makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/17077] Improve handling of accidental double submission of posts

Browse source 
PHPBB3-17077
This commit is contained in:
Marc Alexander 2024-04-08 21:50:27 +02:00
parent b2459edaf3
commit c07c6816fc
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
5 changed files with 123 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/config/default/container/services_content.yml
View file

@ -67,6 +67,14 @@ services:
- '@controller.helper' - '@controller.helper'
- '@dispatcher' - '@dispatcher'
posting.lock:
class: phpbb\lock\posting
shared: false
arguments:
- '@cache.driver'
- '@config'
- '@request'
viewonline_helper: viewonline_helper:
class: phpbb\viewonline_helper class: phpbb\viewonline_helper
arguments: arguments:

82
phpBB/phpbb/lock/posting.php Normal file
View file

@ -0,0 +1,82 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\lock;
use phpbb\cache\driver\driver_interface as cache_interface;
use phpbb\config\config;
use phpbb\request\request_interface;
class posting
{
/** @var cache_interface */
private $cache;
/** @var config */
private $config;
/** @var request_interface */
private $request;
/** @var string */
private $lock_name = '';
/**
* Constructor for posting lock
*
* @param cache_interface $cache
* @param config $config
* @param request_interface $request
*/
public function __construct(cache_interface $cache, config $config, request_interface $request)
{
$this->cache = $cache;
$this->config = $config;
$this->request = $request;
}
/**
* Get lock name
* @return string Lock name
*/
private function lock_name(): string
{
if ($this->lock_name)
{
return $this->lock_name;
}
$creation_time = abs($this->request->variable('creation_time', 0));
$token = $this->request->variable('form_token', '');
return sha1(((string) $creation_time) . $token) . '_posting_lock';
}
/**
* Acquire lock for current posting form submission
*
* @return bool True if lock could be acquired, false if not
*/
public function acquire(): bool
{
// Lock is held for session, cannot acquire it
if ($this->cache->_exists($this->lock_name()))
{
return false;
}
$this->cache->put($this->lock_name(), true, $this->config['flood_interval']);
return true;
}
}

10
phpBB/posting.php
View file

@ -1429,7 +1429,10 @@ if ($submit || $preview || $refresh)
// Store message, sync counters // Store message, sync counters
if (!count($error) && $submit) if (!count($error) && $submit)
{ {
if ($submit) /** @var \phpbb\lock\posting $posting_lock */
$posting_lock = $phpbb_container->get('posting.lock');
if ($posting_lock->acquire())
{ {
// Lock/Unlock Topic // Lock/Unlock Topic
$change_topic_status = $post_data['topic_status']; $change_topic_status = $post_data['topic_status'];
@ -1620,6 +1623,11 @@ if ($submit || $preview || $refresh)
redirect($redirect_url); redirect($redirect_url);
} }
else
{
// Posting was already locked before, hence form submission was already attempted once and is now invalid
$error[] = $language->lang('FORM_INVALID');
}
} }
} }

23
phpBB/styles/prosilver/template/ajax.js
View file

@ -337,6 +337,29 @@ $('[data-ajax]').each(function() {
} }
}); });
// Prevent accidental double submission of form
$('[data-prevent-flood] input[type=submit]').click(function(event) {
const $submitButton = $(this); // Store the button element
const $form = $submitButton.closest('form');
// Always add the disabled class for visual feedback
$submitButton.addClass('disabled');
// Submit form if it hasn't been submitted yet
if (!$form.prop('data-form-submitted')) {
$form.prop('data-form-submitted', true);
return;
}
// Prevent default submission for subsequent clicks within 5 seconds
event.preventDefault();
setTimeout(() => {
$form.prop('removeProp', 'data-form-submitted');
$submitButton.removeClass('disabled'); // Re-enable after 5 seconds
}, 5000);
});
/** /**
* This simply appends #preview to the action of the * This simply appends #preview to the action of the

2
phpBB/styles/prosilver/template/posting_editor.html
View file

@ -100,7 +100,7 @@
<!-- IF not S_SHOW_DRAFTS and not $SIG_EDIT eq 1 --> <!-- IF not S_SHOW_DRAFTS and not $SIG_EDIT eq 1 -->
<div class="panel bg2"> <div class="panel bg2">
<div class="inner"> <div class="inner">
<fieldset class="submit-buttons"> <fieldset class="submit-buttons" data-prevent-flood>
{S_HIDDEN_ADDRESS_FIELD} {S_HIDDEN_ADDRESS_FIELD}
{S_HIDDEN_FIELDS} {S_HIDDEN_FIELDS}
<!-- EVENT posting_editor_submit_buttons --> <!-- EVENT posting_editor_submit_buttons -->