core23 / antispam-bundle
This bundle provides some basic features to reduce spam in symfony forms.
Fund package maintenance!
core23
Opencollective
Ko-Fi
Other
Installs: 13 231
Dependents: 0
Suggesters: 0
Security: 0
Stars: 52
Watchers: 2
Forks: 10
Open Issues: 7
Type:symfony-bundle
Requires
- php: ^8.1
- ext-pcre: *
- symfony/config: ^6.4 || ^7.0
- symfony/dependency-injection: ^6.4 || ^7.0
- symfony/event-dispatcher: ^6.4 || ^7.0
- symfony/expression-language: ^6.4 || ^7.0
- symfony/form: ^6.4 || ^7.0
- symfony/framework-bundle: ^6.4 || ^7.0
- symfony/http-foundation: ^6.4 || ^7.0
- symfony/http-kernel: ^6.4 || ^7.0
- symfony/options-resolver: ^6.4 || ^7.0
- symfony/translation-contracts: ^1.1 || ^2.0 || ^3.0
- twig/twig: ^2.4 || ^3.0
Requires (Dev)
- ergebnis/composer-normalize: ^2.0.1
- symfony/browser-kit: ^6.4 || ^7.0
- symfony/console: ^6.4 || ^7.0
- symfony/translation: ^6.4 || ^7.0
- symfony/twig-bundle: ^6.4 || ^7.0
- symfony/yaml: ^6.4 || ^7.0
This package is auto-updated.
Last update: 2024-04-22 20:21:02 UTC
README
This bundle provides some basic features to reduce spam in Symfony.
Features
-
Honeypot protection for forms: An additional "hidden" (i.e. made invisible with CSS) field will be added to your form. Whoever fills out this field, is considered to be a spambot.
-
Time protection for forms: The time between displaying the form and submitting the form is measured. Anybody who submits the form quicker than a certain number of seconds, is considered to be a spambot. The timestamp is stored in the session.
-
Email address obfuscation filter for Twig: To prevent spam harvest bots from detecting your email address, they are obfuscated by e.g. replacing
@with[AT]. The filter will find email addresses automatically, so you can apply it to your entire text.
Installation
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
composer require nucleos/antispam-bundle
Enable the Bundle
In older versions of Symfony, you need to enable it manually:
// config/bundles.php return [ // ... Nucleos\AntiSpamBundle\NucleosAntiSpamBundle::class => ['all' => true], ];
Usage
Form based protection
In a controller:
$this->createForm(CustomFormType:class, null, [ // Time protection 'antispam_time' => true, 'antispam_time_min' => 10, // seconds 'antispam_time_max' => 60, // Honeypot protection 'antispam_honeypot' => true, 'antispam_honeypot_class' => 'hide-me', 'antispam_honeypot_field' => 'email-repeat', ])
In a form class:
class MyType extends AbstractType { // ... public function configureOptions(OptionsResolver $resolver): void { $resolver->setDefaults([ // ... 'antispam_time' => true, 'antispam_time_min' => 10, // same as above ]); } }
Twig email address obfuscation
The Twig filter antispam replaces @ by e.g. [AT].
{# Replace plain text #} {{ text|antispam }} {# Replace rich text mails #} {{ htmlText|antispam(true) }}
If you want a JavaScript decoding for the encoded email addresses, you should use the AntiSpam.js library:
document.addEventListener('DOMContentLoaded', () => { new AntiSpam('.custom_class'); });
It is recommended to use webpack / webpack-encore
to include the JavaScript library in your page. This file is located in the assets folder.
Configure the Bundle
Create a configuration file called nucleos_antispam.yaml:
# config/packages/nucleos_antispam.yaml nucleos_antispam: # Twig mail filter twig: mail: css_class: 'custom_class' at_text: [ '[AT]', '(AT)', '[ÄT]' ] dot_text: [ '[DOT]', '(DOT)', '[.]' ] # Time protection time: min: 5 max: 3600 global: true # This will add antispam to all forms # Honeypot protection honeypot: field: 'email_address' class: 'hidden' global: false provider: 'nucleos_antispam.provider.session' when@test: nucleos_antispam: time: # This will allow you to submit forms in your tests without having to fake the wait min: 0
License
This bundle is under the MIT license.