Skip to content
Permalink
Browse files

Item12839: Update AntiWikiSpamPlugin rest

 - Change them to meet new security recommendations
 - Change GET to POST for the forceUpdate button
 - Require Admin for forceUpdate

git-svn-id: http://svn.foswiki.org/trunk/AntiWikiSpamPlugin@17517 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
  • Loading branch information...
GeorgeClark GeorgeClark
GeorgeClark authored and GeorgeClark committed Apr 10, 2014
1 parent 31a150a commit a4ddc8265f4ffc78d6a79b0b6cf242099d56f906
@@ -1,4 +1,6 @@
%META:TOPICINFO{author="ProjectContributor" date="1397094434" format="1.1" version="1"}%
---+!! !AntiWikiSpamPlugin

<!--
* Set SHORTDESCRIPTION = %$SHORTDESCRIPTION%
-->
@@ -7,6 +9,7 @@
%TOC%

---++ Stop your wiki getting spammed

This plugin attempts to reduce the instance of Wiki Spam by using the
[[http://moinmo.in/MoinMoinWiki][MoinMoin]]
[[http://moinmo.in/AntiSpamGlobalSolution][AntiSpamGlobalSolution]]
@@ -25,16 +28,19 @@ It uses a timeout on save to check if the list has changed, so if there are no
saves, there is no un-needed network traffic. Alternatively the regex list
can be loaded by a cron script to minimize save overhead.

To manually update the list, click [[%SCRIPTURLPATH{"rest"}%/%TOPIC%/forceUpdate][here]]
To manually update the list, click
<form name="spamupddate" action="%SCRIPTURLPATH{rest}%/%TOPIC%/forceUpdate" method="post">
<input type="submit" class="foswikiSubmit" value="Update regexes" />
</form>
(Admin authority required!)

Note that the retrieve of the !MoinMoin regex list can still take some seconds
which will delay topic saves when the list needs to be refreshed. For best
performance:
* Refresh the list using the =rest= script from a scheduled cron job
<verbatim>
cd [foswiki-bin-directory]
./rest /AntiWikiSpamPlugin/forceUpdate
</verbatim>
./rest /AntiWikiSpamPlugin/forceUpdate</verbatim>
* Set the =GETLISTTIMEOUT= to a very large number so that the cron job will be the only source of updates

---++ Removing User Accounts
@@ -50,7 +56,7 @@ provides a REST handler that can remove user accounts from the wiki, which you c
<!-- %JQREQUIRE{"ui, ui::autocomplete"}% -->
<form name="admin" action="%SCRIPTURLPATH{rest}%/AntiWikiSpamPlugin/removeUser" method="post">
%INCLUDE{"%SYSTEMWEB%.JQueryAjaxHelper" section="userselector" INPUT_NAME="user" MULTI="false"}%
<input type="submit" class="foswikiSubmit" value="Remove User" />
<input type="submit" class="foswikiSubmit" value="Remove User" />
</form>

---++ Configuration
@@ -64,15 +70,16 @@ the spam filter:
| ={Plugins}{AntiWikiSpamPlugin}{CheckTopics}= | Enable to check topic text against the spam regular expressions | (enabled) |
| ={Plugins}{AntiWikiSpamPlugin}{CheckAttachments}= | Enable to check attachment text against the spam regular expressions | (enabled) |
| ={Plugins}{AntiWikiSpamPlugin}{CheckRegistrations}= | Enable to check Registrations against the white and black lists. | (enabled) |
| ={Plugins}{AntiWikiSpamPlugin}{ANTISPAMREGEXLISTURL}= | URL containing the public list of regular expressions used to block spam. The default list is provided by !MoinMoin. | http://arch.thinkmo.de/cgi-bin/spam-merge |
| ={Plugins}{AntiWikiSpamPlugin}{ANTISPAMREGEXLISTURL}= | URL containing the public list of regular expressions used to block spam. The default list is provided by !MoinMoin. | http://arch.thinkmo.de/cgi-bin/spam-merge |
| ={Plugins}{AntiWikiSpamPlugin}{LOCALANTISPAMREGEXLISTTOPIC}= | A topic containing a list of local regular expressions. A sample topic is provided. | %SYSTEMWEB%.AntiWikiSpamLocalList |
| ={Plugins}{AntiWikiSpamPlugin}{GETLISTTIMEOUT}= | Maximum age of the public regular expression list in minutes. When age is exceeded, an updated list will be fetched | 60 |
| ={Plugins}{AntiWikiSpamPlugin}{GETLISTTIMEOUT}= | Maximum age of the public regular expression list in minutes. When age is exceeded, an updated list will be fetched | 60 |
| ={Plugins}{AntiWikiSpamPlugin}{BypassGroup}= | A Wiki group listing members who are permitted to save without any Spam checking. Note that members of the %USERSWEB%.AdminGroup are always permitted to save. | AntiWikiSpamBypassGroup |
| ={Plugins}{AntiWikiSpamPlugin}{HitThreshold}= | Number of regex hits required to block the save. Set to -1 to simulate operation. | 1 |
| ={Plugins}{AntiWikiSpamPlugin}{RegistrationWhiteList}= | Name of topic containing regular expressions that permit registration by matching email domains. | %SYSTEMWEB%.AntiWikiSpamRegistrationWhiteList |
| ={Plugins}{AntiWikiSpamPlugin}{RegistrationBlackList}= | Name of topic containing regular expressions that deny registration by matching email domains. | %SYSTEMWEB%.AntiWikiSpamRegistrationBlackList |

---++ Registration

Registration is controlled by limiting the email domains that can be used by people registering to the wiki. For example, you can set up a whitelist so that only people with a corporate email address can register, or set up a blacklist to filter known email hosts that spammers use.

