001/* 002 Licensed to the Apache Software Foundation (ASF) under one 003 or more contributor license agreements. See the NOTICE file 004 distributed with this work for additional information 005 regarding copyright ownership. The ASF licenses this file 006 to you under the Apache License, Version 2.0 (the 007 "License"); you may not use this file except in compliance 008 with the License. You may obtain a copy of the License at 009 010 http://www.apache.org/licenses/LICENSE-2.0 011 012 Unless required by applicable law or agreed to in writing, 013 software distributed under the License is distributed on an 014 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 KIND, either express or implied. See the License for the 016 specific language governing permissions and limitations 017 under the License. 018 */ 019 020package org.apache.wiki.tags; 021 022 023import org.apache.wiki.filters.SpamFilter; 024 025import javax.servlet.http.HttpServletRequest; 026import javax.servlet.jsp.PageContext; 027 028/** 029 * Provides hidden input fields which are checked by the {@code SpamFilter}. 030 * 031 * @since 2.11.0-M8 032 */ 033public class SpamFilterInputsTag extends WikiTagBase { 034 035 private static final long serialVersionUID = -5224949821664626978L; 036 037 /** 038 * {@inheritDoc} 039 */ 040 @Override 041 public int doWikiStartTag() throws Exception { 042 final String encodingCheckInput = SpamFilter.insertInputFields( pageContext ); 043 final String hashCheckInput = 044 "<input type='hidden' name='" + SpamFilter.getHashFieldName( ( HttpServletRequest ) pageContext.getRequest() ) + "'" + 045 " value='" + pageContext.getAttribute( "lastchange", PageContext.REQUEST_SCOPE ) + "' />\n"; 046 047 // This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting. 048 // Normal user should never see this field, nor type anything in it. 049 final String botCheckInput = 050 "<input class='hidden' type='text' name='" + SpamFilter.getBotFieldName() + "' id='" + SpamFilter.getBotFieldName() + "' value='' />\n"; 051 pageContext.getOut().print( encodingCheckInput + hashCheckInput + botCheckInput ); 052 return SKIP_BODY; 053 } 054 055}