Index: app/controllers/issues_controller.rb
===================================================================
--- app/controllers/issues_controller.rb (revision 2851)
+++ app/controllers/issues_controller.rb (working copy)
@@ -154,14 +154,18 @@
requested_status = IssueStatus.find_by_id(params[:issue][:status_id])
# Check that the user is allowed to apply the requested status
@issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status
- if @issue.save
- attach_files(@issue, params[:attachments])
- flash[:notice] = l(:notice_successful_create)
- call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
- redirect_to(params[:continue] ? { :action => 'new', :tracker_id => @issue.tracker } :
- { :action => 'show', :id => @issue })
- return
- end
+ if User.current.logged? || simple_captcha_valid?
+ if @issue.save
+ attach_files(@issue, params[:attachments])
+ flash[:notice] = l(:notice_successful_create)
+ call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
+ redirect_to(params[:continue] ? { :action => 'new', :tracker_id => @issue.tracker } :
+ { :action => 'show', :id => @issue })
+ return
+ end
+ else
+ flash.now[:error] = "Invalid captcha"
+ end
end
@priorities = IssuePriority.all
render :layout => !request.xhr?
@@ -187,25 +191,29 @@
@issue.attributes = attrs
end
- if request.post?
- @time_entry = TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
- @time_entry.attributes = params[:time_entry]
- attachments = attach_files(@issue, params[:attachments])
- attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
+ if User.current.logged? || simple_captcha_valid?
+ if request.post?
+ @time_entry = TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
+ @time_entry.attributes = params[:time_entry]
+ attachments = attach_files(@issue, params[:attachments])
+ attachments.each {|a| journal.details << JournalDetail.new(:property => 'attachment', :prop_key => a.id, :value => a.filename)}
- call_hook(:controller_issues_edit_before_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
+ call_hook(:controller_issues_edit_before_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
- if (@time_entry.hours.nil? || @time_entry.valid?) && @issue.save
- # Log spend time
- if User.current.allowed_to?(:log_time, @project)
- @time_entry.save
+ if (@time_entry.hours.nil? || @time_entry.valid?) && @issue.save
+ # Log spend time
+ if User.current.allowed_to?(:log_time, @project)
+ @time_entry.save
+ end
+ if !journal.new_record?
+ # Only send notification if something was actually changed
+ flash[:notice] = l(:notice_successful_update)
+ end
+ call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
+ redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
end
- if !journal.new_record?
- # Only send notification if something was actually changed
- flash[:notice] = l(:notice_successful_update)
- end
- call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
- redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
+ else
+ flash.now[:error] = "Invalid captcha"
end
end
rescue ActiveRecord::StaleObjectError
Index: app/controllers/application.rb
===================================================================
--- app/controllers/application.rb (revision 2851)
+++ app/controllers/application.rb (working copy)
@@ -19,6 +19,7 @@
require 'cgi'
class ApplicationController < ActionController::Base
+ include SimpleCaptcha::ControllerHelpers
include Redmine::I18n
# In case the cookie store secret changes
Index: app/views/issues/_form.rhtml
===================================================================
--- app/views/issues/_form.rhtml (revision 2851)
+++ app/views/issues/_form.rhtml (working copy)
@@ -50,6 +50,7 @@
<% if @issue.new_record? %>
<%= render :partial => 'attachments/form' %>
+<%= show_simple_captcha %>
<% end %>
<% if @issue.new_record? && User.current.allowed_to?(:add_issue_watchers, @project) -%>
Index: app/views/issues/_edit.rhtml
===================================================================
--- app/views/issues/_edit.rhtml (revision 2851)
+++ app/views/issues/_edit.rhtml (working copy)
@@ -38,6 +38,7 @@
<%= call_hook(:view_issues_edit_notes_bottom, { :issue => @issue, :notes => @notes, :form => f }) %>
<%=l(:label_attachment_plural)%>
<%= render :partial => 'attachments/form' %>
+ <%= show_simple_captcha %>
Index: config/routes.rb
===================================================================
--- config/routes.rb (revision 2851)
+++ config/routes.rb (working copy)
@@ -255,6 +255,7 @@
# Install the default route as the lowest priority.
map.connect ':controller/:action/:id'
+ map.simple_captcha '/simple_captcha/:action', :controller => 'simple_captcha'
map.connect 'robots.txt', :controller => 'welcome', :action => 'robots'
# Used for OpenID
map.root :controller => 'account', :action => 'login'
Index: config/environment.rb
===================================================================
--- config/environment.rb (revision 2851)
+++ config/environment.rb (working copy)
@@ -49,4 +49,6 @@
# Define your email configuration in email.yml instead.
# It will automatically turn deliveries on
config.action_mailer.perform_deliveries = false
+
+ config.action_controller.session = { :session_key => "_app_session", :secret => "some secret phrase of at least 30 characters pouet" }
end
Index: public/.htaccess
===================================================================
--- public/.htaccess (revision 2851)
+++ public/.htaccess (working copy)
@@ -33,6 +33,8 @@
# Alias /myrailsapp /path/to/myrailsapp/public
# RewriteBase /myrailsapp
+#RewriteBase /
+
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f