[Olpc-sysadmin] Trac spam.
Michael Stone
michael at laptop.org
Sun Aug 23 14:09:12 EDT 2009
Dear sysadmins,
I received a bunch of trac spam from user 'sunrise1'.
In response, I deleted user 'sunrise1' and removed all its edits.
Regards,
Michael
Notes:
I first tried running
DELETE FROM ticket_changes WHERE author = 'sunrise1';
from the trac reports interface, which would have been nice and fast, but,
unfortunately, this method fails because of the exact way that queries are
interpeted through that interface.
I succeeded, instead, with a plain SELECT query to identify tickets with
changes by sunrise1:
SELECT ticket FROM ticket_changes WHERE author = 'sunrise1';
with several Firefox utilities,
squarefree shell bookmarklet
firebug
xpather
and with two custom javascript bookmarklets named
'open tickets'
javascript:
var ticketLinks = document.evaluate(
"/html/body/div[@id='main']/div[@id='content']/table/tbody/tr/td/a",
document,
null,
XPathResult.ORDERED_NODE_ITERATOR_TYPE,
null);
var link=ticketLinks.iterateNext();
while (link != null)
{
var arr = link.href.split(/\//g);
arr.splice(arr.length-2, 0, "admin");
arr.splice(arr.length-1, 0, "comments");
window.open(arr.join("/"), "");
link = ticketLinks.iterateNext();
}
and
'nuke sunrise'
javascript:
var maybeBtn = document.evaluate(
"/html/body/div[@id='main']/div[@id='content']"
+ "/div[@id='tabcontent']/form/table/tbody/"
+ "tr[contains(td[2]/b, 'sunrise1')]/td[3]/input",
document,
null,
XPathResult.FIRST_ORDERED_NODE_TYPE,
null);
var btn = maybeBtn.singleNodeValue;
btn.click()
which use XPath and Javascript to find all the ticket URLs, to calculate and
open the URLs of the tickets' "delete changes" interfaces, to locate the
appropriate "delete changes" button on these interface pages, and to click the
buttons.
Conclusion: this is an interestingly flexible if painfully manual third way to
script the trac interface separate from running SQL directly against the
database and from the XML-RPC interface.
More information about the Olpc-sysadmin
mailing list