StringUtils: Add a utility for checking if a string is a valid regex

[lhc/web/wiklou.git] / includes / specials / SpecialConfirmemail.php

diff --git a/includes/specials/SpecialConfirmemail.php b/includes/specials/SpecialConfirmemail.php
index b51f92f..7f32719 100644 (file)
--- a/includes/specials/SpecialConfirmemail.php
+++ b/includes/specials/SpecialConfirmemail.php
@@ -148,13 +148,20 @@ class EmailConfirmation extends UnlistedSpecialPage {
         * @param string $code Confirmation code
         */
        private function attemptConfirm( $code ) {
-               $user = User::newFromConfirmationCode( $code, User::READ_LATEST );
+               $user = User::newFromConfirmationCode( $code, User::READ_EXCLUSIVE );
                if ( !is_object( $user ) ) {
                        $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
 
                        return;
                }
 
+               // rate limit email confirmations
+               if ( $user->pingLimiter( 'confirmemail' ) ) {
+                       $this->getOutput()->addWikiMsg( 'actionthrottledtext' );
+
+                       return;
+               }
+
                $user->confirmEmail();
                $user->saveSettings();
                $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';