summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-07-15 09:02:19 +0200
committerByron Jones <glob@mozilla.com>2015-07-15 09:02:19 +0200
commite2635d9f405ec8b6f22b58d2ec1ec72c22d91df2 (patch)
treec502cfb9479ee53c811d0e0cb5dd0e590ea7ce94
parent7a87266845224adb56547f775ddbb01914a73d7f (diff)
downloadbugzilla-e2635d9f405ec8b6f22b58d2ec1ec72c22d91df2.tar.gz
bugzilla-e2635d9f405ec8b6f22b58d2ec1ec72c22d91df2.tar.xz
Bug 1183975 - limit the number of accounts a new user can add to any multi-user field
-rw-r--r--Bugzilla/Bug.pm2
-rw-r--r--Bugzilla/Flag.pm1
-rw-r--r--extensions/AntiSpam/Extension.pm27
-rw-r--r--extensions/AntiSpam/lib/Config.pm4
-rw-r--r--extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl12
-rw-r--r--extensions/Review/Extension.pm6
-rw-r--r--extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl4
7 files changed, 39 insertions, 17 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index d105dd005..042f9c801 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -2665,7 +2665,7 @@ sub set_estimated_time { $_[0]->set('estimated_time', $_[1]); }
sub _set_everconfirmed { $_[0]->set('everconfirmed', $_[1]); }
sub set_flags {
my ($self, $flags, $new_flags) = @_;
-
+ Bugzilla::Hook::process('bug_set_flags', { bug => $self, flags => $flags, new_flags => $new_flags });
Bugzilla::Flag->set_flag($self, $_) foreach (@$flags, @$new_flags);
}
sub set_op_sys { $_[0]->set('op_sys', $_[1]); }
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index 830c60a57..07041bd79 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -1014,6 +1014,7 @@ sub notify {
}
my $cc_list = $flag ? $flag->type->cc_list : $old_flag->type->cc_list;
+ $cc_list //= '';
# Is there someone to notify?
return unless ($addressee || $cc_list);
diff --git a/extensions/AntiSpam/Extension.pm b/extensions/AntiSpam/Extension.pm
index d8981071c..ad8914bd0 100644
--- a/extensions/AntiSpam/Extension.pm
+++ b/extensions/AntiSpam/Extension.pm
@@ -126,9 +126,13 @@ sub _ip_blocking {
}
#
-# cc count restrictions
+# cc/flag/etc count restrictions
#
+sub _is_limited_user {
+ return Bugzilla->user->creation_age < Bugzilla->params->{antispam_multi_user_limit_age};
+}
+
sub bug_before_create {
my ($self, $args) = @_;
$self->_cc_limit($args->{params}, 'cc');
@@ -141,15 +145,12 @@ sub bug_start_of_set_all {
sub _cc_limit {
my ($self, $params, $cc_field) = @_;
+ return unless _is_limited_user();
return unless exists $params->{$cc_field};
- my $user = Bugzilla->user;
my $cc_count = ref($params->{$cc_field}) ? scalar(@{ $params->{$cc_field} }) : 1;
- my $limit_count = Bugzilla->params->{antispam_cc_limit_count};
- my $limit_age = Bugzilla->params->{antispam_cc_limit_age};
-
- if ($cc_count > $limit_count && $user->creation_age < $limit_age) {
- _syslog(sprintf("[audit] blocked <%s> from CC'ing %s users", $user->login, $cc_count));
+ if ($cc_count > Bugzilla->params->{antispam_multi_user_limit_count}) {
+ _syslog(sprintf("[audit] blocked <%s> from CC'ing %s users", Bugzilla->user->login, $cc_count));
delete $params->{$cc_field};
if (exists $params->{cc} && exists $params->{cc}->{add}) {
delete $params->{cc}->{add};
@@ -157,6 +158,18 @@ sub _cc_limit {
}
}
+sub bug_set_flags {
+ my ($self, $args) = @_;
+ return unless _is_limited_user();
+
+ my $flag_count = @{ $args->{new_flags} };
+ if ($flag_count > Bugzilla->params->{antispam_multi_user_limit_count}) {
+ _syslog(sprintf("[audit] blocked <%s> from flaging %s users", Bugzilla->user->login, $flag_count));
+ # empty the arrayref
+ $#{ $args->{new_flags} } = -1;
+ }
+}
+
#
# spam user disabling
#
diff --git a/extensions/AntiSpam/lib/Config.pm b/extensions/AntiSpam/lib/Config.pm
index 92ccca175..754907d22 100644
--- a/extensions/AntiSpam/lib/Config.pm
+++ b/extensions/AntiSpam/lib/Config.pm
@@ -62,13 +62,13 @@ sub get_param_list {
"guidelines."
},
{
- name => 'antispam_cc_limit_age',
+ name => 'antispam_multi_user_limit_age',
type => 't',
default => '2',
checker => \&check_numeric,
},
{
- name => 'antispam_cc_limit_count',
+ name => 'antispam_multi_user_limit_count',
type => 't',
default => '5',
checker => \&check_numeric,
diff --git a/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl b/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl
index a21f57e4d..d9e73ff55 100644
--- a/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl
+++ b/extensions/AntiSpam/template/en/default/admin/params/antispam.html.tmpl
@@ -34,12 +34,12 @@
"This message will be displayed to the user when they try to log " _
"in after their account is disabled due to abuse."
- antispam_cc_limit_age =>
- "Accounts created fewer than this many days are restricted to CCing " _
- "'antispam_cc_limit_count' users at once."
+ antispam_multi_user_limit_age =>
+ "Accounts created fewer than this many days are restricted to CCing/flag/etc " _
+ "'antispam_multi_user_limit_count' users at once."
- antispam_cc_limit_count =>
- "The maximum number of users new accounts can CC at once. Attempts to " _
- "CC more than this many users will result in zero users being CCed."
+ antispam_multi_user_limit_count =>
+ "The maximum number of users new accounts can CC/flag/etc at once. Attempts to " _
+ "use more than this many users will result in zero users being set."
}
%]
diff --git a/extensions/Review/Extension.pm b/extensions/Review/Extension.pm
index e97269272..ef83b61b4 100644
--- a/extensions/Review/Extension.pm
+++ b/extensions/Review/Extension.pm
@@ -25,6 +25,7 @@ use Bugzilla::User::Setting;
use Bugzilla::Util qw(clean_text datetime_from diff_arrays);
use constant UNAVAILABLE_RE => qr/\b(?:unavailable|pto|away)\b/i;
+use constant MENTOR_LIMIT => 10;
#
# monkey-patched methods
@@ -171,11 +172,14 @@ sub object_validators {
sub _bug_check_bug_mentors {
my ($self, $value) = @_;
my %seen;
- return [
+ my $mentors = [
grep { !$seen{$_->id}++ }
map { Bugzilla::User->check({ name => $_, cache => 1 }) }
ref($value) ? @$value : ($value)
];
+ if (scalar(@$mentors) > MENTOR_LIMIT) {
+ ThrowUserError('mentor_limit_exceeded', { limit => MENTOR_LIMIT });
+ }
}
sub bug_user_match_fields {
diff --git a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl
index aafdb5445..4b8b7dcbf 100644
--- a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl
+++ b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl
@@ -34,4 +34,8 @@
[% requestee.identity FILTER html %] is not currently accepting
'[% flagtype FILTER html %]' requests.
+[% ELSIF error == "mentor_limit_exceeded" %]
+ [% title = "Too Many Mentors" %]
+ You cannot add more than [% limit FILTER html %] mentors to a [% terms.bug %].
+
[% END %]