GitLab

We don't really care if they pound the page with incorrect captcha or other
fields, so let's only check the IP rate limit if they fill out the fields
correctly. That way we don't get as many errors emailed to us.

We've been getting what we think is a lot of spam from one of the Tor exit
nodes, so we want to try a captcha on the subscription page to see if it calms
down.

Issue #46281

We're getting a ton of subscription request errors from the rate limiter
and they seem to be coming from a Tor exit node. I'm curious to see how
many of these are getting confirmed to get some idea about whether these
are legitimate requests or not.

The campaign is over for this year, so we can shut off the constant
campaign totals fetching. They complained last year when I didn't shut
it off.

We're actually getting results that indicate someone is sending lots of
requests to the /subscription-request thing. I want to print out more
details in the log to see if we can get an idea if this is legitimate
traffic or not.

Issue #44700

If you started the rate limiter for an IP address and then let it sit
for awhile, you could get the $allowance to build up over the rate
limit for a small amount of time.

Issue #44827

An attacker could use the /subscribe form to send tons of emails to
anyone's email address. We want to limit that so it doesn't cause
problem. This limits it to 10 emails per 6 hours. It's actually doing it
by rate, so once you hit the limit of 10, then you can send another one
about 36 minutes after that and keep sending one every 36 minutes.

Issue #44700

We need to be able to get the IP address for the request. I wanted to
use a library so that we can handle the case where the app gets moved
behind a proxy. Right now the ip-address-middleware is configured to
ignore the proxy (X-Forwarded-For) addresses because client can spoof
those, but if we do put it behind a proxy then we can trust the header
(assuming the proxy is configured correctly) and we just need to change
the arguments to the constructor in src/middleware.php to adjust for the
proxy.

Sarah asked to have us turn off the counters immediately, so I'm just
setting it to this time which just passed.

Eastern.

We have confirmation that the desired end time of the matching campaign
is end of day Dec 31 2019 in Pacific Time, not the current Eastern
US Time.

Issue #43359

Compliance company's original instructions for the Georgia state
disclosure were ambiguous about whose contact information ought to be
displayed. Client requested an update after clarifying.

Reversal of the 44008 ticket change.

Issue #44054

This widget was added on the page on Sarah's request to be
taken down today.

Issue #44054

Sarah asked us to put this iframe on the cryptocurrency page.

Issue #44008

Issue #43939

Minimum donation to be reported is $20k from $5k. The State
Disclosures for Georgia phone number is now included.

Issue #43939

Some of these unicode characters make the translation script spit out
warnings. We can use these alternatives.

Before the counter starts with 1 to create dynamic effect,
but currently the background of the counter has changed,
leaving the 1 very visible. We're changing these 0 to 1.

Issue #43959

Issue #43939

The green color for resolved character is bright, and so is the
unresolved color. Now the unresolved cahracter color is dark.

Issue #43959

The client would like a revision to the FAQ page and a new
page for the state registration disclosures.

Issue #43939

Input from Antonela.
Includes changes to the counter styling.
Changed lime hex code (styling) and matching header, post EoY2019.
Removed deprecated link for snail mail, bitcoin and stock.
Include transaction.pot

Issue #43495
Issue #43480
Issue #43603
Issue #43607

A utf-8 emdash was causinga warning with the translation stuff.

Sometimes styling requires hard refresh to appear right from
browsers where the site is visited before and look broken to the
visitors. This line of code avoids that.

Issue #43514

Header of these 2 pages will be different for EoY2019 campaign,
so there should be a class to differentiate them for styling
purposes.
Now the main page has an extra class cryptocurrency-main and the
thank you page cryptocurrency-thank-you.

Part of the End of Year 2019 campaign change.

Issue #43457

Issue #43360

T-Shirt Pack should be Take back the internet with Tor AND
Strength in Numbers, not PDR.

Issue #43320

Code review implementation.

Issue #43405

- Header changes for the EOY2019 campaign on landing page and the
cryptocurrency page.
- Change of perk option logic on both monthly-giving and landing page.
Starting soon, the perks are going to be handled by fulfillment
facility, no more options for the T Shirt Packs.
Change metatag for End Of Year 2019 campaign sharing.
Part of the EoY 2019 campaign changes.
- Remove $10 on landing page for one time donation, default to $125.
The client asked for this change to be applied when doing the
review for EoY 2019 campaign on staging.
Make image width larger for EoY2019 campaign header. #43402

Issue #43101

In commit b54c94ef

so this reference needs to be updated.

Issue #43319

Issue #39911

This reverts commit a716ada2.

Issue #39911

Issue #39917