From 993d81c2ce98a6579b3110a6013c00090dfddaea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Sieb=C3=B6rger?= Date: Mon, 29 Jan 2018 14:58:42 +0200 Subject: Allow the list subscription form to be protected from spam bots using reCAPTCHA. --- Mailman/Cgi/listinfo.py | 10 ++++++++++ Mailman/Cgi/subscribe.py | 22 ++++++++++++++++++++++ Mailman/Defaults.py.in | 6 ++++++ templates/ar/listinfo.html | 1 + templates/ast/listinfo.html | 1 + templates/ca/listinfo.html | 1 + templates/cs/listinfo.html | 1 + templates/da/listinfo.html | 1 + templates/de/listinfo.html | 1 + templates/el/listinfo.html | 1 + templates/en/listinfo.html | 1 + templates/es/listinfo.html | 1 + templates/et/listinfo.html | 1 + templates/eu/listinfo.html | 1 + templates/fa/listinfo.html | 1 + templates/fi/listinfo.html | 1 + templates/fr/listinfo.html | 1 + templates/gl/listinfo.html | 1 + templates/he/listinfo.html | 1 + templates/hr/listinfo.html | 1 + templates/hu/listinfo.html | 1 + templates/ia/listinfo.html | 1 + templates/it/listinfo.html | 1 + templates/ja/listinfo.html | 1 + templates/ko/listinfo.html | 1 + templates/lt/listinfo.html | 1 + templates/nl/listinfo.html | 1 + templates/no/listinfo.html | 1 + templates/pl/listinfo.html | 1 + templates/pt/listinfo.html | 1 + templates/pt_BR/listinfo.html | 1 + templates/ro/listinfo.html | 1 + templates/ru/listinfo.html | 1 + templates/sk/listinfo.html | 1 + templates/sl/listinfo.html | 1 + templates/sr/listinfo.html | 1 + templates/sv/listinfo.html | 1 + templates/tr/listinfo.html | 1 + templates/uk/listinfo.html | 1 + templates/vi/listinfo.html | 1 + templates/zh_CN/listinfo.html | 1 + templates/zh_TW/listinfo.html | 1 + 42 files changed, 77 insertions(+) diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index b8704486..91f5b6bb 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -243,6 +243,16 @@ def list_listinfo(mlist, lang): replacements[''] = displang replacements[''] = mlist.FormatFormStart('listinfo') replacements[''] = mlist.FormatBox('fullname', size=30) + # If reCAPTCHA is enabled, display its user interface + if mm_cfg.RECAPTCHA_SITE_KEY: + replacements[''] = ( + """  + +
+ """ + % mm_cfg.RECAPTCHA_SITE_KEY) + else: + replacements[''] = '' # Do the expansion. doc.AddItem(mlist.ParseTags('listinfo.html', replacements, lang)) diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 232048d7..a53efefd 100755 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -22,6 +22,9 @@ import os import cgi import time import signal +import urllib +import urllib2 +import json from Mailman import mm_cfg from Mailman import Utils @@ -131,6 +134,25 @@ def process_form(mlist, doc, cgidata, lang): os.environ.get('HTTP_X_FORWARDED_FOR', os.environ.get('REMOTE_ADDR', 'unidentified origin'))) + + # Check reCAPTCHA submission, if enabled + if mm_cfg.RECAPTCHA_SECRET_KEY: + request = urllib2.Request( + url = 'https://www.google.com/recaptcha/api/siteverify', + data = urllib.urlencode({ + 'secret': mm_cfg.RECAPTCHA_SECRET_KEY, + 'response': cgidata.getvalue('g-recaptcha-response', ''), + 'remoteip': remote})) + try: + httpresp = urllib2.urlopen(request) + captcha_response = json.load(httpresp) + httpresp.close() + if not captcha_response['success']: + results.append(_('reCAPTCHA validation failed: %s' % + ', '.join(captcha_response['error-codes']))) + except urllib2.URLError as e: + results.append(_('reCAPTCHA could not be validated: %s' % e.reason)) + # Are we checking the hidden data? if mm_cfg.SUBSCRIBE_FORM_SECRET: now = int(time.time()) diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index 309d0ba3..3446aa8d 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -131,6 +131,12 @@ SUBSCRIBE_FORM_SECRET = None # test. SUBSCRIBE_FORM_MIN_TIME = seconds(5) +# Use Google reCAPTCHA to protect the subscription form from spam bots. The +# following must be set to a pair of keys issued by the reCAPTCHA service at +# https://www.google.com/recaptcha/ +RECAPTCHA_SITE_KEY = None +RECAPTCHA_SECRET_KEY = None + # Installation wide ban list. This is a list of email addresses and regexp # patterns (beginning with ^) which are not allowed to subscribe to any lists # in the installation. This supplements the individual list's ban_list. diff --git a/templates/ar/listinfo.html b/templates/ar/listinfo.html index 10e870f8..8a24e75c 100644 --- a/templates/ar/listinfo.html +++ b/templates/ar/listinfo.html @@ -111,6 +111,7 @@ +
