Upload of patch files often rejected as Spam

[Ryan J Ollos]

Upload of patch files often fails with:

500 Internal Server Error (Submission rejected as potential spam (Maximum number of external links per post exceeded))

See #3921, where upload of ticketstats-r7633.patch was rejected as spam (so the patch had to be uploaded in a gzip archive).

Here is the patch file from that ticket:

ticketstats/ticketstats.py

@@ -237 +237 @@
          data['start_date'] = from_date.strftime("%m/%d/%Y")
          data['end_date'] = at_date.strftime("%m/%d/%Y")
          data['resolution'] = str(graph_res)
-         data['baseurl'] = req.base_url
+         data['baseurl'] = self.yui_base_url
          data['milestones'] = milestone_list
          data['cmilestone'] = milestone_num
          return 'greensauce.html', data, None

ticketstats/templates/greensauce.html

@@ -12 +12 @@
     #chart { height: 500px }
     </style>
     
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/yahoo-dom-event/yahoo-dom-event.js"></script>
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/element/element-beta-min.js"></script>
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/datasource/datasource-beta-min.js"></script>
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/json/json-min.js"></script>
+    <script type="text/javascript" src="${baseurl}/build/yahoo-dom-event/yahoo-dom-event.js"></script>
+    <script type="text/javascript" src="${baseurl}/build/element/element-beta-min.js"></script>
+    <script type="text/javascript" src="${baseurl}/build/datasource/datasource-beta-min.js"></script>
+    <script type="text/javascript" src="${baseurl}/build/json/json-min.js"></script>
     <!-- OPTIONAL: Connection (enables XHR) -->
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/connection/connection-min.js"></script>
+    <script type="text/javascript" src="${baseurl}/build/connection/connection-min.js"></script>
     <!-- Source files -->
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/charts/charts-experimental-min.js"></script>
+    <script type="text/javascript" src="${baseurl}/build/charts/charts-experimental-min.js"></script>
 
   </head>
 <body class="yui-skin-sam">
@@ -97 +97 @@
 setProvided();
 updateStaticURL();
 
-YAHOO.widget.Chart.SWFURL = "http://yui.yahooapis.com/2.5.2/build/charts/assets/charts.swf";
+YAHOO.widget.Chart.SWFURL = "${baseurl}/build/charts/assets/charts.swf";
 
 var myDataSource = new YAHOO.util.DataSource( "?content=chartdata" );
 

ticketstats/templates/greensauce.html.sav

@@ -1 @@
-<!DOCTYPE html
-    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
-      xmlns:py="http://genshi.edgewall.org/"
-      xmlns:xi="http://www.w3.org/2001/XInclude">
-  <xi:include href="layout.html" />
-  <xi:include href="macros.html" />
-  <head>
-
-    <style type="text/css">
-    #chart { height: 500px }
-    </style>
-    
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/yahoo-dom-event/yahoo-dom-event.js"></script>
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/element/element-beta-min.js"></script>
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/datasource/datasource-beta-min.js"></script>
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/json/json-min.js"></script>
-    <!-- OPTIONAL: Connection (enables XHR) -->
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/connection/connection-min.js"></script>
-    <!-- Source files -->
-    <script type="text/javascript" src="http://yui.yahooapis.com/2.5.2/build/charts/charts-experimental-min.js"></script>
-  </head>
-<body>
-<p/>
-<span class="chart_title">
-    <h1>Ticket Statistics</h1>
-</span>
-<div id="content">
-<div id="chart"></div>
-<form action="" method="post" id="dt_frm">
-    <label for="start_date">Start Date: </label>
-    <input type="text" name="start_date" id="start_date" value="${start_date}"/>
-    <label for="end_date">End Date: </label>
-    <input type="text" name="end_date" id="end_date" value="${end_date}"/>
-    <label for="resolution">Resolution: </label>
-    <input type="text" name="resolution" id="resolution" value="${resolution}"/>
-    <input type="submit" value="Update Chart"/>
-</form>
-</div>
-
-<script type = "text/javascript">
-YAHOO.widget.Chart.SWFURL = "http://yui.yahooapis.com/2.5.2/build/charts/assets/charts.swf";
-
-var mychartdata = 
-[
-<py:for each="t in ticket_data">
-  { date: "${t['date']}", new_tickets: ${t['new']}, closed: ${t['closed']}, open: ${t['open']} },
-</py:for>
-];
-
-var myDataSource = new YAHOO.util.DataSource( mychartdata );
-myDataSource.responseType = YAHOO.util.DataSource.TYPE_JSARRAY;
-myDataSource.responseSchema =
-{
-    fields: [ "date", "new_tickets", "open", "closed" ]
-};
-
-var seriesDef =
-[
-    { displayName: "New Tickets", yField: "new_tickets", style: {color: 0xff0000, size: 40} },
-    { displayName: "Closed Tickets", yField: "closed", style: {color: 0x00ff00, size:40} },
-    { type: "line", displayName: "Open Tickets", yField: "open", style: {color: 0x0000ff} }
-];
-
-var numtixAxis = new YAHOO.widget.NumericAxis();
-numtixAxis.minimum = 0
-
-YAHOO.example.getDataTipText = function( item, index, series )
-{
-    var toolTipText = series.displayName + " for " + item.date;
-    toolTipText += "\n" + item[series.yField] ;
-    return toolTipText;
-}
-
-var mychart = new YAHOO.widget.ColumnChart( "chart", myDataSource,
-{
-    xField: "date",
-    series: seriesDef,
-    yAxis: numtixAxis,
-    dataTipFunction: YAHOO.example.getDataTipText,
-    style: {legend: {display: "bottom"}}
-});
-
-
-</script>
-
-  </body>
-</html>

[Michael Renzmann]

You should have seen a notice about which of the patterns defined in BadContent matched and caused the upload to be declined. Can you please try posting them here, or if that fails send them by e-mail to mrenzmann <at> otak42 <dot> de?

[Ryan J Ollos]

Here are two instances:

1. User abeld was trying to upload patch in #7534:
   • ​http://trac-hacks.org/admin/spamfilter/monitor/99959
2. User rjollos was trying to upload patch in #3921:
   • ​http://trac-hacks.org/admin/spamfilter/monitor/100004

Is that the info you are looking for?

[Michael Renzmann]

Replying to rjollos:

Is that the info you are looking for?

Yes, thanks. In both cases the main issue is that the uploaded (thus POSTed) content contained more than a defined maximum number of external links. Increasing this number or disabling this feature will result in an increased number of spam hitting the site and therefore is no valid option.

Our best bet may be to see if if it's possible to make the spamfilter plugin optionally ignore uploaded files (i.e. ticket and wiki page attachments). Anyone available for looking into that?

[Ryan J Ollos]

Replying to otaku42:

Our best bet may be to see if if it's possible to make the spamfilter plugin optionally ignore uploaded files (i.e. ticket and wiki page attachments). Anyone available for looking into that?

I opened ​t:#9583 for this issue and I'll take a look by next weekend to see if it is something I can implement.

[Ryan J Ollos]

Michael: Any thoughts on ​t:ticket:9583:comment:1?

[Michael Renzmann]

Commented there. I think that such an addition should be regarded as temporary solution for the remaining time we run on Trac 0.10. I agree with dstoecker that after the upgrade there would be better solutions than that.

[anonymous]

SpamFilter now has the wanted option. You need to do backporting to 0.10 yourself.

[Ryan J Ollos]

Seems to be fixed since the upgrade and dstoecker's tuning of the spam filter.