Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The following patch has a number of improvements and fixes that I made in order to use honeypot on drupal.org (see #1759272: Test honeypot module on http://drupal.org).
To make Neil happy, these need to at least partially find their way into a released version and the D7 upgrade.
Unfortunately, this all-in-one but I can explain all the changes.
Comment | File | Size | Author |
---|---|---|---|
#14 | various_improvements_d7-1774150-14.patch | 8.12 KB | geerlingguy |
#12 | various_improvements_d7-1774150-12.patch | 7.48 KB | geerlingguy |
#10 | various_improvements_d7-1774150-10.patch | 7.48 KB | geerlingguy |
#6 | various_improvements-1774150-6.patch | 6.6 KB | geerlingguy |
#6 | interdiff.txt | 6.66 KB | geerlingguy |
Comments
Comment #1
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedand now: the patch
Comment #2
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedThe above code adds support for profile module. Not much to say. I've found that the "protect" all forms setting doesn't work well on drupal.org as it has too many that are exposed to anon users.
The above code adds a table to track failed submissions by registered users.
Schema definition for installation time. I didn't test it on a fresh install.
I've added three forms that IMO shouldn't be protected. I am ok with not havign this submitted.
The cronjob removes faied submit events from the table. The expiration time is fairly conservative. There is no UI for it.
I made the time limit stuff a bit more flexible.
The time limit got possibly increased, we need to get the new one to display it to the user.
This IMO fixes a bug: the counter would count from the first time the form was created. This change resets the creation time during validation.
Log the failure of submission.
Gets the number of failed submissions of this user.
For anon users we use the flood table and get the events by IP.
I am increasing the time needed exponentially. This sounds worse than it really is:
the default cron config will delete events after 5 minutes
the first failure will increase time by 1 second, the 2nd by 7, the 3rd by 20, the 4th by 54. Above that it's your own fault.
Log the events.
Comment #3
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedwithout the whitespace issue.
Comment #4
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedreview please
Comment #5
geerlingguy CreditAttribution: geerlingguy commentedWoah, thanks! I'll take a look at these changes asap, and will also work to forward-port what I can so the D7 branch has feature-parity with D6.
Comment #6
geerlingguy CreditAttribution: geerlingguy commentedAttached patch changes a few comments for consistency, and incorporates a few more changes/fixes:
drupal_install_schema()
needs to have module name (not table name) passed in.honeypot_get_time_limit()
function could've still returned a value in some circumstances, even if the time limit feature was turned off.I've tested everything on my local site, and everything works great. Also, I think in the D7 version of the module, the search form and a few other simple forms were added in—I must've just forgotten to add them in D6.
Please review this patch (interdiff also attached) and see if you like it. I'll commit and add a new release after someone else puts a fresh set of eyes on it :)
Comment #7
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedThanks, this looks good!
I may come up with more improvements as we test drive this on d.o.
Comment #8
geerlingguy CreditAttribution: geerlingguy commentedPatch applied to D6 dev branch: http://drupalcode.org/project/honeypot.git/commit/3e50f7a. Changes need to be ported to D7 now. I'll try to work on this later today if I can get a few minutes.
Comment #9
geerlingguy CreditAttribution: geerlingguy commentedComment #10
geerlingguy CreditAttribution: geerlingguy commentedA few things needed reworking (notably, the database queries and install file), but this should be functionally equivalent, and it doesn't require any additional D6->D7 upgrades, since form IDs for profile don't change.
Comment #12
geerlingguy CreditAttribution: geerlingguy commentedTry again (testbot rocks!).
Comment #14
geerlingguy CreditAttribution: geerlingguy commentedAh, had to update the test too, since the time amount is variable.
Comment #15
geerlingguy CreditAttribution: geerlingguy commentedCommitted: http://drupalcode.org/project/honeypot.git/commit/4bb04f5
I just tested a few things manually on my local site too, and didn't see any problems with update.
Comment #16.0
(not verified) CreditAttribution: commentedAdded issue link.