-
-
Notifications
You must be signed in to change notification settings - Fork 944
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6594 from marc1706/ticket/17077
[ticket/17077] Improve handling of posting to reduce double submit possibility
- Loading branch information
Showing
8 changed files
with
193 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
<?php | ||
/** | ||
* | ||
* This file is part of the phpBB Forum Software package. | ||
* | ||
* @copyright (c) phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
* For full copyright and license information, please see | ||
* the docs/CREDITS.txt file. | ||
* | ||
*/ | ||
|
||
namespace phpbb\lock; | ||
|
||
use phpbb\cache\driver\driver_interface as cache_interface; | ||
use phpbb\config\config; | ||
|
||
class posting | ||
{ | ||
/** @var cache_interface */ | ||
private $cache; | ||
|
||
/** @var config */ | ||
private $config; | ||
|
||
/** @var string */ | ||
private $lock_name = ''; | ||
|
||
/** | ||
* Constructor for posting lock | ||
* | ||
* @param cache_interface $cache | ||
* @param config $config | ||
*/ | ||
public function __construct(cache_interface $cache, config $config) | ||
{ | ||
$this->cache = $cache; | ||
$this->config = $config; | ||
} | ||
|
||
/** | ||
* Set lock name | ||
* | ||
* @param int $creation_time Creation time of form, must be checked already | ||
* @param string $form_token Form token used for form, must be checked already | ||
* | ||
* @return void | ||
*/ | ||
private function set_lock_name(int $creation_time, string $form_token): void | ||
{ | ||
$this->lock_name = sha1(((string) $creation_time) . $form_token) . '_posting_lock'; | ||
} | ||
|
||
/** | ||
* Acquire lock for current posting form submission | ||
* | ||
* @param int $creation_time Creation time of form, must be checked already | ||
* @param string $form_token Form token used for form, must be checked already | ||
* | ||
* @return bool True if lock could be acquired, false if not | ||
*/ | ||
public function acquire(int $creation_time, string $form_token): bool | ||
{ | ||
$this->set_lock_name($creation_time, $form_token); | ||
|
||
// Lock is held for session, cannot acquire it unless special flag for testing is set | ||
if ($this->cache->_exists($this->lock_name) && !$this->config->offsetExists('ci_tests_no_lock_posting')) | ||
{ | ||
return false; | ||
} | ||
|
||
$this->cache->put($this->lock_name, true, $this->config['flood_interval']); | ||
|
||
return true; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
<?php | ||
/** | ||
* | ||
* This file is part of the phpBB Forum Software package. | ||
* | ||
* @copyright (c) phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
* For full copyright and license information, please see | ||
* the docs/CREDITS.txt file. | ||
* | ||
*/ | ||
|
||
use phpbb\cache\driver\file as file_cache; | ||
use phpbb\config\config; | ||
use phpbb\lock\posting; | ||
|
||
class phpbb_lock_posting_test extends phpbb_test_case | ||
{ | ||
/** @var \phpbb\cache\driver\file */ | ||
protected $cache; | ||
|
||
/** @var config */ | ||
protected $config; | ||
|
||
/** @var posting */ | ||
protected $lock; | ||
|
||
public function setUp(): void | ||
{ | ||
$this->cache = new file_cache(__DIR__ . '/../tmp/'); | ||
$this->cache->purge(); // ensure cache is clean | ||
$this->config = new config([ | ||
'flood_interval' => 15, | ||
]); | ||
$this->lock = new posting($this->cache, $this->config); | ||
} | ||
|
||
public function test_lock_acquire() | ||
{ | ||
$this->assertTrue($this->lock->acquire(100, 'foo')); | ||
$this->assertFalse($this->lock->acquire(100, 'foo')); | ||
|
||
$this->assertTrue($this->cache->_exists(sha1('100foo') . '_posting_lock')); | ||
$this->assertFalse($this->lock->acquire(100, 'foo')); | ||
$this->cache->put(sha1('100foo') . '_posting_lock', 'foo', -30); | ||
|
||
$this->assertTrue($this->lock->acquire(100, 'foo')); | ||
$this->assertTrue($this->cache->_exists(sha1('100foo') . '_posting_lock')); | ||
$this->config->offsetSet('ci_tests_no_lock_posting', true); | ||
$this->assertTrue($this->lock->acquire(100, 'foo')); | ||
$this->assertTrue($this->cache->_exists(sha1('100foo') . '_posting_lock')); | ||
// Multiple acquires possible due to special ci test flag | ||
$this->assertTrue($this->lock->acquire(100, 'foo')); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters