You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2020/11/29 21:54:32 UTC
[jspwiki] 06/11: extract hidden inputs expected by SpamFilter into
its own custom tag, and refactor editors-related JSPs to use it
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 176b6df82b1ff50dd0e51a4fb3b9cd59001a1bcb
Author: juanpablo <ju...@apache.org>
AuthorDate: Sun Nov 29 22:34:44 2020 +0100
extract hidden inputs expected by SpamFilter into its own custom tag, and refactor editors-related JSPs to use it
---
.../org/apache/wiki/tags/SpamFilterInputsTag.java | 53 ++++++++++++++++++++++
.../src/main/resources/META-INF/jspwiki.tld | 7 +++
.../main/webapp/templates/210/editors/CKeditor.jsp | 6 +--
.../src/main/webapp/templates/210/editors/FCK.jsp | 2 +-
.../main/webapp/templates/210/editors/TinyMCE.jsp | 10 ++--
.../main/webapp/templates/210/editors/plain.jsp | 3 +-
.../main/webapp/templates/210/editors/preview.jsp | 2 +-
.../main/webapp/templates/210/editors/wysiwyg.jsp | 3 +-
.../webapp/templates/default/editors/CKeditor.jsp | 7 +--
.../webapp/templates/default/editors/TinyMCE.jsp | 7 +--
.../webapp/templates/default/editors/plain.jsp | 6 +--
.../webapp/templates/default/editors/preview.jsp | 2 +-
.../webapp/templates/default/editors/wysiwyg.jsp | 7 +--
13 files changed, 73 insertions(+), 42 deletions(-)
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/tags/SpamFilterInputsTag.java b/jspwiki-main/src/main/java/org/apache/wiki/tags/SpamFilterInputsTag.java
new file mode 100644
index 0000000..0219d49
--- /dev/null
+++ b/jspwiki-main/src/main/java/org/apache/wiki/tags/SpamFilterInputsTag.java
@@ -0,0 +1,53 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
+
+package org.apache.wiki.tags;
+
+
+import org.apache.wiki.filters.SpamFilter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.jsp.PageContext;
+
+/**
+ * Provides hidden input fields which are checked by the {@code SpamFilter}.
+ *
+ * @since 2.11.0-M8
+ */
+public class SpamFilterInputsTag extends WikiTagBase {
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int doWikiStartTag() throws Exception {
+ final String encodingCheckInput = SpamFilter.insertInputFields( pageContext );
+ final String hashCheckInput =
+ "<input type='hidden' name='" + SpamFilter.getHashFieldName( ( HttpServletRequest ) pageContext.getRequest() ) + "'" +
+ " value='" + pageContext.getAttribute( "lastchange", PageContext.REQUEST_SCOPE ) + "' />\n";
+
+ // This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
+ // Normal user should never see this field, nor type anything in it.
+ final String botCheckInput =
+ "<input class='hidden' type='text' name='" + SpamFilter.getBotFieldName() + "' id='" + SpamFilter.getBotFieldName() + "' value='' />\n";
+ pageContext.getOut().print( encodingCheckInput + hashCheckInput + botCheckInput );
+ return SKIP_BODY;
+ }
+
+}
diff --git a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld
index c33e038..64d72b5 100644
--- a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld
+++ b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld
@@ -708,6 +708,13 @@
</tag>
<tag>
+ <description>Includes input fields used by the Spam Filter</description>
+ <name>SpamFilterInputs</name>
+ <tag-class>org.apache.wiki.tags.SpamFilterInputsTag</tag-class>
+ <body-content>empty</body-content>
+ </tag>
+
+ <tag>
<description>A BodyTag for tabbed sections</description>
<name>TabbedSection</name>
<tag-class>org.apache.wiki.tags.TabbedSectionTag</tag-class>
diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp
index b113830..aa4864f 100644
--- a/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/editors/CKeditor.jsp
@@ -133,11 +133,7 @@
<%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%>
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" />
- <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
- Normal user should never see this field, nor type anything in it. --%>
- <div style="display:none;">Authentication code: <input type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /></div>
+ <wiki:SpamFilterInputs/>
<p>
<input name='ok' type='submit' value='<fmt:message key="editor.plain.save.submit"/>' />
diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp
index 7735d36..792fcb4 100644
--- a/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/editors/FCK.jsp
@@ -107,7 +107,7 @@
<%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%>
<input name="page" type="hidden" value="<wiki:Variable var="pagename"/>" />
<input name="action" type="hidden" value="save" />
- <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" />
+ <wiki:SpamFilterInputs/>
</p>
<div style="width:100%"> <%-- Required for IE6 on Windows --%>
<script type="text/javascript">
diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp
index 3fbaafb..8e0021c 100644
--- a/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/editors/TinyMCE.jsp
@@ -127,13 +127,9 @@
enctype="application/x-www-form-urlencoded" >
<%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%>
- <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
