From caed2785ebfac625d3fef210015c2d04316cd439 Mon Sep 17 00:00:00 2001
From: Rob Church <robchurch@users.mediawiki.org>
Date: Sat, 13 May 2006 17:32:32 +0000
Subject: [PATCH] (bug 5370) Allow throttling of password reminder requests
 with the rate limiter

---
 RELEASE-NOTES                 | 1 +
 includes/DefaultSettings.php  | 3 +++
 includes/SpecialUserlogin.php | 8 ++++++++
 3 files changed, 12 insertions(+)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index fc3a93ec0a..eeb9fcb4ec 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -255,6 +255,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Ignore the user and user talk namespaces on Special:Wantedpages
 * Introduce NUMBEROFPAGES magic word
 * (bug 5833) Introduce CURRENTVERSION magic word
+* (bug 5370) Allow throttling of password reminder requests with the rate limiter
 
 == Compatibility ==
 
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index be28ae0e0f..9837bcec9b 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1823,6 +1823,9 @@ $wgRateLimits = array(
 		'ip'     => null,
 		'subnet' => null,
 		),
+	'mailpassword' => array(
+		'anon' => NULL,
+		),
 	);
 
 /**
diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index 65ff6e2d35..748ba331d7 100644
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -364,6 +364,14 @@ class LoginForm {
 	 * @private
 	 */
 	function mailPassword() {
+		global $wgUser, $wgOut;
+		
+		# Check against the rate limiter
+		if( $wgUser->pingLimiter( 'mailpassword' ) ) {
+			$wgOut->rateLimited();
+			return;
+		}
+	
 		if ( '' == $this->mName ) {
 			$this->mainLoginForm( wfMsg( 'noname' ) );
 			return;
-- 
2.20.1