diff options
author | Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> | 2019-06-21 07:51:01 +0900 |
---|---|---|
committer | Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> | 2019-06-21 07:51:01 +0900 |
commit | 3d32d14b3929489226106ee935bcbb6242b71866 (patch) | |
tree | 91507de6cf467ed68f63e6d1aa6c29c317ca662f /Mailman/Cgi/subscribe.py | |
parent | 83402ad71a22c272ea825068e496efc7fdcebb86 (diff) | |
parent | a5de21c5b47e37b65f66975e7a8ca82be2bc3de4 (diff) | |
download | mailman2-3d32d14b3929489226106ee935bcbb6242b71866.tar.gz mailman2-3d32d14b3929489226106ee935bcbb6242b71866.tar.xz mailman2-3d32d14b3929489226106ee935bcbb6242b71866.zip |
merge lp:mailman/2.1 up to rev 1817
Diffstat (limited to 'Mailman/Cgi/subscribe.py')
-rw-r--r-- | Mailman/Cgi/subscribe.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index b6527a2a..ce7940f9 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -168,13 +168,15 @@ def process_form(mlist, doc, cgidata, lang): # for our hash so it doesn't matter. remote1 = remote.rsplit(':', 1)[0] try: - ftime, fhash = cgidata.getfirst('sub_form_token', '').split(':') + ftime, fcaptcha_idx, fhash = cgidata.getfirst( + 'sub_form_token', '').split(':') then = int(ftime) except ValueError: - ftime = fhash = '' + ftime = fcaptcha_idx = fhash = '' then = 0 token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" + ftime + ":" + + fcaptcha_idx + ":" + mlist.internal_name() + ":" + remote1).hexdigest() if ftime and now - then > mm_cfg.FORM_LIFETIME: @@ -189,6 +191,13 @@ def process_form(mlist, doc, cgidata, lang): results.append( _('There was no hidden token in your submission or it was corrupted.')) results.append(_('You must GET the form before submitting it.')) + # Check captcha + if isinstance(mm_cfg.CAPTCHAS, dict): + captcha_answer = cgidata.getvalue('captcha_answer', '') + if not Utils.captcha_verify( + fcaptcha_idx, captcha_answer, mm_cfg.CAPTCHAS): + results.append(_( + 'This was not the right answer to the CAPTCHA question.')) # Was an attempt made to subscribe the list to itself? if email == mlist.GetListEmail(): syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote) |