This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 176b6df82b1ff50dd0e51a4fb3b9cd59001a1bcb Author: juanpablo <juanpa...@apache.org> AuthorDate: Sun Nov 29 22:34:44 2020 +0100 extract hidden inputs expected by SpamFilter into its own custom tag, and refactor editors-related JSPs to use it --- .../org/apache/wiki/tags/SpamFilterInputsTag.java | 53 ++++++++++++++++++++++ .../src/main/resources/META-INF/jspwiki.tld | 7 +++ .../main/webapp/templates/210/editors/CKeditor.jsp | 6 +-- .../src/main/webapp/templates/210/editors/FCK.jsp | 2 +- .../main/webapp/templates/210/editors/TinyMCE.jsp | 10 ++-- .../main/webapp/templates/210/editors/plain.jsp | 3 +- .../main/webapp/templates/210/editors/preview.jsp | 2 +- .../main/webapp/templates/210/editors/wysiwyg.jsp | 3 +- .../webapp/templates/default/editors/CKeditor.jsp | 7 +-- .../webapp/templates/default/editors/TinyMCE.jsp | 7 +-- .../webapp/templates/default/editors/plain.jsp | 6 +-- .../webapp/templates/default/editors/preview.jsp | 2 +- .../webapp/templates/default/editors/wysiwyg.jsp | 7 +-- 13 files changed, 73 insertions(+), 42 deletions(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/tags/SpamFilterInputsTag.java b/jspwiki-main/src/main/java/org/apache/wiki/tags/SpamFilterInputsTag.java new file mode 100644 index 0000000..0219d49 --- /dev/null +++ b/jspwiki-main/src/main/java/org/apache/wiki/tags/SpamFilterInputsTag.java @@ -0,0 +1,53 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + */ + +package org.apache.wiki.tags; + + +import org.apache.wiki.filters.SpamFilter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.jsp.PageContext; + +/** + * Provides hidden input fields which are checked by the {@code SpamFilter}. + * + * @since 2.11.0-M8 + */ +public class SpamFilterInputsTag extends WikiTagBase { + + /** + * {@inheritDoc} + */ + @Override + public int doWikiStartTag() throws Exception { + final String encodingCheckInput = SpamFilter.insertInputFields( pageContext ); + final String hashCheckInput = + "<input type='hidden' name='" + SpamFilter.getHashFieldName( ( HttpServletRequest ) pageContext.getRequest() ) + "'" + + " value='" + pageContext.getAttribute( "lastchange", PageContext.REQUEST_SCOPE ) + "' />\n"; + + // This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. + // Normal user should never see this field, nor type anything in it. + final String botCheckInput = + "<input class='hidden' type='text' name='" + SpamFilter.getBotFieldName() + "' id='" + SpamFilter.getBotFieldName() + "' value='' />\n"; + pageContext.getOut().print( encodingCheckInput + hashCheckInput + botCheckInput ); + return SKIP_BODY; + } + +} diff --git a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld index c33e038..64d72b5 100644 --- a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld +++ b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld @@ -708,6 +708,13 @@ </tag> <tag> + <description>Includes input fields used by the Spam Filter</description> + <name>SpamFilterInputs</name> + <tag-class>org.apache.wiki.tags.SpamFilterInputsTag</tag-class> + <body-content>empty</body-content> + </tag> + + <tag> <description>A BodyTag for tabbed sections</description> <name>TabbedSection</name> <tag-class>org.apache.wiki.tags.TabbedSectionTag</tag-class> diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp index b113830..aa4864f 100644 --- a/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp +++ b/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp @@ -133,11 +133,7 @@ <%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%> <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> <input type="hidden" name="action" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" /> - <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. - Normal user should never see this field, nor type anything in it. --%> - <div style="display:none;">Authentication code: <input type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /></div> + <wiki:SpamFilterInputs/> <p> <input name='ok' type='submit' value='<fmt:message key="editor.plain.save.submit"/>' /> diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp index 7735d36..792fcb4 100644 --- a/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp +++ b/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp @@ -107,7 +107,7 @@ <%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%> <input name="page" type="hidden" value="<wiki:Variable var="pagename"/>" /> <input name="action" type="hidden" value="save" /> - <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" /> + <wiki:SpamFilterInputs/> </p> <div style="width:100%"> <%-- Required for IE6 on Windows --%> <script type="text/javascript"> diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp index 3fbaafb..8e0021c 100644 --- a/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp +++ b/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp @@ -127,13 +127,9 @@ enctype="application/x-www-form-urlencoded" > <%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%> - <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> - <input type="hidden" name="action" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" /> - <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. - Normal user should never see this field, nor type anything in it. --%> - <div style="display:none;">Authentication code: <input