From b7476d1c86053181cb38aa3acd3fc718fde55979 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 10 Jun 2019 17:29:24 +0200 Subject: implement a simple CAPTCHA scheme based on questions and answers configured by the site admin --- Mailman/Cgi/listinfo.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'Mailman/Cgi/listinfo.py') diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index f1b455da..909e401e 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -216,10 +216,25 @@ def list_listinfo(mlist, lang): # drop one : resulting in an invalid format, but it's only # for our hash so it doesn't matter. remote = remote.rsplit(':', 1)[0] + # render CAPTCHA, if configured + if isinstance(mm_cfg.CAPTCHAS, dict): + (captcha_question, captcha_box, captcha_idx) = \ + Utils.captcha_display(mlist, lang, mm_cfg.CAPTCHAS) + pre_question = _( + '''Please answer the following question to prove that + you are not a bot:''' + ) + replacements[''] = ( + """%s
%s%s""" + % (pre_question, captcha_question, captcha_box)) + else: + captcha_idx = 0 # just to have something to include in the hash below + # fill form replacements[''] += ( - '\n' - % (now, Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" + + '\n' + % (now, captcha_idx, Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" + now + ":" + + captcha_idx + ":" + mlist.internal_name() + ":" + remote ).hexdigest() -- cgit v1.2.3 From 4348ac442749ad4b68dca81c223d8ba8070e654d Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 10 Jun 2019 22:01:51 +0200 Subject: fix computing the form hash when there is no CAPTCHA --- Mailman/Cgi/listinfo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Mailman/Cgi/listinfo.py') diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 909e401e..6872613e 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -228,7 +228,7 @@ def list_listinfo(mlist, lang): """%s
%s%s""" % (pre_question, captcha_question, captcha_box)) else: - captcha_idx = 0 # just to have something to include in the hash below + captcha_idx = "" # just to have something to include in the hash below # fill form replacements[''] += ( '\n' -- cgit v1.2.3 From 91203be694e4ca836b862b7921e119b2f55a8307 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 10 Jun 2019 22:06:47 +0200 Subject: Don't enable CAPTCHA if 'en' key is not set --- Mailman/Cgi/listinfo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Mailman/Cgi/listinfo.py') diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 6872613e..b35b8988 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -217,7 +217,7 @@ def list_listinfo(mlist, lang): # for our hash so it doesn't matter. remote = remote.rsplit(':', 1)[0] # render CAPTCHA, if configured - if isinstance(mm_cfg.CAPTCHAS, dict): + if isinstance(mm_cfg.CAPTCHAS, dict) and 'en' in mm_cfg.CAPTCHAS: (captcha_question, captcha_box, captcha_idx) = \ Utils.captcha_display(mlist, lang, mm_cfg.CAPTCHAS) pre_question = _( -- cgit v1.2.3