Commit 5a1b71af authored by Laurent's avatar Laurent
Browse files

hotline #101015 on article forms , ensure that all post datas are related to...

hotline #101015 on article forms , ensure that all post datas are related to inputs declared in form
parent 3e4b493d
Pipeline #9232 passed with stage
in 47 minutes and 1 second
- ticket #101015 : Amélioration de la détection des spams sur les formulaires construits avec des articles
\ No newline at end of file
......@@ -23,11 +23,11 @@ class FormulaireController extends ZendAfi_Controller_Action {
$article = Class_Article::find($this->_getParam('id_article'));
$post = $this->_request->getPost();
if ($this->_getParam('website'))
if ($this->_isPostFromBot($post, $article))
return $this->_redirect('/');
unset($post['website']);
$formulaire = new Class_Formulaire();
$formulaire->setData(serialize($post))
->setUser(Class_Users::getIdentity())
......@@ -43,6 +43,26 @@ class FormulaireController extends ZendAfi_Controller_Action {
}
}
protected function _isPostFromBot($post, $article) {
if ($this->_getParam('website'))
return true;
$quote = '[\"\']';
$no_quotes = '([^\"\']+)';
$quoted_value = $quote.$no_quotes.$quote;
preg_match_all('/ name='.$quoted_value.'/',
$article->getContenu(),
$all_inputs);
if (array_diff(array_keys($post), $all_inputs[1]))
return true;
return false;
}
protected function _sendFormEmail($address, $body) {
$mail = new ZendAfi_Mail('utf8');
$mail->setFrom(Class_Profil::getCurrentProfil()->getMailSiteOrPortail())
......
......@@ -105,7 +105,7 @@ class FormulaireContactInvalidPostTest extends AbstractControllerTestCase {
class FormulaireContactInvalidEmailHoneyPotPostTest extends AbstractControllerTestCase {
class FormulaireContactInvalidDataslHoneyPotPostTest extends AbstractControllerTestCase {
public function setUp() {
parent::setUp();
Zend_Mail::setDefaultTransport(new MockMailTransport());
......@@ -120,7 +120,7 @@ class FormulaireContactInvalidEmailHoneyPotPostTest extends AbstractControllerTe
/** @test */
public function botShouldBeRedirect() {
public function withWebsiteInPostShouldBeRedirect() {
$this->postDispatch('/opac/index/formulairecontact',
['website' => 'email@email.com']);
$this->assertRedirectTo('/');
......@@ -129,6 +129,7 @@ class FormulaireContactInvalidEmailHoneyPotPostTest extends AbstractControllerTe
abstract class FormulaireContactValidPostTestCase extends AbstractControllerTestCase {
protected
$_mail,
......
......@@ -27,19 +27,17 @@ abstract class FormulaireControllerPostActionTestCase extends AbstractController
public function setUp() {
parent::setUp();
Class_Article::newInstanceWithId(45, ['titre' => 'Contactez nous']);
Storm_Test_ObjectWrapper::onLoaderOfModel('Class_Formulaire')
->whenCalled('save')
->willDo(function ($formulaire) {
$formulaire->setId(2)->cache();
return true;
});
$timesource = new TimeSourceForTest('2012-10-23 12:32:00');
Class_Formulaire::setTimeSource($timesource);
Class_Article::newInstanceWithId(45, ['titre' => 'Contactez nous',
'contenu' => '<form action="/formulaire/add/id_article/45" method="POST" name="Nous écrire">'
. '<p>Votre nom<input name="nom" type="text" /></p>'
. '<p>Votre prénom<input name="prenom" type="text" /></p>'
. '</form>']);
$this->fixture('Class_Formulaire',
['id' => 1,
'data' => serialize(['nom' => 'existing',
'prenom' => 'form'] )]);
Class_Formulaire::setTimeSource(new TimeSourceForTest('2012-10-23 12:32:00'));
}
}
......@@ -207,27 +205,36 @@ class FormulaireControllerWithoutConnectedUserPostActionTest extends FormulaireC
class FormulaireControllerPostAsBotTest extends FormulaireControllerPostActionTestCase {
public function setUp() {
parent::setUp();
/** @test */
public function withWebsiteInPostAnswerShouldRedirectToRoot() {
$this->postDispatch('/formulaire/add/id_article/45',
['nom' => 'Tinguette' ,
'prenom' => 'Quentin',
'website' => 'i am a bot'],
true);
$this->new_formulaire = Class_Formulaire::find(2);
$this->assertRedirectTo('/');
return Class_Formulaire::find(2);
}
/** @test */
public function formulaireShouldNotBeCreated() {
$this->assertNull($this->new_formulaire);
/**
* @depends withWebsiteInPostAnswerShouldRedirectToRoot
* @test
*/
public function formulaireShouldNotBeCreated($formulaire) {
$this->assertNull($formulaire);
}
/** @test */
public function answerShouldRedirectToRoot() {
public function withDataInPostNotInFormAnswerShouldRedirectToRoot() {
$this->postDispatch('/formulaire/add/id_article/45',
['nom' => 'Tinguette' ,
'prenom' => 'Quentin',
'whoareyou' => 'i am a bot'],
true);
$this->assertRedirectTo('/');
}
}
......
......@@ -16,34 +16,33 @@
*
* You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
* along with BOKEH; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
require_once 'TelephoneAbstractControllerTestCase.php';
class Telephone_FormulaireControllerPostActionTestCase extends TelephoneAbstractControllerTestCase {
protected $_storm_default_to_volatile = true;
public function setUp() {
parent::setUp();
Class_Article::newInstanceWithId(45, ['titre' => 'Contactez nous']);
Storm_Test_ObjectWrapper::onLoaderOfModel('Class_Formulaire')
->whenCalled('save')
->willDo(function ($formulaire) {
$formulaire->setId(2)->cache();
return true;
});
Class_Article::newInstanceWithId(45, ['titre' => 'Contactez nous',
'contenu' => '<form action="/formulaire/add/id_article/45" method="POST" name="Nous écrire">'
. '<p>Votre nom<input name="nom" type="text" /></p>'
. '<p>Votre prénom<input name="prenom" type="text" /></p>'
. '</form>']);
$this->postDispatch('/formulaire/add/id_article/45',
$this->postDispatch('/formulaire/add/id_article/45',
['nom' => 'Tinguette' ,
'prenom' => 'Quentin' ]
,true);
$this->new_formulaire = Class_Formulaire::find(2);
$this->new_formulaire = Class_Formulaire::find(1);
}
/** @test */
public function saveFormulaireShouldHaveNomTinguette() {
$this->assertEquals('Tinguette', $this->new_formulaire->getNom());
......@@ -53,7 +52,7 @@ class Telephone_FormulaireControllerPostActionTestCase extends TelephoneAbstract
/** @test */
public function aLIShouldContainsTinguette() {
$this->assertXPathContentContains('//li', 'Tinguette');
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment