Modify

Opened 4 years ago

Closed 7 months ago

#7539 closed defect (fixed)

Upload of patch files often rejected as Spam

Reported by: rjollos Owned by: otaku42
Priority: normal Component: TracHacks
Severity: normal Keywords:
Cc: hasienda Trac Release: 0.10

Description

Upload of patch files often fails with:

500 Internal Server Error (Submission rejected as potential spam (Maximum number of external links per post exceeded))

See #3921, where upload of ticketstats-r7633.patch was rejected as spam (so the patch had to be uploaded in a gzip archive).

Here is the patch file from that ticket:

  • ticketstats/ticketstats.py

     
    237237         data['start_date'] = from_date.strftime("%m/%d/%Y") 
    238238         data['end_date'] = at_date.strftime("%m/%d/%Y") 
    239239         data['resolution'] = str(graph_res) 
    240          data['baseurl'] = req.base_url 
     240         data['baseurl'] = self.yui_base_url 
    241241         data['milestones'] = milestone_list 
    242242         data['cmilestone'] = milestone_num 
    243243         return 'greensauce.html', data, None 
  • ticketstats/templates/greensauce.html

     
    1212    #chart { height: 500px } 
    1313    </style> 
    1414     
    15     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/yahoo-dom-event/yahoo-dom-event.js"></script> 
    16     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/element/element-beta-min.js"></script> 
    17     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/datasource/datasource-beta-min.js"></script> 
    18     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/json/json-min.js"></script> 
     15    <script type="text/javascript" src="${baseurl}/build/yahoo-dom-event/yahoo-dom-event.js"></script> 
     16    <script type="text/javascript" src="${baseurl}/build/element/element-beta-min.js"></script> 
     17    <script type="text/javascript" src="${baseurl}/build/datasource/datasource-beta-min.js"></script> 
     18    <script type="text/javascript" src="${baseurl}/build/json/json-min.js"></script> 
    1919    <!-- OPTIONAL: Connection (enables XHR) --> 
    20     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/connection/connection-min.js"></script> 
     20    <script type="text/javascript" src="${baseurl}/build/connection/connection-min.js"></script> 
    2121    <!-- Source files --> 
    22     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/charts/charts-experimental-min.js"></script> 
     22    <script type="text/javascript" src="${baseurl}/build/charts/charts-experimental-min.js"></script> 
    2323 
    2424  </head> 
    2525<body class="yui-skin-sam"> 
     
    9797setProvided(); 
    9898updateStaticURL(); 
    9999 
    100 YAHOO.widget.Chart.SWFURL = "http://yui.yahooapis.com/2.5.2/build/charts/assets/charts.swf"; 
     100YAHOO.widget.Chart.SWFURL = "${baseurl}/build/charts/assets/charts.swf"; 
    101101 
    102102var myDataSource = new YAHOO.util.DataSource( "?content=chartdata" ); 
    103103 
  • ticketstats/templates/greensauce.html.sav

