Context Navigation

Modify ↓

#11818 closed defect (wontfix)

sfp_email and sfph_email fields in URL of wiki history view

Reported by:	Ryan J Ollos	Owned by:	Dirk Stöcker
Priority:	normal	Milestone:
Component:	plugin/spamfilter	Version:
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

The wiki history diff URL has a pair of empty fields sfp_email and sfph_email. Example: http://trac.edgewall.org/wiki/TracDev/ReleaseChecklist?sfp_email=&sfph_mail=&action=diff&version=48&old_version=47&sfp_email=&sfph_mail=

I've noticed this issue when pasting these long URLs into emails, and always end up deleting the two &sfp_email=&sfph_mail= strings from the URL. The URL is greatly shorted if the fields are removed: http://trac.edgewall.org/wiki/TracDev/ReleaseChecklist?action=diff&version=48&version=47

The fields are easily spotted in the rendered page source, however I don't see them in the template source code: tags/trac-1.0.2/trac/templates/history_view.html@:29,34#L24

<form id="history" class="printableform" method="get">
    <div style="display:none;"><input type="text" name="sfp_email" value=""><input type="hidden" name="sfph_mail" value=""></div><div class="buttons">
          <input type="hidden" name="action" value="diff">
          <input type="submit" value="View changes">
        </div><table id="fieldhist" class="listing" summary="Change history">

...

        </table><div style="display:none;"><input type="text" name="sfp_email" value=""><input type="hidden" name="sfph_mail" value=""></div><div class="buttons">
            <input type="submit" value="View changes">
          </div>
  </form>

Any hints on how these fields are added? Am I overlooking some JavaScript code?

Attachments (0)

Change History (8)

comment:1 by Christian Boos, 10 years ago

See SpamFilter#TrapField.

comment:2 by Jun Omae, 10 years ago

I think the trap field is needed for only forms with POST method, not for GET method.

comment:3 by Christian Boos, 10 years ago

Component:	general → plugin/spamfilter
Owner:	set to Dirk Stöcker

If we're consistent in allowing only POST for having side-effects, yes.

comment:4 by Dirk Stöcker, 10 years ago

TrapField adds these fields before <div class="buttons". It does not really understand the structure of the pages. Detecting whether this is POST or GET is much more complicated and also will result in errors which then again need to be fixed to get it working again. Currently on all three instances I'm watching we have more than 98% spam submissions. I think additional empty arguments to a get request are a small nuisance compared to the effectivity of these fields. Especially when compared to other web pages where they are so many crap in URL's as well.

comment:5 by Peter Suter, 10 years ago

Milestone:	→ plugin - spam-filter

Or close as wontfix?

comment:6 by Ryan J Ollos, 10 years ago

Closing as wontfix is fine with me.

comment:7 by Dirk Stöcker, 10 years ago

Resolution:	→ wontfix
Status:	new → closed

comment:8 by Ryan J Ollos, 9 years ago

Milestone:	plugin - spam-filter

Milestone unset per TracTicketTriage#Milestone.

Last edited 9 years ago by Ryan J Ollos (previous) (diff)

Modify Ticket

Change Properties

Summary:
Description:	The wiki history diff URL has a pair of empty fields `sfp_email` and `sfph_email`. Example: http://trac.edgewall.org/wiki/TracDev/ReleaseChecklist?sfp_email=&sfph_mail=&action=diff&version=48&old_version=47&sfp_email=&sfph_mail= I've noticed this issue when pasting these long URLs into emails, and always end up deleting the two `&sfp_email=&sfph_mail=` strings from the URL. The URL is greatly shorted if the fields are removed: http://trac.edgewall.org/wiki/TracDev/ReleaseChecklist?action=diff&version=48&version=47 The fields are easily spotted in the rendered page source, however I don't see them in the template source code: [browser:/tags/trac-1.0.2/trac/templates/history_view.html@:29,34#L24] {{{#!text/html <form id="history" class="printableform" method="get"> <div style="display:none;"><input type="text" name="sfp_email" value=""><input type="hidden" name="sfph_mail" value=""></div><div class="buttons"> <input type="hidden" name="action" value="diff"> <input type="submit" value="View changes"> </div><table id="fieldhist" class="listing" summary="Change history"> ... </table><div style="display:none;"><input type="text" name="sfp_email" value=""><input type="hidden" name="sfph_mail" value=""></div><div class="buttons"> <input type="submit" value="View changes"> </div> </form> }}} Any hints on how these fields are added? Am I overlooking some JavaScript code? You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Dirk Stöcker.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Dirk Stöcker to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: