Changes for page Get in Touch About Your XWiki Project

Last modified by Agnease on 2026/06/16 17:18

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Children
- Content
- Comments
- Attachments
- History
- Information
- Likes

From 16.12 to 16.13 From 16.57 to 16.58

From version 16.13

edited by Agnease
on 2026/05/28 08:13

Change comment: There is no comment for this version

To version 16.57

edited by Agnease
on 2026/06/16 17:18

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)
Objects (2 modified, 0 added, 0 removed)
- XWiki.JavaScriptExtension[0]
- XWiki.StyleSheetExtension[0]

Details

Page properties

Content

@@ -3,27 +3,113 @@
    #set ($statusCode = 400)
    #set ($message = 'The request could not be sent. Please try again or contact Agnease by email at alex@agnease.com.')
++  #set ($className = 'Agnease.Code.ContactRequest.ContactRequestClass')
++  #set ($allowedProperties = [
++    'scope',
++    'alreadyUseXWiki',
++    'name',
++    'email',
++    'hosting',
++    'customDevelopment',
++    'timeline',
++    'users'
++  ])
++
    #set ($name = '')
    #set ($email = '')
++  #set ($scope = '')
++  #set ($contactWebsite = '')
++  #set ($startedAtRaw = '')
++  ## Extract only the values we need for validation.
    #foreach ($parameterName in $request.parameterNames)
--    #set ($propertyName = $parameterName.split('_0_')[1])
--    #if ($propertyName == 'name')
--      #set ($name = $stringtool.trim($request.get($parameterName)))
--    #elseif ($propertyName == 'email')
--      #set ($email = $stringtool.trim($request.get($parameterName)))
++    #set ($propertyParts = $parameterName.split('_0_'))
++    #if ($propertyParts.size() > 1)
++      #set ($propertyName = $propertyParts[1])
++      #set ($propertyValue = $stringtool.trim($request.get($parameterName)))
++
++      #if ($propertyName == 'name')
++        #set ($name = $propertyValue)
++      #elseif ($propertyName == 'email')
++        #set ($email = $propertyValue)
++      #elseif ($propertyName == 'scope')
++        #set ($scope = $propertyValue)
++      #elseif ($propertyName == 'contactWebsite')
++        #set ($contactWebsite = $propertyValue)
++      #elseif ($propertyName == 'contactStartedAt')
++        #set ($startedAtRaw = $propertyValue)
++      #end
      #end
    #end
++  #set ($spamScore = 0)
++
++  ## Honeypot: real users should never fill this field.
++  #if ("$!contactWebsite" != '')
++    #set ($spamScore = $spamScore + 5)
++  #end
++
++  ## Submission timing check.
++  #if ("$!startedAtRaw" == '')
++    ## The field is expected from the real form, so missing it is suspicious.
++    #set ($spamScore = $spamScore + 2)
++  #else
++    #set ($startedAt = $numbertool.toNumber($startedAtRaw))
++    #if ("$!startedAt" == '')
++      #set ($spamScore = $spamScore + 2)
++    #else
++      #set ($now = $datetool.systemDate.time)
++      #set ($elapsed = $now - $startedAt)
++
++      ## Reject very fast submissions.
++      #if ($elapsed > 0 && $elapsed < 10000)
++        #set ($spamScore = $spamScore + 3)
++      #end
++    #end
++  #end
++
++  ## Random-looking name: long single token.
++  #if ($name.length() >= 16 && !$name.contains(' '))
++    #set ($spamScore = $spamScore + 2)
++  #end
++
++  ## Random-looking project description: long single token.
++  #if ($scope.length() >= 12 && !$scope.contains(' '))
++    #set ($spamScore = $spamScore + 2)
++  #end
++
++  ## Suspicious email local part with many dots and tiny fragments.
++  #set ($emailParts = $email.split('@'))
++  #if ($emailParts.size() == 2)
++    #set ($localPart = $emailParts[0])
++    #set ($localFragments = $localPart.split('\.'))
++    #set ($dotCount = $localFragments.size() - 1)
++    #set ($oneCharFragments = 0)
++
++    #foreach ($fragment in $localFragments)
++      #if ($fragment.length() == 1)
++        #set ($oneCharFragments = $oneCharFragments + 1)
++      #end
++    #end
++
++    #if ($dotCount >= 4 && $oneCharFragments >= 3)
++      #set ($spamScore = $spamScore + 2)
++    #end
++  #else
++    #set ($spamScore = $spamScore + 2)
++  #end
++
++  ## Human-facing validation.
    #if ("$!name" == '' && "$!email" == '')
--    #set ($statusCode = 400)
      #set ($message = 'Please enter your name and email.')
    #elseif ("$!name" == '')
--    #set ($statusCode = 400)
      #set ($message = 'Please enter your name.')
    #elseif ("$!email" == '')
--    #set ($statusCode = 400)
      #set ($message = 'Please enter your email address.')
++  #elseif ("$!scope" == '' || $scope.length() < 30)
++    #set ($message = 'Please add a short description of your XWiki project, question or issue.')
++  #elseif ($spamScore >= 3)
++    #set ($message = 'The request could not be sent. Please add a clearer description of your XWiki request or contact Agnease by email.')
    #else
      #try('contactException')
        #set ($now = $datetool.get('yyyyMMddHHmm'))
@@ -30,11 +30,18 @@
        #set ($random = $mathtool.random(100000, 999999))
        #set ($uniqueName = "ContactRequest-${now}-${random}")
        #set ($contactRequestDoc = $xwiki.getDocumentAsAuthor('ContactRequests.' + $uniqueName))
--      #set ($contactRequestObj = $contactRequestDoc.getObject('Agnease.Code.ContactRequest.ContactRequestClass', true))
++      #set ($contactRequestObj = $contactRequestDoc.getObject($className, true))
++      ## Save only known ContactRequest fields.
        #foreach ($parameterName in $request.parameterNames)
--        #set ($propertyName = $parameterName.split('_0_')[1])
--        #set ($discard = $contactRequestObj.set($propertyName, $request.get($parameterName)))
++        #set ($propertyParts = $parameterName.split('_0_'))
++        #if ($propertyParts.size() > 1)
++          #set ($propertyName = $propertyParts[1])
++
++          #if ($allowedProperties.contains($propertyName))
++            #set ($discard = $contactRequestObj.set($propertyName, $request.get($parameterName)))
++          #end
++        #end
        #end
        #set ($discard = $contactRequestDoc.saveAsAuthor())
@@ -99,7 +99,18 @@
              #end
            </dl>
            <p class="xHint">* Your information will only be used to respond to this request.</p>
--          ##<p>Your information will only be used to respond to this request. See the Privacy Policy for details.</p>
++          ## Hidden fields to catch requests filled by bots.
++          <div class="contact-hp-wrapper" aria-hidden="true">
++            <label for="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite">Website</label>
++            <input
++              id="contactWebsite"
++              type="text"
++              name="Agnease.Code.ContactRequest.ContactRequestClass_0_contactWebsite"
++              autocomplete="off"
++              tabindex="-1"
++            />
++          </div>
++          <input type="hidden" name="Agnease.Code.ContactRequest.ContactRequestClass_0_contactStartedAt" value="$datetool.systemDate.time" />
            <input id="contactSubmit" type="submit" class="btn btn-primary" value="Send my request">
          </form>
        #end

XWiki.JavaScriptExtension[0]

code

@@ -9,28 +9,28 @@
    form.on('submit', function (event) {
      event.preventDefault();
--    var data = $.param(form.serializeArray());
++    // Always reset notifications before starting a new request.
++    successBox.addClass('hidden');
++    errorBox.addClass('hidden');
++    successBox.find('.box div p').text('');
++    errorBox.find('.box div p').text('');
      submitButton.prop('disabled', true);
      $.post({
        url: serviceURL,
--      data: data
++      data: $.param(form.serializeArray())
      }).done(function (data) {
--      var successBoxContent = successBox.find('.box div p');
--      successBoxContent.text(data.message);
--      successBox.toggleClass('hidden');
--      if (errorBox.is(':visible')) {
--        errorBox.toggleClass('hidden');
--      }
++      console.log(data)
++      successBox.find('.box div p').text(data.message);
++      successBox.removeClass('hidden');
        form[0].reset();
      }).fail(function (xhr) {
--      var errorBoxContent = errorBox.find('.box div p');
--      errorBoxContent.text(xhr.statusText);
--      errorBox.toggleClass('hidden');
--      if (successBox.is(':visible')) {
--        successBox.toggleClass('hidden');
--      }
++      console.log('fail' + xhr)
++      var message = xhr.responseJSON && xhr.responseJSON.message ? xhr.responseJSON.message
++        : 'The request could not be sent. Please try again or contact Agnease by email at alex@agnease.com';
++      errorBox.find('.box div p').text(message);
++      errorBox.removeClass('hidden');
      }).always(function () {
        submitButton.prop('disabled', false);
      });

XWiki.StyleSheetExtension[0]

code

@@ -66,3 +66,11 @@
    color: @brand;
    font-weight: 700;
  }
++/* CSS for hidden field to identify requests filled by bots. */
++.contact-hp-wrapper {
++  position: absolute;
++  left: -9999px;
++  width: 1px;
++  height: 1px;
++  overflow: hidden;
++}