Add rate limiter to Special:ConfirmEmail

[lhc/web/wiklou.git] / includes / specials / SpecialConfirmemail.php

diff --git a/includes/specials/SpecialConfirmemail.php b/includes/specials/SpecialConfirmemail.php
index f494b9d..7f32719 100644 (file)
--- a/includes/specials/SpecialConfirmemail.php
+++ b/includes/specials/SpecialConfirmemail.php
@@ -110,7 +110,7 @@ class EmailConfirmation extends UnlistedSpecialPage {
                                // should never happen, but if so, don't let the user without any message
                                $out->addWikiMsg( 'confirmemail_sent' );
                        } elseif ( $retval instanceof Status && $retval->isGood() ) {
-                               $out->addWikiText( $retval->getValue() );
+                               $out->addWikiTextAsInterface( $retval->getValue() );
                        }
                } else {
                        // date and time are separate parameters to facilitate localisation.
@@ -148,13 +148,20 @@ class EmailConfirmation extends UnlistedSpecialPage {
         * @param string $code Confirmation code
         */
        private function attemptConfirm( $code ) {
-               $user = User::newFromConfirmationCode( $code, User::READ_LATEST );
+               $user = User::newFromConfirmationCode( $code, User::READ_EXCLUSIVE );
                if ( !is_object( $user ) ) {
                        $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
 
                        return;
                }
 
+               // rate limit email confirmations
+               if ( $user->pingLimiter( 'confirmemail' ) ) {
+                       $this->getOutput()->addWikiMsg( 'actionthrottledtext' );
+
+                       return;
+               }
+
                $user->confirmEmail();
                $user->saveSettings();
                $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';