https://www.mediawiki.org/wiki/Special:Code/MediaWiki/113953
Revision: 113953
Author: bsitu
Date: 2012-03-15 20:39:00 +0000 (Thu, 15 Mar 2012)
Log Message:
-----------
fix for bug 35245 - add rate limiter and spam filter check
Modified Paths:
--------------
trunk/extensions/MoodBar/ApiFeedbackDashboardResponse.php
trunk/extensions/MoodBar/ApiMoodBar.php
trunk/extensions/MoodBar/MoodBar.i18n.php
trunk/extensions/MoodBar/MoodBar.php
trunk/extensions/MoodBar/include/MoodBarUtil.php
trunk/extensions/MoodBar/modules/ext.moodBar/ext.moodBar.core.js
trunk/extensions/MoodBar/modules/ext.moodBar.dashboard/ext.moodBar.dashboard.js
Modified: trunk/extensions/MoodBar/ApiFeedbackDashboardResponse.php
===================================================================
--- trunk/extensions/MoodBar/ApiFeedbackDashboardResponse.php 2012-03-15
20:37:58 UTC (rev 113952)
+++ trunk/extensions/MoodBar/ApiFeedbackDashboardResponse.php 2012-03-15
20:39:00 UTC (rev 113953)
@@ -6,7 +6,7 @@
private $EnotifWatchlist;
public function execute() {
- global $wgRequest, $wgUser;
+ global $wgRequest, $wgUser, $wgMoodBarAbuseFiltering;
if ( $wgUser->isAnon() ) {
$this->dieUsage( "You don't have permission to do
that", 'permission-denied' );
@@ -14,12 +14,20 @@
if ( $wgUser->isBlocked( false ) ) {
$this->dieUsageMsg( array( 'blockedtext' ) );
}
+ if ( $wgUser->pingLimiter( 'moodbar-response' ) ) {
+ $this->dieUsageMsg( array( 'actionthrottledtext' ) );
+ }
$params = $this->extractRequestParams();
+ if ( $wgMoodBarAbuseFiltering && MoodBarUtil::findAbuse(
$params['response'] ) ) {
+ $this->getResult()->addValue( null, 'error', array(
'code' => 'abuse' ) );
+ return;
+ }
+
//Response Object
$item = MBFeedbackResponseItem::create( array() );
-
+
$setParams = array();
foreach( $params as $key => $value ) {
if ( $item->isValidKey( $key ) ) {
Modified: trunk/extensions/MoodBar/ApiMoodBar.php
===================================================================
--- trunk/extensions/MoodBar/ApiMoodBar.php 2012-03-15 20:37:58 UTC (rev
113952)
+++ trunk/extensions/MoodBar/ApiMoodBar.php 2012-03-15 20:39:00 UTC (rev
113953)
@@ -2,14 +2,25 @@
class ApiMoodBar extends ApiBase {
public function execute() {
- global $wgUser;
+ global $wgUser, $wgMoodBarAbuseFiltering;
+ if ( $wgUser->isAnon() ) {
+ $this->dieUsage( "You don't have permission to do
that", 'permission-denied' );
+ }
if ( $wgUser->isBlocked( false ) ) {
$this->dieUsageMsg( array( 'blockedtext' ) );
}
+ if ( $wgUser->pingLimiter( 'moodbar-feedback' ) ) {
+ $this->dieUsageMsg( array( 'actionthrottledtext' ) );
+ }
$params = $this->extractRequestParams();
+ if ( $wgMoodBarAbuseFiltering && MoodBarUtil::findAbuse(
$params['comment'] ) ) {
+ $this->getResult()->addValue( null, 'error', array(
'code' => 'abuse' ) );
+ return;
+ }
+
$params['page'] = Title::newFromText( $params['page'] );
// Params are deliberately named the same as the properties,
Modified: trunk/extensions/MoodBar/MoodBar.i18n.php
===================================================================
--- trunk/extensions/MoodBar/MoodBar.i18n.php 2012-03-15 20:37:58 UTC (rev
113952)
+++ trunk/extensions/MoodBar/MoodBar.i18n.php 2012-03-15 20:39:00 UTC (rev
113953)
@@ -66,6 +66,10 @@
'moodbar-error-subtitle' => 'Something went wrong! Please try sharing
your feedback again later.',
'moodbar-blocked-title' => 'Oops!',
'moodbar-blocked-subtitle' => 'You have been blocked from editing.',
+ 'moodbar-ratelimited-title' => 'Oops!',
+ 'moodbar-ratelimited-subtitle' => 'You have exceeded moodbar rate
limit. Please wait some time and try again',
+ 'moodbar-abuse-title' => 'Oops!',
+ 'moodbar-abuse-subtitle' => 'Your feedback violates moodbar rules.',
'moodbar-email-title' => 'Add e-mail',
'moodbar-email-input' => 'Your e-mail address',
'moodbar-email-desc' => 'We will send you an e-mail if someone responds
to your feedback.',
@@ -272,6 +276,10 @@
'moodbar-error-subtitle' => 'Subtitle of screen when an error occurred.