- <input type="hidden" name="action" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" />
- <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
- Normal user should never see this field, nor type anything in it. --%>
- <div style="display:none;">Authentication code: <input type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" /></div>
+ <input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
+ <input type="hidden" name="action" value="save" />
+ <wiki:SpamFilterInputs/>
<p>
<input name='ok' type='submit' value='<fmt:message key="editor.plain.save.submit"/>' />
diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp
index e725ef5..4f36913 100644
--- a/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/editors/plain.jsp
@@ -92,8 +92,7 @@
<p id="submitbuttons">
<input name="page" type="hidden" value="<wiki:Variable var='pagename' />" />
<input name="action" type="hidden" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" />
+ <wiki:SpamFilterInputs/>
<input type="submit" name="ok" value="<fmt:message key='editor.plain.save.submit'/>"
accesskey="s"
title="<fmt:message key='editor.plain.save.title'/>" />
diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp
index 13bdac0..1c0036b 100644
--- a/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/editors/preview.jsp
@@ -55,7 +55,7 @@
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="${lastchange}" />
+ <wiki:SpamFilterInputs/>
</p>
<div>
<textarea style="display:none;" readonly="readonly"
diff --git a/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp b/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp
index acc4fb0..67b304c 100644
--- a/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/editors/wysiwyg.jsp
@@ -97,8 +97,7 @@ Falling back to the plain editor.
<p id="submitbuttons">
<input name="page" type="hidden" value="<wiki:Variable var='pagename' />" />
<input name="action" type="hidden" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" />
+ <wiki:SpamFilterInputs/>
<input type="submit" name="ok" value="<fmt:message key='editor.plain.save.submit'/>"
accesskey="s"
title="<fmt:message key='editor.plain.save.title'/>" />
diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp
index fb70ec0..b57635e 100644
--- a/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/editors/CKeditor.jsp
@@ -137,12 +137,7 @@
<%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%>
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" />
- <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
- Normal user should never see this field, nor type anything in it. --%>
- <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" />
-
+ <wiki:SpamFilterInputs/>
<div class="form-inline form-group">
diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp
index 2e90595..963f81f 100644
--- a/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/editors/TinyMCE.jsp
@@ -139,12 +139,7 @@
<%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%>
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" />
- <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
- Normal user should never see this field, nor type anything in it. --%>
- <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" />
-
+ <wiki:SpamFilterInputs/>
<div class="form-inline form-group">
diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp
index 6224e62..3409e5d 100644
--- a/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/editors/plain.jsp
@@ -85,11 +85,7 @@
<%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%>
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" />
- <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
- Normal user should never see this field, nor type anything in it. --%>
- <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" />
+ <wiki:SpamFilterInputs/>
<div class="snipe">
diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp
index 6a90dbe..3127dcf 100644
--- a/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/editors/preview.jsp
@@ -54,7 +54,7 @@
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>"value="${lastchange}" />
+ <wiki:SpamFilterInputs/>
<textarea class="hidden" readonly="readonly"
id="editorarea" name="<%=EditorManager.REQ_EDITEDTEXT%>"
diff --git a/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp b/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp
index f769ce9..d8acf45 100644
--- a/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/editors/wysiwyg.jsp
@@ -131,12 +131,7 @@
<%-- Edit.jsp relies on these being found. So be careful, if you make changes. --%>
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <%=SpamFilter.insertInputFields( pageContext )%>
- <input type="hidden" name="<%=SpamFilter.getHashFieldName(request)%>" value="${lastchange}" />
- <%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
- Normal user should never see this field, nor type anything in it. --%>
- <input class="hidden" type="text" name="<%=SpamFilter.getBotFieldName()%>" id="<%=SpamFilter.getBotFieldName()%>" value="" />
-
+ <wiki:SpamFilterInputs/>
<div class="form-inline form-group">