From 06e5561545aa789d8fc4f0bbcd1cf5a0d3b64dad Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Mon, 7 Nov 2005 04:14:15 +0000 Subject: [PATCH] Require POST method for action=purge, to prevent bots from hitting it --- RELEASE-NOTES | 1 + includes/Article.php | 32 ++++++++++++++++++++++++++++++++ index.php | 7 +------ languages/Language.php | 4 ++++ 4 files changed, 38 insertions(+), 6 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 8dd1d55f01..dfa0091a05 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -209,6 +209,7 @@ fully support the editing toolbar, but was found to be too confusing. * (bug 2392) Fix Atom items content type, upgrade to Atom 1.0 * Allow $wgFeedCacheTimeout of 0 to disable feed caching * Fix WebRequest::getRequestURL() to strip off the host bits squid prepends +* Require POST for action=purge, to stop bots from purging the cache === Caveats === diff --git a/includes/Article.php b/includes/Article.php index 424929bcc5..4ee9b557c1 100644 --- a/includes/Article.php +++ b/includes/Article.php @@ -912,6 +912,38 @@ class Article { $wgOut->setArticleBodyOnly(true); $this->view(); } + + function purge() { + global $wgRequest, $wgOut, $wgUseSquid; + + if ( $wgRequest->wasPosted() ) { + // Invalidate the cache + $this->mTitle->invalidateCache(); + + if ( $wgUseSquid ) { + // Commit the transaction before the purge is sent + $dbw = wfGetDB( DB_MASTER ); + $dbw->immediateCommit(); + + // Send purge + $update = SquidUpdate::newSimplePurge( $this->mTitle ); + $update->doUpdate(); + } + // Redirect to the article + $wgOut->redirect( $this->mTitle->getFullURL() ); + } else { + $msg = $wgOut->parse( wfMsg( 'confirm_purge' ) ); + $action = $this->mTitle->escapeLocalURL( 'action=purge' ); + $button = htmlspecialchars( wfMsg( 'confirm_purge_button' ) ); + $msg = str_replace( '$1', + "
\n" . + "\n" . + "
\n", $msg ); + + $wgOut->setPageTitle( $this->mTitle->getPrefixedText() ); + $wgOut->addHTML( $msg ); + } + } /** * Insert a new empty page record for this article. diff --git a/index.php b/index.php index 478a0c6f02..da837c9b39 100644 --- a/index.php +++ b/index.php @@ -189,6 +189,7 @@ if( !$wgDisableInternalSearch && !is_null( $search ) && $search !== '' ) { case 'validate': case 'render': case 'deletetrackback': + case 'purge': $wgArticle->$action(); break; case 'print': @@ -250,12 +251,6 @@ if( !$wgDisableInternalSearch && !is_null( $search ) && $search !== '' ) { $raw = new RawPage( $wgArticle ); $raw->view(); break; - case 'purge': - wfPurgeSquidServers(array($wgTitle->getInternalURL())); - $wgOut->setSquidMaxage( $wgSquidMaxage ); - $wgTitle->invalidateCache(); - $wgArticle->view(); - break; default: if (wfRunHooks('UnknownAction', array($action, $wgArticle))) { $wgOut->errorpage( 'nosuchaction', 'nosuchactiontext' ); diff --git a/languages/Language.php b/languages/Language.php index a79a3d5a03..7ec46697b9 100644 --- a/languages/Language.php +++ b/languages/Language.php @@ -2190,6 +2190,10 @@ Please confirm that really want to recreate this article.', # HTML dump 'redirectingto' => 'Redirecting to [[$1]]...', +# action=purge +'confirm_purge' => "Clear the cache of this page?\n\n$1", +'confirm_purge_button' => 'OK', + ); /* a fake language converter */ -- 2.20.1