Add honeypot spam protection to body update form

Intercepts the request and redirects to the homepage if the comment field is filled in on the public body update form.
author: Gareth Rees <gareth@mysociety.org> 2014-08-19 09:29:54 +0100
committer: Gareth Rees <gareth@mysociety.org> 2014-08-21 11:36:20 +0100
commit: 64a1f148fedcf375a47f959edbdd4cab0170acea (patch)
tree: 92f56b66317d9549cabf06fd6bc09c7736ebee6c /app/controllers/public_body_change_requests_controller.rb
parent: a4d343096231d62e8d91a1b23ba9e1997e9136c0 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/app/controllers/public_body_change_requests_controller.rb b/app/controllers/public_body_change_requests_controller.rb
index 4a6c5f5cb..773308546 100644
--- a/app/controllers/public_body_change_requests_controller.rb
+++ b/app/controllers/public_body_change_requests_controller.rb
@@ -1,5 +1,7 @@
 class PublicBodyChangeRequestsController < ApplicationController
 
+    before_filter :catch_spam, :only => [:create]
+
     def create
         @change_request = PublicBodyChangeRequest.from_params(params[:public_body_change_request], @user)
         if @change_request.save
@@ -23,6 +25,16 @@ class PublicBodyChangeRequestsController < ApplicationController
         else
             @title = _('Ask us to add an authority')
         end
+    end
+
+    private
 
+    def catch_spam
+        if params[:public_body_change_request].key?(:comment)
+            unless params[:public_body_change_request][:comment].empty?
+                redirect_to frontpage_url
+            end
+        end
     end
+
 end
author	Gareth Rees <gareth@mysociety.org>	2014-08-19 09:29:54 +0100
committer	Gareth Rees <gareth@mysociety.org>	2014-08-21 11:36:20 +0100
commit	64a1f148fedcf375a47f959edbdd4cab0170acea (patch)
tree	92f56b66317d9549cabf06fd6bc09c7736ebee6c /app/controllers/public_body_change_requests_controller.rb
parent	a4d343096231d62e8d91a1b23ba9e1997e9136c0 (diff)