14 May
2014
14 May
'14
9:43 p.m.
Another idea which couldn't bother normal users for anonymous XWiki
comments would be separation between GET/POST submits, because spammers
mostly use GET instead of POST.
I couldn't find how added comment request is handled on server side
though. I suspect, it is not handled with velocity scripts.
Can you provide some directions?
Thanks!
Valdis
14 May
14 May
9:54 p.m.
New subject: [xwiki-devs] Separate GET/POST submits to filter spam for anonymous comments
What you are searching is probably
https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwi…
On Wed, May 14, 2014 at 9:43 PM, Valdis Vītoliņš <valdis.vitolins(a)odo.lv> wrote:
Another idea which couldn't bother normal users
for anonymous XWiki
comments would be separation between GET/POST submits, because spammers
mostly use GET instead of POST.
I couldn't find how added comment request is handled on server side
though. I suspect, it is not handled with velocity scripts.
Can you provide some directions?
Thanks!
Valdis
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Thomas Mortagne
15 May
15 May
7:26 p.m.
New subject: [xwiki-devs] Separate GET/POST submits to filter spam for anonymous comments
On Wed, May 14, 2014 at 10:43 PM, Valdis Vītoliņš
<valdis.vitolins(a)odo.lv> wrote:
Another idea which couldn't bother normal users
for anonymous XWiki
comments would be separation between GET/POST submits, because spammers
mostly use GET instead of POST.
The add comment form uses POST so why do you say the spammers use GET?
Note that even if you 'forge' a GET request you still need to add the
CSRF token which you need to get from the HTML form. As for the
CommentAddAction that Thomas linked, it works indeed with both POST
and GET. Limiting the actions that modify the database to POST is
indeed a good thing.
Thanks,
Marius
I couldn't find how added comment request is handled on server side
though. I suspect, it is not handled with velocity scripts.
Can you provide some directions?
Thanks!
Valdis
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
3830
days inactive
3831
days old
2 comments
3 participants
participants (3)
-
Marius Dumitru Florea -
Thomas Mortagne -
Valdis Vītoliņš