/** * Add some JS code that add a hidden field * If the hidden field is not present in the POST, SpamFilterComponent considers the request as spam. */ public function antispam($form_dom_id) { $salt = isset($this->_View->viewVars['_alaxos_spam_filter_salt']) ? $this->_View->viewVars['_alaxos_spam_filter_salt'] : null; $token = SecurityTool::get_today_token($salt); /* * Unlock hidden field added by JS to prevent blackholing of form */ $fieldname = SecurityTool::get_today_fieldname($salt); $this->unlockField($fieldname); return $this->AlaxosHtml->script(Router::url(['prefix' => false, 'plugin' => 'Alaxos', 'controller' => 'Javascripts', 'action' => 'antispam', '_ext' => 'js', '?' => ['fid' => $form_dom_id, 'token' => $token]], true), ['block' => true]); }
public function get_yesterday_token() { $salt = $this->get_session_salt(); return SecurityTool::get_yesterday_token($salt); }
/** * Test startup method * * @return void */ public function testStartup() { /* * Startup without using additional random Session salt */ $this->component->config('use_session_salt', false); $this->component->startup(new Event('Test')); $this->assertArrayHasKey('_alaxos_spam_filter_salt', $this->component->controller->viewVars); $this->assertEmpty($this->component->controller->viewVars['_alaxos_spam_filter_salt']); $session_salt = $this->component->get_session_salt(); $this->assertEmpty($session_salt); $today_fieldname_1 = SecurityTool::get_today_fieldname($session_salt); $yesterday_fieldname_1 = SecurityTool::get_yesterday_fieldname($session_salt); $this->assertTrue(in_array($today_fieldname_1, $this->controller->components()->Security->config('unlockedFields'))); $this->assertTrue(in_array($yesterday_fieldname_1, $this->controller->components()->Security->config('unlockedFields'))); /* * Startup using additional random Session salt */ $this->component->config('use_session_salt', true); $this->component->startup(new Event('Test')); $this->assertArrayHasKey('_alaxos_spam_filter_salt', $this->component->controller->viewVars); $this->assertNotEmpty($this->component->controller->viewVars['_alaxos_spam_filter_salt']); $session_salt = $this->component->get_session_salt(); $this->assertNotEmpty($session_salt); $today_fieldname_2 = SecurityTool::get_today_fieldname($session_salt); $yesterday_fieldname_2 = SecurityTool::get_yesterday_fieldname($session_salt); $this->assertTrue(in_array($today_fieldname_2, $this->controller->components()->Security->config('unlockedFields'))); $this->assertTrue(in_array($yesterday_fieldname_2, $this->controller->components()->Security->config('unlockedFields'))); }