Changeset 5363
- Timestamp:
- 04/18/2017 10:59:33 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/applications/wordcamp.php
r3366 r5363 49 49 $application_data = validate_data( $_POST ); 50 50 51 if ( is_wp_error( $application_data ) ) { 51 if ( is_rate_limited() ) { 52 $message = 'You have submitted too many applications recently. Please wait and try again in a few hours.'; 53 $notice_classes = 'notice-error'; 54 } else if ( is_wp_error( $application_data ) ) { 52 55 $message = $application_data->get_error_message(); 53 56 $notice_classes = 'notice-error'; … … 67 70 68 71 return ob_get_clean(); 72 } 73 74 /** 75 * Check if the application submitter has been rate limited 76 * 77 * This isn't really designed to protect against DDoS or anything sophisticated; it just prevents us from having 78 * to clean up thousands of fake applications when security researchers use bots to probe for vulnerabilities. 79 * 80 * @return bool 81 */ 82 function is_rate_limited() { 83 $limit = 3; 84 85 $previous_entries = get_posts( array( 86 'post_type' => WCPT_POST_TYPE_ID, 87 'post_status' => 'any', 88 'posts_per_page' => $limit, 89 'orderby' => 'date', 90 'order' => 'DESC', 91 'fields' => 'ids', 92 93 'date_query' => array( 94 array( 95 'column' => 'post_date', 96 'after' => '1 hour ago', 97 'inclusive' => true, 98 ), 99 ), 100 101 'meta_query' => array( 102 array( 103 'key' => '_application_submitter_ip_address', 104 'value' => $_SERVER['REMOTE_ADDR'], 105 ), 106 ), 107 ) ); 108 109 return count( $previous_entries ) >= $limit; 69 110 } 70 111 … … 193 234 // Populate the meta fields 194 235 add_post_meta( $post_id, '_application_data', $data ); 236 add_post_meta( $post_id, '_application_submitter_ip_address', $_SERVER['REMOTE_ADDR'] ); 195 237 196 238 add_post_meta( $post_id, 'Organizer Name', sprintf(
Note: See TracChangeset
for help on using the changeset viewer.