The lists are held in topics, usually called %SYSTEMWEB%.AntiWikiSpamRegistrationWhiteList and %SYSTEMWEB%.AntiWikiSpamRegistrationWhiteList. Sample topics are provided. Each topic is a simple list of Perl regular expressions. At least one expression in the whitelist must match the email address to permit registration. If any expression in the blacklist matches, registration will be denied.
@@ -89,21 +96,20 @@ regular expressions will be logged to the foswiki error log (typically =working/
To cause a true failure, remove the VIEW and CHANGE restrictions to the topic and edit it using a non-admin user.

---++ Info


<sticky>
| Author(s): | Foswiki:Main.SvenDowideit - http://fosiki.com |
| Copyright: | &copy; 2005-2009 SvenDowideit@fosiki.com %BR% &copy; 2012 George Clark %BR% &copy; 2012 Crawford Currie http://c-dot.co.uk |
| Copyright: | &copy; 2005-2009 SvenDowideit @fosiki.com %BR% &copy; 2012 George Clark %BR% &copy; 2012 Crawford Currie http://c-dot.co.uk |
| License: | [[http://www.gnu.org/licenses/gpl3.html][GPL 3 (Gnu General Public License)]] |
| Version: | %$VERSION% |
| Release: | %$RELEASE% |
| Change History: | <!-- versions below in reverse order -->&nbsp; |
| Change History: | <!-- versions below in reverse order --> |
| 1.5 (31 Dec 2012) | Foswikitask:Item12296: !BypassGroup doesn't work, also unit tests don't work on trunk.%BR%\
Foswikitask:Item12323: Fails to remove user topic on Foswiki 1.1.x |
| 1.4 (10 Aug 2012) | Foswikitask:Item11679: When removing a user, remove it from any groups.<br />\
Foswikitask:Item12038: Allow checking to be disabled |
| 1.3.1 (19 Mar 2012) | Remove dialog would remove current user if entered user was not konwn to the Mapper. |
| 1.3.1 (19 Mar 2012) | Remove dialog would remove current user if entered user was not known to the Mapper. |
| 1.3 (14 Mar 2012) | Foswikitask:Item11644: add white/black lists for common spam sources (Foswiki:Main.CrawfordCurrie) <br />\
Foswikitask:Item11646: add remove dialog <br />\
Foswikitask:Item11646: add remove dialog <br />\
Foswikitask:Item11593: Uninitialized variable |
| 1.2 (25 Apr 2011) | Foswikitask:Item1091 - add whitelist, <br />\
Foswikitask:Item1580 - also process comments, <br />\
@@ -112,5 +118,5 @@ To cause a true failure, remove the VIEW and CHANGE restrictions to the topic an
| 1.0 (22 Aug 2005) | Initial version |
| Dependencies: | %$DEPENDENCIES% |
| Home page: | http://foswiki.org/bin/view/Extensions/AntiWikiSpamPlugin |

</sticky>
<!-- Do _not_ attempt to edit this topic; it is auto-generated. -->
@@ -30,13 +30,20 @@ sub initPlugin {
my ( $topic, $web, $user, $installWeb ) = @_;

#forceUpdate
Foswiki::Func::registerRESTHandler( 'forceUpdate', \&_RESTforceUpdate );
Foswiki::Func::registerRESTHandler(
'forceUpdate', \&_RESTforceUpdate,
authenticate => 1,
validate => 0,
http_allow => 'POST',
description => 'Run a manual update of the spam regular expressions.',
);

Foswiki::Func::registerRESTHandler(
'removeUser', \&_RESTremoveUser,
authenticate => 1,
validate => $Foswiki::cfg{Validation}{Method} eq 'strikeone' ? 1 : 0,
http_allow => 'POST'
validate => $Foswiki::cfg{Validation}{Method} eq 'strikeone' ? 1 : 0,
http_allow => 'POST',
description => 'Allow administrators to remove registered users.',

);

@@ -187,6 +187,18 @@ sub registrationHandler {
}

sub _RESTforceUpdate {

unless ( Foswiki::Func::isAnAdmin() ) {
my $response = $Foswiki::Plugins::SESSION->{response};
$response->header(
-status => 500,
-type => 'text/plain',
-charset => 'UTF-8'
);
$response->print('forceUpdate is only available to administrators');
return;
}

_writeDebug('about to forceUpdate');
_downloadRegexUpdate(1);
_writeDebug('forceUpdate complete');

0 comments on commit a4ddc82

Please sign in to comment.
You can’t perform that action at this time.