Merge branch 'QA_4_6-security' into master-security

phpmyadmin · Aug 18, 2016 · d3e4fad · d3e4fad
2 parents 16da933 + d62494c
commit d3e4fad
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/libraries/DbQbe.php b/libraries/DbQbe.php
@@ -1946,7 +1946,10 @@ private function _initializeCriteriasCount()
         // sets row count
         $rows = PMA_ifSetOr($_REQUEST['rows'], 0, 'numeric');
         $criteriaRowAdd = PMA_ifSetOr($_REQUEST['criteriaRowAdd'], 0, 'numeric');
-        $this->_criteria_row_count = max($rows + $criteriaRowAdd, 0);
+        $this->_criteria_row_count = min(
+            100,
+            max($rows + $criteriaRowAdd, 0)
+        );
 
         return $criteriaColumnCount;
     }

diff --git a/libraries/SavedSearches.php b/libraries/SavedSearches.php
@@ -160,6 +160,16 @@ public function setCriterias($criterias, $json = false)
             }
         }
 
+        /* Limit amount of rows */
+        if (!isset($data['rows'])) {
+            $data['rows'] = 0;
+        } else {
+            $data['rows'] = min(
+                max(0, intval($data['rows'])),
+                100
+            );
+        }
+
         for ($i = 0; $i <= $data['rows']; $i++) {
             $data['Or' . $i] = $criterias['Or' . $i];
         }