Require POST method for action=purge, to prevent bots from hitting it
This commit is contained in:
Tim Starling
parent
451b25a36f
commit
06e5561545
4 changed files with 38 additions and 6 deletions
|
|
@ -209,6 +209,7 @@ fully support the editing toolbar, but was found to be too confusing.
|
|||
* (bug 2392) Fix Atom items content type, upgrade to Atom 1.0
|
||||
* Allow $wgFeedCacheTimeout of 0 to disable feed caching
|
||||
* Fix WebRequest::getRequestURL() to strip off the host bits squid prepends
|
||||
* Require POST for action=purge, to stop bots from purging the cache
|
||||
|
||||
=== Caveats ===
|
||||
|
||||
|
|
|
|||
|
|
@ -912,6 +912,38 @@ class Article {
|
|||
$wgOut->setArticleBodyOnly(true);
|
||||
$this->view();
|
||||
}
|
||||
|
||||
function purge() {
|
||||
global $wgRequest, $wgOut, $wgUseSquid;
|
||||
|
||||
if ( $wgRequest->wasPosted() ) {
|
||||
// Invalidate the cache
|
||||
$this->mTitle->invalidateCache();
|
||||
|
||||
if ( $wgUseSquid ) {
|
||||
// Commit the transaction before the purge is sent
|
||||
$dbw = wfGetDB( DB_MASTER );
|
||||
$dbw->immediateCommit();
|
||||
|
||||
// Send purge
|
||||
$update = SquidUpdate::newSimplePurge( $this->mTitle );
|
||||
$update->doUpdate();
|
||||
}
|
||||
// Redirect to the article
|
||||
$wgOut->redirect( $this->mTitle->getFullURL() );
|
||||
} else {
|
||||
$msg = $wgOut->parse( wfMsg( 'confirm_purge' ) );
|
||||
$action = $this->mTitle->escapeLocalURL( 'action=purge' );
|
||||
$button = htmlspecialchars( wfMsg( 'confirm_purge_button' ) );
|
||||
$msg = str_replace( '$1',
|
||||
"<form method=\"post\" action=\"$action\">\n" .
|
||||
"<input type=\"submit\" name=\"submit\" value=\"$button\" />\n" .
|
||||
"</form>\n", $msg );
|
||||
|
||||
$wgOut->setPageTitle( $this->mTitle->getPrefixedText() );
|
||||
$wgOut->addHTML( $msg );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Insert a new empty page record for this article.
|
||||
|
|
|
|||
|
|
@ -189,6 +189,7 @@ if( !$wgDisableInternalSearch && !is_null( $search ) && $search !== '' ) {
|
|||
case 'validate':
|
||||
case 'render':
|
||||
case 'deletetrackback':
|
||||
case 'purge':
|
||||
$wgArticle->$action();
|
||||
break;
|
||||
case 'print':
|
||||
|
|
@ -250,12 +251,6 @@ if( !$wgDisableInternalSearch && !is_null( $search ) && $search !== '' ) {
|
|||
$raw = new RawPage( $wgArticle );
|
||||
$raw->view();
|
||||
break;
|
||||
case 'purge':
|
||||
wfPurgeSquidServers(array($wgTitle->getInternalURL()));
|
||||
$wgOut->setSquidMaxage( $wgSquidMaxage );
|
||||
$wgTitle->invalidateCache();
|
||||
$wgArticle->view();
|
||||
break;
|
||||
default:
|
||||
if (wfRunHooks('UnknownAction', array($action, $wgArticle))) {
|
||||
$wgOut->errorpage( 'nosuchaction', 'nosuchactiontext' );
|
||||
|
|
|
|||
|
|
@ -2190,6 +2190,10 @@ Please confirm that really want to recreate this article.',
|
|||
# HTML dump
|
||||
'redirectingto' => 'Redirecting to [[$1]]...',
|
||||
|
||||
# action=purge
|
||||
'confirm_purge' => "Clear the cache of this page?\n\n$1",
|
||||
'confirm_purge_button' => 'OK',
|
||||
|
||||
);
|
||||
|
||||
/* a fake language converter */
|
||||
|
|
|
|||
Loading…
Reference in a new issue