Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000625 [Piwigo] user comments feature always 2007.01.18 23:08 2007.01.24 06:09
Reporter rvelices View Status public  
Assigned To rvelices
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version Alligator 2 Product Version Alligator 1
  Target Version Product Build
Summary 0000625: Enhancements against spam robots
Description Around 50% of spam robots post spam comments without first retrieving and analyzing the form. Protect against this one by including a hidden field in the comment form. This field will contain:
- timestamp (seconds)
- a hmac of the timestamp generated using a 'secret' (random string in #config)

On post we check that the timestamp is no older than X seconds and the validity of the hmac.
Steps To Reproduce
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships
related to 0000524closedrvelices Add anti-spam for comments... 

-  Notes
(0001664)
rvelices (developer)
2007.01.19 04:26

[Subversion] r1737
(0001679)
rvelices (developer)
2007.01.24 06:09

finalized in [Subversion] r1744

- Issue History
Date Modified Username Field Change
2007.01.18 23:08 rvelices New Issue
2007.01.18 23:08 rvelices Status new => assigned
2007.01.18 23:08 rvelices Assigned To => rvelices
2007.01.18 23:08 rvelices browser => any
2007.01.18 23:08 rvelices Web server => Apache 1.3.x
2007.01.18 23:08 rvelices Relationship added related to 0000524
2007.01.19 04:26 rvelices Note Added: 0001664
2007.01.24 06:09 rvelices Note Added: 0001679
2007.01.24 06:09 rvelices Status assigned => closed
2007.01.24 06:09 rvelices Resolution open => fixed
2007.01.24 06:09 rvelices Fixed in Version => Alligator 2


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker