Merge branch 'fix-search-dos' into 'develop'
Search: limit number of results (prevent DoS) See merge request pleroma/pleroma!3563
This commit is contained in:
commit
7c1d804554
|
@ -17,6 +17,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
|
||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
@search_limit 40
|
||||||
|
|
||||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||||
|
|
||||||
# Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
|
# Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
|
||||||
|
@ -77,7 +79,7 @@ defp search_options(params, user) do
|
||||||
[
|
[
|
||||||
resolve: params[:resolve],
|
resolve: params[:resolve],
|
||||||
following: params[:following],
|
following: params[:following],
|
||||||
limit: params[:limit],
|
limit: min(params[:limit], @search_limit),
|
||||||
offset: params[:offset],
|
offset: params[:offset],
|
||||||
type: params[:type],
|
type: params[:type],
|
||||||
author: get_author(params),
|
author: get_author(params),
|
||||||
|
|
Loading…
Reference in a new issue