Ticket #7539 (assigned defect)

Opened 3 years ago

Last modified 3 years ago

Upload of patch files often rejected as Spam

Reported by: rjollos Assigned to: otaku42 (accepted)
Priority: normal Component: TracHacks
Severity: normal Keywords:
Cc: hasienda Trac Release: 0.10

Description

Upload of patch files often fails with: 

500 Internal Server Error (Submission rejected as potential spam (Maximum number of external links per post exceeded))

See #3921, where upload of ticketstats-r7633.patch was rejected as spam (so the patch had to be uploaded in a gzip archive).

Here is the patch file from that ticket:

  • ticketstats/ticketstats.py

    old new  
    237237         data['start_date'] = from_date.strftime("%m/%d/%Y") 
    238238         data['end_date'] = at_date.strftime("%m/%d/%Y") 
    239239         data['resolution'] = str(graph_res) 
    240          data['baseurl'] = req.base_url 
     240         data['baseurl'] = self.yui_base_url 
    241241         data['milestones'] = milestone_list 
    242242         data['cmilestone'] = milestone_num 
    243243         return 'greensauce.html', data, None 

  • ticketstats/templates/greensauce.html

    old new  
    1212    #chart { height: 500px } 
    1313    </style> 
    1414     
    15     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/yahoo-dom-event/yahoo-dom-event.js"></script> 
    16     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/element/element-beta-min.js"></script> 
    17     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/datasource/datasource-beta-min.js"></script> 
    18     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/json/json-min.js"></script> 
     15    <script type="text/javascript" src="${baseurl}/build/yahoo-dom-event/yahoo-dom-event.js"></script> 
     16    <script type="text/javascript" src="${baseurl}/build/element/element-beta-min.js"></script> 
     17    <script type="text/javascript" src="${baseurl}/build/datasource/datasource-beta-min.js"></script> 
     18    <script type="text/javascript" src="${baseurl}/build/json/json-min.js"></script> 
    1919    <!-- OPTIONAL: Connection (enables XHR) --> 
    20     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/connection/connection-min.js"></script> 
     20    <script type="text/javascript" src="${baseurl}/build/connection/connection-min.js"></script> 
    2121    <!-- Source files --> 
    22     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/charts/charts-experimental-min.js"></script> 
     22    <script type="text/javascript" src="${baseurl}/build/charts/charts-experimental-min.js"></script> 
    2323 
    2424  </head> 
    2525<body class="yui-skin-sam"> 
     
    9797setProvided(); 
    9898updateStaticURL(); 
    9999 
    100 YAHOO.widget.Chart.SWFURL = "http://yui.yahooapis.com/2.5.2/build/charts/assets/charts.swf"; 
     100YAHOO.widget.Chart.SWFURL = "${baseurl}/build/charts/assets/charts.swf"; 
    101101 
    102102var myDataSource = new YAHOO.util.DataSource( "?content=chartdata" ); 
    103103 

