http://www.mediawiki.org/wiki/Special:Code/MediaWiki/56326

Revision: 56326
Author:   aaron
Date:     2009-09-14 19:34:52 +0000 (Mon, 14 Sep 2009)

Log Message:
-----------
* Rate-limit review
* Improve failure messages
* Use status codes/other minor cleanups

Modified Paths:
--------------
    trunk/extensions/ReaderFeedback/ReaderFeedback.php
    trunk/extensions/ReaderFeedback/language/ReaderFeedback.i18n.php
    trunk/extensions/ReaderFeedback/specialpages/ReaderFeedback_body.php

Modified: trunk/extensions/ReaderFeedback/ReaderFeedback.php
===================================================================
--- trunk/extensions/ReaderFeedback/ReaderFeedback.php  2009-09-14 19:34:18 UTC 
(rev 56325)
+++ trunk/extensions/ReaderFeedback/ReaderFeedback.php  2009-09-14 19:34:52 UTC 
(rev 56326)
@@ -58,6 +58,14 @@
 $wgFeedbackAge = 7 * 24 * 3600;
 # How long before stats page is updated?
 $wgFeedbackStatsAge = 2 * 3600; // 2 hours
+# Limit people from spamming the system
+# (uses count => seconds tuples)
+$wgRateLimits['feedback'] = array(
+       'newbie' => array( 5, 60 ), // for each recent (autoconfirmed) account; 
overrides 'user'
+       'user'   => null, // for each logged-in user
+       'ip'     => array( 5, 60 ), // for each anon and recent account
+       'subnet' => null, // ... with final octet removed
+);
 
 # URL location for readerfeedback.css and readerfeedback.js
 # Use a literal $wgScriptPath as a placeholder for the runtime value of 
$wgScriptPath

Modified: trunk/extensions/ReaderFeedback/language/ReaderFeedback.i18n.php
===================================================================
--- trunk/extensions/ReaderFeedback/language/ReaderFeedback.i18n.php    
2009-09-14 19:34:18 UTC (rev 56325)
+++ trunk/extensions/ReaderFeedback/language/ReaderFeedback.i18n.php    
2009-09-14 19:34:52 UTC (rev 56326)
@@ -34,6 +34,7 @@
        'readerfeedback-main'          => 'Only content pages can be rated.',
        'readerfeedback-success'       => '\'\'\'Thank you for reviewing this 
page!\'\'\' ([$3 Comments or questions?]).',
        'readerfeedback-voted'         => '\'\'\'It appears that you already 
rated this page\'\'\' ([$3 Comments or questions?]).',
+       'readerfeedback-error'         => '\'\'\'An error has occurred while 
rating this page\'\'\' ([$3 Comments or questions?]).',
        'readerfeedback-submitting'    => 'Submitting …',
        'readerfeedback-finished'      => 'Thank you!',
        'readerfeedback-tagfilter'     => 'Tag:',

Modified: trunk/extensions/ReaderFeedback/specialpages/ReaderFeedback_body.php
===================================================================
--- trunk/extensions/ReaderFeedback/specialpages/ReaderFeedback_body.php        
2009-09-14 19:34:18 UTC (rev 56325)
+++ trunk/extensions/ReaderFeedback/specialpages/ReaderFeedback_body.php        
2009-09-14 19:34:52 UTC (rev 56326)
@@ -6,6 +6,10 @@
 
 class ReaderFeedbackPage extends UnlistedSpecialPage
 {
+       const REVIEW_ERROR = 0;
+       const REVIEW_OK = 1;
+       const REVIEW_DUP = 2;
+
        // Initialize to handle incomplete AJAX input
        var $page = null;
        var $oldid = 0;
@@ -14,7 +18,7 @@
        var $commentary = '';
        
     public function __construct() {
-        UnlistedSpecialPage::UnlistedSpecialPage( 'ReaderFeedback', 'feedback' 
);
+        parent::__construct( 'ReaderFeedback', 'feedback' );
                wfLoadExtensionMessages( 'ReaderFeedback' );
     }
 
