Implement Ralf Jung's captcha feature for the subscribe form.

1 files changed, 20 insertions, 2 deletions

diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
index f1b455da..81ff7f48 100644
--- a/Mailman/Cgi/listinfo.py
+++ b/Mailman/Cgi/listinfo.py
@@ -216,10 +216,28 @@ def list_listinfo(mlist, lang):
             #        drop one : resulting in an invalid format, but it's only
             #        for our hash so it doesn't matter.
             remote = remote.rsplit(':', 1)[0]
+        # render CAPTCHA, if configured
+        if isinstance(mm_cfg.CAPTCHAS, dict) and 'en' in mm_cfg.CAPTCHAS:
+            (captcha_question, captcha_box, captcha_idx) = \
+                Utils.captcha_display(mlist, lang, mm_cfg.CAPTCHAS)
+            pre_question = _(
+                    """Please answer the following question to prove that
+                    you are not a bot:"""
+                )
+            replacements['<mm-captcha-ui>'] = (
+                """<tr><td BGCOLOR="#dddddd">%s<br>%s</td><td>%s</td></tr>"""
+                % (pre_question, captcha_question, captcha_box))
+        else:
+            # just to have something to include in the hash below
+            captcha_idx = ''
+        # fill form
         replacements['<mm-subscribe-form-start>'] += (
-                '<input type="hidden" name="sub_form_token" value="%s:%s">\n'
-                % (now, Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" +
+                '<input type="hidden" name="sub_form_token"'
+                ' value="%s:%s:%s">\n'
+                % (now, captcha_idx,
+                          Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" +
                           now + ":" +
+                          captcha_idx + ":" +
                           mlist.internal_name() + ":" +
                           remote
                           ).hexdigest()