Serendipity Forums

User and developer community
https://board.s9y.org/

Spam Protector Plugin - Comments - wrong error message

https://board.s9y.org/viewtopic.php?t=3572

Page 1 of 1

Spam Protector Plugin - Comments - wrong error message

Posted: Fri Nov 18, 2005 10:55 am
by bpkri
When you don't fill all required fields for a comment, youget an error replay like this:
You did not specify the name field!

Your comment could not be added, because comments for this entry have been disabled.
This is obviously wrong. Comments for this entry have not been disabled, so this error message should not be displayed.

Posted: Fri Nov 18, 2005 11:39 am
by bpkri
While I am at it:

if you specify several fields for your comments to be filled in - for example name and email, and the user forgets to fill in both, the error message should also list EACH missing field and not only the first one.

So if you specify in the spam protector plugin, that name and email should be filled, and a user doesn't fill out both he will only get this error message:

You did not specify the name field!
Your comment could not be added, because comments for this entry have been disabled.

But he should be notified of the missing email field, too.

Posted: Fri Nov 18, 2005 12:17 pm
by garvinhicking
The last message is a generic message that tells you "Entry not saved". It is a bit unprecise, I agree. But then again, we did not want to give spammers a too exact clue on some reasons why a comment could not be submitted, so thus we use a generic error message for all failures (plus some specific errors like the "missing XXX field").

The spamblock plugin works each anti-spam measurement one by one and aborts on the first hit to save performance, so your suggestion of multiple missing fields would require a change in the logic of that...This wouldn't be too hard, though.

Best regards,
Garvin

Posted: Fri Nov 18, 2005 1:10 pm
by bpkri
hmm, but not only are you targetting spammers with this way to look at things, but also normal, legitimate users, which should not happen.

For a spammer it is quite easy to solve this problem anyway, by providing as much fake information as possible - I don't think this kind of hint will hinder them significantly as processes there are mostly automated anyways. The other rules in the spam-protector plugin provide a way better way to stop spam without hindering a normal user - and if this is not enough, the additional blacklist plugins provide further protection.

I think under this light (can I say that in english?) it should be more important to improve usability for all users, than to hinder spam attacks.

Posted: Fri Nov 18, 2005 1:13 pm
by garvinhicking
Basically we would need to replace the error message just to "Your message could not be added, because either entries for this comment are closed or you have failed to pass anti-spam methods or you entered incorrect data"?

This can be translated easily in english, but for other langauges it might take some time before each translator picks it up. But I'll implement this wording in the english version, if you think it's okay?

Regards,
Garvin

Posted: Fri Nov 18, 2005 3:03 pm
by bpkri
Hmm I think that is general and precise enough :)

Posted: Mon Nov 21, 2005 11:44 am
by garvinhicking
Great, just committed a new wording :)

Regards,
Garvin
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited