Skip to content

Commit 6770062

Browse files
committed
Limit maximal number of rows in QBE
User would be lost in them anyway by that count and it prevents DOS. Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent b2605eb commit 6770062

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

libraries/DBQbe.class.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,10 @@ private function _setSearchParams()
203203
// sets row count
204204
$rows = PMA_ifSetOr($_REQUEST['rows'], 0, 'numeric');
205205
$criteriaRowAdd = PMA_ifSetOr($_REQUEST['criteriaRowAdd'], 0, 'numeric');
206-
$this->_criteria_row_count = max($rows + $criteriaRowAdd, 0);
206+
$this->_criteria_row_count = min(
207+
max($rows + $criteriaRowAdd, 0),
208+
100
209+
);
207210

208211
$this->_criteriaColumnInsert = PMA_ifSetOr(
209212
$_REQUEST['criteriaColumnInsert'],

0 commit comments

Comments
 (0)