Glaisher has uploaded a new change for review.
https://gerrit.wikimedia.org/r/255400
Change subject: Add throttle for newsletter creations
......................................................................
Add throttle for newsletter creations
Autoconfirmed users are allowed to create newsletters by default. This is a
pretty low user access level and could be abused easily. For instance, a
determined vandal could create lots of newsletters with abusive content
in a short period of time. To reduce the number of such cases, add a rate limit
for newsletter creations. By default, it is limited to 3 newsletter creations
per hour.
Change-Id: Ia8da7055340163f4bdb4eb32857fd60952b400b3
---
M extension.json
M includes/specials/SpecialNewsletterCreate.php
2 files changed, 15 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Newsletter
refs/changes/00/255400/1
diff --git a/extension.json b/extension.json
index 6a83a20..c10598f 100644
--- a/extension.json
+++ b/extension.json
@@ -23,6 +23,12 @@
"newsletter-manage": true
}
},
+ "RateLimits": {
+ "newsletter":
+ {
+ "user": [ 3, 3600 ]
+ }
+ },
"SpecialPages": {
"NewsletterCreate": "SpecialNewsletterCreate",
"NewsletterManage": "SpecialNewsletterManage",
diff --git a/includes/specials/SpecialNewsletterCreate.php
b/includes/specials/SpecialNewsletterCreate.php
index 8994823..b7e6db0 100644
--- a/includes/specials/SpecialNewsletterCreate.php
+++ b/includes/specials/SpecialNewsletterCreate.php
@@ -8,7 +8,6 @@
*/
class SpecialNewsletterCreate extends FormSpecialPage {
-
public function __construct() {
parent::__construct( 'NewsletterCreate', 'newsletter-create' );
}
@@ -68,6 +67,13 @@
return array( 'newsletter-create-mainpage-error' );
}
+ $user = $this->getUser();
+ if ( $user->pingLimiter( 'newsletter' ) ) {
+ // Default user access level for creating a newsletter
is quite low
+ // so add a throttle here to prevent abuse (eg. mass
vandalism spree)
+ throw new ThrottledError;
+ }
+
$articleId = $mainTitle->getArticleId();
if ( isset( $data['name'] ) &&
@@ -83,12 +89,13 @@
);
if ( !$newsletterAdded ) {
+ // @todo FIXME: This shouldn't be thrown for
main page key collisions
return array( 'newsletter-exist-error' );
}
$newsletter = $db->getNewsletterForPageId( $articleId );
- $this->autoSubscribe( $newsletter->getId(),
$this->getUser()->getId() );
+ $this->autoSubscribe( $newsletter->getId(),
$user->getId() );
return true;
}
--
To view, visit https://gerrit.wikimedia.org/r/255400
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia8da7055340163f4bdb4eb32857fd60952b400b3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Newsletter
Gerrit-Branch: master
Gerrit-Owner: Glaisher <glaisher.w...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
