From 2393b5fcb60aec1028bba1d279093a4f3f29cf71 Mon Sep 17 00:00:00 2001 From: Andrew Garrett Date: Tue, 20 Nov 2007 08:34:59 +0000 Subject: [PATCH] * Ensure that rate-limiting is applied to rollbacks. * Make a better rate-limiting error message (i.e. a normal MW error, rather than an "Internal Server Error"). --- RELEASE-NOTES | 3 +++ includes/Article.php | 8 ++++++++ includes/EditPage.php | 2 +- includes/OutputPage.php | 15 +++++++++++---- languages/messages/MessagesEn.php | 2 ++ 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index c813cfa1b2..d9d871f134 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -170,6 +170,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN fix) was faulty. Now fixed. * Fixed wpReason URL parameter to action=delete. * Do not force a password for account creation by email +* Ensure that rate-limiting is applied to rollbacks. +* Make a better rate-limiting error message (i.e. a normal MW error, + rather than an "Internal Server Error"). === API changes in 1.12 === diff --git a/includes/Article.php b/includes/Article.php index 8f72108dac..e982410c8a 100644 --- a/includes/Article.php +++ b/includes/Article.php @@ -47,6 +47,7 @@ class Article { const BAD_TITLE = 5; // $this is not a valid Article const ALREADY_ROLLED = 6; // Someone else already rolled this back. $from and $summary will be set const ONLY_AUTHOR = 7; // User is the only author of the page + const RATE_LIMITED = 8; /** * Constructor and clear the article @@ -2243,6 +2244,10 @@ class Article { if( !$wgUser->matchEditToken( $token, array( $this->mTitle->getPrefixedText(), $fromP ) ) ) return self::BAD_TOKEN; + if ( $wgUser->pingLimiter('rollback') || $wgUser->pingLimiter() ) { + return self::RATE_LIMITED; + } + $dbw = wfGetDB( DB_MASTER ); # Get the last editor @@ -2379,6 +2384,9 @@ class Article { $wgOut->setPageTitle( wfMsg( 'rollbackfailed' ) ); $wgOut->addHtml( wfMsg( 'cantrollback' ) ); break; + case self::RATE_LIMITED: + $wgOut->rateLimited(); + break; case self::SUCCESS: $current = $details['current']; $target = $details['target']; diff --git a/includes/EditPage.php b/includes/EditPage.php index 3526061620..682939c093 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -2130,7 +2130,7 @@ END if( $value == self::AS_SUCCESS_UPDATE || $value == self::AS_SUCCESS_NEW_ARTICLE ) { $this->didSave = true; } - + switch ($value) { case self::AS_HOOK_ERROR_EXPECTED: diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 25385f0da8..db91c148e4 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -1337,10 +1337,17 @@ class OutputPage { */ public function rateLimited() { global $wgOut; - $wgOut->disable(); - wfHttpError( 500, 'Internal Server Error', - 'Sorry, the server has encountered an internal error. ' . - 'Please wait a moment and hit "refresh" to submit the request again.' ); + + $this->setPageTitle(wfMsg('actionthrottled')); + $this->setRobotPolicy( 'noindex,nofollow' ); + $this->setArticleRelated( false ); + $this->enableClientCache( false ); + $this->mRedirect = ''; + $this->clearHTML(); + $this->setStatusCode(503); + $this->addWikiText( wfMsg('actionthrottledtext') ); + + $this->returnToMain( false, $wgTitle ); } /** diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index b4f9811efc..87eda82086 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -787,6 +787,8 @@ Function: $1
Query: $2', 'viewsource' => 'View source', 'viewsourcefor' => 'for $1', +'actionthrottled' => 'Action Throttled', +'actionthrottledtext' => "As an anti-spam measure, you are limited from performing this action too many times in a short space of time, and you have exceeded this limit. Please try again in a few minutes.", 'protectedpagetext' => 'This page has been locked to prevent editing.', 'viewsourcetext' => 'You can view and copy the source of this page:', 'protectedinterface' => 'This page provides interface text for the software, and is locked to prevent abuse.', -- 2.20.1