jenkins-bot has submitted this change and it was merged.
Change subject: Add throttle for newsletter creations
......................................................................
Add throttle for newsletter creations
Autoconfirmed users are allowed to create newsletters by default. This is a
pretty low user access level and could be abused easily. For instance, a
determined vandal could create lots of newsletters with abusive content
in a short period of time. To reduce the number of such cases, add a rate limit
for newsletter creations. By default, it is limited to 3 newsletter creations
per hour.
Change-Id: Ia8da7055340163f4bdb4eb32857fd60952b400b3
---
M extension.json
M includes/specials/SpecialNewsletterCreate.php
2 files changed, 14 insertions(+), 2 deletions(-)
Approvals:
01tonythomas: Looks good to me, approved
jenkins-bot: Verified
diff --git a/extension.json b/extension.json
index d6a5cb8..2d7392d 100644
--- a/extension.json
+++ b/extension.json
@@ -23,6 +23,11 @@
"newsletter-manage": true
}
},
+ "RateLimits": {
+ "newsletter": {
+ "user": [ 3, 3600 ]
+ }
+ },
"SpecialPages": {
"NewsletterCreate": "SpecialNewsletterCreate",
"NewsletterManage": "SpecialNewsletterManage",
diff --git a/includes/specials/SpecialNewsletterCreate.php
b/includes/specials/SpecialNewsletterCreate.php
index 0a8c2dd..a77d049 100644
--- a/includes/specials/SpecialNewsletterCreate.php
+++ b/includes/specials/SpecialNewsletterCreate.php
@@ -8,7 +8,6 @@
*/
class SpecialNewsletterCreate extends FormSpecialPage {
-
public function __construct() {
parent::__construct( 'NewsletterCreate', 'newsletter-create' );
}
@@ -70,6 +69,13 @@
return array( 'newsletter-create-mainpage-error' );
}
+ $user = $this->getUser();
+ if ( $user->pingLimiter( 'newsletter' ) ) {
+ // Default user access level for creating a newsletter
is quite low
+ // so add a throttle here to prevent abuse (eg. mass
vandalism spree)
+ throw new ThrottledError;
+ }
+
$articleId = $mainTitle->getArticleId();
if ( isset( $data['name'] ) &&
@@ -85,12 +91,13 @@
);
if ( !$newsletterAdded ) {
+ // @todo FIXME: This shouldn't be thrown for
main page key collisions
return array( 'newsletter-exist-error' );
}
$newsletter = $db->getNewsletterForPageId( $articleId );
- $this->autoSubscribe( $newsletter->getId(),
$this->getUser()->getId() );
+ $this->autoSubscribe( $newsletter->getId(),
$user->getId() );
return true;
}
--
To view, visit https://gerrit.wikimedia.org/r/255400
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia8da7055340163f4bdb4eb32857fd60952b400b3
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/extensions/Newsletter
Gerrit-Branch: master
Gerrit-Owner: Glaisher <[email protected]>
Gerrit-Reviewer: 01tonythomas <[email protected]>
Gerrit-Reviewer: Addshore <[email protected]>
Gerrit-Reviewer: Glaisher <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
