Changes for page Get in Touch About Your XWiki Project

Last modified by Agnease on 2026/06/16 17:18

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Children
- Content
- Comments
- Attachments
- History
- Information
- Likes

From 16.40 to 16.41

From version 16.41

edited by Agnease
on 2026/06/16 16:57

Change comment: There is no comment for this version

To version 16.58

edited by Agnease
on 2026/06/16 17:18

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -3,36 +3,113 @@
    #set ($statusCode = 400)
    #set ($message = 'The request could not be sent. Please try again or contact Agnease by email at alex@agnease.com.')
++  #set ($className = 'Agnease.Code.ContactRequest.ContactRequestClass')
++  #set ($allowedProperties = [
++    'scope',
++    'alreadyUseXWiki',
++    'name',
++    'email',
++    'hosting',
++    'customDevelopment',
++    'timeline',
++    'users'
++  ])
++
    #set ($name = '')
    #set ($email = '')
++  #set ($scope = '')
    #set ($contactWebsite = '')
++  #set ($startedAtRaw = '')
++  ## Extract only the values we need for validation.
    #foreach ($parameterName in $request.parameterNames)
      #set ($propertyParts = $parameterName.split('_0_'))
      #if ($propertyParts.size() > 1)
--      #set ($propertyName = $parameterName.split('_0_')[1])
++      #set ($propertyName = $propertyParts[1])
++      #set ($propertyValue = $stringtool.trim($request.get($parameterName)))
++
        #if ($propertyName == 'name')
--        #set ($name = $stringtool.trim($request.get($parameterName)))
++        #set ($name = $propertyValue)
        #elseif ($propertyName == 'email')
--        #set ($email = $stringtool.trim($request.get($parameterName)))
++        #set ($email = $propertyValue)
++      #elseif ($propertyName == 'scope')
++        #set ($scope = $propertyValue)
        #elseif ($propertyName == 'contactWebsite')
--        #set ($contactWebsite = $stringtool.trim($request.get($parameterName)))
++        #set ($contactWebsite = $propertyValue)
++      #elseif ($propertyName == 'contactStartedAt')
++        #set ($startedAtRaw = $propertyValue)
        #end
      #end
    #end
--  #if ("$!contactWebsite.trim()" != '')
--    #set ($statusCode = 400)
--    #set ($message = 'The request could not be sent. Please try again or contact Agnease by email.')
--  #elseif ("$!name" == '' && "$!email" == '')
--    #set ($statusCode = 400)
++  #set ($spamScore = 0)
++
++  ## Honeypot: real users should never fill this field.
++  #if ("$!contactWebsite" != '')
++    #set ($spamScore = $spamScore + 5)
++  #end
++
++  ## Submission timing check.
++  #if ("$!startedAtRaw" == '')
++    ## The field is expected from the real form, so missing it is suspicious.
++    #set ($spamScore = $spamScore + 2)
++  #else
++    #set ($startedAt = $numbertool.toNumber($startedAtRaw))
++    #if ("$!startedAt" == '')
++      #set ($spamScore = $spamScore + 2)
++    #else
++      #set ($now = $datetool.systemDate.time)
++      #set ($elapsed = $now - $startedAt)
++
++      ## Reject very fast submissions.
++      #if ($elapsed > 0 && $elapsed < 10000)
++        #set ($spamScore = $spamScore + 3)
++      #end
++    #end
++  #end
++
++  ## Random-looking name: long single token.
++  #if ($name.length() >= 16 && !$name.contains(' '))
++    #set ($spamScore = $spamScore + 2)
++  #end
++
++  ## Random-looking project description: long single token.
++  #if ($scope.length() >= 12 && !$scope.contains(' '))
++    #set ($spamScore = $spamScore + 2)
++  #end
++
++  ## Suspicious email local part with many dots and tiny fragments.
++  #set ($emailParts = $email.split('@'))
++  #if ($emailParts.size() == 2)
++    #set ($localPart = $emailParts[0])
++    #set ($localFragments = $localPart.split('\.'))
++    #set ($dotCount = $localFragments.size() - 1)
++    #set ($oneCharFragments = 0)
++
++    #foreach ($fragment in $localFragments)
++      #if ($fragment.length() == 1)
++        #set ($oneCharFragments = $oneCharFragments + 1)
++      #end
++    #end
++
++    #if ($dotCount >= 4 && $oneCharFragments >= 3)
++      #set ($spamScore = $spamScore + 2)
++    #end
++  #else
++    #set ($spamScore = $spamScore + 2)
++  #end
++
++  ## Human-facing validation.
++  #if ("$!name" == '' && "$!email" == '')
      #set ($message = 'Please enter your name and email.')
    #elseif ("$!name" == '')
--    #set ($statusCode = 400)
      #set ($message = 'Please enter your name.')
    #elseif ("$!email" == '')
--    #set ($statusCode = 400)
      #set ($message = 'Please enter your email address.')
++  #elseif ("$!scope" == '' || $scope.length() < 30)
++    #set ($message = 'Please add a short description of your XWiki project, question or issue.')
++  #elseif ($spamScore >= 3)
++    #set ($message = 'The request could not be sent. Please add a clearer description of your XWiki request or contact Agnease by email.')
    #else
      #try('contactException')
        #set ($now = $datetool.get('yyyyMMddHHmm'))
@@ -39,11 +39,18 @@
        #set ($random = $mathtool.random(100000, 999999))
        #set ($uniqueName = "ContactRequest-${now}-${random}")
        #set ($contactRequestDoc = $xwiki.getDocumentAsAuthor('ContactRequests.' + $uniqueName))
--      #set ($contactRequestObj = $contactRequestDoc.getObject('Agnease.Code.ContactRequest.ContactRequestClass', true))
++      #set ($contactRequestObj = $contactRequestDoc.getObject($className, true))
++      ## Save only known ContactRequest fields.
        #foreach ($parameterName in $request.parameterNames)
--        #set ($propertyName = $parameterName.split('_0_')[1])
--        #set ($discard = $contactRequestObj.set($propertyName, $request.get($parameterName)))
++        #set ($propertyParts = $parameterName.split('_0_'))
++        #if ($propertyParts.size() > 1)
++          #set ($propertyName = $propertyParts[1])
++
++          #if ($allowedProperties.contains($propertyName))
++            #set ($discard = $contactRequestObj.set($propertyName, $request.get($parameterName)))
++          #end
++        #end
        #end
        #set ($discard = $contactRequestDoc.saveAsAuthor())
@@ -112,7 +112,7 @@
            <div class="contact-hp-wrapper" aria-hidden="true">
              <label for="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite">Website</label>
              <input
--              id="contactWebsite"
++              id="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite"
                type="text"
                name="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite"
                autocomplete="off"
@@ -119,7 +119,7 @@
                tabindex="-1"
              />
            </div>
--          <input type="hidden" name="Agnease.Code.ContactRequest.ContactRequestClass_0_contactStartedAt" value="$datetool.getsystemDate.time" />
++          <input type="hidden" name="Agnease.Code.ContactRequest.ContactRequestClass_0_contactStartedAt" value="$datetool.systemDate.time" />
            <input id="contactSubmit" type="submit" class="btn btn-primary" value="Send my request">
          </form>
        #end