Skip to Content
Last modified by Agnease on 2026/06/16 17:18
From version 16.10
edited by Agnease
on 2026/05/27 15:43
Change comment: There is no comment for this version
To version 16.58
edited by Agnease
on 2026/06/16 17:18
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,28 +1,146 @@
1 1  {{velocity wiki="false"}}
2 2  #if ($xcontext.action == 'get')
3 - #set ($message = '')
4 - #set ($now = $datetool.get('yyyyMMddHHmm'))
5 - #set ($random = $mathtool.random(100000, 999999))
6 - #set ($uniqueName = "ContactRequest-${now}-${random}")
7 - #set ($contactRequestDoc = $xwiki.getDocumentAsAuthor('ContactRequests.' + $uniqueName))
8 - #set ($contactRequestObj = $contactRequestDoc.getObject('Agnease.Code.ContactRequest.ContactRequestClass', true))
9 - #set ($statusCode = 200)
10 - #set ($message = 'Your request was successfully sent.')
3 + #set ($statusCode = 400)
4 + #set ($message = 'The request could not be sent. Please try again or contact Agnease by email at alex@agnease.com.')
11 11  
12 - ##var message = 'The request could not be sent. Please try again or contact Agnease by email.';
6 + #set ($className = 'Agnease.Code.ContactRequest.ContactRequestClass')
7 + #set ($allowedProperties = [
8 + 'scope',
9 + 'alreadyUseXWiki',
10 + 'name',
11 + 'email',
12 + 'hosting',
13 + 'customDevelopment',
14 + 'timeline',
15 + 'users'
16 + ])
13 13  
18 + #set ($name = '')
19 + #set ($email = '')
20 + #set ($scope = '')
21 + #set ($contactWebsite = '')
22 + #set ($startedAtRaw = '')
23 +
24 + ## Extract only the values we need for validation.
14 14   #foreach ($parameterName in $request.parameterNames)
15 - #set ($discard = $contactRequestObj.set("$parameterName.split('_0_')[1]", $request.get($parameterName)))
16 - ##set ($message = "$message $parameterName.split('_0_')[1] : $request.get($parameterName)")
26 + #set ($propertyParts = $parameterName.split('_0_'))
27 + #if ($propertyParts.size() > 1)
28 + #set ($propertyName = $propertyParts[1])
29 + #set ($propertyValue = $stringtool.trim($request.get($parameterName)))
30 +
31 + #if ($propertyName == 'name')
32 + #set ($name = $propertyValue)
33 + #elseif ($propertyName == 'email')
34 + #set ($email = $propertyValue)
35 + #elseif ($propertyName == 'scope')
36 + #set ($scope = $propertyValue)
37 + #elseif ($propertyName == 'contactWebsite')
38 + #set ($contactWebsite = $propertyValue)
39 + #elseif ($propertyName == 'contactStartedAt')
40 + #set ($startedAtRaw = $propertyValue)
41 + #end
42 + #end
17 17   #end
18 18  
19 - #set ($discard = $contactRequestDoc.saveAsAuthor())
45 + #set ($spamScore = 0)
20 20  
21 - #set ($message = "$message")
47 + ## Honeypot: real users should never fill this field.
48 + #if ("$!contactWebsite" != '')
49 + #set ($spamScore = $spamScore + 5)
50 + #end
22 22  
23 - ##set ($statusCode = 400)
24 - ##set ($message = 'error')
52 + ## Submission timing check.
53 + #if ("$!startedAtRaw" == '')
54 + ## The field is expected from the real form, so missing it is suspicious.
55 + #set ($spamScore = $spamScore + 2)
56 + #else
57 + #set ($startedAt = $numbertool.toNumber($startedAtRaw))
58 + #if ("$!startedAt" == '')
59 + #set ($spamScore = $spamScore + 2)
60 + #else
61 + #set ($now = $datetool.systemDate.time)
62 + #set ($elapsed = $now - $startedAt)
25 25  
64 + ## Reject very fast submissions.
65 + #if ($elapsed > 0 && $elapsed < 10000)
66 + #set ($spamScore = $spamScore + 3)
67 + #end
68 + #end
69 + #end
70 +
71 + ## Random-looking name: long single token.
72 + #if ($name.length() >= 16 && !$name.contains(' '))
73 + #set ($spamScore = $spamScore + 2)
74 + #end
75 +
76 + ## Random-looking project description: long single token.
77 + #if ($scope.length() >= 12 && !$scope.contains(' '))
78 + #set ($spamScore = $spamScore + 2)
79 + #end
80 +
81 + ## Suspicious email local part with many dots and tiny fragments.
82 + #set ($emailParts = $email.split('@'))
83 + #if ($emailParts.size() == 2)
84 + #set ($localPart = $emailParts[0])
85 + #set ($localFragments = $localPart.split('\.'))
86 + #set ($dotCount = $localFragments.size() - 1)
87 + #set ($oneCharFragments = 0)
88 +
89 + #foreach ($fragment in $localFragments)
90 + #if ($fragment.length() == 1)
91 + #set ($oneCharFragments = $oneCharFragments + 1)
92 + #end
93 + #end
94 +
95 + #if ($dotCount >= 4 && $oneCharFragments >= 3)
96 + #set ($spamScore = $spamScore + 2)
97 + #end
98 + #else
99 + #set ($spamScore = $spamScore + 2)
100 + #end
101 +
102 + ## Human-facing validation.
103 + #if ("$!name" == '' && "$!email" == '')
104 + #set ($message = 'Please enter your name and email.')
105 + #elseif ("$!name" == '')
106 + #set ($message = 'Please enter your name.')
107 + #elseif ("$!email" == '')
108 + #set ($message = 'Please enter your email address.')
