Adi.iiita has uploaded a new change for review. https://gerrit.wikimedia.org/r/123836
Change subject: LQT should not accept duplicate post ...................................................................... LQT should not accept duplicate post Bug: 29786 Change-Id: I9d07979bc30364f84f724c121805bd597910d6ea --- M api/ApiThreadAction.php M classes/View.php M lqt.js 3 files changed, 68 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LiquidThreads refs/changes/36/123836/1 diff --git a/api/ApiThreadAction.php b/api/ApiThreadAction.php index 67b4a84..2b63463 100644 --- a/api/ApiThreadAction.php +++ b/api/ApiThreadAction.php @@ -35,7 +35,7 @@ // Find the appropriate module $actions = $this->getActions(); - + $method = $actions[$action]; call_user_func_array( array( $this, $method ), array( $threads, $params ) ); @@ -233,6 +233,15 @@ $this->dieUsage( 'The talkpage you specified is invalid, or does not ' . 'have discussion threading enabled.', 'invalid-talkpage' ); } + + if( $params['formToken'] == "" ) + $this->dieUsage( 'Missing form token' ); + elseif( !($this->checkFormToken( $params['formToken'] ) ) ) { + $this->dieUsage( 'This form has already been submitted' ); + } else { + $this->appendFormToken( $params['formToken'] ); + } + $talkpage = new Article( $talkpageTitle, 0 ); // Check if we can post. @@ -350,6 +359,14 @@ 'no-specified-threads' ); } + if( $params['formToken'] == "" ) + $this->dieUsage( 'Missing form token' ); + elseif( !($this->checkFormToken( $params['formToken'] ) ) ) { + $this->dieUsage( 'This form has already been submitted' ); + } else { + $this->appendFormToken( $params['formToken'] ); + } + $thread = array_pop( $threads ); $talkpage = $thread->article(); @@ -456,6 +473,7 @@ public function actionReply( $threads, $params ) { // Validate thread parameter + if ( count( $threads ) > 1 ) { $this->dieUsage( 'You may only reply to one thread at a time', 'too-many-threads' ); @@ -463,6 +481,15 @@ $this->dieUsage( 'You must specify a thread to reply to', 'no-specified-threads' ); } + + if( $params['formToken'] == "" ) + $this->dieUsage( 'Missing form token' ); + elseif( !($this->checkFormToken( $params['formToken'] ) ) ) { + $this->dieUsage( 'This form has already been submitted' ); + } else { + $this->appendFormToken( $params['formToken'] ); + } + $replyTo = array_pop( $threads ); // Check if we can reply to that thread. @@ -904,6 +931,30 @@ return true; } + // Used to prevent double submittion of form. + public function checkFormToken( $formToken ) { + $request = $this->getRequest(); + $formTokens = $request->getSessionData( 'formToken' ); + + if( $formTokens === null ) { + $arr = array(); + $request->setSessionData( 'formToken', $arr ); + return true; + } + + if(in_array( $formToken, $formTokens) ) + return false; + else + return true; + } + + public function appendFormToken( $formToken ) { + $request = $this->getRequest(); + $formTokens = $request->getSessionData( 'formToken' ); + array_push( $formTokens, $formToken ); + $request->setSessionData( 'formToken', $formTokens ); + } + public function getTokenSalt() { return ''; } @@ -930,6 +981,7 @@ 'value' => null, 'method' => null, 'operand' => null, + 'formToken' => null, ); } diff --git a/classes/View.php b/classes/View.php index 9486a62..cf891eb 100644 --- a/classes/View.php +++ b/classes/View.php @@ -527,7 +527,8 @@ $e->editFormTextBeforeContent .= $this->perpetuate( 'lqt_method', 'hidden' ) . $this->perpetuate( 'lqt_operand', 'hidden' ) . - Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32 ) ); + Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32 ) ) . + Html::hidden( 'lqt_formToken', MWCryptRand::generateHex( 6 ) ); $e->mShowSummaryField = false; @@ -642,6 +643,7 @@ $this->perpetuate( 'lqt_method', 'hidden' ) . $this->perpetuate( 'lqt_operand', 'hidden' ) . Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32 ) ) . + Html::hidden( 'lqt_formToken', MWCryptRand::generateHex( 6 ) ) . Html::hidden( 'offset', $offset ) . Html::hidden( 'wpMinorEdit', '' ); @@ -757,6 +759,7 @@ $this->perpetuate( 'lqt_method', 'hidden' ) . $this->perpetuate( 'lqt_operand', 'hidden' ) . Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32 ) ) . + Html::hidden( 'lqt_formToken', MWCryptRand::generateHex( 6 ) ) . Html::hidden( 'offset', $offset ); list( $signatureEditor, $signatureHTML ) = $this->getSignatureEditor( $thread ); @@ -847,6 +850,7 @@ $this->perpetuate( 'lqt_method', 'hidden' ) . $this->perpetuate( 'lqt_operand', 'hidden' ) . Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32 ) ) . + Html::hidden( 'lqt_formToken', MWCryptRand::generateHex( 6 ) ) . Html::hidden( 'offset', $offset ); $e->edit(); diff --git a/lqt.js b/lqt.js index 4597c17..ea828f2 100644 --- a/lqt.js +++ b/lqt.js @@ -866,6 +866,7 @@ 'handleAJAXSave' : function ( e ) { var editform = $( this ).closest( '.lqt-edit-form' ); var type = editform.find( 'input[name=lqt_method]' ).val(); + var formToken = editform.find( 'input[name=lqt_formToken]' ).val(); var wikiEditorContext = editform.find( '#wpTextbox1' ).data( 'wikiEditor-context' ); var text; @@ -979,7 +980,7 @@ }; if ( type === 'reply' ) { - liquidThreads.doReply( replyThread, text, summary, + liquidThreads.doReply( replyThread, text, formToken, summary, doneCallback, bump, signature, errorCallback ); e.preventDefault(); @@ -988,12 +989,12 @@ if ( !page ) { page = $( $( '[lqt_talkpage]' )[0] ).attr( 'lqt_talkpage' ); // A couple of elements have this attribute, it doesn't matter which } - liquidThreads.doNewThread( page, subject, text, summary, + liquidThreads.doNewThread( page, subject, formToken, text, summary, doneCallback, bump, signature, errorCallback ); e.preventDefault(); } else if ( type === 'edit' ) { - liquidThreads.doEditThread( replyThread, subject, text, summary, + liquidThreads.doEditThread( replyThread, subject, formToken, text, summary, doneCallback, bump, signature, errorCallback ); e.preventDefault(); } @@ -1019,13 +1020,14 @@ } ); }, - 'doNewThread' : function ( talkpage, subject, text, summary, doneCallback, bump, signature, errorCallback ) { + 'doNewThread' : function ( talkpage, subject, formToken, text, summary, doneCallback, bump, signature, errorCallback ) { var newTopicParams = { action : 'threadaction', threadaction : 'newthread', talkpage : talkpage, subject : subject, text : text, + formToken: formToken, token : mw.user.tokens.get( 'editToken' ), render : '1', reason : summary, @@ -1046,12 +1048,13 @@ ( new mw.Api() ).post( newTopicParams ).done( doneCallback ).fail( errorCallback ); }, - 'doReply' : function ( thread, text, summary, callback, bump, signature ) { + 'doReply' : function ( thread, text, formToken, summary, callback, bump, signature ) { var replyParams = { action : 'threadaction', threadaction : 'reply', thread : thread, text : text, + formToken : formToken, token : mw.user.tokens.get( 'editToken' ), render : '1', reason : summary, @@ -1073,7 +1076,7 @@ ( new mw.Api() ).post( replyParams ).done( callback ); }, - 'doEditThread' : function ( thread, subject, text, summary, + 'doEditThread' : function ( thread, subject, formToken, text, summary, callback, bump, signature ) { var request = { action : 'threadaction', @@ -1084,6 +1087,7 @@ reason : summary, bump : bump, subject : subject, + formToken : formToken, token : mw.user.tokens.get( 'editToken' ) }; -- To view, visit https://gerrit.wikimedia.org/r/123836 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9d07979bc30364f84f724c121805bd597910d6ea Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/LiquidThreads Gerrit-Branch: master Gerrit-Owner: Adi.iiita <aditya.iiita...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits