Add extra security check to Echo API to prevent vandalism

1. Only trigger mark as read if the unread notification count is > 0
1. Add a limit to the number of notification that can be marked as read
2. Only update those records with read_timestamp = null

Change-Id: I12456c504787f45f594ef9283e98d98692956935

api/ApiEchoNotifications.php

@@ -12,10 +12,15 @@ class ApiEchoNotifications extends ApiQueryBase {
 		}
 
 		$params = $this->extractRequestParams();
-		if ( count( $params['markread'] ) ) {
-			EchoNotificationController::markRead( $user, $params['markread'] );
-		} elseif ( $params['markallread'] ) {
-			EchoNotificationController::markAllRead( $user );
+
+		// There is no need to trigger markRead if all notifications are read
+		if ( EchoNotificationController::getNotificationCount( $user ) > 0 ) {
+			if ( count( $params['markread'] ) ) {
+				// Make sure there is a limit to the update
+				EchoNotificationController::markRead( $user, array_slice( $params['markread'], 0, ApiBase::LIMIT_SML2 ) );
+			} elseif ( $params['markallread'] ) {
+				EchoNotificationController::markAllRead( $user );
+			}
 		}
 
 		$prop = $params['prop'];

includes/DbEchoBackend.php

@@ -229,6 +229,7 @@ class MWDbEchoBackend extends MWEchoBackend {
 			array(
 				'notification_user' => $user->getId(),
 				'notification_event' => $eventIDs,
+				'notification_read_timestamp' => null,
 			),
 			__METHOD__
 		);