     
    1 <!DOCTYPE html 
    2     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
    3     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
    4 <html xmlns="http://www.w3.org/1999/xhtml" 
    5       xmlns:py="http://genshi.edgewall.org/" 
    6       xmlns:xi="http://www.w3.org/2001/XInclude"> 
    7   <xi:include href="layout.html" /> 
    8   <xi:include href="macros.html" /> 
    9   <head> 
    10  
    11     <style type="text/css"> 
    12     #chart { height: 500px } 
    13     </style> 
    14      
    15     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/yahoo-dom-event/yahoo-dom-event.js"></script> 
    16     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/element/element-beta-min.js"></script> 
    17     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/datasource/datasource-beta-min.js"></script> 
    18     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/json/json-min.js"></script> 
    19     <!-- OPTIONAL: Connection (enables XHR) --> 
    20     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/connection/connection-min.js"></script> 
    21     <!-- Source files --> 
    22     <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/charts/charts-experimental-min.js"></script> 
    23   </head> 
    24 <body> 
    25 <p/> 
    26 <span class="chart_title"> 
    27     <h1>Ticket Statistics</h1> 
    28 </span> 
    29 <div id="content"> 
    30 <div id="chart"></div> 
    31 <form action="" method="post" id="dt_frm"> 
    32     <label for="start_date">Start Date: </label> 
    33     <input type="text" name="start_date" id="start_date" value="${start_date}"/> 
    34     <label for="end_date">End Date: </label> 
    35     <input type="text" name="end_date" id="end_date" value="${end_date}"/> 
    36     <label for="resolution">Resolution: </label> 
    37     <input type="text" name="resolution" id="resolution" value="${resolution}"/> 
    38     <input type="submit" value="Update Chart"/> 
    39 </form> 
    40 </div> 
    41  
    42 <script type = "text/javascript"> 
    43 YAHOO.widget.Chart.SWFURL = "http://yui.yahooapis.com/2.5.2/build/charts/assets/charts.swf"; 
    44  
    45 var mychartdata =  
    46 [ 
    47 <py:for each="t in ticket_data"> 
    48   { date: "${t['date']}", new_tickets: ${t['new']}, closed: ${t['closed']}, open: ${t['open']} }, 
    49 </py:for> 
    50 ]; 
    51  
    52 var myDataSource = new YAHOO.util.DataSource( mychartdata ); 
    53 myDataSource.responseType = YAHOO.util.DataSource.TYPE_JSARRAY; 
    54 myDataSource.responseSchema = 
    55 { 
    56     fields: [ "date", "new_tickets", "open", "closed" ] 
    57 }; 
    58  
    59 var seriesDef = 
    60 [ 
    61     { displayName: "New Tickets", yField: "new_tickets", style: {color: 0xff0000, size: 40} }, 
    62     { displayName: "Closed Tickets", yField: "closed", style: {color: 0x00ff00, size:40} }, 
    63     { type: "line", displayName: "Open Tickets", yField: "open", style: {color: 0x0000ff} } 
    64 ]; 
    65  
    66 var numtixAxis = new YAHOO.widget.NumericAxis(); 
    67 numtixAxis.minimum = 0 
    68  
    69 YAHOO.example.getDataTipText = function( item, index, series ) 
    70 { 
    71     var toolTipText = series.displayName + " for " + item.date; 
    72     toolTipText += "\n" + item[series.yField] ; 
    73     return toolTipText; 
    74 } 
    75  
    76 var mychart = new YAHOO.widget.ColumnChart( "chart", myDataSource, 
    77 { 
    78     xField: "date", 
    79     series: seriesDef, 
    80     yAxis: numtixAxis, 
    81     dataTipFunction: YAHOO.example.getDataTipText, 
    82     style: {legend: {display: "bottom"}} 
    83 }); 
    84  
    85  
    86 </script> 
    87  
    88   </body> 
    89 </html> 

Attachments (0)

Change History (9)

comment:1 Changed 4 years ago by rjollos

  • Cc hasienda added
  • Component changed from SELECT A HACK to TracHacks
  • Owner set to otaku42
  • Trac Release changed from 0.11 to 0.10

comment:2 Changed 4 years ago by otaku42

  • Status changed from new to assigned

You should have seen a notice about which of the patterns defined in BadContent matched and caused the upload to be declined. Can you please try posting them here, or if that fails send them by e-mail to mrenzmann <at> otak42 <dot> de?

comment:3 follow-up: Changed 4 years ago by rjollos

Here are two instances:

  1. User abeld was trying to upload patch in #7534:
  2. User rjollos was trying to upload patch in #3921:

Is that the info you are looking for?

comment:4 in reply to: ↑ 3 ; follow-up: Changed 4 years ago by otaku42

Replying to rjollos:

Is that the info you are looking for?

Yes, thanks. In both cases the main issue is that the uploaded (thus POSTed) content contained more than a defined maximum number of external links. Increasing this number or disabling this feature will result in an increased number of spam hitting the site and therefore is no valid option.

Our best bet may be to see if if it's possible to make the spamfilter plugin optionally ignore uploaded files (i.e. ticket and wiki page attachments). Anyone available for looking into that?

comment:5 in reply to: ↑ 4 Changed 4 years ago by rjollos

Replying to otaku42:

Our best bet may be to see if if it's possible to make the spamfilter plugin optionally ignore uploaded files (i.e. ticket and wiki page attachments). Anyone available for looking into that?

I opened t:#9583 for this issue and I'll take a look by next weekend to see if it is something I can implement.

comment:6 Changed 4 years ago by rjollos

Michael: Any thoughts on t:ticket:9583:comment:1?

comment:7 Changed 4 years ago by otaku42

Commented there. I think that such an addition should be regarded as temporary solution for the remaining time we run on Trac 0.10. I agree with dstoecker that after the upgrade there would be better solutions than that.

comment:8 Changed 4 years ago by anonymous

SpamFilter now has the wanted option. You need to do backporting to 0.10 yourself.

comment:9 Changed 7 months ago by rjollos

  • Resolution set to fixed
  • Status changed from assigned to closed

Seems to be fixed since the upgrade and dstoecker's tuning of the spam filter.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from otaku42. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.