Fixed Commenting on a report allows duplicates / doesn't do flood checking

[Xon]

XenForo_ControllerPublic_Report::actionComment doesn't use preSave()/assertNotFlooding()/save() combo that nearly all other public forms do. This means very basic flood protection doesn't occur so accidently doubleposts are possible.

Additionally, when a report is reopened this state is set independently of the report comment transaction resulting in potentially inconstant report state if the request is terminated.

 

[Mike]

I'm not totally sure what to tag the resolution of this report.

The flood check isn't really designed as an anti-duplicate system, though it does function as that. It's mostly to limit potentially negative behaviors (flooding). In this scenario, this is only accessible to staff, so I don't think that flood checking is necessary. However, applying a duplicate mitigation isn't unreasonable, so I've just applied our JS-based multi submit fix code which should stop a double click, for example. I think I'm going to call this fixed because the comment was mostly surrounding duplicates.

I've also wrapped the commenting code in a transaction, though I don't believe there's any reason it should fail out of the box (beyond things like DB-level issues).