| 0f4616de | 15-Jun-2017 |
Moisés Braga Ribeiro <moisesbr@gmail.com> |
Review of Esperanto translation |
| 3cf2cb60 | 11-May-2017 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| ed30d673 | 10-May-2017 |
Daniel Eiter <daniel@eiterfamily.com> |
translation update |
| e7d2278e | 21-Mar-2017 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 624fadec | 17-Mar-2017 |
Quark66 <mkucera66@seznam.cz> |
translation update |
| 2e3156c1 | 09-Mar-2017 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 4043541d | 06-Mar-2017 |
Hideaki SAWADA <chuno@live.jp> |
translation update |
| 87b5ef08 | 25-Feb-2017 |
kuma <kuma000@qq.com> |
translation update |
| 41c32ed7 | 14-Feb-2017 |
Schplurtz le Déboulonné <Schplurtz@laposte.net> |
translation update |
| 4686e798 | 02-Feb-2017 |
Andreas Gohr <gohr@cosmocode.de> |
version upped |
| 5d59bd09 | 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
update the lastrun file correctly |
| 08f248e4 | 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
added new mode SVG
This mode generates an SVG image an inlines it. This is much easier to
read than the obfuscated image but should still be relatively hard for
most spammers (until they start handl
added new mode SVG
This mode generates an SVG image an inlines it. This is much easier to
read than the obfuscated image but should still be relatively hard for
most spammers (until they start handling inline SVGs).
show more ...
|
| 77d92a1c | 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| cde3ece1 | 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
clean up old captcha cookies
Old cookies are now cleared once per day. |
| 13febdfd | 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
adjusted tests for captcha cookies |
| a285df67 | 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
implement "cookies" against replay attacks
The CAPTCHA plugin tried to be stateless. No cookie related information
was stored on the server (eg. in the session). Instead encryption of
available info
implement "cookies" against replay attacks
The CAPTCHA plugin tried to be stateless. No cookie related information
was stored on the server (eg. in the session). Instead encryption of
available information was used to ensure captcha codes couldn't be
faked. To avoid replay attacks the plugin relied on the last change date
of the current page. When a captcha was filled in correctly a page edit
was allowed and the next captcha would use different encryption. However
this does not work where the captcha is used independently from a page
edit. Eg. for logins or comments.
To fix this some data has to be stored server side. Most captchas simply
store the code in the session of the user. This has two disadvantages:
1) only one code can be used, which makes having multiple tabs with
editing sessions a pain
2) the session must be open for writing when the captcha is displayed
and checked
This change implements a different approach. For each displayed captcha
a "cookie" (a 0 byte file) is stored in the tmp directory. When a
captcha is checked, the cookie is removed again. This way each captcha
can only be used once.
Cleaning up the tmp directory is still missing and comes in a second
commit.
show more ...
|
| b86b358a | 01-Oct-2016 |
Arne Hanssen <arne.hanssen@getmail.no> |
translation update |
| 207228df | 07-Sep-2016 |
CHENG <wucy0612@gmail.com> |
translation update |
| 1cfb2b37 | 23-Aug-2016 |
Sam01 <m.sajad079@gmail.com> |
translation update |
| 1d1b27ce | 06-Jul-2016 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 2b9bb6ab | 06-Jul-2016 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 342e0e61 | 01-Jul-2016 |
Myeongjin <aranet100@gmail.com> |
translation update |
| 4a394576 | 28-Jun-2016 |
Jacob Palm <mail@jacobpalm.dk> |
translation update |
| 04c6ab1c | 15-Apr-2016 |
Oze Projetos <oze@oze.net.br> |
translation update |
| aed5d44b | 11-Mar-2016 |
Andreas Gohr <andi@splitbrain.org> |
don't test on old stable anymore |