Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#6996 closed enhancement (worksforme)

XmlRpcPlugin: Filter RPC calls considered as spam

Reported by: Olemis Lang Owned by: osimons
Priority: normal Component: XmlRpcPlugin
Severity: major Keywords: spam rpc
Cc: Olemis Lang, Michael Renzmann Trac Release: 0.11


Inspired on a previous experience @

I suppose this should be implemented in two phases:

  • Add support for filters in core
  • Implement a glue layer to reuse functionalities provided by third-party packages

but I am not sure because I am not very aware of current (anti-spam) support added by plugins.

Attachments (0)

Change History (5)

comment:1 Changed 8 years ago by Olemis Lang

Cc: Michael Renzmann added

comment:2 Changed 8 years ago by Olemis Lang

Summary: Filter XmlRpcPlugin calls considered as spamXmlRpcPlugin: Filter RPC calls considered as spam

comment:3 Changed 8 years ago by osimons

This is a non-issue with current state of plugin as far as I can see. All wiki and ticket updates should be made on top of the Trac infrastructure, and not using direct model or database access. That means it will respect:

  • manipulators that may veto a change (such as spam filter plugin)
  • permissions in case fine-grained policies are added via plugins
  • (and make sure that listeners are aware of the update for notifications and similar)

That needs to be the model for all RPC methods makeing changes - behave just as if the input arrived from web.

comment:4 Changed 8 years ago by osimons

Resolution: worksforme
Status: newclosed

BTW: This site currently runs Trac 0.10.x and corresponding version of the plugin that has not seen changes for over 3 years...

I'm closing as 'worksforme' with 'upgrade' as recommended solution :-)

comment:5 in reply to:  4 Changed 8 years ago by Olemis Lang

Replying to osimons:

I'm closing as 'worksforme' with 'upgrade' as recommended solution :-)

Ok. I'll check out later what should be the errors reported by the plugin once a filter blocks a given RPC request . I suppose that not all anti-spam solutions are useful in this case (e.g. captchas for RPC ?) but that's part of the server configuration process and definitely something we shouldn't care about (unless it may cause conflicts e.g. all calls rejected because of missing captcha when that filter is used for wiki pages and tickets ?)

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain osimons.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.