Permalink
Browse files

Merge pull request #632 from gep13/issue-628

(GH-628) Add server side validation of reCaptcha input
  • Loading branch information...
ferventcoder committed Jan 11, 2019
2 parents 5434f54 + 7a1d7f6 commit 4b62030ad781a67d61f7afc64499d595e741d172
@@ -22,12 +22,15 @@
<s:Int64 x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/KEEP_BLANK_LINES_IN_CODE/@EntryValue">1</s:Int64>
<s:Int64 x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/KEEP_BLANK_LINES_IN_DECLARATIONS/@EntryValue">1</s:Int64>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/LINE_FEED_AT_FILE_END/@EntryValue">True</s:Boolean>
<s:String x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_ACCESSOR_ATTRIBUTE_ON_SAME_LINE_EX/@EntryValue">NEVER</s:String>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_CATCH_ON_NEW_LINE/@EntryValue">True</s:Boolean>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_ELSE_ON_NEW_LINE/@EntryValue">True</s:Boolean>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_FIELD_ATTRIBUTE_ON_SAME_LINE/@EntryValue">False</s:Boolean>
<s:String x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_FIELD_ATTRIBUTE_ON_SAME_LINE_EX/@EntryValue">NEVER</s:String>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_FINALLY_ON_NEW_LINE/@EntryValue">True</s:Boolean>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_SIMPLE_ACCESSOR_ATTRIBUTE_ON_SAME_LINE/@EntryValue">False</s:Boolean>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_SIMPLE_ACCESSORHOLDER_ON_SINGLE_LINE/@EntryValue">True</s:Boolean>
<s:String x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_SIMPLE_EMBEDDED_STATEMENT_ON_SAME_LINE/@EntryValue">ALWAYS</s:String>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/PLACE_WHILE_ON_NEW_LINE/@EntryValue">True</s:Boolean>
<s:String x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/SIMPLE_EMBEDDED_STATEMENT_STYLE/@EntryValue">ON_SINGLE_LINE</s:String>
<s:Boolean x:Key="/Default/CodeStyle/CodeFormatting/CSharpFormat/SPACE_AFTER_TYPECAST_PARENTHESES/@EntryValue">False</s:Boolean>
@@ -86,7 +89,10 @@ limitations under the License.</s:String>
<s:Boolean x:Key="/Default/Environment/GenerateMru/SortByName/=Constructor/@EntryIndexedValue">False</s:Boolean>
<s:Boolean x:Key="/Default/Environment/GenerateMru/SortByName/=Implementations/@EntryIndexedValue">False</s:Boolean>
<s:Boolean x:Key="/Default/Environment/GenerateMru/SortByName/=Overrides/@EntryIndexedValue">False</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpKeepExistingMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpPlaceEmbeddedOnSameLineMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002EAddAccessorOwnerDeclarationBracesMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002ECSharpPlaceAttributeOnSameLineMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002EMigrateBlankLinesAroundFieldToBlankLinesAroundProperty/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002EMigrateThisQualifierSettings/@EntryIndexedValue">True</s:Boolean>
<s:String x:Key="/Default/Environment/UserInterface/ShortcutSchemeName/@EntryValue">VS</s:String>
@@ -1,15 +1,15 @@
// Copyright 2011 - Present RealDimensions Software, LLC, the original
// Copyright 2011 - Present RealDimensions Software, LLC, the original
// authors/contributors from ChocolateyGallery
// at https://github.com/chocolatey/chocolatey.org,
// and the authors/contributors of NuGetGallery
// and the authors/contributors of NuGetGallery
// at https://github.com/NuGet/NuGetGallery
//
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//
// http://www.apache.org/licenses/LICENSE-2.0
//
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -25,13 +25,13 @@
using System.Security.Principal;
using System.Transactions;
using System.Web;
using System.Web.Helpers;
using System.Web.Mvc;
using System.Web.UI;
using Elmah;
using NuGet;
using NuGetGallery.MvcOverrides;
using NugetGallery;
using NuGetGallery.Infrastructure;

namespace NuGetGallery
{
@@ -72,7 +72,7 @@ protected virtual bool UseHttps()
public virtual ActionResult UploadPackage()
{
var currentUser = userSvc.FindByUsername(GetIdentity().Name);

if (currentUser.IsBanned)
{
return RedirectToRoute(RouteName.VerifyPackage);
@@ -143,7 +143,7 @@ public virtual ActionResult UploadPackage(HttpPostedFileBase uploadFile)
ModelState.AddModelError(String.Empty, string.Format("This package has been {0} and can no longer be submitted.", package.Status.GetDescriptionOrValue().ToLower()));
return View("~/Views/Packages/UploadPackage.cshtml");
case PackageStatusType.Submitted:
//continue on
//continue on
break;
default:
ModelState.AddModelError(String.Empty, String.Format(CultureInfo.CurrentCulture, Strings.PackageExistsAndCannotBeModified, package.PackageRegistration.Id, package.Version));
@@ -245,11 +245,11 @@ public virtual ActionResult DisplayPackage(string id, string version, FormCollec
}

var reviewedPlusOneHour = package.ReviewedDate.GetValueOrDefault().AddHours(1);
if (!User.IsAdmin()
&& package.Status != status
&& reviewedPlusOneHour < DateTime.UtcNow
&& (package.Status == PackageStatusType.Approved
|| package.Status == PackageStatusType.Exempted
if (!User.IsAdmin()
&& package.Status != status
&& reviewedPlusOneHour < DateTime.UtcNow
&& (package.Status == PackageStatusType.Approved
|| package.Status == PackageStatusType.Exempted
|| package.Status == PackageStatusType.Rejected
)
)
@@ -316,17 +316,17 @@ public virtual ActionResult DisplayPackage(string id, string version, FormCollec
if (!string.IsNullOrWhiteSpace(newComments)) newComments += "{0}".format_with(Environment.NewLine);
newComments += "Virus Scanner has ben set to rerun";
}

// could be null if no moderation has happened yet
var moderator = isModerationRole ? currentUser : package.ReviewedBy;

packageSvc.ChangePackageStatus(package, status, package.ReviewComments, newComments, currentUser,
moderator, sendMaintainerEmail,
isModerationRole ?
changeSubmittedStatus ?
PackageSubmittedStatusType.Waiting
: package.SubmittedStatus
: PackageSubmittedStatusType.Responded,
packageSvc.ChangePackageStatus(package, status, package.ReviewComments, newComments, currentUser,
moderator, sendMaintainerEmail,
isModerationRole ?
changeSubmittedStatus ?
PackageSubmittedStatusType.Waiting
: package.SubmittedStatus
: PackageSubmittedStatusType.Responded,
assignReviewer: true
);

@@ -467,10 +467,10 @@ public virtual ActionResult ListPackages(string q, string sortOrder = null, int
cacheTime,
() => results.Data.ToList());
}

if (page == 1 && !packagesToShow.Any())
{
// In the event the index wasn't updated, we may get an incorrect count.
// In the event the index wasn't updated, we may get an incorrect count.
totalHits = 0;
}

@@ -504,7 +504,7 @@ public virtual ActionResult ReportAbuse(string id, string version)
return View("~/Views/Packages/ReportAbuse.cshtml", model);
}

[HttpPost, ValidateAntiForgeryToken]
[HttpPost, ValidateAntiForgeryToken, ValidateFormResponse]
public virtual ActionResult ReportAbuse(string id, string version, ReportAbuseViewModel reportForm)
{
if (!ModelState.IsValid) return ReportAbuse(id, version);
@@ -550,7 +550,7 @@ public virtual ActionResult ContactAdmins(string id, string version)
return View("~/Views/Packages/ContactAdmins.cshtml", model);
}

[HttpPost, ValidateAntiForgeryToken]
[HttpPost, ValidateAntiForgeryToken, ValidateFormResponse]
public virtual ActionResult ContactAdmins(string id, string version, ReportAbuseViewModel reportForm)
{
if (!ModelState.IsValid) return ContactAdmins(id, version);
@@ -596,7 +596,7 @@ public virtual ActionResult ContactOwners(string id)
return View("~/Views/Packages/ContactOwners.cshtml", model);
}

[HttpPost, ValidateAntiForgeryToken]
[HttpPost, ValidateAntiForgeryToken, ValidateFormResponse]
public virtual ActionResult ContactOwners(string id, ContactOwnersViewModel contactForm)
{
if (!ModelState.IsValid) return ContactOwners(id);
@@ -850,7 +850,7 @@ private SearchFilter GetSearchFilter(string q, string sortOrder, int page, bool
var searchFilter = new SearchFilter
{
SearchTerm = q,
Skip = (page - 1) * Constants.DefaultPackageListPageSize, // pages are 1-based.
Skip = (page - 1) * Constants.DefaultPackageListPageSize, // pages are 1-based.
Take = Constants.DefaultPackageListPageSize,
IncludePrerelease = includePrerelease
};
Oops, something went wrong.

0 comments on commit 4b62030

Please sign in to comment.