Edgewall Software
Modify

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11818 closed defect (wontfix)

sfp_email and sfph_email fields in URL of wiki history view

Reported by: Ryan J Ollos Owned by: Dirk Stöcker
Priority: normal Milestone:
Component: plugin/spamfilter Version:
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:

Description

The wiki history diff URL has a pair of empty fields sfp_email and sfph_email. Example: http://trac.edgewall.org/wiki/TracDev/ReleaseChecklist?sfp_email=&sfph_mail=&action=diff&version=48&old_version=47&sfp_email=&sfph_mail=

I've noticed this issue when pasting these long URLs into emails, and always end up deleting the two &sfp_email=&sfph_mail= strings from the URL. The URL is greatly shorted if the fields are removed: http://trac.edgewall.org/wiki/TracDev/ReleaseChecklist?action=diff&version=48&version=47

The fields are easily spotted in the rendered page source, however I don't see them in the template source code: tags/trac-1.0.2/trac/templates/history_view.html@:29,34#L24

<form id="history" class="printableform" method="get">
    <div style="display:none;"><input type="text" name="sfp_email" value=""><input type="hidden" name="sfph_mail" value=""></div><div class="buttons">
          <input type="hidden" name="action" value="diff">
          <input type="submit" value="View changes">
        </div><table id="fieldhist" class="listing" summary="Change history">

...

        </table><div style="display:none;"><input type="text" name="sfp_email" value=""><input type="hidden" name="sfph_mail" value=""></div><div class="buttons">
            <input type="submit" value="View changes">
          </div>
  </form>

Any hints on how these fields are added? Am I overlooking some JavaScript code?

Attachments (0)

Change History (8)

comment:1 by Christian Boos, 5 years ago

comment:2 by Jun Omae, 5 years ago

I think the trap field is needed for only forms with POST method, not for GET method.

comment:3 by Christian Boos, 5 years ago

Component: generalplugin/spamfilter
Owner: set to Dirk Stöcker

If we're consistent in allowing only POST for having side-effects, yes.

comment:4 by Dirk Stöcker, 5 years ago

TrapField adds these fields before <div class="buttons". It does not really understand the structure of the pages. Detecting whether this is POST or GET is much more complicated and also will result in errors which then again need to be fixed to get it working again. Currently on all three instances I'm watching we have more than 98% spam submissions. I think additional empty arguments to a get request are a small nuisance compared to the effectivity of these fields. Especially when compared to other web pages where they are so many crap in URL's as well.

comment:5 by Peter Suter, 5 years ago

Milestone: plugin - spam-filter

Or close as wontfix?

comment:6 by Ryan J Ollos, 5 years ago

Closing as wontfix is fine with me.

comment:7 by Dirk Stöcker, 5 years ago

Resolution: wontfix
Status: newclosed

comment:8 by Ryan J Ollos, 5 years ago

Milestone: plugin - spam-filter

Milestone unset per TracTicketTriage#Milestone.

Last edited 5 years ago by Ryan J Ollos (previous) (diff)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Dirk Stöcker.
The resolution will be deleted. Next status will be 'reopened'.
to as closed The owner will be changed from Dirk Stöcker to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.