Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.installed on Drupal 6.15 core
Assumption: If I populate the hidden field(e.g. feed_me) in any form then spamicide intercepts and will return an "access denied" response to the request regardless of any security settings?
If so unfortunately, this is not the case - also I see nothing in the access log either.
Decided to test as outlined in the assumption above as I was trying to use spamicide in a Webform node
My test:
1. navigate to the form in firefox
2. Use firebug to disable the CSS styling direct "display none" for the spamicide form field
3. Populate the form including the spamicide hidden field and submit.
The form data instance gets added unchallenged so I tried it out on the login form the the same results...
Is there something blatantly obvious I'm missing to out cause this behaviour?
Thanks for your time
| Comment | File | Size | Author |
|---|---|---|---|
| #18 | spamicide.module_722014-18.zip | 4.48 KB | Frank Ralf |
| #13 | spamicide-1.3-patched.module.gz | 4.41 KB | jleinenbach |
| #8 | patch_83_rev2.patch | 1.11 KB | gaellafond |
| #6 | patch.patch | 1.11 KB | zeusent |
Comments
Comment #1
martynpanes CreditAttribution: martynpanes commentedComment #2
martynpanes CreditAttribution: martynpanes commentedDid a little more testing... seems to be a bug.
For some reason the spamicide_validate() function in the module just doesn't get called.....
Made sure nothing is getting changed in the theme I'm using by switching to Garland, hook still not getting triggered...
Comment #3
kerberos CreditAttribution: kerberos commentedWe are having the same issue. I went to:
admin/settings/spamicide
And checked the 'Add Spamicide administration links to forms' option. The links appeared and I added the forms, which show up in the options.
The feed me form item now shows up in the form but did not stop a submission from a browser with JavaScript enabled. Also, the form did not render correctly (the field labels disappeared).
Comment #4
kerberos CreditAttribution: kerberos commentedSorry, the incorrect rendering was another problem, but it still doesn't stop spam with Webform.
Comment #5
martynpanes CreditAttribution: martynpanes commentedThanks,
For some reason the hook_validate function in the module just doesn't get called even for the default list setup on install - have tried playing but only have a novice understanding of the hook system/registry, assume this is allowed but there appears to be two hook_validate implementations in the module - one to handle the spamicide admin(spamicide_admin_form_validate) form validation and another to handle any other form(spamicide_validate). Oddly spamicide_admin_form_validate gets called on saving the admin form. Afraid I just don't have enough time or drupal dev experience to try and get to the bottom of this....
Comment #6
zeusent CreditAttribution: zeusent commentedThis patch should repair this issue and the validation function should now be called correctly
Mihai Fratu
Comment #7
martynpanes CreditAttribution: martynpanes commentedGood work Mihai! that seems to have fixed the problem! spamicide_validate is now getting called in the predefined list and webforms.
Many thanks...
Comment #8
gaellafond CreditAttribution: gaellafond commentedThanks Mihai for the patch.
I think you made a typo in it. I correct it before apply it and it's work fine:
+ $form['spamicidie']['#element_validate'] = array('spamicide_validate');
It should be
+ $form['spamicide']['#element_validate'] = array('spamicide_validate');
There is an extra "i" in "spamicidie".
I submitted a new version of your patch without that typo.
Comment #9
buckley CreditAttribution: buckley commentedsubscribing
Comment #10
nileshgr CreditAttribution: nileshgr commentedsubscribe
Comment #11
jleinenbach CreditAttribution: jleinenbach commentedNot fixed in v1.3 (final).
Comment #12
gaellafond CreditAttribution: gaellafond commentedHow can they release a new version of something that is doing absolutely nothing because of a tiny error... We even provide a patch to fix it... Seriously, I don't get it...
This is a CRITICAL issues and have a PATCH for it!!
What are they waiting for??
Comment #13
jleinenbach CreditAttribution: jleinenbach commentedPatched module file v1.3. Fixes issues #744560: Installation does not create required directory and CSS is saved in the wrong path, #722014: Spamicide seems to install and configure OK but doesn't prevent spam in any form!!!!, #465100: "recoverable fatal error" with fix.
Comment #14
itserich CreditAttribution: itserich commentedThis is my first time installing a patch. Doing it manually.
In this case, it appears all the text in the patch should replace all the text in the spamicide.module file...
Is that right, replace everything?
Comment #15
jleinenbach CreditAttribution: jleinenbach commentedIf you are talking about "spamicide-1.3-patched.module.gz":
Yes, that's right. I called it "patched", because it is not a patch, but an already patched replacement file.
Comment #16
itserich CreditAttribution: itserich commentedThanks.
Comment #17
Frank Ralf CreditAttribution: Frank Ralf commentedThe modification from #6
$form['spamicide']['#element_validate'] = array('spamicide_validate');seems to be still missing from the last patch.Comment #18
Frank Ralf CreditAttribution: Frank Ralf commentedWith the modifications mentioned above the module seems to work. Just posting the modified .module file for others to test. There are still some issues left, though (#955326: Faulty CSS created when renaming fields and #744560: Installation does not create required directory and CSS is saved in the wrong path). Hope to post a proper patch soon.
Comment #19
momper CreditAttribution: momper commentedis the current version 6.x-1.8 fully working?
Comment #20
tumblingmug CreditAttribution: tumblingmug commentedYes, although there are some issues that need to be fixed. However, not much hope on this: maintainers are all busy all the time. Especially #957012: 6.x-1.4 bug: No log message when spam attempt should be incorporated, otherwise you have tons of error messages from Drupal's watchdog.
Comment #21
lipcpro CreditAttribution: lipcpro commentedI have to say that my hesitance to submit fixes has been because of my lack of groking how CVS works. Now that d.o. has moved to git I'm much more comfortable at posting updates and promise to be much more responsive to my issue queue. the latest release should fix a lot of these issues.
Thanks all for being patient with me!