diff options
author | Byron Jones <glob@mozilla.com> | 2015-07-15 09:02:19 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-07-15 09:02:19 +0200 |
commit | e2635d9f405ec8b6f22b58d2ec1ec72c22d91df2 (patch) | |
tree | c502cfb9479ee53c811d0e0cb5dd0e590ea7ce94 | |
parent | 7a87266845224adb56547f775ddbb01914a73d7f (diff) | |
download | bugzilla-e2635d9f405ec8b6f22b58d2ec1ec72c22d91df2.tar.gz bugzilla-e2635d9f405ec8b6f22b58d2ec1ec72c22d91df2.tar.xz |
Bug 1183975 - limit the number of accounts a new user can add to any multi-user field
-rw-r--r-- | Bugzilla/Bug.pm | 2 | ||||
-rw-r--r-- | Bugzilla/Flag.pm | 1 | ||||
-rw-r--r-- | extensions/AntiSpam/Extension.pm | 27 | ||||
-rw-r--r-- | extensions/AntiSpam/lib/Config.pm | 4 | ||||
-rw-r--r-- | extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl | 12 | ||||
-rw-r--r-- | extensions/Review/Extension.pm | 6 | ||||
-rw-r--r-- | extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl | 4 |
7 files changed, 39 insertions, 17 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index d105dd005..042f9c801 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -2665,7 +2665,7 @@ sub set_estimated_time { $_[0]->set('estimated_time', $_[1]); } sub _set_everconfirmed { $_[0]->set('everconfirmed', $_[1]); } sub set_flags { my ($self, $flags, $new_flags) = @_; - + Bugzilla::Hook::process('bug_set_flags', { bug => $self, flags => $flags, new_flags => $new_flags }); Bugzilla::Flag->set_flag($self, $_) foreach (@$flags, @$new_flags); } sub set_op_sys { $_[0]->set('op_sys', $_[1]); } diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index 830c60a57..07041bd79 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -1014,6 +1014,7 @@ sub notify { } my $cc_list = $flag ? $flag->type->cc_list : $old_flag->type->cc_list; + $cc_list //= ''; # Is there someone to notify? return unless ($addressee || $cc_list); diff --git a/extensions/AntiSpam/Extension.pm b/extensions/AntiSpam/Extension.pm index d8981071c..ad8914bd0 100644 --- a/extensions/AntiSpam/Extension.pm +++ b/extensions/AntiSpam/Extension.pm @@ -126,9 +126,13 @@ sub _ip_blocking { } # -# cc count restrictions +# cc/flag/etc count restrictions # +sub _is_limited_user { + return Bugzilla->user->creation_age < Bugzilla->params->{antispam_multi_user_limit_age}; +} + sub bug_before_create { my ($self, $args) = @_; $self->_cc_limit($args->{params}, 'cc'); @@ -141,15 +145,12 @@ sub bug_start_of_set_all { sub _cc_limit { my ($self, $params, $cc_field) = @_; + return unless _is_limited_user(); return unless exists $params->{$cc_field}; - my $user = Bugzilla->user; my $cc_count = ref($params->{$cc_field}) ? scalar(@{ $params->{$cc_field} }) : 1; - my $limit_count = Bugzilla->params->{antispam_cc_limit_count}; - my $limit_age = Bugzilla->params->{antispam_cc_limit_age}; - - if ($cc_count > $limit_count && $user->creation_age < $limit_age) { - _syslog(sprintf("[audit] blocked <%s> from CC'ing %s users", $user->login, $cc_count)); + if ($cc_count > Bugzilla->params->{antispam_multi_user_limit_count}) { + _syslog(sprintf("[audit] blocked <%s> from CC'ing %s users", Bugzilla->user->login, $cc_count)); delete $params->{$cc_field}; if (exists $params->{cc} && exists $params->{cc}->{add}) { delete $params->{cc}->{add}; @@ -157,6 +158,18 @@ sub _cc_limit { } } +sub bug_set_flags { + my ($self, $args) = @_; + return unless _is_limited_user(); + + my $flag_count = @{ $args->{new_flags} }; + if ($flag_count > Bugzilla->params->{antispam_multi_user_limit_count}) { + _syslog(sprintf("[audit] blocked <%s> from flaging %s users", Bugzilla->user->login, $flag_count)); + # empty the arrayref + $#{ $args->{new_flags} } = -1; + } +} + # # spam user disabling # diff --git a/extensions/AntiSpam/lib/Config.pm b/extensions/AntiSpam/lib/Config.pm index 92ccca175..754907d22 100644 --- a/extensions/AntiSpam/lib/Config.pm +++ b/extensions/AntiSpam/lib/Config.pm @@ -62,13 +62,13 @@ sub get_param_list { "guidelines." }, { - name => 'antispam_cc_limit_age', + name => 'antispam_multi_user_limit_age', type => 't', default => '2', checker => \&check_numeric, }, { - name => 'antispam_cc_limit_count', + name => 'antispam_multi_user_limit_count', type => 't', default => '5', checker => \&check_numeric, diff --git a/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl b/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl index a21f57e4d..d9e73ff55 100644 --- a/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl +++ b/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl @@ -34,12 +34,12 @@ "This message will be displayed to the user when they try to log " _ "in after their account is disabled due to abuse." - antispam_cc_limit_age => - "Accounts created fewer than this many days are restricted to CCing " _ - "'antispam_cc_limit_count' users at once." + antispam_multi_user_limit_age => + "Accounts created fewer than this many days are restricted to CCing/flag/etc " _ + "'antispam_multi_user_limit_count' users at once." - antispam_cc_limit_count => - "The maximum number of users new accounts can CC at once. Attempts to " _ - "CC more than this many users will result in zero users being CCed." + antispam_multi_user_limit_count => + "The maximum number of users new accounts can CC/flag/etc at once. Attempts to " _ + "use more than this many users will result in zero users being set." } %] diff --git a/extensions/Review/Extension.pm b/extensions/Review/Extension.pm index e97269272..ef83b61b4 100644 --- a/extensions/Review/Extension.pm +++ b/extensions/Review/Extension.pm @@ -25,6 +25,7 @@ use Bugzilla::User::Setting; use Bugzilla::Util qw(clean_text datetime_from diff_arrays); use constant UNAVAILABLE_RE => qr/\b(?:unavailable|pto|away)\b/i; +use constant MENTOR_LIMIT => 10; # # monkey-patched methods @@ -171,11 +172,14 @@ sub object_validators { sub _bug_check_bug_mentors { my ($self, $value) = @_; my %seen; - return [ + my $mentors = [ grep { !$seen{$_->id}++ } map { Bugzilla::User->check({ name => $_, cache => 1 }) } ref($value) ? @$value : ($value) ]; + if (scalar(@$mentors) > MENTOR_LIMIT) { + ThrowUserError('mentor_limit_exceeded', { limit => MENTOR_LIMIT }); + } } sub bug_user_match_fields { diff --git a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl index aafdb5445..4b8b7dcbf 100644 --- a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl +++ b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl @@ -34,4 +34,8 @@ [% requestee.identity FILTER html %] is not currently accepting '[% flagtype FILTER html %]' requests. +[% ELSIF error == "mentor_limit_exceeded" %] + [% title = "Too Many Mentors" %] + You cannot add more than [% limit FILTER html %] mentors to a [% terms.bug %]. + [% END %] |