  • ticketstats/templates/greensauce.html.sav

    old new  
    1 <!DOCTYPE html 
    2     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
    3     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
    4 <html xmlns="http://www.w3.org/1999/xhtml" 
    5       xmlns:py="http://genshi.edgewall.org/" 
    6       xmlns:xi="http://www.w3.org/2001/XInclude"> 
    7   <xi:include href="layout.html" /> 
    8   <xi:include href="macros.html" /> 
    9   <head> 
    10  
    11     <style type="text/css"> 
    12     #chart { height: 500px } 
    13     </style> 
    14      
    15     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/yahoo-dom-event/yahoo-dom-event.js"></script> 
    16     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/element/element-beta-min.js"></script> 
    17     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/datasource/datasource-beta-min.js"></script> 
    18     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/json/json-min.js"></script> 
    19     <!-- OPTIONAL: Connection (enables XHR) --> 
    20     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/connection/connection-min.js"></script> 
    21     <!-- Source files --> 
    22     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/charts/charts-experimental-min.js"></script> 
    23   </head> 
    24 <body> 
    25 <p/> 
    26 <span class="chart_title"> 
    27     <h1>Ticket Statistics</h1> 
    28 </span> 
    29 <div id="content"> 
    30 <div id="chart"></div> 
    31 <form action="" method="post" id="dt_frm"> 
    32     <label for="start_date">Start Date: </label> 
    33     <input type="text" name="start_date" id="start_date" value="${start_date}"/> 
    34     <label for="end_date">End Date: </label> 
    35     <input type="text" name="end_date" id="end_date" value="${end_date}"/> 
    36     <label for="resolution">Resolution: </label> 
    37     <input type="text" name="resolution" id="resolution" value="${resolution}"/> 
    38     <input type="submit" value="Update Chart"/> 
    39 </form> 
    40 </div> 
    41  
    42 <script type = "text/javascript"> 
    43 YAHOO.widget.Chart.SWFURL = "http://yui.yahooapis.com/2.5.2/build/charts/assets/charts.swf"; 
    44  
    45 var mychartdata =  
    46 [ 
    47 <py:for each="t in ticket_data"> 
    48   { date: "${t['date']}", new_tickets: ${t['new']}, closed: ${t['closed']}, open: ${t['open']} }, 
    49 </py:for> 
    50 ]; 
    51  
    52 var myDataSource = new YAHOO.util.DataSource( mychartdata ); 
    53 myDataSource.responseType = YAHOO.util.DataSource.TYPE_JSARRAY; 
    54 myDataSource.responseSchema = 
    55 { 
    56     fields: [ "date", "new_tickets", "open", "closed" ] 
    57 }; 
    58  
    59 var seriesDef = 
    60 [ 
    61     { displayName: "New Tickets", yField: "new_tickets", style: {color: 0xff0000, size: 40} }, 
    62     { displayName: "Closed Tickets", yField: "closed", style: {color: 0x00ff00, size:40} }, 
    63     { type: "line", displayName: "Open Tickets", yField: "open", style: {color: 0x0000ff} } 
    64 ]; 
    65  
    66 var numtixAxis = new YAHOO.widget.NumericAxis(); 
    67 numtixAxis.minimum = 0 
    68  
    69 YAHOO.example.getDataTipText = function( item, index, series ) 
    70 { 
    71     var toolTipText = series.displayName + " for " + item.date; 
    72     toolTipText += "\n" + item[series.yField] ; 
    73     return toolTipText; 
    74 } 
    75  
    76 var mychart = new YAHOO.widget.ColumnChart( "chart", myDataSource, 
    77 { 
    78     xField: "date", 
    79     series: seriesDef, 
    80     yAxis: numtixAxis, 
    81     dataTipFunction: YAHOO.example.getDataTipText, 
    82     style: {legend: {display: "bottom"}} 
    83 }); 
    84  
    85  
    86 </script> 
    87  
    88   </body> 
    89 </html> 

Attachments

Change History

08/23/10 04:53:11 changed by rjollos

  • release changed from 0.11 to 0.10.
  • owner set to otaku42.
  • component changed from SELECT A HACK to TracHacks.
  • cc set to hasienda.

08/23/10 09:36:41 changed by otaku42

  • status changed from new to assigned.

You should have seen a notice about which of the patterns defined in BadContent matched and caused the upload to be declined. Can you please try posting them here, or if that fails send them by e-mail to mrenzmann <at> otak42 <dot> de?

(follow-up: ↓ 4 ) 08/23/10 09:45:40 changed by rjollos

Here are two instances:

1. User abeld was trying to upload patch in #7534:

1. User rjollos was trying to upload patch in #3921:

Is that the info you are looking for?

(in reply to: ↑ 3 ; follow-up: ↓ 5 ) 08/23/10 17:27:31 changed by otaku42

Replying to rjollos:

Is that the info you are looking for?

Yes, thanks. In both cases the main issue is that the uploaded (thus POSTed) content contained more than a defined maximum number of external links. Increasing this number or disabling this feature will result in an increased number of spam hitting the site and therefore is no valid option.

Our best bet may be to see if if it's possible to make the spamfilter plugin optionally ignore uploaded files (i.e. ticket and wiki page attachments). Anyone available for looking into that?

(in reply to: ↑ 4 ) 08/23/10 23:19:59 changed by rjollos

Replying to otaku42:

Our best bet may be to see if if it's possible to make the spamfilter plugin optionally ignore uploaded files (i.e. ticket and wiki page attachments). Anyone available for looking into that?

I opened t:#9583 for this issue and I'll take a look by next weekend to see if it is something I can implement.

08/28/10 06:58:38 changed by rjollos

Michael: Any thoughts on t:ticket:9583:comment:1?

08/28/10 09:56:20 changed by otaku42

Commented there. I think that such an addition should be regarded as temporary solution for the remaining time we run on Trac 0.10. I agree with dstoecker that after the upgrade there would be better solutions than that.

09/17/10 22:51:56 changed by anonymous

SpamFilter? now has the wanted option. You need to do backporting to 0.10 yourself.

Add/Change #7539 (Upload of patch files often rejected as Spam)




Change Properties
Action