Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#397 2023-03-10 13:04:21

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,973
Website GitHub

Re: com_connect - form and contact mailer

etc wrote #335011:

Many tags need to know whether they are called with content (even empty) or not.

Thought so. That’s fine then.

What we could do rather easily, is not passing null $thing at all, but only if the tag has no extra (registered) arguments.

If that would work, great.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#398 2023-03-10 13:09:29

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,973
Website GitHub

Re: com_connect - form and contact mailer

I patched the plugin anyway in the 4.9.0 codebase. EDIT: and then removed the testing string I forgot about, d’oh.

Last edited by Bloke (2023-03-10 13:11:11)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#399 2023-03-10 13:57:36

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,973
Website GitHub

Re: com_connect - form and contact mailer

whocarez wrote #334519:

sanitizeForUrl makes everything lowercase, as far as I understand it. So REMOTE_ADDR gets remote_addr.

This should be fixed now in the 4.9.0 codebase. Sorry for the delay.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#400 2023-03-10 13:58:03

etc
Developer
Registered: 2010-11-11
Posts: 4,856
Website GitHub

Re: com_connect - form and contact mailer

Bloke wrote #335012:

If that would work, great.

That’s technically easy, but I’m a bit nervous re eventual plugins tags that always expect some content and do not set $thing:

function abc_careless_tag($atts, $thing) {...}

Maybe it’s more prudent to postpone this to php8 switch.

Offline

#401 2023-03-10 13:59:48

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,973
Website GitHub

Re: com_connect - form and contact mailer

etc wrote #335016:

Maybe it’s more prudent to postpone this to php8 switch.

Absolutely fine. Easy to workaround for now, and I’ll document it for other plugin authors.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#402 2023-03-13 02:32:44

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,973
Website GitHub

Re: com_connect - form and contact mailer

Anyone following development of this plugin in preparation for 4.9.0 can try out the new anti-spam features that have been baked into the core plugin. Based on a few ideas cadged from around the internet and from other plugins, the crux of it is:

  • An action attribute on the main contact form tag. You should not need this, but if you find that bots are hitting your site, you can use this to either:
    • Supply a different endpoint (URL) to process your form data.
    • Supply two different endpoints, the first of which is fake, and the second of which is real. If you omit the second endpoint, the current page is assumed. Through judicial use of the new delay attribute the plugin will inject the correct URL (via JavaScript) after the given number of seconds.
  • The delay attribute can be used either on the main contact form tag, or on the <txp:com_connect_text> tag. If used globally, it sets the time, or time range, after which any delayed effects take place. Individual tags can then use this value, or specify their own delay.
  • The expected attribute on the <txp:com_connect_text> tag allows you to specify that certain field values are expected in the result. If they’re not there, or are in any way mangled, the form won’t get through.
  • The <txp:com_connect_expect> tag can be used for special effects or to specify that certain conditions must be met for the form to be passed on.

Using these tools in various combinations will allow you to make it harder for bots and automated form fillers to operate. Examples:

<!-- Add a human test field with one or more expected answers -->
<com::connect_text label="What's 5+3?" name="humancheck" expected="8, eight" />

<!-- Add a hidden field that only gets inserted sometime between
8 and 12 seconds after someone starts interacting with the form.
If the form is submitted before the field is added, it will be rejected -->
<com::connect_text label="" name="nobot" hidden default="1" expected="1" delay="8-12" required="0" />

<!-- Use a fake submission URL that is randomly replaced with the real one
after between 5-15 seconds. Also add a hidden field that rejects the form if it's filled out
(similar to pap_contact_cleaner).
Also add a delayed hidden field that will appear randomly between 5-15 seconds after
a visitor starts interacting with the form -->
<com::connect to="someone@example.org" delay="5-15" action="https://fake.example.org/honeytrap,">
<com::connect_text label="Your name" />
<com::connect_email label="Email address" />
<com::connect_textarea label="Message" />
<com::connect_text hidden label="" name="office_phone" required="0" />
<com::connect_expect name="office_phone" /> <!-- No value means this field is not expected in the payload -->
<com::connect_text label="" name="real_visitor" hidden default="yes" expected="yes" delay required="0" />
</com::connect>

Any of the delay features require (native) JavaScript.

There’s lots of scope for creating forms now, without additional spam protection plugins, so go nuts and post your examples.

Any issues with this, or ideas to extend it, please throw them here. One thing I’d like to do is offer some way to randomize the form field names from a set, so you can throw some real-sounding field names in the mix, but make them hidden and required with a certain value. Or hidden and not required. Thinking about ways to achieve that in a sane manner.

Last edited by Bloke (2023-03-13 02:40:07)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB