aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi
diff options
context:
space:
mode:
Diffstat (limited to 'Mailman/Cgi')
-rw-r--r--Mailman/Cgi/listinfo.py22
-rw-r--r--Mailman/Cgi/subscribe.py13
2 files changed, 31 insertions, 4 deletions
diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
index f1b455da..81ff7f48 100644
--- a/Mailman/Cgi/listinfo.py
+++ b/Mailman/Cgi/listinfo.py
@@ -216,10 +216,28 @@ def list_listinfo(mlist, lang):
# drop one : resulting in an invalid format, but it's only
# for our hash so it doesn't matter.
remote = remote.rsplit(':', 1)[0]
+ # render CAPTCHA, if configured
+ if isinstance(mm_cfg.CAPTCHAS, dict) and 'en' in mm_cfg.CAPTCHAS:
+ (captcha_question, captcha_box, captcha_idx) = \
+ Utils.captcha_display(mlist, lang, mm_cfg.CAPTCHAS)
+ pre_question = _(
+ """Please answer the following question to prove that
+ you are not a bot:"""
+ )
+ replacements['<mm-captcha-ui>'] = (
+ """<tr><td BGCOLOR="#dddddd">%s<br>%s</td><td>%s</td></tr>"""
+ % (pre_question, captcha_question, captcha_box))
+ else:
+ # just to have something to include in the hash below
+ captcha_idx = ''
+ # fill form
replacements['<mm-subscribe-form-start>'] += (
- '<input type="hidden" name="sub_form_token" value="%s:%s">\n'
- % (now, Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" +
+ '<input type="hidden" name="sub_form_token"'
+ ' value="%s:%s:%s">\n'
+ % (now, captcha_idx,
+ Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" +
now + ":" +
+ captcha_idx + ":" +
mlist.internal_name() + ":" +
remote
).hexdigest()
diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py
index b6527a2a..ce7940f9 100644
--- a/Mailman/Cgi/subscribe.py
+++ b/Mailman/Cgi/subscribe.py
@@ -168,13 +168,15 @@ def process_form(mlist, doc, cgidata, lang):
# for our hash so it doesn't matter.
remote1 = remote.rsplit(':', 1)[0]
try:
- ftime, fhash = cgidata.getfirst('sub_form_token', '').split(':')
+ ftime, fcaptcha_idx, fhash = cgidata.getfirst(
+ 'sub_form_token', '').split(':')
then = int(ftime)
except ValueError:
- ftime = fhash = ''
+ ftime = fcaptcha_idx = fhash = ''
then = 0
token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" +
ftime + ":" +
+ fcaptcha_idx + ":" +
mlist.internal_name() + ":" +
remote1).hexdigest()
if ftime and now - then > mm_cfg.FORM_LIFETIME:
@@ -189,6 +191,13 @@ def process_form(mlist, doc, cgidata, lang):
results.append(
_('There was no hidden token in your submission or it was corrupted.'))
results.append(_('You must GET the form before submitting it.'))
+ # Check captcha
+ if isinstance(mm_cfg.CAPTCHAS, dict):
+ captcha_answer = cgidata.getvalue('captcha_answer', '')
+ if not Utils.captcha_verify(
+ fcaptcha_idx, captcha_answer, mm_cfg.CAPTCHAS):
+ results.append(_(
+ 'This was not the right answer to the CAPTCHA question.'))
# Was an attempt made to subscribe the list to itself?
if email == mlist.GetListEmail():
syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)