From 8cee10bf51cc176fbf608aa3e0ca417aaef98fa2 Mon Sep 17 00:00:00 2001 From: Alex O'Ree Date: Fri, 7 Nov 2025 13:14:04 -0500 Subject: [PATCH 1/4] JSPWIKI-1218 updates the dependency for http commons client from 3.x to 5.x. Oddly it doesn't seem like it's used anywhere. i'll try removing it entirely on the next commit --- jspwiki-war/pom.xml | 4 ++-- pom.xml | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/jspwiki-war/pom.xml b/jspwiki-war/pom.xml index 6dd6da84ce..c52cfa38bf 100644 --- a/jspwiki-war/pom.xml +++ b/jspwiki-war/pom.xml @@ -123,8 +123,8 @@ ${ehcache.version} - commons-httpclient - commons-httpclient + org.apache.httpcomponents.client5 + httpclient5 ${commons-httpclient.version} diff --git a/pom.xml b/pom.xml index 3a70af4944..7a418b7df2 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ 1.12.565 4.5.0 2.0.0-M4 - 3.1 + 5.5.1 2.20.0 3.19.0 3.12.0 @@ -228,11 +228,11 @@ - commons-httpclient - commons-httpclient - ${commons-httpclient.version} + org.apache.httpcomponents.client5 + httpclient5 + ${commons-httpclient.version} - + commons-io commons-io From d4c8ee690d3b7ecae5799197a58c383bee517e2a Mon Sep 17 00:00:00 2001 From: Alex O'Ree Date: Fri, 7 Nov 2025 15:10:00 -0500 Subject: [PATCH 2/4] JSPWIKI-1218 removes the dependency for http commons client from 3.x to 5. Users of the captcha.jsp file may have some issues caused by this JSPWIKI-1219 SpamFilter Capcha capability via asirra.com is dead, removes all references to the asirra.com based spam filter (was discontinued in 2015) --- .../org/apache/wiki/filters/SpamFilter.java | 9 +- jspwiki-war/pom.xml | 5 - jspwiki-war/src/main/webapp/Captcha.jsp | 126 ------------------ pom.xml | 7 - 4 files changed, 1 insertion(+), 146 deletions(-) delete mode 100644 jspwiki-war/src/main/webapp/Captcha.jsp diff --git a/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java b/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java index fb3ed02db2..ed80909991 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java @@ -98,7 +98,7 @@ Licensed to the Apache Software Foundation (ASF) under one *
  • maxurls - How many URLs can be added to the page before it is considered spam (default is 5)
    • *
  • akismet-apikey - The Akismet API key (see akismet.org)
    • *
  • ignoreauthenticated - If set to "true", all authenticated users are ignored and never caught in SpamFilter
    • - *
  • captcha - Sets the captcha technology to use. Current allowed values are "none" and "asirra".
    • + *
  • captcha - Sets the captcha technology to use. Current allowed values are "none". "asirra" was previously supported however that service has been discontinued.
    • *
  • strategy - Sets the filtering strategy to use. If set to "eager", will stop at the first probable * match, and won't consider any other tests. This is the default, as it's considerably lighter. If set to "score", will go through all of the tests * and calculates a score for the spam, which is then compared to a filter level value. @@ -219,8 +219,6 @@ public class SpamFilter extends BasePageFilter { private String m_akismetAPIKey; - private boolean m_useCaptcha; - /** The limit at which we consider something to be spam. */ private final int m_scoreLimit = 1; @@ -263,8 +261,6 @@ public void initialize( final Engine engine, final Properties properties ) { m_ignoreAuthenticated = TextUtil.getBooleanProperty( properties, PROP_IGNORE_AUTHENTICATED, m_ignoreAuthenticated ); m_allowedGroups = StringUtils.split( StringUtils.defaultString( properties.getProperty( PROP_ALLOWED_GROUPS, m_blacklist ) ), ',' ); - m_useCaptcha = properties.getProperty( PROP_CAPTCHA, "" ).equals("asirra"); - try { m_urlPattern = m_compiler.compile( URL_REGEXP ); } catch( final MalformedPatternException e ) { @@ -897,9 +893,6 @@ private static String getUniqueID() { * @return An URL to redirect to */ private String getRedirectPage( final Context ctx ) { - if( m_useCaptcha ) { - return ctx.getURL( ContextEnum.PAGE_NONE.getRequestContext(), "Captcha.jsp", "page= " +ctx.getEngine().encodeName( ctx.getPage().getName() ) ); - } return ctx.getURL( ContextEnum.PAGE_VIEW.getRequestContext(), m_errorPage ); } diff --git