-
Notifications
You must be signed in to change notification settings - Fork 8
/
History.txt
66 lines (57 loc) · 3.56 KB
/
History.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
=== 2.0.1 2012-01-20
* Bugfix
* Params always emty (#2). In certain situations, BotAway would prefill the request.parameters hash and this
was conflicting with Rails because once the parameters hash exists, Rails won't add path parameters (such
as :id) to it. Now, BotAway checks request.POST directly so that Rails can fill request.parameters as usual.
=== 2.0.0 2012-01-13
* Bumped major version number to signify that the version for Rails v2.x is no longer under active development.
Use v1.2.x under Rails 2. BotAway now officially supports only Rails 3.0.x and up.
* Enhancements:
* Removed sc-core-ext as a dependency, reducing bloat.
* Added BotAway::TestCase and friends, in case you need to do some spec'ing of your own. Just include the modules
and away you go!
* Added I18n support! BotAway supports English language for 3 honeypot warnings out of the box. See README for
customization instructions.
* Honeypot warning messages are constructed as reversed, unicode-escaped strings displayed within right-to-left
directional tags (which are standard in HTML 4 and should be recognized by all browsers), so that in the unlikely
event a bot can figure out what your I18n locale's "don't fill this in" text means, it'll also have to figure out
how to read the text in reverse after unescaping the unicode characters. Obviously, human users won't have this
problem.
* To disable obfuscation of the honeypot warning messages (that is, serve them as plain left-to-right text), add
the line `BotAway.obfuscate_honeypot_warning_messages = false` to `config/initializers/bot-away.rb`.
* Bugfix
* Select tag options untainted (#1). Select tags now produce html-safe options tags, so they don't culminate
in mass confusion.
=== 1.2.0 2010-10-14
* Enhancements:
* Rails 3 / RSpec 2 support! Yay!
* ActionController::Request#accepts_unfiltered_params has been removed. Use BotAway#accepts_unfiltered_params instead.
* Exclusion of bot-filtering on a per-controller, per-action and/or per-runmode basis is now possible via
BotAway#disabled_for
=== 1.1.0 2010-06-21
* Enhancements:
* ActionController::Request.accepts_unfiltered_params is now accessible as BotAway.accepts_unfiltered_params
* BotAway.show_honeypots = true will show honeypots as visible elements within the form, for debugging.
* BotAway.dump_params = true will dump the params hash as it was before BotAway modified it, for debugging.
* BotAway will no longer generate hashes for, or disguise, elements whose names have been added to
BotAway.unfiltered_params. This should resolve issues where JavaScript is involved (case in point:
Calendar Date Select).
* Bugfix:
* Resolved: Unfiltered params were not matched if they were of differing types (ie Symbol vs String). This caused
problems in particular with Calendar Date Select.
=== 1.0.3 2010-06-13
* Bugfixes:
* Resolved: On or before Rails 2.3.8, honeypots were generated as escaped HTML. This was because Rails started
using ActiveSupport::SafeBuffer to generate the content, and Bot-Away did not. (It does now.)
=== 1.0.2 2010-04-02
* Bugfixes:
* Resolved: Would sometimes generate honeypot tabindex of 0 instead of -1, interfering with keyboard operations
=== 1.0.1 2010-04-02
* 2 minor enhancements:
* ActionController::Request.accepts_unfiltered_params creates an array of params that will not be checked
* Took all honeypots out of the keyboard tab order using randomized negative indexes.
* Bugfixes:
* Empty select tags no longer raise errors
=== 0.0.1 2010-03-24
* 1 major enhancement:
* Initial release