(bug 5370) Allow throttling of password reminder requests with the rate limiter

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index fc3a93e..eeb9fcb 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -255,6 +255,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Ignore the user and user talk namespaces on Special:Wantedpages
 * Introduce NUMBEROFPAGES magic word
 * (bug 5833) Introduce CURRENTVERSION magic word
+* (bug 5370) Allow throttling of password reminder requests with the rate limiter
 
 == Compatibility ==
 

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index be28ae0..9837bce 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1823,6 +1823,9 @@ $wgRateLimits = array(
                'ip'     => null,
                'subnet' => null,
                ),
+       'mailpassword' => array(
+               'anon' => NULL,
+               ),
        );
 
 /**

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index 65ff6e2..748ba33 100644 (file)
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -364,6 +364,14 @@ class LoginForm {
         * @private
         */
        function mailPassword() {
+               global $wgUser, $wgOut;
+               
+               # Check against the rate limiter
+               if( $wgUser->pingLimiter( 'mailpassword' ) ) {
+                       $wgOut->rateLimited();
+                       return;
+               }
+       
                if ( '' == $this->mName ) {
                        $this->mainLoginForm( wfMsg( 'noname' ) );
                        return;