<name>com.woltlab.wcf.lostPasswordForm</name>
<definitionname>com.woltlab.wcf.floodControl</definitionname>
</type>
+ <type>
+ <name>com.woltlab.wcf.search</name>
+ <definitionname>com.woltlab.wcf.floodControl</definitionname>
+ </type>
<!-- deprecated -->
<type>
<name>com.woltlab.wcf.page.controller</name>
use wcf\data\AbstractDatabaseObjectAction;
use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\NamedUserException;
use wcf\system\exception\UserInputException;
+use wcf\system\flood\FloodControl;
use wcf\system\search\SearchEngine;
use wcf\system\search\SearchHandler;
use wcf\system\search\SearchResultHandler;
*/
protected $allowGuestAccess = ['search'];
+ /**
+ * @var int
+ */
+ private const ALLOWED_REQUESTS_PER_24H = 600;
+
+ /**
+ * @var int
+ */
+ private const ALLOWED_REQUESTS_PER_60S = 20;
+
/**
* @since 5.5
*/
if (\in_array($this->parameters['sortOrder'], ['ASC', 'DESC'])) {
$this->parameters['sortOrder'] = SEARCH_DEFAULT_SORT_ORDER;
}
+
+ $requestsPer24h = FloodControl::getInstance()->countContent(
+ 'com.woltlab.wcf.search',
+ new \DateInterval('PT24H')
+ );
+ $requestsPer60s = FloodControl::getInstance()->countContent(
+ 'com.woltlab.wcf.search',
+ new \DateInterval('PT60S')
+ );
+ if (
+ $requestsPer24h['count'] >= self::ALLOWED_REQUESTS_PER_24H
+ || $requestsPer60s['count'] >= self::ALLOWED_REQUESTS_PER_60S
+ ) {
+ throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.page.error.flood'));
+ }
}
/**
{
$handler = new SearchHandler($this->parameters);
$search = $handler->search();
+ FloodControl::getInstance()->registerContent('com.woltlab.wcf.search');
if ($search === null) {
return [
'count' => 0,
<item name="wcf.page.error.backward"><![CDATA[Zurück zur vorherigen Seite]]></item>
<item name="wcf.page.error.insufficientPermissions"><![CDATA[Unzureichende Berechtigungen]]></item>
<item name="wcf.page.error.loginAvailable"><![CDATA[Diese Seite bzw. dieser Bereich steht möglicherweise nur angemeldeten Benutzern zur Verfügung.]]></item>
+ <item name="wcf.page.error.flood"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Du hast{else}Sie haben{/if} zu viele Aktionen dieser Art ausgeführt. Die Funktion wurde daher aus Sicherheitsgründen temporär deaktiviert. Bitte {if LANGUAGE_USE_INFORMAL_VARIANT}versuche{else}versuchen Sie{/if} es später erneut.]]></item>
<item name="wcf.page.jumpTo"><![CDATA[Gehe zu Seite]]></item>
<item name="wcf.page.jumpTo.description"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Gib{else}Geben Sie{/if} einen Wert zwischen „1“ und „#pages#“ ein.]]></item>
<item name="wcf.page.redirect.title"><![CDATA[Weiterleitung]]></item>
<item name="wcf.page.error.backward"><![CDATA[Back to previous page.]]></item>
<item name="wcf.page.error.insufficientPermissions"><![CDATA[Insufficient Permissions]]></item>
<item name="wcf.page.error.loginAvailable"><![CDATA[This page or section may be accessible for authorized users only.]]></item>
+ <item name="wcf.page.error.flood"><![CDATA[You have performed too many actions of this type. The function has therefore been temporarily deactivated for security reasons. Please try again later.]]></item>
<item name="wcf.page.jumpTo"><![CDATA[Go to Page]]></item>
<item name="wcf.page.jumpTo.description"><![CDATA[Enter a value between “1” and “#pages#”.]]></item>
<item name="wcf.page.redirect.title"><![CDATA[Redirection]]></item>
projects / GitHub / WoltLab / WCF.git / commitdiff