Adi.iiita has uploaded a new change for review.
https://gerrit.wikimedia.org/r/123836
Change subject: LQT should not accept duplicate post
......................................................................
LQT should not accept duplicate post
Bug: 29786
Change-Id: I9d07979bc30364f84f724c121805bd597910d6ea
---
M api/ApiThreadAction.php
M classes/View.php
M lqt.js
3 files changed, 68 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LiquidThreads
refs/changes/36/123836/1
diff --git a/api/ApiThreadAction.php b/api/ApiThreadAction.php
index 67b4a84..2b63463 100644
--- a/api/ApiThreadAction.php
+++ b/api/ApiThreadAction.php
@@ -35,7 +35,7 @@
// Find the appropriate module
$actions = $this->getActions();
-
+
$method = $actions[$action];
call_user_func_array( array( $this, $method ), array( $threads,
$params ) );
@@ -233,6 +233,15 @@
$this->dieUsage( 'The talkpage you specified is
invalid, or does not ' .
'have discussion threading enabled.',
'invalid-talkpage' );
}
+
+ if( $params['formToken'] == "" )
+ $this->dieUsage( 'Missing form token' );
+ elseif( !($this->checkFormToken( $params['formToken'] ) ) ) {
+ $this->dieUsage( 'This form has already been submitted'
);
+ } else {
+ $this->appendFormToken( $params['formToken'] );
+ }
+
$talkpage = new Article( $talkpageTitle, 0 );
// Check if we can post.
@@ -350,6 +359,14 @@
'no-specified-threads' );
}
+ if( $params['formToken'] == "" )
+ $this->dieUsage( 'Missing form token' );
+ elseif( !($this->checkFormToken( $params['formToken'] ) ) ) {
+ $this->dieUsage( 'This form has already been submitted'
);
+ } else {
+ $this->appendFormToken( $params['formToken'] );
+ }
+
$thread = array_pop( $threads );
$talkpage = $thread->article();
@@ -456,6 +473,7 @@
public function actionReply( $threads, $params ) {
// Validate thread parameter
+
if ( count( $threads ) > 1 ) {
$this->dieUsage( 'You may only reply to one thread at a
time',
'too-many-threads' );
@@ -463,6 +481,15 @@
$this->dieUsage( 'You must specify a thread to reply
to',
'no-specified-threads' );
}
+
+ if( $params['formToken'] == "" )
+ $this->dieUsage( 'Missing form token' );
+ elseif( !($this->checkFormToken( $params['formToken'] ) ) ) {
+ $this->dieUsage( 'This form has already been submitted'
);
+ } else {
+ $this->appendFormToken( $params['formToken'] );
+ }
+
$replyTo = array_pop( $threads );
// Check if we can reply to that thread.
@@ -904,6 +931,30 @@
return true;
}
+ // Used to prevent double submittion of form.
+ public function checkFormToken( $formToken ) {
+ $request = $this->getRequest();
+ $formTokens = $request->getSessionData( 'formToken' );
+
+ if( $formTokens === null ) {
+ $arr = array();
+ $request->setSessionData( 'formToken', $arr );
+ return true;
+ }
+
+ if(in_array( $formToken, $formTokens) )
+ return false;
+ else
+ return true;
+ }
+
+ public function appendFormToken( $formToken ) {
+ $request = $this->getRequest();
+ $formTokens = $request->getSessionData( 'formToken' );
+ array_push( $formTokens, $formToken );
+ $request->setSessionData( 'formToken', $formTokens );
+ }
+
public function getTokenSalt() {
return '';
}
@@ -930,6 +981,7 @@
'value' => null,
'method' => null,
'operand' => null,
+ 'formToken' => null,
);
}
diff --git a/classes/View.php b/classes/View.php
index 9486a62..cf891eb 100644
--- a/classes/View.php
+++ b/classes/View.php
@@ -527,7 +527,8 @@
$e->editFormTextBeforeContent .=
$this->perpetuate( 'lqt_method', 'hidden' ) .
$this->perpetuate( 'lqt_operand', 'hidden' ) .
- Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32
) );
+ Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32
) ) .
+ Html::hidden( 'lqt_formToken',
MWCryptRand::generateHex( 6 ) );
$e->mShowSummaryField = false;
@@ -642,6 +643,7 @@
$this->perpetuate( 'lqt_method', 'hidden' ) .
$this->perpetuate( 'lqt_operand', 'hidden' ) .
Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32
) ) .
