Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Honeypot timelimits depend on a form value delivered by the form submitter. Attached patch signs the timestamp to prevent tampering by the submitter.
Comment | File | Size | Author |
---|---|---|---|
honepot_signed_timestamps.patch | 2.85 KB | Heine | |
Comments
Comment #1
geerlingguy CreditAttribution: geerlingguy commentedThis makes sense to me; I think I had an internal TODO to look into doing this way back when I was first building the module... and completely forgot about it. The 7.x patch looks good, but I also need to get it into 8.x first, so would you (or anyone else) be willing to work on the port soon? I'll try to get to it soon, but this summer will be a little busy for me.
Comment #3
geerlingguy CreditAttribution: geerlingguy commented@Heine - This works great! I've made one slight change, using a default
$honeypot_time
value of0
(int) instead ofFALSE
(bool), so the function always returns an int. It works just the same with the validation logic, but makes one fewer function in the world with mixed return values :)Next up: porting to D8.
Comment #4
geerlingguy CreditAttribution: geerlingguy commentedComment #6
geerlingguy CreditAttribution: geerlingguy as a volunteer commentedComment #8
justAChris CreditAttribution: justAChris as a volunteer commentedLooks like we lost a "!" in "!$honeypot_time" on commit for the 8.x-1.x branch.
On commit 0e1ef2c: (not on the current patch)
7.x-1.x branch looks fine
Comment #9
geerlingguy CreditAttribution: geerlingguy as a volunteer commentedComment #11
geerlingguy CreditAttribution: geerlingguy as a volunteer commented