Add a approve-if-email-previously-approved setting.
Automatically approve comments by an email address if that address has had a comment approved within the last 6 months. No ownership verification is done on the entered email address. This means that if someone is able to guess correctly the email address used by a previously approved author, they will be able to have their new comment auto-approved.
This commit is contained in:
Charl P. Botha (X1E)
Jelmer Vernooij
parent
9eaaad4775
commit
2e8cb81179
@ -124,6 +124,7 @@ Enable moderation queue and handling of comments still in moderation queue
|
|||||||
|
|
||||||
[moderation]
|
[moderation]
|
||||||
enabled = false
|
enabled = false
|
||||||
|
approve-if-email-previously-approved = false
|
||||||
purge-after = 30d
|
purge-after = 30d
|
||||||
|
|
||||||
enabled
|
enabled
|
||||||
@ -131,6 +132,13 @@ enabled
|
|||||||
Comments in moderation queue are not visible to other users until you
|
Comments in moderation queue are not visible to other users until you
|
||||||
activate them.
|
activate them.
|
||||||
|
|
||||||
|
approve-if-email-previously-approved
|
||||||
|
automatically approve comments by an email address if that address has
|
||||||
|
had a comment approved within the last 6 months. No ownership verification
|
||||||
|
is done on the entered email address. This means that if someone is able
|
||||||
|
to guess correctly the email address used by a previously approved author,
|
||||||
|
they will be able to have their new comment auto-approved.
|
||||||
|
|
||||||
purge-after
|
purge-after
|
||||||
remove unprocessed comments in moderation queue after given time.
|
remove unprocessed comments in moderation queue after given time.
|
||||||
|
|
||||||
|
|||||||
@ -81,6 +81,25 @@ class Comments:
|
|||||||
' mode=1',
|
' mode=1',
|
||||||
'WHERE id=? AND mode=2'], (id, ))
|
'WHERE id=? AND mode=2'], (id, ))
|
||||||
|
|
||||||
|
def is_previously_approved_author(self, email):
|
||||||
|
"""
|
||||||
|
Search for previously activated comments with this author email.
|
||||||
|
"""
|
||||||
|
|
||||||
|
# if the user has not entered email, email is None, in which case we can't check if they have previous comments
|
||||||
|
if email is not None:
|
||||||
|
# search for any activated comments within the last 6 months by email
|
||||||
|
# this SQL should be one of the fastest ways of doing this check
|
||||||
|
# https://stackoverflow.com/questions/18114458/fastest-way-to-determine-if-record-exists
|
||||||
|
rv = self.db.execute([
|
||||||
|
'SELECT CASE WHEN EXISTS(',
|
||||||
|
' select * from comments where email=? and mode=1 and ',
|
||||||
|
' created > strftime("%s", DATETIME("now", "-6 month"))',
|
||||||
|
') THEN 1 ELSE 0 END;'], (email,)).fetchone()
|
||||||
|
return rv[0] == 1
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
def unsubscribe(self, email, id):
|
def unsubscribe(self, email, id):
|
||||||
"""
|
"""
|
||||||
Turn off email notifications for replies to this comment.
|
Turn off email notifications for replies to this comment.
|
||||||
|
|||||||
@ -132,6 +132,8 @@ class API(object):
|
|||||||
|
|
||||||
self.conf = isso.conf.section("general")
|
self.conf = isso.conf.section("general")
|
||||||
self.moderated = isso.conf.getboolean("moderation", "enabled")
|
self.moderated = isso.conf.getboolean("moderation", "enabled")
|
||||||
|
# this is similar to the wordpress setting "Comment author must have a previously approved comment"
|
||||||
|
self.approve_if_email_previously_approved = isso.conf.getboolean("moderation", "approve-if-email-previously-approved")
|
||||||
|
|
||||||
self.guard = isso.db.guard
|
self.guard = isso.db.guard
|
||||||
self.threads = isso.db.threads
|
self.threads = isso.db.threads
|
||||||
@ -294,6 +296,11 @@ class API(object):
|
|||||||
raise Forbidden(reason)
|
raise Forbidden(reason)
|
||||||
|
|
||||||
with self.isso.lock:
|
with self.isso.lock:
|
||||||
|
# if email-based auto-moderation enabled, check for previously approved author
|
||||||
|
# right before approval.
|
||||||
|
if self.approve_if_email_previously_approved and self.comments.is_previously_approved_author(data['email']):
|
||||||
|
data['mode'] = 1
|
||||||
|
|
||||||
rv = self.comments.add(uri, data)
|
rv = self.comments.add(uri, data)
|
||||||
|
|
||||||
# notify extension, that the new comment has been successfully saved
|
# notify extension, that the new comment has been successfully saved
|
||||||
|
|||||||
@ -71,6 +71,16 @@ password = please_choose_a_strong_password
|
|||||||
# them.
|
# them.
|
||||||
enabled = false
|
enabled = false
|
||||||
|
|
||||||
|
# with moderation enabled, automatically approve new comments by an
|
||||||
|
# author if they've had comments approved within the last 6 months
|
||||||
|
# Note: No verification is done on the email addresses entered by commenters.
|
||||||
|
# This means that if someone is able to guess correctly the email address used
|
||||||
|
# by a previously approved author, they will be able to have their new comment
|
||||||
|
# auto-approved. For this reason, we recommend that you also activate SMTP
|
||||||
|
# notification if you activate this option, so that you will see
|
||||||
|
# auto-approved comments as they get posted.
|
||||||
|
approve-if-email-previously-approved = false
|
||||||
|
|
||||||
# remove unprocessed comments in moderation queue after given time.
|
# remove unprocessed comments in moderation queue after given time.
|
||||||
purge-after = 30d
|
purge-after = 30d
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user