Contrib.social

Configurable placeholder label

Open on Drupal.org β†’
Created on 16 May 2016, over 8 years ago
Updated 15 August 2024, 3 months ago

Problem/Motivation

Currently, the placeholder label "Leave this field blank" is not configurable, which makes it very easy for someone to modify a bot to detect this string and subsequently circumvent all Honeypot-protected fields for all Drupal sites that use it.

This issue was previously highlighted in https://www.drupal.org/node/1833192 β†’ , which had a much broader scope and was closed as a result.

Proposed resolution

  1. provides the functionality for users to change the default string through;
  2. integrates with the internationalization (i18n) module, if available, to allow for the user-inputted strings to be translated;
  3. allows users to add multiple strings for the placeholder label, which would be randomized when the a form is loaded.

Remaining tasks

  • Rewrite for Drupal 8
  • Add testing

User interface changes

Adds to the admin interface and changes user facing form elements.

API changes

None.

Data model changes

Adds a new variable.

✨ Feature request
Status

Needs work

Version

2.2

Component

Code

Created by

πŸ‡¨πŸ‡¦Canada zread

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 7 months ago β†’
    neilsky

    Hi all, I'm re-submitting this old feature request because the current Honeypot version for D10, as good as it is, still hasn't addressed this issue.

    It is clear from several websites I run that smarter bots are figuring out the FIXED label text "Leave this field blank" is easy to program the bot to NOT fill out the form field and therefore submission is successful. Still get spam (albeit less than unprotected).

    Can I suggest at least a first-step addition of a user-configurable Honeypot field label text, before anything fancier is attempted?

    Thanks everyone for the great work.

  • Comment 7 months ago β†’
    neilsky

    I can confirm that after manually editing the "Leave this field blank" text in the code files of Honeypot both D7 and D9/10 versions, that my sites have changed from several spam submissions a day, to not a single one in the week since the edits.

    This adds siginficant weight to at least the most simple of Honeypot updates: allowing Admin to change the text of the don't-fill-this-in advisory label, to their own custom text.

  • Comment 3 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States tr Cascadia
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024