diff --git a/templates/ast/listinfo.html b/templates/ast/listinfo.html index 838e119b..f451a1b1 100644 --- a/templates/ast/listinfo.html +++ b/templates/ast/listinfo.html @@ -103,6 +103,7 @@ +

diff --git a/templates/ca/listinfo.html b/templates/ca/listinfo.html index 174560d8..f1a66f7c 100644 --- a/templates/ca/listinfo.html +++ b/templates/ca/listinfo.html @@ -114,6 +114,7 @@ que es mostrin els vostres missatges? +
diff --git a/templates/cs/listinfo.html b/templates/cs/listinfo.html index 8ed7f1a2..408b22b5 100644 --- a/templates/cs/listinfo.html +++ b/templates/cs/listinfo.html @@ -112,6 +112,7 @@ +
diff --git a/templates/da/listinfo.html b/templates/da/listinfo.html index 999048ef..79cf9d47 100644 --- a/templates/da/listinfo.html +++ b/templates/da/listinfo.html @@ -108,6 +108,7 @@ +
diff --git a/templates/de/listinfo.html b/templates/de/listinfo.html index 75dce30f..647a66cc 100755 --- a/templates/de/listinfo.html +++ b/templates/de/listinfo.html @@ -114,6 +114,7 @@ Liste . +
diff --git a/templates/el/listinfo.html b/templates/el/listinfo.html index f66fb7fe..65455594 100755 --- a/templates/el/listinfo.html +++ b/templates/el/listinfo.html @@ -116,6 +116,7 @@ +

diff --git a/templates/en/listinfo.html b/templates/en/listinfo.html index f02b170d..c3c216b1 100644 --- a/templates/en/listinfo.html +++ b/templates/en/listinfo.html @@ -115,6 +115,7 @@ +
diff --git a/templates/es/listinfo.html b/templates/es/listinfo.html index a06b7f56..98380d90 100644 --- a/templates/es/listinfo.html +++ b/templates/es/listinfo.html @@ -115,6 +115,7 @@ Sí +
diff --git a/templates/et/listinfo.html b/templates/et/listinfo.html index 361c880a..a5735dc9 100644 --- a/templates/et/listinfo.html +++ b/templates/et/listinfo.html @@ -105,6 +105,7 @@ Jah +
diff --git a/templates/eu/listinfo.html b/templates/eu/listinfo.html index 7b6ffb98..a6a8a769 100644 --- a/templates/eu/listinfo.html +++ b/templates/eu/listinfo.html @@ -113,6 +113,7 @@ +
diff --git a/templates/fa/listinfo.html b/templates/fa/listinfo.html index 53dd0b32..80422928 100644 --- a/templates/fa/listinfo.html +++ b/templates/fa/listinfo.html @@ -105,6 +105,7 @@ +
diff --git a/templates/fi/listinfo.html b/templates/fi/listinfo.html index 5d99ce00..b7de2343 100644 --- a/templates/fi/listinfo.html +++ b/templates/fi/listinfo.html @@ -118,6 +118,7 @@ Kyllä +
diff --git a/templates/fr/listinfo.html b/templates/fr/listinfo.html index 4c91c35c..61954769 100644 --- a/templates/fr/listinfo.html +++ b/templates/fr/listinfo.html @@ -118,6 +118,7 @@ +
diff --git a/templates/gl/listinfo.html b/templates/gl/listinfo.html index 2297f249..e61a5a0a 100644 --- a/templates/gl/listinfo.html +++ b/templates/gl/listinfo.html @@ -114,6 +114,7 @@ Si +
diff --git a/templates/he/listinfo.html b/templates/he/listinfo.html index 3f6113c1..dc5bca26 100644 --- a/templates/he/listinfo.html +++ b/templates/he/listinfo.html @@ -110,6 +110,7 @@ +
diff --git a/templates/hr/listinfo.html b/templates/hr/listinfo.html index 5b46a913..37de789e 100644 --- a/templates/hr/listinfo.html +++ b/templates/hr/listinfo.html @@ -112,6 +112,7 @@ +
diff --git a/templates/hu/listinfo.html b/templates/hu/listinfo.html index 6d3d6992..4f62722f 100644 --- a/templates/hu/listinfo.html +++ b/templates/hu/listinfo.html @@ -111,6 +111,7 @@ +
diff --git a/templates/ia/listinfo.html b/templates/ia/listinfo.html index d266e3b5..c0077505 100644 --- a/templates/ia/listinfo.html +++ b/templates/ia/listinfo.html @@ -103,6 +103,7 @@ +
