Forms can be cached. When Honeypot's settings are changed, the cached forms are not invalidated. This means, for example, that if a form did not have honeypot protection prior to the settings being changed, the unprotected cached version of the form can still be used. Similarly, if honeypot settings are changed or protection is removed from (a category of) forms, cached and outdated versions with honeypot protection might still linger.
Making sure cached forms are invalidated is as easy as adding the 'config:honeypot.settings' cache tag to the forms. Note that the tag should be added to *all* forms, not just to honeypot protected forms, so that when protection is enabled, unprotected cached forms are invalidated, and honeypot protected is evaluated again for those forms.
Patch attached.
Comment | File | Size | Author |
---|---|---|---|
honeypot-form-caching.patch | 1.52 KB | mr.baileys | |
| |||
honeypot-form-caching-test-only.patch | 807 bytes | mr.baileys | |
Comments
Comment #2
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedGood catch! I haven't used Honeypot in a scenario where I enabled it after the site was up and running, so I haven't run into this scenario, but the test makes it pretty obvious. This looks good for a quick merge.
Comment #4
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commented