0001-misc-add-antibot-honeypot-38676.patch
tests/test_form_pages.py | ||
---|---|---|
7978 | 7978 |
resp.form['comment'] = 'plop' |
7979 | 7979 |
resp = resp.form.submit('submit') |
7980 | 7980 |
assert resp.location == 'http://example.net/test/1/#' |
7981 | ||
7982 | ||
7983 |
def test_form_honeypot(pub): |
|
7984 |
formdef = create_formdef() |
|
7985 |
formdef.fields = [fields.StringField(id='0', label='string', required=False)] |
|
7986 |
formdef.store() |
|
7987 |
formdef.data_class().wipe() |
|
7988 |
resp = get_app(pub).get('/test/') |
|
7989 |
resp.forms[0]['f00'] = 'honey?' |
|
7990 |
resp = resp.forms[0].submit('submit') |
|
7991 |
assert 'Honey pot should be left untouched.' in resp |
wcs/forms/root.py | ||
---|---|---|
455 | 455 |
form.add_submit('savedraft', _('Save Draft'), css_class='save-draft', |
456 | 456 |
attrs={'style': 'display: none'}) |
457 | 457 | |
458 |
# add fake field as honey pot |
|
459 |
honeypot = form.add(StringWidget, 'f00', value='', |
|
460 |
title=_('leave this field blank to prove your humanity'), |
|
461 |
size=25) |
|
462 |
honeypot.is_hidden = True |
|
463 | ||
458 | 464 |
context = { |
459 | 465 |
'view': self, |
460 | 466 |
'form': form, |
... | ... | |
840 | 846 |
form.set_error('post_condition%d' % i, 'error') |
841 | 847 |
page_error_messages.append(error_message) |
842 | 848 | |
849 |
if get_request().form.get('f00'): |
|
850 |
form.add(HiddenErrorWidget, 'honeypot') |
|
851 |
form.set_error('honeypot', 'error') |
|
852 |
page_error_messages.append(_('Honey pot should be left untouched.')) |
|
853 | ||
843 | 854 |
# form.get_submit() returns the name of the clicked button, and |
844 | 855 |
# it will return True if the form has been submitted, but not |
845 | 856 |
# by clicking on a submit widget; for example if an "add row" |
846 |
- |