From 34e25d7b4d902cd8151a2308423216ea3a434af0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 2 Feb 2022 11:12:21 +0100
Subject: [PATCH] Add flood protection to creating new reports

---
 com.woltlab.wcf/objectType.xml                     |  4 ++++
 .../queue/ModerationQueueReportAction.class.php    | 14 ++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/com.woltlab.wcf/objectType.xml b/com.woltlab.wcf/objectType.xml
index de77edbb90..510afec5dc 100644
--- a/com.woltlab.wcf/objectType.xml
+++ b/com.woltlab.wcf/objectType.xml
@@ -1794,6 +1794,10 @@
 			<name>com.woltlab.wcf.search</name>
 			<definitionname>com.woltlab.wcf.floodControl</definitionname>
 		</type>
+		<type>
+			<name>com.woltlab.wcf.moderation.report</name>
+			<definitionname>com.woltlab.wcf.floodControl</definitionname>
+		</type>
 		<!-- deprecated -->
 		<type>
 			<name>com.woltlab.wcf.page.controller</name>
diff --git a/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php b/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php
index e5866238a1..18ed1dff3f 100644
--- a/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php
+++ b/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueReportAction.class.php
@@ -2,8 +2,10 @@
 
 namespace wcf\data\moderation\queue;
 
+use wcf\system\exception\NamedUserException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\exception\UserInputException;
+use wcf\system\flood\FloodControl;
 use wcf\system\moderation\queue\ModerationQueueReportManager;
 use wcf\system\WCF;
 use wcf\util\StringUtil;
@@ -18,6 +20,8 @@ use wcf\util\StringUtil;
  */
 class ModerationQueueReportAction extends ModerationQueueAction
 {
+    private const ALLOWED_REPORTS_PER_10M = 10;
+
     /**
      * @inheritDoc
      */
@@ -178,6 +182,14 @@ class ModerationQueueReportAction extends ModerationQueueAction
             $this->parameters['message'] = \mb_substr($this->parameters['messages'], 0, 64000);
         }
 
+        $requests = FloodControl::getInstance()->countContent(
+            'com.woltlab.wcf.moderation.report',
+            new \DateInterval('PT10M')
+        );
+        if ($requests['count'] >= self::ALLOWED_REPORTS_PER_10M) {
+            throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.page.error.flood'));
+        }
+
         $this->validatePrepareReport();
     }
 
@@ -201,6 +213,8 @@ class ModerationQueueReportAction extends ModerationQueueAction
             );
         }
 
+        FloodControl::getInstance()->registerContent('com.woltlab.wcf.moderation.report');
+
         return [
             'reported' => 1,
         ];
-- 
2.20.1