mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-31 22:10:45 +02:00
Merge pull request #6594 from marc1706/ticket/17077
[ticket/17077] Improve handling of posting to reduce double submit possibility
This commit is contained in:
Marc Alexander
@@ -67,6 +67,13 @@ services:
|
||||
- '@controller.helper'
|
||||
- '@dispatcher'
|
||||
|
||||
posting.lock:
|
||||
class: phpbb\lock\posting
|
||||
shared: false
|
||||
arguments:
|
||||
- '@cache.driver'
|
||||
- '@config'
|
||||
|
||||
viewonline_helper:
|
||||
class: phpbb\viewonline_helper
|
||||
arguments:
|
||||
|
||||
77
phpBB/phpbb/lock/posting.php
Normal file
77
phpBB/phpbb/lock/posting.php
Normal file
@@ -0,0 +1,77 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* This file is part of the phpBB Forum Software package.
|
||||
*
|
||||
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
||||
* @license GNU General Public License, version 2 (GPL-2.0)
|
||||
*
|
||||
* For full copyright and license information, please see
|
||||
* the docs/CREDITS.txt file.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace phpbb\lock;
|
||||
|
||||
use phpbb\cache\driver\driver_interface as cache_interface;
|
||||
use phpbb\config\config;
|
||||
|
||||
class posting
|
||||
{
|
||||
/** @var cache_interface */
|
||||
private $cache;
|
||||
|
||||
/** @var config */
|
||||
private $config;
|
||||
|
||||
/** @var string */
|
||||
private $lock_name = '';
|
||||
|
||||
/**
|
||||
* Constructor for posting lock
|
||||
*
|
||||
* @param cache_interface $cache
|
||||
* @param config $config
|
||||
*/
|
||||
public function __construct(cache_interface $cache, config $config)
|
||||
{
|
||||
$this->cache = $cache;
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set lock name
|
||||
*
|
||||
* @param int $creation_time Creation time of form, must be checked already
|
||||
* @param string $form_token Form token used for form, must be checked already
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
private function set_lock_name(int $creation_time, string $form_token): void
|
||||
{
|
||||
$this->lock_name = sha1(((string) $creation_time) . $form_token) . '_posting_lock';
|
||||
}
|
||||
|
||||
/**
|
||||
* Acquire lock for current posting form submission
|
||||
*
|
||||
* @param int $creation_time Creation time of form, must be checked already
|
||||
* @param string $form_token Form token used for form, must be checked already
|
||||
*
|
||||
* @return bool True if lock could be acquired, false if not
|
||||
*/
|
||||
public function acquire(int $creation_time, string $form_token): bool
|
||||
{
|
||||
$this->set_lock_name($creation_time, $form_token);
|
||||
|
||||
// Lock is held for session, cannot acquire it unless special flag for testing is set
|
||||
if ($this->cache->_exists($this->lock_name) && !$this->config->offsetExists('ci_tests_no_lock_posting'))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->cache->put($this->lock_name, true, $this->config['flood_interval']);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -1429,7 +1429,14 @@ if ($submit || $preview || $refresh)
|
||||
// Store message, sync counters
|
||||
if (!count($error) && $submit)
|
||||
{
|
||||
if ($submit)
|
||||
/** @var \phpbb\lock\posting $posting_lock */
|
||||
$posting_lock = $phpbb_container->get('posting.lock');
|
||||
|
||||
// Get creation time and form token, must be already checked at this point
|
||||
$creation_time = abs($request->variable('creation_time', 0));
|
||||
$form_token = $request->variable('form_token', '');
|
||||
|
||||
if ($posting_lock->acquire($creation_time, $form_token))
|
||||
{
|
||||
// Lock/Unlock Topic
|
||||
$change_topic_status = $post_data['topic_status'];
|
||||
@@ -1620,6 +1627,11 @@ if ($submit || $preview || $refresh)
|
||||
|
||||
redirect($redirect_url);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Posting was already locked before, hence form submission was already attempted once and is now invalid
|
||||
$error[] = $language->lang('FORM_INVALID');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -337,6 +337,29 @@ $('[data-ajax]').each(function() {
|
||||
}
|
||||
});
|
||||
|
||||
// Prevent accidental double submission of form
|
||||
$('[data-prevent-flood] input[type=submit]').click(function(event) {
|
||||
const $submitButton = $(this); // Store the button element
|
||||
const $form = $submitButton.closest('form');
|
||||
|
||||
// Always add the disabled class for visual feedback
|
||||
$submitButton.addClass('disabled');
|
||||
|
||||
// Submit form if it hasn't been submitted yet
|
||||
if (!$form.prop('data-form-submitted')) {
|
||||
$form.prop('data-form-submitted', true);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Prevent default submission for subsequent clicks within 5 seconds
|
||||
event.preventDefault();
|
||||
|
||||
setTimeout(() => {
|
||||
$form.prop('removeProp', 'data-form-submitted');
|
||||
$submitButton.removeClass('disabled'); // Re-enable after 5 seconds
|
||||
}, 5000);
|
||||
});
|
||||
|
||||
/**
|
||||
* This simply appends #preview to the action of the
|
||||
|
||||
@@ -100,7 +100,7 @@
|
||||
<!-- IF not S_SHOW_DRAFTS and not $SIG_EDIT eq 1 -->
|
||||
<div class="panel bg2">
|
||||
<div class="inner">
|
||||
<fieldset class="submit-buttons">
|
||||
<fieldset class="submit-buttons" data-prevent-flood>
|
||||
{S_HIDDEN_ADDRESS_FIELD}
|
||||
{S_HIDDEN_FIELDS}
|
||||
<!-- EVENT posting_editor_submit_buttons -->
|
||||
|
||||
Reference in New Issue
Block a user