mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-08 04:18:52 +00:00
[ticket/17077] Improve handling of accidental double submission of posts
PHPBB3-17077
This commit is contained in:
Marc Alexander
parent
b2459edaf3
commit
c07c6816fc
5 changed files with 123 additions and 2 deletions
|
|
@ -67,6 +67,14 @@ services:
|
|||
- '@controller.helper'
|
||||
- '@dispatcher'
|
||||
|
||||
posting.lock:
|
||||
class: phpbb\lock\posting
|
||||
shared: false
|
||||
arguments:
|
||||
- '@cache.driver'
|
||||
- '@config'
|
||||
- '@request'
|
||||
|
||||
viewonline_helper:
|
||||
class: phpbb\viewonline_helper
|
||||
arguments:
|
||||
|
|
|
|||
82
phpBB/phpbb/lock/posting.php
Normal file
82
phpBB/phpbb/lock/posting.php
Normal file
|
|
@ -0,0 +1,82 @@
|
|||
<?php
|
||||
/**
|
||||
*
|
||||
* This file is part of the phpBB Forum Software package.
|
||||
*
|
||||
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
||||
* @license GNU General Public License, version 2 (GPL-2.0)
|
||||
*
|
||||
* For full copyright and license information, please see
|
||||
* the docs/CREDITS.txt file.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace phpbb\lock;
|
||||
|
||||
use phpbb\cache\driver\driver_interface as cache_interface;
|
||||
use phpbb\config\config;
|
||||
use phpbb\request\request_interface;
|
||||
|
||||
class posting
|
||||
{
|
||||
/** @var cache_interface */
|
||||
private $cache;
|
||||
|
||||
/** @var config */
|
||||
private $config;
|
||||
|
||||
/** @var request_interface */
|
||||
private $request;
|
||||
|
||||
/** @var string */
|
||||
private $lock_name = '';
|
||||
|
||||
/**
|
||||
* Constructor for posting lock
|
||||
*
|
||||
* @param cache_interface $cache
|
||||
* @param config $config
|
||||
* @param request_interface $request
|
||||
*/
|
||||
public function __construct(cache_interface $cache, config $config, request_interface $request)
|
||||
{
|
||||
$this->cache = $cache;
|
||||
$this->config = $config;
|
||||
$this->request = $request;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get lock name
|
||||
* @return string Lock name
|
||||
*/
|
||||
private function lock_name(): string
|
||||
{
|
||||
if ($this->lock_name)
|
||||
{
|
||||
return $this->lock_name;
|
||||
}
|
||||
|
||||
$creation_time = abs($this->request->variable('creation_time', 0));
|
||||
$token = $this->request->variable('form_token', '');
|
||||
|
||||
return sha1(((string) $creation_time) . $token) . '_posting_lock';
|
||||
}
|
||||
|
||||
/**
|
||||
* Acquire lock for current posting form submission
|
||||
*
|
||||
* @return bool True if lock could be acquired, false if not
|
||||
*/
|
||||
public function acquire(): bool
|
||||
{
|
||||
// Lock is held for session, cannot acquire it
|
||||
if ($this->cache->_exists($this->lock_name()))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->cache->put($this->lock_name(), true, $this->config['flood_interval']);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -1429,7 +1429,10 @@ if ($submit || $preview || $refresh)
|
|||
// Store message, sync counters
|
||||
if (!count($error) && $submit)
|
||||
{
|
||||
if ($submit)
|
||||
/** @var \phpbb\lock\posting $posting_lock */
|
||||
$posting_lock = $phpbb_container->get('posting.lock');
|
||||
|
||||
if ($posting_lock->acquire())
|
||||
{
|
||||
// Lock/Unlock Topic
|
||||
$change_topic_status = $post_data['topic_status'];
|
||||
|
|
@ -1620,6 +1623,11 @@ if ($submit || $preview || $refresh)
|
|||
|
||||
redirect($redirect_url);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Posting was already locked before, hence form submission was already attempted once and is now invalid
|
||||
$error[] = $language->lang('FORM_INVALID');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -337,6 +337,29 @@ $('[data-ajax]').each(function() {
|
|||
}
|
||||
});
|
||||
|
||||
// Prevent accidental double submission of form
|
||||
$('[data-prevent-flood] input[type=submit]').click(function(event) {
|
||||
const $submitButton = $(this); // Store the button element
|
||||
const $form = $submitButton.closest('form');
|
||||
|
||||
// Always add the disabled class for visual feedback
|
||||
$submitButton.addClass('disabled');
|
||||
|
||||
// Submit form if it hasn't been submitted yet
|
||||
if (!$form.prop('data-form-submitted')) {
|
||||
$form.prop('data-form-submitted', true);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Prevent default submission for subsequent clicks within 5 seconds
|
||||
event.preventDefault();
|
||||
|
||||
setTimeout(() => {
|
||||
$form.prop('removeProp', 'data-form-submitted');
|
||||
$submitButton.removeClass('disabled'); // Re-enable after 5 seconds
|
||||
}, 5000);
|
||||
});
|
||||
|
||||
/**
|
||||
* This simply appends #preview to the action of the
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@
|
|||
<!-- IF not S_SHOW_DRAFTS and not $SIG_EDIT eq 1 -->
|
||||
<div class="panel bg2">
|
||||
<div class="inner">
|
||||
<fieldset class="submit-buttons">
|
||||
<fieldset class="submit-buttons" data-prevent-flood>
|
||||
{S_HIDDEN_ADDRESS_FIELD}
|
||||
{S_HIDDEN_FIELDS}
|
||||
<!-- EVENT posting_editor_submit_buttons -->
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue