r52454 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r52453‎ \| r52454 \| r52455 >
Date:	13:01, 26 June 2009
Author:	werdna
Status:	deferred
Tags:
Comment:	Fix double-submission of threads by adding a nonce in a hidden field to all submitting forms. The same form can't be submitted twice, with this system.
Modified paths:	/trunk/extensions/LiquidThreads/classes/LqtView.php (modified) (history)

Diff [purge]

Index: trunk/extensions/LiquidThreads/classes/LqtView.php
—	—	@@ -373,7 +373,24 @@
374	374	$e->suppressIntro = true;
375	375	$e->editFormTextBeforeContent .=
376	376	$this->perpetuate( 'lqt_method', 'hidden' ) .
377		~~- $this->perpetuate( 'lqt_operand', 'hidden' );~~
	377	+ $this->perpetuate( 'lqt_operand', 'hidden' ) .
	378	+ Xml::hidden( 'lqt_nonce', wfGenerateToken() );
	379	+
	380	+ // Add a one-time random string to a hidden field. Store the random string
	381	+ // in memcached on submit and don't allow the edit to go ahead if it's already
	382	+ // been added.
	383	+ $submitted_nonce = $this->request->getVal( 'lqt_nonce' );
	384	+ if ($submitted_nonce) {
	385	+ global $wgMemc;
	386	+
	387	+ $key = wfMemcKey( 'lqt-nonce', $submitted_nonce, $this->user->getName() );
	388	+ if ( $wgMemc->get($key) ) {
	389	+ $this->output->redirect( $this->article->getTitle()->getFullURL() );
	390	+ return;
	391	+ }
	392	+
	393	+ $wgMemc->set( $key, 1, 3600 );
	394	+ }
378	395
379	396	if ( $edit_type == 'new' \|\| ( $thread && !$thread->hasSuperthread() ) ) {
380	397	wfLoadExtensionMessages( 'LiquidThreads' );

00:20, 14 September 2011 Meno25 (talk | contribs) changed the status of r52454 [removed: old added: deferred]
01:02, 14 November 2010 Reedy (talk | contribs) changed the status of r52454 [removed: new added: old]