D20158.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D20158.diff
View Options

	diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
	--- a/src/__phutil_library_map__.php
	+++ b/src/__phutil_library_map__.php
	@@ -4986,6 +4986,7 @@
	'PhortuneAccountViewController' => 'applications/phortune/controller/account/PhortuneAccountViewController.php',
	'PhortuneAdHocCart' => 'applications/phortune/cart/PhortuneAdHocCart.php',
	'PhortuneAdHocProduct' => 'applications/phortune/product/PhortuneAdHocProduct.php',
	+ 'PhortuneAddPaymentMethodAction' => 'applications/phortune/action/PhortuneAddPaymentMethodAction.php',
	'PhortuneCart' => 'applications/phortune/storage/PhortuneCart.php',
	'PhortuneCartAcceptController' => 'applications/phortune/controller/cart/PhortuneCartAcceptController.php',
	'PhortuneCartCancelController' => 'applications/phortune/controller/cart/PhortuneCartCancelController.php',
	@@ -11227,6 +11228,7 @@
	'PhortuneAccountViewController' => 'PhortuneAccountProfileController',
	'PhortuneAdHocCart' => 'PhortuneCartImplementation',
	'PhortuneAdHocProduct' => 'PhortuneProductImplementation',
	+ 'PhortuneAddPaymentMethodAction' => 'PhabricatorSystemAction',
	'PhortuneCart' => array(
	'PhortuneDAO',
	'PhabricatorApplicationTransactionInterface',
	diff --git a/src/applications/phortune/action/PhortuneAddPaymentMethodAction.php b/src/applications/phortune/action/PhortuneAddPaymentMethodAction.php
	new file mode 100644
	--- /dev/null
	+++ b/src/applications/phortune/action/PhortuneAddPaymentMethodAction.php
	@@ -0,0 +1,22 @@
	+<?php
	+
	+final class PhortuneAddPaymentMethodAction
	+ extends PhabricatorSystemAction {
	+
	+ const TYPECONST = 'phortune.payment-method.add';
	+
	+ public function getActionConstant() {
	+ return self::TYPECONST;
	+ }
	+
	+ public function getScoreThreshold() {
	+ return 60 / phutil_units('1 hour in seconds');
	+ }
	+
	+ public function getLimitExplanation() {
	+ return pht(
	+ 'You are making too many attempts to add payment methods in a short '.
	+ 'period of time.');
	+ }
	+
	+}
	diff --git a/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php b/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php
	--- a/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php
	+++ b/src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php
	@@ -82,6 +82,15 @@
	->setProviderPHID($provider->getProviderConfig()->getPHID())
	->setStatus(PhortunePaymentMethod::STATUS_ACTIVE);

	+ // Limit the rate at which you can attempt to add payment methods. This
	+ // is intended as a line of defense against using Phortune to validate a
	+ // large list of stolen credit card numbers.
	+
	+ PhabricatorSystemActionEngine::willTakeAction(
	+ array($viewer->getPHID()),
	+ new PhortuneAddPaymentMethodAction(),
	+ 1);
	+
	if (!$errors) {
	$errors = $this->processClientErrors(
	$provider,

File Metadata

Mime Type: text/plain
Expires: Mon, Jan 27, 7:52 PM (2 h, 41 m)
Storage Engine: blob
Storage Format: Encrypted (AES-256-CBC)
Storage Handle: 7061745
Default Alt Text: D20158.diff (2 KB)

D20158.diffNo OneTemporaryActions

D20158.diffView Options

File Metadata

Event Timeline

D20158.diff
No OneTemporary
Actions

D20158.diff
View Options