@@ -23,16 +27,13 @@
                $confirm = $wgRequest->wasPosted() && $wgUser->matchEditToken( 
$wgRequest->getVal( 'wpEditToken' ) );
                if( $wgUser->isAllowed( 'feedback' ) ) {
                        if( $wgUser->isBlocked( !$confirm ) ) {
-                               $wgOut->blockedPage();
-                               return;
+                               return $wgOut->blockedPage();
                        }
                } else {
-                       $wgOut->permissionRequired( 'feedback' );
-                       return;
+                       return $wgOut->permissionRequired( 'feedback' );
                }
                if( wfReadOnly() ) {
-                       $wgOut->readOnlyPage();
-                       return;
+                       return $wgOut->readOnlyPage();
                }
                $this->setHeaders();
                # Our target page
@@ -73,11 +74,11 @@
                if( $confirm && !$wgRequest->getVal( 'commentary' ) ) {
                        $ok = $this->submit();
                } else {
-                       $ok = false;
+                       $ok = self::REVIEW_ERROR;
                }
                # Go to graphs!
                global $wgMiserMode;
-               if( $ok && !$wgMiserMode ) {
+               if( $ok == self::REVIEW_OK && !$wgMiserMode ) {
                        $ratingTitle = SpecialPage::getTitleFor( 
'RatingHistory' );
                        $wgOut->redirect( 
$ratingTitle->getLocalUrl('target='.$this->page->getPrefixedUrl() ) );
                # Already voted or graph is set to be skipped...
@@ -169,16 +170,24 @@
                
                $dbw = wfGetDB( DB_MASTER );
                $dbw->begin();
-               $ok = ( $bot || $form->submit() ); // don't submit for mindless 
drones
-               $dbw->commit();
-               if( $ok ) {
-                       return '<suc#>'.wfMsgExt( 'readerfeedback-success', 
array('parseinline'), 
-                               $form->page->getPrefixedText(), $graphLink, 
$talk->getFullUrl( 'action=edit&section=new' ) ) .
-                               
'<h4>'.wfMsgHtml('ratinghistory-table')."</h4>\n$tallyTable";
+               if( $bot ) {
+                       $ok = self::REVIEW_ERROR; // don't submit for mindless 
drones
                } else {
-                       return '<err#>'.wfMsgExt( 'readerfeedback-voted', 
array('parseinline'), 
-                               $form->page->getPrefixedText(), $graphLink, 
$talk->getFullUrl( 'action=edit&section=new' ) );
+                       $ok = $form->submit();
                }
+               $dbw->commit();
+               switch( $ok ) {
+                       case self::REVIEW_OK:
+                               return '<suc#>'.wfMsgExt( 
'readerfeedback-success', array('parseinline'), 
+                                       $form->page->getPrefixedText(), 
$graphLink, $talk->getFullUrl( 'action=edit&section=new' ) ) .
+                                       
'<h4>'.wfMsgHtml('ratinghistory-table')."</h4>\n$tallyTable";
+                       case self::REVIEW_DUP:
+                               return '<err#>'.wfMsgExt( 
'readerfeedback-voted', array('parseinline'), 
+                                       $form->page->getPrefixedText(), 
$graphLink, $talk->getFullUrl( 'action=edit&section=new' ) );
+                       default:
+                               return '<err#>'.wfMsgExt( 
'readerfeedback-error', array('parseinline'), 
+                                       $form->page->getPrefixedText(), 
$graphLink, $talk->getFullUrl( 'action=edit&section=new' ) );
+               }
        }
        
        protected static function isValid( $int ) {
@@ -256,21 +265,25 @@
                $now = wfTimestampNow();
                $date = str_pad( substr( $now, 0, 8 ), 14, '0' );
                if( count($this->dims) == 0 )
-                       return false;
+                       return self::REVIEW_ERROR;
                $ratings = $this->flattenRatings( $this->dims );
                # Make sure revision is valid!
                $rev = Revision::newFromId( $this->oldid );
                if( !$rev || !$rev->getTitle()->equals( $this->page ) ) {
-                       return false; // opps!
+                       return self::REVIEW_ERROR; // opps!
                }
                $ip = wfGetIP();
                if( !$wgUser->getId() && !$ip ) {
-                       return false; // we need to keep track somehow
+                       return self::REVIEW_ERROR; // we need to keep track 
somehow
                }
                $article = new Article( $this->page );
+               # Check if the user is spamming reviews...
+               if( $wgUser->pingLimiter( 'feedback' ) || 
$wgUser->pingLimiter() ) {
+                       return self::REVIEW_ERROR;
+               }
                # Check if user already voted before...
                if( self::userAlreadyVoted( $this->page, $this->oldid ) ) {
-                       return false;
+                       return self::REVIEW_DUP;
                }
                # Update review records to limit double voting!
                $insertRow = array( 
@@ -328,6 +341,6 @@
                if( $wgUser->getId() ) {
                        $this->page->invalidateCache();
                }
-               return true;
+               return self::REVIEW_OK;
        }
 }



_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

Reply via email to