From 4b62e47a88d8ab46bfa6b06c22a999e406ba51bf Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 28 Oct 2013 22:35:26 +0000
Subject: [PATCH] Use seemingly-random form input names
Which will help fight off spammers. This should be coupled with logic that
will add some enticing fields, like 'email' and 'name' to invite bot input.
Then, on the form processing side, a spam submission can be detected and
handled differently from human submissions. This should lessen reliance on
CAPTCHA only as spam detection.
---
include/class.dynamic_forms.php | 7 ++++---
include/class.forms.php | 3 ++-
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index e0a2f1e86..c7db39372 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -801,14 +801,15 @@ class SelectionWidget extends ChoicesWidget {
?>
<span style="display:inline-block">
<input type="text" size="30" name="<?php echo $this->name; ?>"
- value="<?php echo $name; ?>" autocomplete="off" />
+ id="<?php echo $this->name; ?>" value="<?php echo $name; ?>"
+ autocomplete="off" />
<script type="text/javascript">
$(function() {
- $('input[name=<?php echo $this->name; ?>]').typeahead({
+ $('input#<?php echo $this->name; ?>').typeahead({
source: <?php echo JsonDataEncoder::encode($source); ?>,
property: 'info',
onselect: function(item) {
- $('input[name="<?php echo $this->name; ?>"]').val(item['value'])
+ $('input#<?php echo $this->name; ?>').val(item['value'])
}
});
});
diff --git a/include/class.forms.php b/include/class.forms.php
index 6385f4190..d9dad741f 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -302,7 +302,8 @@ class FormField {
function getFormName() {
if (is_numeric($this->get('id')))
- return '-field-id-'.$this->get('id');
+ return substr(md5(
+ session_id() . '-field-id-'.$this->get('id')), -16);
else
return $this->get('id');
}
--
GitLab