예제 #1
0
 /**
  * Add some JS code that add a hidden field
  * If the hidden field is not present in the POST, SpamFilterComponent considers the request as spam.
  */
 public function antispam($form_dom_id)
 {
     $salt = isset($this->_View->viewVars['_alaxos_spam_filter_salt']) ? $this->_View->viewVars['_alaxos_spam_filter_salt'] : null;
     $token = SecurityTool::get_today_token($salt);
     /*
      * Unlock hidden field added by JS to prevent blackholing of form
      */
     $fieldname = SecurityTool::get_today_fieldname($salt);
     $this->unlockField($fieldname);
     return $this->AlaxosHtml->script(Router::url(['prefix' => false, 'plugin' => 'Alaxos', 'controller' => 'Javascripts', 'action' => 'antispam', '_ext' => 'js', '?' => ['fid' => $form_dom_id, 'token' => $token]], true), ['block' => true]);
 }
예제 #2
0
 public function get_yesterday_token()
 {
     $salt = $this->get_session_salt();
     return SecurityTool::get_yesterday_token($salt);
 }
 /**
  * Test startup method
  *
  * @return void
  */
 public function testStartup()
 {
     /*
      * Startup without using additional random Session salt 
      */
     $this->component->config('use_session_salt', false);
     $this->component->startup(new Event('Test'));
     $this->assertArrayHasKey('_alaxos_spam_filter_salt', $this->component->controller->viewVars);
     $this->assertEmpty($this->component->controller->viewVars['_alaxos_spam_filter_salt']);
     $session_salt = $this->component->get_session_salt();
     $this->assertEmpty($session_salt);
     $today_fieldname_1 = SecurityTool::get_today_fieldname($session_salt);
     $yesterday_fieldname_1 = SecurityTool::get_yesterday_fieldname($session_salt);
     $this->assertTrue(in_array($today_fieldname_1, $this->controller->components()->Security->config('unlockedFields')));
     $this->assertTrue(in_array($yesterday_fieldname_1, $this->controller->components()->Security->config('unlockedFields')));
     /*
      * Startup using additional random Session salt
      */
     $this->component->config('use_session_salt', true);
     $this->component->startup(new Event('Test'));
     $this->assertArrayHasKey('_alaxos_spam_filter_salt', $this->component->controller->viewVars);
     $this->assertNotEmpty($this->component->controller->viewVars['_alaxos_spam_filter_salt']);
     $session_salt = $this->component->get_session_salt();
     $this->assertNotEmpty($session_salt);
     $today_fieldname_2 = SecurityTool::get_today_fieldname($session_salt);
     $yesterday_fieldname_2 = SecurityTool::get_yesterday_fieldname($session_salt);
     $this->assertTrue(in_array($today_fieldname_2, $this->controller->components()->Security->config('unlockedFields')));
     $this->assertTrue(in_array($yesterday_fieldname_2, $this->controller->components()->Security->config('unlockedFields')));
 }