diff options
| -rw-r--r-- | Gemfile.lock | 2 | ||||
| -rw-r--r-- | app/controllers/public_body_change_requests_controller.rb | 12 | ||||
| -rw-r--r-- | app/views/public_body_change_requests/new.html.erb | 5 | ||||
| -rw-r--r-- | config/nginx-ssl.conf.example (renamed from config/nginx-ssl.conf-example) | 0 | ||||
| -rw-r--r-- | config/packages | 1 | ||||
| -rw-r--r-- | config/packages.debian-squeeze | 1 | ||||
| -rw-r--r-- | config/packages.debian-wheezy | 1 | ||||
| -rw-r--r-- | config/packages.ubuntu-precise | 1 | ||||
| -rw-r--r-- | doc/CHANGES.md | 8 | ||||
| -rw-r--r-- | spec/controllers/public_body_change_requests_controller_spec.rb | 18 |
10 files changed, 46 insertions, 3 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 688f2f2c7..682bacf8c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -154,7 +154,7 @@ GEM net-ssh (2.6.7) net-ssh-gateway (1.2.0) net-ssh (>= 2.6.5) - newrelic_rpm (3.8.0.218) + newrelic_rpm (3.9.1.236) nokogiri (1.5.9) paper_trail (2.7.2) activerecord (~> 3.0) diff --git a/app/controllers/public_body_change_requests_controller.rb b/app/controllers/public_body_change_requests_controller.rb index 4a6c5f5cb..773308546 100644 --- a/app/controllers/public_body_change_requests_controller.rb +++ b/app/controllers/public_body_change_requests_controller.rb @@ -1,5 +1,7 @@ class PublicBodyChangeRequestsController < ApplicationController + before_filter :catch_spam, :only => [:create] + def create @change_request = PublicBodyChangeRequest.from_params(params[:public_body_change_request], @user) if @change_request.save @@ -23,6 +25,16 @@ class PublicBodyChangeRequestsController < ApplicationController else @title = _('Ask us to add an authority') end + end + + private + def catch_spam + if params[:public_body_change_request].key?(:comment) + unless params[:public_body_change_request][:comment].empty? + redirect_to frontpage_url + end + end end + end diff --git a/app/views/public_body_change_requests/new.html.erb b/app/views/public_body_change_requests/new.html.erb index 7079cd868..b52d583be 100644 --- a/app/views/public_body_change_requests/new.html.erb +++ b/app/views/public_body_change_requests/new.html.erb @@ -54,6 +54,11 @@ <%= f.text_area :notes, :rows => 10, :cols => 60 %> </p> + <p style="display:none;"> + <%= label_tag 'public_body_change_request[comment]', _('Do not fill in this field') %> + <%= text_field_tag 'public_body_change_request[comment]' %> + </p> + <div class="form_button"> <%= submit_tag _("Submit request") %> </div> diff --git a/config/nginx-ssl.conf-example b/config/nginx-ssl.conf.example index c623c8e96..c623c8e96 100644 --- a/config/nginx-ssl.conf-example +++ b/config/nginx-ssl.conf.example diff --git a/config/packages b/config/packages index e11fa1d52..a6eeb8079 100644 --- a/config/packages +++ b/config/packages @@ -18,6 +18,7 @@ libsqlite3-dev libxml2-dev libxslt-dev links +lockfile-progs memcached mutt pdftk (>> 1.41+dfsg-1) | pdftk (<< 1.41+dfsg-1) # that version has a non-functionining uncompress option diff --git a/config/packages.debian-squeeze b/config/packages.debian-squeeze index 52bdbc376..c34abefde 100644 --- a/config/packages.debian-squeeze +++ b/config/packages.debian-squeeze @@ -15,6 +15,7 @@ libsqlite3-dev libxml2-dev libxslt-dev links +lockfile-progs mutt pdftk php5-cli diff --git a/config/packages.debian-wheezy b/config/packages.debian-wheezy index 381e25daa..4129aa930 100644 --- a/config/packages.debian-wheezy +++ b/config/packages.debian-wheezy @@ -13,6 +13,7 @@ libsqlite3-dev libxml2-dev libxslt-dev links +lockfile-progs mutt pdftk php5-cli diff --git a/config/packages.ubuntu-precise b/config/packages.ubuntu-precise index 87b9591bf..d97579bc1 100644 --- a/config/packages.ubuntu-precise +++ b/config/packages.ubuntu-precise @@ -12,6 +12,7 @@ libsqlite3-dev libxml2-dev libxslt1-dev links +lockfile-progs mutt pdftk poppler-utils diff --git a/doc/CHANGES.md b/doc/CHANGES.md index 61f55211c..cc8c37c3a 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -20,6 +20,14 @@ `script/rails-post-deploy` to link up the new location. If you don't use `SHARED_FILES` and `SHARED_DIRECTORIES`, alaveteli will now write it's application logs to `APP_ROOT/log` rather than `APP_ROOT/../logs` by default. +* `public_body_change_requests/new.html.erb` has a new field for spam prevention + so customisations of this template should be updated with: + + <p style="display:none;"> + <%= label_tag 'public_body_change_request[comment]', _('Do not fill in this field') %> + <%= text_field_tag 'public_body_change_request[comment]' %> + </p> + This is the anti-spam honeypot. # Version 0.18 diff --git a/spec/controllers/public_body_change_requests_controller_spec.rb b/spec/controllers/public_body_change_requests_controller_spec.rb index 7b878b893..8fe7befeb 100644 --- a/spec/controllers/public_body_change_requests_controller_spec.rb +++ b/spec/controllers/public_body_change_requests_controller_spec.rb @@ -22,7 +22,8 @@ describe PublicBodyChangeRequestsController, "creating a change request" do :public_body_name => 'New Body', :public_body_email => 'new_body@example.com', :notes => 'Please', - :source => 'http://www.example.com'} + :source => 'http://www.example.com', + :comment => '' } end it "should send an email to the site contact address" do @@ -51,6 +52,18 @@ describe PublicBodyChangeRequestsController, "creating a change request" do response.should redirect_to frontpage_url end + it 'has rudimentary spam protection' do + spam_request_params = @change_request_params.merge({ :comment => 'I AM A SPAMBOT' }) + + post :create, { :public_body_change_request => spam_request_params } + + response.should redirect_to(frontpage_path) + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 0 + deliveries.clear + end + end context 'when handling a request for an update to an existing authority' do @@ -64,7 +77,8 @@ describe PublicBodyChangeRequestsController, "creating a change request" do :public_body_id => @public_body.id, :public_body_email => 'new_body@example.com', :notes => 'Please', - :source => 'http://www.example.com'} + :source => 'http://www.example.com', + :comment => '' } end it 'should send an email to the site contact address' do |