CodeSOD: The Honeypot
Pitor works for a web development shop. They'll develop and design sites, usually pretty simple ones, for their customers. They'll host them. They'll update them. Every once in awhile, a customer will think "we could do this cheaper in house!" and takes their site and their contract to a cheap webhost.
Sometimes, those customers come back when they realized their mistake.
Thus, when Initech came back, their site was" in a bit of a state. When Pitor's company handed it off, comments were provided by a Facebook plugin. At some point, someone decided that they wanted to use a Django plugin to keep comments entirely in-house, so they "disabled" the Facebook comments. How?
FB.init({ //appId: '1234567890123456789', version: 'v2.8', xfbml: true,});
They just commented out the app ID, thus preventing the plugin from ever properly initializing. At least, that's what they did on the desktop version of the page. On the mobile version, the Facebook plugin still loaded, but they broke something else and it just showed random comments.
This change, of course, brought in new problems. Facebook's ability to filter out spam and bots may not be great, but it's a step above "nothing at all". They needed a way to filter out all those bad comments. So they added this HTML to the comment form:
<li class="control-group input_id_honeypot "> <label for="id_honeypot">If you enter anything in this field your comment will be treated as spam</label> <input type="text" name="honeypot" id="id_honeypot" /> </li>
The whitespace was in the original.
No, this item wasn't set to be invisible. That might have been the intent, at some point, as this StackOverflow question suggests (and presumably, that's where they stole the idea from). That's almost-but-not-really clever, as the most naive spambot is likely to try and fill in every field in the form, without checking if they're visible. Making it actually visible removes even the hint of cleverness, and instead gives the comment form the ambiance of a dirty van with "Free Candy" written on the side.
[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!