Limit maximal number of rows in QBE

User would be lost in them anyway by that count and it prevents DOS.

Signed-off-by: Michal Čihař <michal@cihar.com>

Author: nijel

libraries/DBQbe.class.php

@@ -203,7 +203,10 @@ private function _setSearchParams()
         // sets row count
         $rows = PMA_ifSetOr($_REQUEST['rows'],    0, 'numeric');
         $criteriaRowAdd = PMA_ifSetOr($_REQUEST['criteriaRowAdd'], 0, 'numeric');
-        $this->_criteria_row_count = max($rows + $criteriaRowAdd, 0);
+        $this->_criteria_row_count = min(
+            max($rows + $criteriaRowAdd, 0),
+            100
+        );
 
         $this->_criteriaColumnInsert = PMA_ifSetOr(
             $_REQUEST['criteriaColumnInsert'],