type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /></div> + <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> + <input type="hidden" name="action" value="save" /> + <wiki:SpamFilterInputs/> <p> <input name='ok' type='submit' value='<fmt:message key="editor.plain.save.submit"/>' /> diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp index e725ef5..4f36913 100644 --- a/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp +++ b/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp @@ -92,8 +92,7 @@ <p id="submitbuttons"> <input name="page" type="hidden" value="<wiki:Variable var='pagename' />" /> <input name="action" type="hidden" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" /> + <wiki:SpamFilterInputs/> <input type="submit" name="ok" value="<fmt:message key='editor.plain.save.submit'/>" accesskey="s" title="<fmt:message key='editor.plain.save.title'/>" /> diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp index 13bdac0..1c0036b 100644 --- a/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp +++ b/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp @@ -55,7 +55,7 @@ <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> <input type="hidden" name="action" value="save" /> - <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="${lastchange}" /> + <wiki:SpamFilterInputs/> </p> <div> <textarea style="display:none;" readonly="readonly" diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp index acc4fb0..67b304c 100644 --- a/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp +++ b/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp @@ -97,8 +97,7 @@ Falling back to the plain editor. <p id="submitbuttons"> <input name="page" type="hidden" value="<wiki:Variable var='pagename' />" /> <input name="action" type="hidden" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" /> + <wiki:SpamFilterInputs/> <input type="submit" name="ok" value="<fmt:message key='editor.plain.save.submit'/>" accesskey="s" title="<fmt:message key='editor.plain.save.title'/>" /> diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp index fb70ec0..b57635e 100644 --- a/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp +++ b/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp @@ -137,12 +137,7 @@ <%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%> <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> <input type="hidden" name="action" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" /> - <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. - Normal user should never see this field, nor type anything in it. --%> - <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /> - + <wiki:SpamFilterInputs/> <div class="form-inline form-group"> diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp index 2e90595..963f81f 100644 --- a/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp +++ b/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp @@ -139,12 +139,7 @@ <%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%> <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> <input type="hidden" name="action" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" /> - <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. - Normal user should never see this field, nor type anything in it. --%> - <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /> - + <wiki:SpamFilterInputs/> <div class="form-inline form-group"> diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp index 6224e62..3409e5d 100644 --- a/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp +++ b/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp @@ -85,11 +85,7 @@ <%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%> <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> <input type="hidden" name="action" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" /> - <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. - Normal user should never see this field, nor type anything in it. --%> - <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /> + <wiki:SpamFilterInputs/> <div class="snipe"> diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp index 6a90dbe..3127dcf 100644 --- a/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp +++ b/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp @@ -54,7 +54,7 @@ <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> <input type="hidden" name="action" value="save" /> - <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>"value="${lastchange}" /> + <wiki:SpamFilterInputs/> <textarea class="hidden" readonly="readonly" id="editorarea" name="<%=EditorManager.REQ_EDITEDTEXT%>" diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp index f769ce9..d8acf45 100644 --- a/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp +++ b/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp @@ -131,12 +131,7 @@ <%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%> <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" /> <input type="hidden" name="action" value="save" /> - <%=SpamFilter.insertInputFields( pageContext )%> - <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" /> - <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. - Normal user should never see this field, nor type anything in it. --%> - <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /> - + <wiki:SpamFilterInputs/> <div class="form-inline form-group">