+ Html::hidden( 'lqt_formToken',
MWCryptRand::generateHex( 6 ) ) .
Html::hidden( 'offset', $offset ) .
Html::hidden( 'wpMinorEdit', '' );
@@ -757,6 +759,7 @@
$this->perpetuate( 'lqt_method', 'hidden' ) .
$this->perpetuate( 'lqt_operand', 'hidden' ) .
Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32
) ) .
+ Html::hidden( 'lqt_formToken',
MWCryptRand::generateHex( 6 ) ) .
Html::hidden( 'offset', $offset );
list( $signatureEditor, $signatureHTML ) =
$this->getSignatureEditor( $thread );
@@ -847,6 +850,7 @@
$this->perpetuate( 'lqt_method', 'hidden' ) .
$this->perpetuate( 'lqt_operand', 'hidden' ) .
Html::hidden( 'lqt_nonce', MWCryptRand::generateHex( 32
) ) .
+ Html::hidden( 'lqt_formToken',
MWCryptRand::generateHex( 6 ) ) .
Html::hidden( 'offset', $offset );
$e->edit();
diff --git a/lqt.js b/lqt.js
index 4597c17..ea828f2 100644
--- a/lqt.js
+++ b/lqt.js
@@ -866,6 +866,7 @@
'handleAJAXSave' : function ( e ) {
var editform = $( this ).closest( '.lqt-edit-form' );
var type = editform.find( 'input[name=lqt_method]' ).val();
+ var formToken = editform.find( 'input[name=lqt_formToken]'
).val();
var wikiEditorContext = editform.find( '#wpTextbox1' ).data(
'wikiEditor-context' );
var text;
@@ -979,7 +980,7 @@
};
if ( type === 'reply' ) {
- liquidThreads.doReply( replyThread, text, summary,
+ liquidThreads.doReply( replyThread, text, formToken,
summary,
doneCallback, bump, signature,
errorCallback );
e.preventDefault();
@@ -988,12 +989,12 @@
if ( !page ) {
page = $( $( '[lqt_talkpage]' )[0] ).attr(
'lqt_talkpage' ); // A couple of elements have this attribute, it doesn't
matter which
}
- liquidThreads.doNewThread( page, subject, text, summary,
+ liquidThreads.doNewThread( page, subject, formToken,
text, summary,
doneCallback, bump, signature,
errorCallback );
e.preventDefault();
} else if ( type === 'edit' ) {
- liquidThreads.doEditThread( replyThread, subject, text,
summary,
+ liquidThreads.doEditThread( replyThread, subject,
formToken, text, summary,
doneCallback, bump, signature,
errorCallback );
e.preventDefault();
}
@@ -1019,13 +1020,14 @@
} );
},
- 'doNewThread' : function ( talkpage, subject, text, summary,
doneCallback, bump, signature, errorCallback ) {
+ 'doNewThread' : function ( talkpage, subject, formToken, text, summary,
doneCallback, bump, signature, errorCallback ) {
var newTopicParams = {
action : 'threadaction',
threadaction : 'newthread',
talkpage : talkpage,
subject : subject,
text : text,
+ formToken: formToken,
token : mw.user.tokens.get( 'editToken' ),
render : '1',
reason : summary,
@@ -1046,12 +1048,13 @@
( new mw.Api() ).post( newTopicParams ).done( doneCallback
).fail( errorCallback );
},
- 'doReply' : function ( thread, text, summary, callback, bump, signature
) {
+ 'doReply' : function ( thread, text, formToken, summary, callback,
bump, signature ) {
var replyParams = {
action : 'threadaction',
threadaction : 'reply',
thread : thread,
text : text,
+ formToken : formToken,
token : mw.user.tokens.get( 'editToken' ),
render : '1',
reason : summary,
@@ -1073,7 +1076,7 @@
( new mw.Api() ).post( replyParams ).done( callback );
},
- 'doEditThread' : function ( thread, subject, text, summary,
+ 'doEditThread' : function ( thread, subject, formToken, text, summary,
callback, bump, signature ) {
var request = {
action : 'threadaction',
@@ -1084,6 +1087,7 @@
reason : summary,
bump : bump,
subject : subject,
+ formToken : formToken,
token : mw.user.tokens.get( 'editToken' )
};
--
To view, visit https://gerrit.wikimedia.org/r/123836
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9d07979bc30364f84f724c121805bd597910d6ea
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/LiquidThreads
Gerrit-Branch: master
Gerrit-Owner: Adi.iiita <aditya.iiita...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
