diff options
| author | Mark Sapiro <msapiro@value.net> | 2012-12-14 20:37:33 -0800 |
|---|---|---|
| committer | Mark Sapiro <msapiro@value.net> | 2012-12-14 20:37:33 -0800 |
| commit | fed2c1a29ddfb59b215f5091f02f782d7f944240 (patch) | |
| tree | f8b756ddf19ae5156ebae31500d4538d1f0efd00 /Mailman | |
| parent | d90c13daa49cdb3ec1a3c17baf6d0c200bbde5c8 (diff) | |
| download | mailman2-fed2c1a29ddfb59b215f5091f02f782d7f944240.tar.gz mailman2-fed2c1a29ddfb59b215f5091f02f782d7f944240.tar.xz mailman2-fed2c1a29ddfb59b215f5091f02f782d7f944240.zip | |
Added a minimum delay between retrieval and submission of the subscribe form.
Diffstat (limited to '')
| -rwxr-xr-x | Mailman/Cgi/subscribe.py | 4 | ||||
| -rwxr-xr-x | Mailman/Defaults.py.in | 9 |
2 files changed, 11 insertions, 2 deletions
diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 0fde280a..d6b1517d 100755 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -136,6 +136,10 @@ def process_form(mlist, doc, cgidata, lang): remote).hexdigest() if now - then > mm_cfg.FORM_LIFETIME: results.append(_('The form is too old. Please GET it again.')) + if now - then < mm_cfg.SUBSCRIBE_FORM_MIN_TIME: + results.append( + _('Please take a few seconds to fill out the form before submitting it.') + ) if token != fhash: results.append(_('You must GET the form before submitting it.')) # Was an attempt made to subscribe the list to itself? diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index 2b0aa3ed..be1ac735 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -117,8 +117,8 @@ FORM_LIFETIME = hours(1) # This hash is checked upon form submission and the subscribe fails if it # doesn't match. I.e. the form posted must be first retrieved from the # listinfo CGI by the same IP that posts it. The subscribe also fails if -# the time the form was retrieved is more than the above FORM_LIFETIME -# before submission. +# the time the form was retrieved is more than the above FORM_LIFETIME or less +# than the below SUBSCRIBE_FORM_MIN_TIME before submission. # Important: If you have any static subscribe forms on your web site, setting # this option will break them. With this option set, subscribe forms must be # dynamically generated to include the hidden data. See the code block @@ -126,6 +126,11 @@ FORM_LIFETIME = hours(1) # for the details of the hidden data. SUBSCRIBE_FORM_SECRET = None +# If SUBSCRIBE_FORM_SECRET is not None, this is the minimum time the user must +# take after retrieving the form before submitting it. Set to 0 to skip this +# test. +SUBSCRIBE_FORM_MIN_TIME = seconds(5) + # Command that is used to convert text/html parts into plain text. This # should output results to standard output. %(filename)s will contain the # name of the temporary file that the program should operate on. |