches/lifetype-1.2/hiddeninput/class/view/hiddeninputerrorview.class.php	                        (rev 0)
+++ plugins/branches/lifetype-1.2/hiddeninput/class/view/hiddeninputerrorview.class.php	2012-04-06 15:43:50 UTC (rev 7182)
@@ -0,0 +1,22 @@
+<?php
+
+	lt_include( PLOG_CLASS_PATH."class/view/errorview.class.php" );
+    lt_include( PLOG_CLASS_PATH.'class/data/timestamp.class.php' );
+
+    /**
+     * \ingroup View
+     *
+     * The ErrorView class takes care of showing error messages. Use this view whenever you need to
+     * show an error message in the public side of the blog.
+     */
+    class HiddenInputErrorView extends ErrorView 
+    {
+
+		function HiddenInputErrorView( $blogInfo, $message = null )
+        {
+        	$this->BlogView( $blogInfo, ERROR_TEMPLATE, SMARTY_VIEW_CACHE_DISABLED );
+			$this->addHeaderResponse( "HTTP/1.0 403" );
+
+            $this->_message = $message;
+        }
+    }

Modified: plugins/branches/lifetype-1.2/hiddeninput/pluginhiddeninput.class.php
===================================================================
--- plugins/branches/lifetype-1.2/hiddeninput/pluginhiddeninput.class.php	2012-04-06 15:42:03 UTC (rev 7181)
+++ plugins/branches/lifetype-1.2/hiddeninput/pluginhiddeninput.class.php	2012-04-06 15:43:50 UTC (rev 7182)
@@ -18,7 +18,7 @@
             $this->id = "hiddeninput";
             $this->author = "Mark Wu";
             $this->desc = "This plugin offers hidden fields to comment form to prevent spammer post from spam robot.";
-            $this->version = "20100819";
+            $this->version = "20120506";
             
             $this->prefix = Db::getPrefix();

More information about the pLog-svn mailing list