From dae50b1118555088150f0187daf35065554a0f1e Mon Sep 17 00:00:00 2001
From: Chris Hallberg <crhallberg@gmail.com>
Date: Wed, 30 Sep 2015 15:36:31 -0400
Subject: [PATCH] Add UserComments as an option for Captcha protection. Closes
VUFIND-526.
---
config/vufind/config.ini | 5 +++--
module/VuFind/src/VuFind/Controller/AbstractRecord.php | 6 ++++++
module/VuFind/src/VuFind/Controller/AjaxController.php | 7 +++++++
themes/bootstrap3/templates/RecordTab/usercomments.phtml | 6 ++++++
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/config/vufind/config.ini b/config/vufind/config.ini
index 973a708cabd..f2af7aeba5d 100644
--- a/config/vufind/config.ini
+++ b/config/vufind/config.ini
@@ -1003,7 +1003,7 @@ era = true ; allow browsing of era subdivisions
; <result_limit> most popular entries -- it only affects display order.
;alphabetical_order = true
-; This section controls the availability of export methods.
+; This section controls the availability of export methods.
;
; Each entry may be a comma-separated list of contexts in which the export
; option will be presented. Valid options:
@@ -1259,7 +1259,8 @@ treeSearchLimit = 100
;secretKey = "https://www.google.com/recaptcha/admin/create"
; Valid theme values: dark, light
;theme = light
-; Valid forms values: changePassword, email, newAccount, passwordRecovery, sms
+; Valid forms values: changePassword, email, newAccount,
+; passwordRecovery, sms, UserComments
; Use * for all supported forms
;forms = changePassword, email, newAccount, passwordRecovery, sms
diff --git a/module/VuFind/src/VuFind/Controller/AbstractRecord.php b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
index 7c3cc7aa35f..38498c5e0f9 100644
--- a/module/VuFind/src/VuFind/Controller/AbstractRecord.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
@@ -113,6 +113,12 @@ class AbstractRecord extends AbstractBase
);
}
+ $captcha = $this->recaptcha()->active('UserComments');
+ if (!$this->formWasSubmitted('comment', $captcha)) {
+ $this->flashMessenger()->addMessage('recaptcha_not_passed', 'error');
+ return $this->redirectToRecord('', 'UserComments');
+ }
+
// Obtain the current record object:
$driver = $this->loadRecord();
diff --git a/module/VuFind/src/VuFind/Controller/AjaxController.php b/module/VuFind/src/VuFind/Controller/AjaxController.php
index d8ccc7db0f6..f729e95218a 100644
--- a/module/VuFind/src/VuFind/Controller/AjaxController.php
+++ b/module/VuFind/src/VuFind/Controller/AjaxController.php
@@ -969,6 +969,13 @@ class AjaxController extends AbstractBase
$id = $this->params()->fromPost('id');
$comment = $this->params()->fromPost('comment');
+
+ $captcha = $this->recaptcha()->active('UserComments');
+ if (!$this->formWasSubmitted('comment', $captcha)) {
+ return $this->output(
+ $this->translate('recaptcha_not_passed'), self::STATUS_ERROR
+ );
+ }
if (empty($id) || empty($comment)) {
return $this->output(
$this->translate('An error has occurred'), self::STATUS_ERROR
diff --git a/themes/bootstrap3/templates/RecordTab/usercomments.phtml b/themes/bootstrap3/templates/RecordTab/usercomments.phtml
index 4ec13a48f4a..b1215d1a478 100644
--- a/themes/bootstrap3/templates/RecordTab/usercomments.phtml
+++ b/themes/bootstrap3/templates/RecordTab/usercomments.phtml
@@ -17,9 +17,15 @@
<? $user = $this->auth()->isLoggedIn() ?>
<? if($user): ?>
<textarea id="comment" name="comment" class="form-control" rows="3" required></textarea><br/>
+ <? if ($this->recaptcha()->active('UserComments')): ?>
+ <?=$this->recaptcha()->html(true) ?><br/>
+ <? endif; ?>
<input class="btn btn-primary" data-loading-text="<?=$this->transEsc('Submitting') ?>..." type="submit" value="<?=$this->transEsc("Add your comment")?>"/>
<? else: ?>
<textarea id="comment" name="comment" class="form-control" rows="3" disabled></textarea><br/>
+ <? if ($this->recaptcha()->active('UserComments')): ?>
+ <?=$this->recaptcha()->html(true) ?><br/>
+ <? endif; ?>
<input onClick="Lightbox.get('MyResearch', 'UserLogin'); return false;" class="btn btn-primary" type="submit" value="<?=$this->transEsc("You must be logged in first")?>"/>
<? endif; ?>
</div>
--
GitLab