diff --git a/templates/it/listinfo.html b/templates/it/listinfo.html index 24617830..deb68063 100644 --- a/templates/it/listinfo.html +++ b/templates/it/listinfo.html @@ -123,6 +123,7 @@ +
diff --git a/templates/ja/listinfo.html b/templates/ja/listinfo.html index 95507f61..dfe50760 100644 --- a/templates/ja/listinfo.html +++ b/templates/ja/listinfo.html @@ -115,6 +115,7 @@ +
diff --git a/templates/ko/listinfo.html b/templates/ko/listinfo.html index 41463dff..240ef3b8 100644 --- a/templates/ko/listinfo.html +++ b/templates/ko/listinfo.html @@ -110,6 +110,7 @@ ¿¹ +
diff --git a/templates/lt/listinfo.html b/templates/lt/listinfo.html index 1c8c71ab..2e467d8a 100644 --- a/templates/lt/listinfo.html +++ b/templates/lt/listinfo.html @@ -111,6 +111,7 @@ Taip +
diff --git a/templates/nl/listinfo.html b/templates/nl/listinfo.html index 48d57cc0..5bd63f05 100644 --- a/templates/nl/listinfo.html +++ b/templates/nl/listinfo.html @@ -106,6 +106,7 @@ Ja +
diff --git a/templates/no/listinfo.html b/templates/no/listinfo.html index fdd1593d..90468069 100644 --- a/templates/no/listinfo.html +++ b/templates/no/listinfo.html @@ -108,6 +108,7 @@ +
diff --git a/templates/pl/listinfo.html b/templates/pl/listinfo.html index e02e3ea4..457a83b2 100644 --- a/templates/pl/listinfo.html +++ b/templates/pl/listinfo.html @@ -113,6 +113,7 @@ +
diff --git a/templates/pt/listinfo.html b/templates/pt/listinfo.html index a958455e..5b6e8e6f 100644 --- a/templates/pt/listinfo.html +++ b/templates/pt/listinfo.html @@ -114,6 +114,7 @@ +
diff --git a/templates/pt_BR/listinfo.html b/templates/pt_BR/listinfo.html index a9124259..3ece747e 100644 --- a/templates/pt_BR/listinfo.html +++ b/templates/pt_BR/listinfo.html @@ -113,6 +113,7 @@ Sim +
diff --git a/templates/ro/listinfo.html b/templates/ro/listinfo.html index 5aa916bc..8fedf57c 100644 --- a/templates/ro/listinfo.html +++ b/templates/ro/listinfo.html @@ -109,6 +109,7 @@ +
diff --git a/templates/ru/listinfo.html b/templates/ru/listinfo.html index 27f0de47..87f4b12d 100644 --- a/templates/ru/listinfo.html +++ b/templates/ru/listinfo.html @@ -100,6 +100,7 @@ +
diff --git a/templates/sk/listinfo.html b/templates/sk/listinfo.html index 81a7b738..0e9e2bea 100644 --- a/templates/sk/listinfo.html +++ b/templates/sk/listinfo.html @@ -117,6 +117,7 @@ +
diff --git a/templates/sl/listinfo.html b/templates/sl/listinfo.html index 551ad268..a6d3108e 100644 --- a/templates/sl/listinfo.html +++ b/templates/sl/listinfo.html @@ -112,6 +112,7 @@ +
diff --git a/templates/sr/listinfo.html b/templates/sr/listinfo.html index d884f5a3..d4f601a7 100644 --- a/templates/sr/listinfo.html +++ b/templates/sr/listinfo.html @@ -97,6 +97,7 @@ Ðе Да +
diff --git a/templates/sv/listinfo.html b/templates/sv/listinfo.html index 38e78dc9..d2824096 100644 --- a/templates/sv/listinfo.html +++ b/templates/sv/listinfo.html @@ -94,6 +94,7 @@ Nej Ja +
diff --git a/templates/tr/listinfo.html b/templates/tr/listinfo.html index da7b935c..8d7fdf3a 100644 --- a/templates/tr/listinfo.html +++ b/templates/tr/listinfo.html @@ -115,6 +115,7 @@ +
diff --git a/templates/uk/listinfo.html b/templates/uk/listinfo.html index 3ee3bdfb..b881ff3a 100644 --- a/templates/uk/listinfo.html +++ b/templates/uk/listinfo.html @@ -111,6 +111,7 @@ +
diff --git a/templates/vi/listinfo.html b/templates/vi/listinfo.html index b4627b38..5b864d3e 100644 --- a/templates/vi/listinfo.html +++ b/templates/vi/listinfo.html @@ -102,6 +102,7 @@ +
diff --git a/templates/zh_CN/listinfo.html b/templates/zh_CN/listinfo.html index 98bc3a76..c329aa27 100644 --- a/templates/zh_CN/listinfo.html +++ b/templates/zh_CN/listinfo.html @@ -107,6 +107,7 @@ +
diff --git a/templates/zh_TW/listinfo.html b/templates/zh_TW/listinfo.html index d19d2931..966b6d44 100644 --- a/templates/zh_TW/listinfo.html +++ b/templates/zh_TW/listinfo.html @@ -98,6 +98,7 @@ HREF="mailto:">。 Yes +
-- cgit v1.2.3