$1 is the SITENAME',
'moodbar-blocked-title' => 'Title of the screen after blocked user
attempts to post feedback.',
'moodbar-blocked-subtitle' => 'Subtitle of screen after blocked user
attempts to post feedback.',
+ 'moodbar-ratelimited-title' => 'Title of the screen after users have
exceeded rate limit and attempt to post feedback.',
+ 'moodbar-ratelimited-subtitle' => 'Subtitle of screen after users have
exceeded rate limit and attempt to post feedback.',
+ 'moodbar-abuse-title' => 'Title of the screen after user attempts to
post bad feedback.',
+ 'moodbar-abuse-subtitle' => 'Subtitle of the screen after user attempts
to post bad feedback.',
'moodbar-email-title' => 'Title of MoodBar when user has no email
addresss',
'moodbar-email-input' => 'Field label for Email address',
'moodbar-email-desc' => 'Message prompting user to enter their email
address.',
Modified: trunk/extensions/MoodBar/MoodBar.php
===================================================================
--- trunk/extensions/MoodBar/MoodBar.php 2012-03-15 20:37:58 UTC (rev
113952)
+++ trunk/extensions/MoodBar/MoodBar.php 2012-03-15 20:39:00 UTC (rev
113953)
@@ -164,6 +164,10 @@
'moodbar-success-subtitle',
'moodbar-blocked-title',
'moodbar-blocked-subtitle',
+ 'moodbar-ratelimited-title',
+ 'moodbar-ratelimited-subtitle',
+ 'moodbar-abuse-title',
+ 'moodbar-abuse-subtitle',
'moodbar-email-title',
'moodbar-email-input',
'moodbar-email-desc',
@@ -246,6 +250,25 @@
/** The registration time after which users will be shown the MoodBar **/
$wgMoodBarCutoffTime = null;
+/** Rate limit setting for moodbar **/
+$wgMoodBarFeedbackRateLimit = 300;
+$wgMoodBarResponseRateLimit = 60;
+$wgRateLimits += array(
+ 'moodbar-feedback' => array( 'user' => array( 1 =>
$wgMoodBarFeedbackRateLimit ) ),
+ 'moodbar-response' => array( 'user' => array( 1 =>
$wgMoodBarResponseRateLimit ) )
+ );
+/**
+ * Turn on abuse filtering
+ *
+ * If this is set to true, feedback/response will be run through:
+ * 1. $wgSpamRegex, if set
+ * 2. SpamBlacklist, if installed
+ * 3. AbuseFilter, if installed
+ *
+ * @var boolean
+ */
+$wgMoodBarAbuseFiltering = true;
+
/** MoodBar configuration settings **/
$wgMoodBarConfig = array(
'bucketConfig' =>
Modified: trunk/extensions/MoodBar/include/MoodBarUtil.php
===================================================================
--- trunk/extensions/MoodBar/include/MoodBarUtil.php 2012-03-15 20:37:58 UTC
(rev 113952)
+++ trunk/extensions/MoodBar/include/MoodBarUtil.php 2012-03-15 20:39:00 UTC
(rev 113953)
@@ -6,6 +6,67 @@
class MoodBarUtil {
/**
+ * Check for abusive or spammy content
+ *
+ * Check the following in sequence (cheapest processing to most
expensive,
+ * returning if we get a hit):
+ * 1) Respect $wgSpamRegex
+ * 2) Check SpamBlacklist
+ * 3) Check AbuseFilter
+ *
+ * @param $value string the text to check
+ */
+ public static function findAbuse( &$value ) {
+
+ // Respect $wgSpamRegex
+ global $wgSpamRegex;
+ if ( ( is_array( $wgSpamRegex ) && count( $wgSpamRegex ) > 0 )
+ || ( is_string( $wgSpamRegex ) && strlen( $wgSpamRegex
) > 0 ) ) {
+ // In older versions, $wgSpamRegex may be a single
string rather than
+ // an array of regexes, so make it compatible.
