Limit maximal numver of fields to 4096

nijel · nijel · commit 5a28b63f9c3f · 2016-07-22T16:00:23.000+02:00
Signed-off-by: Michal Čihař &lt;michal@cihar.com&gt;
diff --git a/tbl_addfield.php b/tbl_addfield.php
@@ -37,10 +37,13 @@
     if (isset($_REQUEST['orig_field_where'])) {
         $_REQUEST['field_where'] = $_REQUEST['orig_field_where'];
     }
-    $num_fields = $_REQUEST['orig_num_fields'] + $_REQUEST['added_fields'];
+    $num_fields = min(
+        intval($_REQUEST['orig_num_fields']) + intval($_REQUEST['added_fields']),
+        4096
+    );
     $regenerate = true;
 } elseif (isset($_REQUEST['num_fields']) && intval($_REQUEST['num_fields']) > 0) {
-    $num_fields = (int) $_REQUEST['num_fields'];
+    $num_fields = min(4096, intval($_REQUEST['num_fields']));
 } else {
     $num_fields = 1;
 }
diff --git a/tbl_create.php b/tbl_create.php
@@ -41,9 +41,12 @@
 // check number of fields to be created
 if (isset($_REQUEST['submit_num_fields'])) {
     $regenerate = true; // for libraries/tbl_columns_definition_form.inc.php
-    $num_fields = $_REQUEST['orig_num_fields'] + $_REQUEST['added_fields'];
+    $num_fields = min(
+        intval($_REQUEST['orig_num_fields']) + intval($_REQUEST['added_fields']),
+        4096
+    );
 } elseif (isset($_REQUEST['num_fields']) && intval($_REQUEST['num_fields']) > 0) {
-    $num_fields = (int) $_REQUEST['num_fields'];
+    $num_fields = min(4096, intval($_REQUEST['num_fields']));
 } else {
     $num_fields = 4;
 }
