Even though it's possible to go into the configuration options for the module and change the field name, I still feel it's a bug to have the default name be "homepage." The comment form uses a field named homepage (at least for an anonymous commenter) that needs to be validated and is used to create a link to the person commenting. The comment form's field won't work properly when using Honeypot with the default settings. Therefore, I suggest that the default be changed so that people won't always have to go in and change it. Many people probably wouldn't even realize the conflict that is occurring.
How about choosing a default value of something like "viewpoint" since it's still general but not likely to be used by other modules?
I'm happy to write a patch if we can agree on a new default value.
I have not checked whether this is an issue in D6.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | 1811244-default-honeypot-field-1.patch | 3.45 KB | fizk |
Comments
Comment #1
geerlingguy commentedThanks for the bug report; I haven't noticed a problem on the comment form, though I don't know if I've used Honeypot on a site with anonymous comments yet... So I'll have to try it.
I might also want to make sure we test honeypot on a comment form, so automated testing catches bugs like this.
I want the field name to still be something that spam bots couldn't refuse to fill in, like website, or URL... They love fields like that, but might ignore innocent things like "nickname".
Comment #2
fizk commentedLooking at the HTML, Drupal's Homepage field is:
<input type="text" id="edit-homepage" name="homepage" value="" size="30" maxlength="255" class="form-text">and Honeypot has:
<input autocomplete="off" type="text" id="edit-homepage--2" name="homepage" value="" size="20" maxlength="128" class="form-text">so they're conflicting on the name attribute. This didn't prevent me from successfully submitting a comment, but it might throw someone of if they've written Javascript that acts on input elements with name="homepage".
I suggest making the default honeypot name "email". It won't conflict with Drupal's mail field:
<input type="text" id="edit-mail" name="mail" value="" size="30" maxlength="64" class="form-text">Comment #3
fizk commentedHere's a patch.
Comment #4
fizk commentedComment #5
geerlingguy commentedHow about changing the field name to 'website' or 'url' instead of 'homepage'? I think having it be 'email' wouldn't be quite as helpful, because spammers don't care to fill out that field as much as a field with any kind of URL in it...
Any way we go, we'll run into the same issue that some forms will have an existing field with the same name (thus, the field is configurable :).
I would rather the field be a more enticing trap (like website, url, homepage, etc.) than have it not conflict.
Comment #6
fizk commentedReally? Conflicting names would be a bug IMHO.
Comment #7
geerlingguy commentedThe trouble is, with the incredible number of forms out there (including user-generated forms, like those built by webform and custom node types), there's always going to be a risk that we conflict with a field name on some form.
So, the best option has to have the following aspects (ranked in order of importance):
Comment #8
geerlingguy commentedI decided to switch to 'url', since it doesn't conflict with anything in core. As a default, I think it's pretty safe. Obviously, this will conflict for some people on custom forms with fields named "url", but I would imagine this will be relatively rare otherwise, because core fields (from the Field API) are always prefixed with a 'field-[name]').
Commit for 6.x: http://drupalcode.org/project/honeypot.git/commit/8ff9222
Commit for 7.x: http://drupalcode.org/project/honeypot.git/commit/7365cc4
Comment #9.0
(not verified) commentedclarify when the homepage field is presented