Legoktm has uploaded a new change for review.
https://gerrit.wikimedia.org/r/158311
Change subject: Set a ratelimit of one global merge per minute per user
......................................................................
Set a ratelimit of one global merge per minute per user
Change-Id: I180a94dcc961f349c9e509c3b14abe155af65515
---
M i18n/en.json
M i18n/qqq.json
M specials/SpecialGlobalUserMerge.php
3 files changed, 29 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/11/158311/1
diff --git a/i18n/en.json b/i18n/en.json
index 7c8e746..f015d23 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -383,5 +383,6 @@
"action-centralauth-usermerge": "globally merge multiple users",
"right-centralauth-usermerge": "Globally merge multiple users",
"centralauth-usermerge-confirm": "Do you really want to globally merge
these users?",
- "centralauth-usermerge-toomany": "Only {{PLURAL:$1|user|users}} can be
merged at once."
+ "centralauth-usermerge-toomany": "Only {{PLURAL:$1|user|users}} can be
merged at once.",
+ "centralauth-usermerge-ratelimited": "As a security measure, you are
only allowed to globally merge a user once per minute. Please try again after
one minute."
}
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 53c1ae0..6839ad3 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -416,5 +416,6 @@
"action-centralauth-usermerge": "{{doc-action|centralauth-usermerge}}",
"right-centralauth-usermerge": "{{doc-right|centralauth-usermerge}}",
"centralauth-usermerge-confirm": "Confirmation message displayed in a
JavaScript alert before the form is submitted.\n\nSee also:\n*
{{msg-mw|Centralauth-rename-confirm}}",
- "centralauth-usermerge-toomany": "Error message shown when a user tries
to merge more than the maximum number of users. $1 is the maximum number of
users that can be merged."
+ "centralauth-usermerge-toomany": "Error message shown when a user tries
to merge more than the maximum number of users. $1 is the maximum number of
users that can be merged.",
+ "centralauth-usermerge-ratelimited": "Error message shown when a user
hits the rate limit of one global merge per minute."
}
diff --git a/specials/SpecialGlobalUserMerge.php
b/specials/SpecialGlobalUserMerge.php
index 05da17a..ca98889 100644
--- a/specials/SpecialGlobalUserMerge.php
+++ b/specials/SpecialGlobalUserMerge.php
@@ -123,6 +123,27 @@
}
/**
+ * Implement a rudimentary rate limiting system,
+ * we can't use User::pingLImiter() because stewards
+ * have the "noratelimit" userright
+ *
+ * Hardcoded to allow 1 merge per 60 seconds
+ *
+ * @return bool true if we should let the user proceed
+ */
+ private function checkRateLimit() {
+ $cache = wfGetCache( CACHE_ANYTHING );
+ $key = 'centralauth:usermerge:' . md5(
$this->getUser()->getName() );
+ $found = $cache->get( $key );
+ if ( $found === false ) {
+ $cache->set( $key, true, 60 );
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
* @param array $data
* @return Status
*/
@@ -132,6 +153,10 @@
return Status::newFatal(
'centralauth-usermerge-invalidname' );
}
+ if ( !$this->checkRateLimit() ) {
+ return Status::newFatal(
'centralauth-usermerge-ratelimited' );
+ }
+
$this->newUsername = $newUser->getName();
$oldCAUsers = array_map( function( $name ) {
--
To view, visit https://gerrit.wikimedia.org/r/158311
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I180a94dcc961f349c9e509c3b14abe155af65515
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: Legoktm <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