+ $regexes = ( array ) $wgSpamRegex;
+ foreach ( $regexes as $regex ) {
+ if ( preg_match( $regex, $value ) ) {
+ return true;
+ }
+ }
+ }
+
+ // Create a fake title so we can pretend this is an article edit
+ $title = Title::newFromText( '__moodbar__' );
+
+ // Check SpamBlacklist, if installed
+ if ( function_exists( 'wfSpamBlacklistObject' ) ) {
+ $spam = wfSpamBlacklistObject();
+ } elseif ( class_exists( 'BaseBlacklist' ) ) {
+ $spam = BaseBlacklist::getInstance( 'spam' );
+ }
+ if ( $spam ) {
+ $ret = $spam->filter( $title, $value, '' );
+ if ( $ret !== false ) {
+ return true;
+ }
+ }
+
+ // Check AbuseFilter, if installed
+ if ( class_exists( 'AbuseFilter' ) ) {
+ global $wgUser;
+ $vars = new AbuseFilterVariableHolder;
+ $vars->addHolder( AbuseFilter::generateUserVars(
$wgUser ) );
+ $vars->addHolder( AbuseFilter::generateTitleVars(
$title, 'MOODBAR' ) );
+ $vars->setVar( 'SUMMARY', 'moodbar' );
+ $vars->setVar( 'ACTION', 'moodbar' );
+ $vars->setVar( 'old_wikitext', '' );
+ $vars->setVar( 'new_wikitext', $value );
+ $vars->addHolder( AbuseFilter::getEditVars( $title ) );
+ $filter_result = AbuseFilter::filterAction( $vars,
$title );
+ return $filter_result != '' && $filter_result !== true;
+ }
+
+ return false;
+ }
+
+ /**
* Calculate the time diff between $time and now, format the time diff
to have the largest time block
* or 'less than 1 minute' if the time diff is less than 1 minute
* @param $time string - the UNIX time stamp
Modified: trunk/extensions/MoodBar/modules/ext.moodBar/ext.moodBar.core.js
===================================================================
--- trunk/extensions/MoodBar/modules/ext.moodBar/ext.moodBar.core.js
2012-03-15 20:37:58 UTC (rev 113952)
+++ trunk/extensions/MoodBar/modules/ext.moodBar/ext.moodBar.core.js
2012-03-15 20:39:00 UTC (rev 113953)
@@ -94,6 +94,16 @@
<div class="mw-moodBar-state
mw-moodBar-state-error">\
<div
class="mw-moodBar-state-title"><html:msg key="moodbar-blocked-title" /></div>\
<div
class="mw-moodBar-state-subtitle"><html:msg key="moodbar-blocked-subtitle"
/></div>\
+ </div>',
+ ratelimited: '\
+ <div class="mw-moodBar-state
mw-moodBar-state-error">\
+ <div
class="mw-moodBar-state-title"><html:msg key="moodbar-ratelimited-title"
/></div>\
+ <div
class="mw-moodBar-state-subtitle"><html:msg key="moodbar-ratelimited-subtitle"
/></div>\
+ </div>',
+ abuse: '\
+ <div class="mw-moodBar-state
mw-moodBar-state-error">\
+ <div
class="mw-moodBar-state-title"><html:msg key="moodbar-abuse-title" /></div>\
+ <div
class="mw-moodBar-state-subtitle"><html:msg key="moodbar-abuse-subtitle"
/></div>\
</div>'
},
@@ -163,6 +173,16 @@
setTimeout( function() {
mb.ui.overlay.fadeOut();
}, 3000 );
+ } else if (data && data.error &&
data.error.code === 'ratelimited') {
+ mb.swapContent( mb.tpl.ratelimited );
+ setTimeout( function() {
+ mb.ui.overlay.fadeOut();
+ }, 3000 );
+ } else if (data && data.error &&
data.error.code === 'abuse') {
+ mb.swapContent( mb.tpl.abuse );
+ setTimeout( function() {
+ mb.ui.overlay.fadeOut();
+ }, 3000 );
} else {
mb.swapContent( mb.tpl.error );
}
Modified:
trunk/extensions/MoodBar/modules/ext.moodBar.dashboard/ext.moodBar.dashboard.js
===================================================================
---
trunk/extensions/MoodBar/modules/ext.moodBar.dashboard/ext.moodBar.dashboard.js
2012-03-15 20:37:58 UTC (rev 113952)
+++
trunk/extensions/MoodBar/modules/ext.moodBar.dashboard/ext.moodBar.dashboard.js
2012-03-15 20:39:00 UTC (rev 113953)
@@ -731,7 +731,11 @@
success: function (data) {
// If rejected
if ( data.error !== undefined )
{
- responseMessage( $item,
'error', mw.msg( 'response-ajax-error-head' ), data.error.info );
+ if ( data.error.code &&
data.error.code === 'abuse' ) {
+
responseMessage( $item, 'error', mw.msg( 'moodbar-abuse-title' ), mw.msg(
'moodbar-abuse-subtitle') );
+ } else {
+
responseMessage( $item, 'error', mw.msg( 'response-ajax-error-head' ),
data.error.info );
+ }
} else if (
data.feedbackdashboardresponse !== undefined ) {
responseMessage( $item,
'success', mw.msg( 'response-ajax-success-head' ), mw.msg(
'response-ajax-success-body' ) );
}
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