109 + #elseif ("$!scope" == '' || $scope.length() < 30)
110 + #set ($message = 'Please add a short description of your XWiki project, question or issue.')
111 + #elseif ($spamScore >= 3)
112 + #set ($message = 'The request could not be sent. Please add a clearer description of your XWiki request or contact Agnease by email.')
113 + #else
114 + #try('contactException')
115 + #set ($now = $datetool.get('yyyyMMddHHmm'))
116 + #set ($random = $mathtool.random(100000, 999999))
117 + #set ($uniqueName = "ContactRequest-${now}-${random}")
118 + #set ($contactRequestDoc = $xwiki.getDocumentAsAuthor('ContactRequests.' + $uniqueName))
119 + #set ($contactRequestObj = $contactRequestDoc.getObject($className, true))
120 +
121 + ## Save only known ContactRequest fields.
122 + #foreach ($parameterName in $request.parameterNames)
123 + #set ($propertyParts = $parameterName.split('_0_'))
124 + #if ($propertyParts.size() > 1)
125 + #set ($propertyName = $propertyParts[1])
126 +
127 + #if ($allowedProperties.contains($propertyName))
128 + #set ($discard = $contactRequestObj.set($propertyName, $request.get($parameterName)))
129 + #end
130 + #end
131 + #end
132 +
133 + #set ($discard = $contactRequestDoc.saveAsAuthor())
134 + #set ($statusCode = 200)
135 + #set ($message = 'Your request was successfully sent.')
136 + #end
137 +
138 + #if ("$!contactException" != '')
139 + #set ($statusCode = 400)
140 + #set ($message = 'The request could not be sent. Please try again or contact Agnease by email.')
141 + #end
142 + #end
143 +
26 26   #set ($discard = $response.setStatus($statusCode))
27 27   #jsonResponse({'message': $message})
28 28  #end
... ... @@ -37,7 +37,7 @@
37 37  = Tell Us More About Your Project =
38 38  You do not need to have a full specification. A short description is enough to start the conversation.
39 39  {{html clean="false"}}
40 -Or <a href="https://calendly.com/alex-agnease/30min?back=1&month=2026-06" target="_blank">book a free</a> XWiki review call to discuss your current setup.
158 +You can also <a href="https://calendly.com/alex-agnease/30min?back=1&month=2026-06" target="_blank">book a free XWiki review call</a> to discuss your current setup.
41 41   <div class="row">
42 42   <div class="xform col-md-7">
43 43   #if ($totalRequests.size() > 50)
... ... @@ -74,7 +74,18 @@
74 74   #end
75 75   </dl>
76 76   <p class="xHint">* Your information will only be used to respond to this request.</p>
77 - ##<p>Your information will only be used to respond to this request. See the Privacy Policy for details.</p>
195 + ## Hidden fields to catch requests filled by bots.
196 + <div class="contact-hp-wrapper" aria-hidden="true">
197 + <label for="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite">Website</label>
198 + <input
199 + id="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite"
200 + type="text"
201 + name="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite"
202 + autocomplete="off"
203 + tabindex="-1"
204 + />
205 + </div>
206 + <input type="hidden" name="Agnease.Code.ContactRequest.ContactRequestClass_0_contactStartedAt" value="$datetool.systemDate.time" />
78 78   <input id="contactSubmit" type="submit" class="btn btn-primary" value="Send my request">
79 79   </form>
80 80   #end
XWiki.JavaScriptExtension[0]
code
... ... @@ -9,28 +9,28 @@
9 9   form.on('submit', function (event) {
10 10   event.preventDefault();
11 11  
12 - var data = $.param(form.serializeArray());
12 + // Always reset notifications before starting a new request.
13 + successBox.addClass('hidden');
14 + errorBox.addClass('hidden');
15 + successBox.find('.box div p').text('');
16 + errorBox.find('.box div p').text('');
13 13  
14 14   submitButton.prop('disabled', true);
15 15  
16 16   $.post({
17 17   url: serviceURL,
18 - data: data
22 + data: $.param(form.serializeArray())
19 19   }).done(function (data) {
20 - var successBoxContent = successBox.find('.box div p');
21 - successBoxContent.text(data.message);
22 - successBox.toggleClass('hidden');
23 - if (errorBox.is(':visible')) {
24 - errorBox.toggleClass('hidden');
25 - }
24 + console.log(data)
25 + successBox.find('.box div p').text(data.message);
26 + successBox.removeClass('hidden');
26 26   form[0].reset();
27 27   }).fail(function (xhr) {
28 - var errorBoxContent = errorBox.find('.box div p');
29 - errorBoxContent.text(xhr.statusText);
30 - errorBox.toggleClass('hidden');
31 - if (successBox.is(':visible')) {
32 - successBox.toggleClass('hidden');
33 - }
29 + console.log('fail' + xhr)
30 + var message = xhr.responseJSON && xhr.responseJSON.message ? xhr.responseJSON.message
31 + : 'The request could not be sent. Please try again or contact Agnease by email at alex@agnease.com';
32 + errorBox.find('.box div p').text(message);
33 + errorBox.removeClass('hidden');
34 34   }).always(function () {
35 35   submitButton.prop('disabled', false);
36 36   });
XWiki.StyleSheetExtension[0]
code
... ... @@ -66,3 +66,11 @@
66 66   color: @brand;
67 67   font-weight: 700;
68 68  }
69 +/* CSS for hidden field to identify requests filled by bots. */
70 +.contact-hp-wrapper {
71 + position: absolute;
72 + left: -9999px;
73 + width: 1px;
74 + height: 1px;
75 + overflow: hidden;
76 +}