Add flood protection to creating new reports

author Tim Düsterhus <duesterhus@woltlab.com>

Wed, 2 Feb 2022 10:12:21 +0000 (11:12 +0100)

committer Tim Düsterhus <duesterhus@woltlab.com>

Wed, 2 Feb 2022 10:12:21 +0000 (11:12 +0100)
author Tim Düsterhus <duesterhus@woltlab.com>
Wed, 2 Feb 2022 10:12:21 +0000 (11:12 +0100)
committer Tim Düsterhus <duesterhus@woltlab.com>
Wed, 2 Feb 2022 10:12:21 +0000 (11:12 +0100)
diff --git a/com.woltlab.wcf/objectType.xml b/com.woltlab.wcf/objectType.xml

index de77edbb90e994f6c3574d6257bc7cd31e1bd965..510afec5dc6ad1316b0e6efc19311504a5f8fce1 100644 (file)
--- a/com.woltlab.wcf/objectType.xml
+++ b/com.woltlab.wcf/objectType.xml
@@ -1794,6 +1794,10 @@
                         <name>com.woltlab.wcf.search</name>
                         <definitionname>com.woltlab.wcf.floodControl</definitionname>
                 </type>
+               <type>
+                       <name>com.woltlab.wcf.moderation.report</name>
+                       <definitionname>com.woltlab.wcf.floodControl</definitionname>
+               </type>
                 <!-- deprecated -->
                 <type>
                         <name>com.woltlab.wcf.page.controller</name>
diff --git a/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php b/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php

index e5866238a16101f23f3cdab4696e8efc9f3d839c..18ed1dff3f4d57afbe0c5156a275fcc8208b5f6a 100644 (file)
--- a/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php
+++ b/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php
@@ -2,8 +2,10 @@
  
  namespace wcf\data\moderation\queue;
  
+use wcf\system\exception\NamedUserException;
  use wcf\system\exception\PermissionDeniedException;
  use wcf\system\exception\UserInputException;
+use wcf\system\flood\FloodControl;
  use wcf\system\moderation\queue\ModerationQueueReportManager;
  use wcf\system\WCF;
  use wcf\util\StringUtil;
@@ -18,6 +20,8 @@ use wcf\util\StringUtil;
   */
  class ModerationQueueReportAction extends ModerationQueueAction
  {
+    private const ALLOWED_REPORTS_PER_10M = 10;
+
      /**
       * @inheritDoc
       */
@@ -178,6 +182,14 @@ class ModerationQueueReportAction extends ModerationQueueAction
              $this->parameters['message'] = \mb_substr($this->parameters['messages'], 0, 64000);
          }
  
+        $requests = FloodControl::getInstance()->countContent(
+            'com.woltlab.wcf.moderation.report',
+            new \DateInterval('PT10M')
+        );
+        if ($requests['count'] >= self::ALLOWED_REPORTS_PER_10M) {
+            throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.page.error.flood'));
+        }
+
          $this->validatePrepareReport();
      }
  
@@ -201,6 +213,8 @@ class ModerationQueueReportAction extends ModerationQueueAction
              );
          }
  
+        FloodControl::getInstance()->registerContent('com.woltlab.wcf.moderation.report');
+
          return [
              'reported' => 1,
          ];
author	Tim Düsterhus <duesterhus@woltlab.com>
	Wed, 2 Feb 2022 10:12:21 +0000 (11:12 +0100)
committer	Tim Düsterhus <duesterhus@woltlab.com>
	Wed, 2 Feb 2022 10:12:21 +0000 (11:12 +0100)
com.woltlab.wcf/objectType.xml		patch \| blob \| blame \| history
wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php		patch \| blob \| blame \| history