a/jspwiki-war/pom.xml b/jspwiki-war/pom.xml index c52cfa38bf..20783f292d 100644 --- a/jspwiki-war/pom.xml +++ b/jspwiki-war/pom.xml @@ -122,11 +122,6 @@ ehcache ${ehcache.version} - - org.apache.httpcomponents.client5 - httpclient5 - ${commons-httpclient.version} - diff --git a/jspwiki-war/src/main/webapp/Captcha.jsp b/jspwiki-war/src/main/webapp/Captcha.jsp deleted file mode 100644 index 66a0543c79..0000000000 --- a/jspwiki-war/src/main/webapp/Captcha.jsp +++ /dev/null @@ -1,126 +0,0 @@ -<%-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---%> - -<%@ page import="org.apache.logging.log4j.Logger" %> -<%@ page import="org.apache.logging.log4j.LogManager" %> -<%@ page import="org.apache.commons.httpclient.*" %> -<%@ page import="org.apache.commons.httpclient.methods.*" %> -<%@ page import="org.apache.wiki.api.core.*" %> -<%@ page import="org.apache.wiki.api.spi.Wiki" %> -<%@ page import="org.apache.wiki.auth.AuthorizationManager" %> -<%@ page import="org.apache.wiki.preferences.Preferences" %> -<%@ page import="org.apache.wiki.util.*" %> -<%@ page import="org.apache.wiki.ui.EditorManager" %> -<%@ page import="org.apache.commons.lang3.time.StopWatch" %> -<%@ page errorPage="/Error.jsp" %> -<%@ taglib uri="http://jspwiki.apache.org/tags" prefix="wiki" %> -<%@ taglib prefix="c" uri="jakarta.tags.core" %> -<%@ taglib prefix="fmt" uri="jakarta.tags.fmt" %> - - -<%! - Logger log = LogManager.getLogger("JSPWiki"); -%> -<% - Engine wiki = Wiki.engine().find( getServletConfig() ); - // Create wiki context and check for authorization - Context wikiContext = Wiki.context().create( wiki, request, ContextEnum.PAGE_VIEW.getRequestContext() ); - if(!wiki.getManager( AuthorizationManager.class ).hasAccess( wikiContext, response )) return; - String pagereq = wikiContext.getName(); - String reqPage = TextUtil.replaceEntities( request.getParameter( "page" ) ); - String content = TextUtil.replaceEntities( request.getParameter( "text" ) ); - - if( content != null ) - { - String ticket = TextUtil.replaceEntities( request.getParameter( "Asirra_Ticket" ) ); - HttpClient client = new HttpClient(); - HttpMethod method = new GetMethod("http://challenge.asirra.com/cgi/Asirra?action=ValidateTicket&ticket="+ticket); - - int status = client.executeMethod(method); - String body = method.getResponseBodyAsString(); - - if( status == HttpStatus.SC_OK ) - { - if( body.indexOf( "Pass" ) != -1 ) - { - session.setAttribute( "captcha", "ok" ); - response.sendRedirect( wikiContext.getURL( ContextEnum.PAGE_EDIT.getRequestContext(), reqPage ) ); - return; - } - } - - response.sendRedirect("Message.jsp?message=NOK"); - } - - // Set the content type and include the response content - response.setContentType( "text/html; charset=" + wiki.getContentEncoding() ); -%> - - - - - <wiki:Variable var="applicationname" default="Apache JSPWiki" />: <wiki:PageName /> - <%-- --%> - - - - -
    -

    - -
    - - \ No newline at end of file diff --git a/pom.xml b/pom.xml index 7a418b7df2..33ab485783 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,6 @@ 1.12.565 4.5.0 2.0.0-M4 - 5.5.1 2.20.0 3.19.0 3.12.0 @@ -227,12 +226,6 @@ ${flexmark.version} - - org.apache.httpcomponents.client5 - httpclient5 - ${commons-httpclient.version} - - commons-io commons-io From 0761542d21ceb4ca7c32479481337bd02ab0469a Mon Sep 17 00:00:00 2001 From: Alex O'Ree Date: Fri, 7 Nov 2025 15:59:46 -0500 Subject: [PATCH 3/4] fixes the change log --- ChangeLog.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog.md b/ChangeLog.md index 8b540deb9b..a1388618df 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -25,14 +25,16 @@ under the License. * commons-lang updated to 3.19.0 * commons-net added at 3.12.0 * jakarta.mail-api from 2.1.3 to 2.1.5 + * http-commons dependency removed * [JSPWIKI-1213](https://issues.apache.org/jira/browse/JSPWIKI-1213) adds jacoco test coverage reporting to the build * [JSPWIKI-615](https://issues.apache.org/jira/browse/JSPWIKI-615) adds some javadocs to the WikiEvent class as requested * [JSPWIKI-1211](https://issues.apache.org/jira/browse/JSPWIKI-1211) fixed a bootup issue when the rss directory doesn't exist * [JSPWIKI-1207](https://issues.apache.org/jira/browse/JSPWIKI-1207) disables the ehcache causing bootup crashes on portable builds -* [JSPWIKI-1183](https://issues.apache.org/jira/browse/JSPWIKI-1183) improvements to stabilize the automated build system +* [JSPWIKI-1217](https://issues.apache.org/jira/browse/JSPWIKI-1217) improvements to stabilize the automated build system * [JSPWIKI-1216](https://issues.apache.org/jira/browse/JSPWIKI-1216) removes references to the WikiWizard template/editor, i18n improvements * [JSPWIKI-1183](https://issues.apache.org/jira/browse/JSPWIKI-1183) The IfPlugin now supports IP address checks using CIDR style netmasks +* [JSPWIKI-1283](https://issues.apache.org/jira/browse/JSPWIKI-1283) Removes the asirra.com based captcha filtering **2025-09-30 Juan Pablo Santos (juanpablo AT apache DOT org)** From 37c21aa6fc3df83394076e3faab0e8d71fb6cabb Mon Sep 17 00:00:00 2001 From: Alex O'Ree Date: Fri, 7 Nov 2025 19:30:22 -0500 Subject: [PATCH 4/4] JSPWIKI-1218 updates the dependencies for Akismet. Confirmed working against their service --- jspwiki-main/pom.xml | 4 +-- .../org/apache/wiki/filters/SpamFilter.java | 31 ++++++++++--------- pom.xml | 8 ++--- 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/jspwiki-main/pom.xml b/jspwiki-main/pom.xml index 34c94dd122..5aaa1ed3fb 100644 --- a/jspwiki-main/pom.xml +++ b/jspwiki-main/pom.xml @@ -83,8 +83,8 @@ - net.sourceforge - akismet-java + net.thauvin.erik + akismet-kotlin diff --git a/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java b/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java index ed80909991..08d11b4a96 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/filters/SpamFilter.java @@ -18,7 +18,6 @@ Licensed to the Apache Software Foundation (ASF) under one */ package org.apache.wiki.filters; -import net.sf.akismet.Akismet; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.time.StopWatch; import org.apache.logging.log4j.LogManager; @@ -77,6 +76,8 @@ Licensed to the Apache Software Foundation (ASF) under one import java.util.StringTokenizer; import java.util.Vector; import java.util.concurrent.ThreadLocalRandom; +import net.thauvin.erik.akismet.Akismet; +import net.thauvin.erik.akismet.AkismetComment; /** @@ -526,9 +527,12 @@ private void checkAkismet( final Context context, final Change change ) throws R if( m_akismetAPIKey != null ) { if( m_akismet == null ) { LOG.info( "Initializing Akismet spam protection." ); - m_akismet = new Akismet( m_akismetAPIKey, context.getEngine().getBaseURL() ); + String fullPageUrl = context.getHttpRequest().getRequestURL().toString(); + String fragment = context.getEngine().getBaseURL(); + fullPageUrl = fullPageUrl.substring(0, fullPageUrl.indexOf(fragment) + fragment.length()); + m_akismet = new Akismet( m_akismetAPIKey, fullPageUrl ); - if( !m_akismet.verifyAPIKey() ) { + if( !m_akismet.verifyKey() ) { LOG.error( "Akismet API key cannot be verified. Please check your config." ); m_akismetAPIKey = null; m_akismet = null; @@ -556,17 +560,16 @@ private void checkAkismet( final Context context, final Change change ) throws R final String commentAuthor = context.getCurrentUser().getName(); final String commentAuthorEmail = null; final String commentAuthorURL = null; - - final boolean isSpam = m_akismet.commentCheck( ipAddress, - userAgent, - referrer, - permalink, - commentType, - commentAuthor, - commentAuthorEmail, - commentAuthorURL, - change.toString(), - null ); + AkismetComment comment = new AkismetComment(ipAddress, userAgent); + comment.setAuthor(commentAuthor); + comment.setAuthorEmail(commentAuthorEmail); + comment.setAuthorUrl(commentAuthorURL); + comment.setContent(change.toString()); + comment.setPermalink(permalink); + comment.setReferrer(referrer); + comment.setType(commentType); + + final boolean isSpam = m_akismet.checkComment(comment); sw.stop(); LOG.debug( "Akismet request done in: " + sw ); diff --git a/pom.xml b/pom.xml index 33ab485783..dfa35975c1 100644 --- a/pom.xml +++ b/pom.xml @@ -44,7 +44,7 @@ 2.2.3 3.5 - 1.02 + 1.0.0 4.3.0 1.12.565 4.5.0 @@ -275,9 +275,9 @@ - net.sourceforge - akismet-java - ${akismet-java.version} + net.thauvin.erik + akismet-kotlin + ${akismet-java.version}