mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-12 03:34:04 +02:00
Code Issues Releases Wiki Activity

[ticket/17077] Add proper locking in PHP without releasing form tokens

Browse Source 
PHPBB3-17077
This commit is contained in:
Marc Alexander
2024-05-01 11:22:29 +02:00
parent 98929ca983
commit 6f45b46746
5 changed files with 26 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
phpBB/phpbb/lock/posting.php
View File

@@ -27,9 +27,6 @@ class posting
/** @var string */
private $lock_name = '';
/** @var bool Lock state */
private $locked = false;
/**
* Constructor for posting lock
*
@@ -67,29 +64,14 @@ class posting
{
$this->set_lock_name($creation_time, $form_token);
// Lock is held for session, cannot acquire it
if ($this->cache->_exists($this->lock_name))
// Lock is held for session, cannot acquire it unless special flag for testing is set
if ($this->cache->_exists($this->lock_name) && !$this->config->offsetExists('ci_tests_no_lock_posting'))
{
return false;
}
$this->locked = true;
$this->cache->put($this->lock_name, true, $this->config['flood_interval']);
return true;
}
/**
* Release lock
*
* @return void
*/
public function release(): void
{
if ($this->locked)
{
$this->cache->destroy($this->lock_name);
}
}
}