As supplied by the developer, the Bad Behavior core supports the insertion of Javascript code in each page's <head> for the purpose of verifying that any POST submissions came from the originating site, and not an external form. To date, this function/feature has not been implemented in the Drupal badbehavior module.

I submit the following code to implement the Screener function in future badbehavior contrib modules, or alternately, as an available patch:

In badbehavior.module (6.x-2.222), starting at line 71, I propose the following code revisions:

/**
 * Implements hook_init().
 *
 * Stops Bad Behavior from loading on all pages if we are logged in.
 */
function badbehavior_init() {
  if ($GLOBALS['user']->uid) {
    badbehavior_start_badbehavior();
  }
// Adds CSS to hide Project Honey Pot QuickLink link in the footer of every page.
  drupal_add_css(drupal_get_path('module', 'badbehavior') .'/badbehavior.css');
// Adds Screener Javascript to page <head>.
  drupal_add_js(bb2_insert_head(), 'inline');
}

// Screener
function bb2_insert_head() {
  global $bb2_javascript;
  $bb2_javascript = preg_replace("'<script.*--\n's","",$bb2_javascript);
  $bb2_javascript = preg_replace("'\n//.*script>\n'","",$bb2_javascript);
  return $bb2_javascript;
}

This code and function calls insert the following Javascript in the page <head>:

<script type="text/javascript">
<!--//--><![CDATA[//><!--
function bb2_addLoadEvent(func) {
	var oldonload = window.onload;
	if (typeof window.onload != 'function') {
		window.onload = func;
	} else {
		window.onload = function() {
			oldonload();
			func();
		}
	}
}

bb2_addLoadEvent(function() {
	for ( i=0; i < document.forms.length; i++ ) {
		if (document.forms[i].method == 'post') {
			var myElement = document.createElement('input');
			myElement.setAttribute('type', 'hidden');
			myElement.name = 'bb2_screener_';
			myElement.value = '1333777541 xx.xx.xx.xx xx.xx.xx.xx xx.xx.xx.xx';
			document.forms[i].appendChild(myElement);
		}
	}
});		
//--><!]]>
</script>

Where xx.xx.xx.xx equals the host and client IP addresses.

A slightly modified code addition works fine in D5.23/BB2.0.45, and I would assume that similar code could be used in D7.

I hope this is all done properly according to Drupal protocol, this is the first time I've submitted an issue for review.

Comments

Mr. Sharkey’s picture

Version: 6.x-2.222 » 6.x-2.x-dev

Maybe this issue would get more attention if it was referenced to the development version?

Mr. Sharkey’s picture

Status: Active » Closed (won't fix)

Four weeks and no replies, no action, no nothing? Once again, the Drupal community doesn't fail to disappoint.

gregarios’s picture

Status: Closed (won't fix) » Postponed (maintainer needs more info)

There is some question as to whether the JavaScript screener function is flawless in the BB scripting at the source. I submitted a comment on their website but have not received any response as of yet. Nothing against your work at all, but if the JavaScript doesn't work perfectly on all platforms or browsers then your work will not be implemented by me, and the fallback cookie function will remain the default.

gregarios’s picture

Status: Postponed (maintainer needs more info) » Closed (won't fix)
gregarios’s picture

Issue summary: View changes

Changed up some code tags