Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Require POST method for action=purge, to prevent bots from hitting it

Browse source
This commit is contained in:
Tim Starling 2005-11-07 04:14:15 +00:00
parent 451b25a36f
commit 06e5561545
4 changed files with 38 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
RELEASE-NOTES
View file

@ -209,6 +209,7 @@ fully support the editing toolbar, but was found to be too confusing.
* (bug 2392) Fix Atom items content type, upgrade to Atom 1.0 * (bug 2392) Fix Atom items content type, upgrade to Atom 1.0
* Allow $wgFeedCacheTimeout of 0 to disable feed caching * Allow $wgFeedCacheTimeout of 0 to disable feed caching
* Fix WebRequest::getRequestURL() to strip off the host bits squid prepends * Fix WebRequest::getRequestURL() to strip off the host bits squid prepends
* Require POST for action=purge, to stop bots from purging the cache
=== Caveats === === Caveats ===

32
includes/Article.php
View file

@ -912,6 +912,38 @@ class Article {
$wgOut->setArticleBodyOnly(true); $wgOut->setArticleBodyOnly(true);
$this->view(); $this->view();
} }
function purge() {
global $wgRequest, $wgOut, $wgUseSquid;
if ( $wgRequest->wasPosted() ) {
// Invalidate the cache
$this->mTitle->invalidateCache();
if ( $wgUseSquid ) {
// Commit the transaction before the purge is sent
$dbw = wfGetDB( DB_MASTER );
$dbw->immediateCommit();
// Send purge
$update = SquidUpdate::newSimplePurge( $this->mTitle );
$update->doUpdate();
}
// Redirect to the article
$wgOut->redirect( $this->mTitle->getFullURL() );
} else {
$msg = $wgOut->parse( wfMsg( 'confirm_purge' ) );
$action = $this->mTitle->escapeLocalURL( 'action=purge' );
$button = htmlspecialchars( wfMsg( 'confirm_purge_button' ) );
$msg = str_replace( '$1',
"<form method=\"post\" action=\"$action\">\n" .
"<input type=\"submit\" name=\"submit\" value=\"$button\" />\n" .
"</form>\n", $msg );
$wgOut->setPageTitle( $this->mTitle->getPrefixedText() );
$wgOut->addHTML( $msg );
}
}
/** /**
* Insert a new empty page record for this article. * Insert a new empty page record for this article.

7
index.php
View file

@ -189,6 +189,7 @@ if( !$wgDisableInternalSearch && !is_null( $search ) && $search !== '' ) {
case 'validate': case 'validate':
case 'render': case 'render':
case 'deletetrackback': case 'deletetrackback':
case 'purge':
$wgArticle->$action(); $wgArticle->$action();
break; break;
case 'print': case 'print':
@ -250,12 +251,6 @@ if( !$wgDisableInternalSearch && !is_null( $search ) && $search !== '' ) {
$raw = new RawPage( $wgArticle ); $raw = new RawPage( $wgArticle );
$raw->view(); $raw->view();
break; break;
case 'purge':
wfPurgeSquidServers(array($wgTitle->getInternalURL()));
$wgOut->setSquidMaxage( $wgSquidMaxage );
$wgTitle->invalidateCache();
$wgArticle->view();
break;
default: default:
if (wfRunHooks('UnknownAction', array($action, $wgArticle))) { if (wfRunHooks('UnknownAction', array($action, $wgArticle))) {
$wgOut->errorpage( 'nosuchaction', 'nosuchactiontext' ); $wgOut->errorpage( 'nosuchaction', 'nosuchactiontext' );

4
languages/Language.php
View file

@ -2190,6 +2190,10 @@ Please confirm that really want to recreate this article.',
# HTML dump # HTML dump
'redirectingto' => 'Redirecting to [[$1]]...', 'redirectingto' => 'Redirecting to [[$1]]...',
# action=purge
'confirm_purge' => "Clear the cache of this page?\n\n$1",
'confirm_purge_button' => 'OK',
); );
/* a fake language converter */ /* a fake language converter */