mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 15:25:35 +08:00
SECURITY: Bound the amount of work that embed#topics can do
This commit adds a hidden site setting that limits the maximum number of topics that can be fetched at once via the embed controller.
This commit is contained in:
parent
8f2f9e6afa
commit
0b800d307f
|
@ -41,7 +41,11 @@ class EmbedController < ApplicationController
|
|||
end
|
||||
|
||||
list_options = build_topic_list_options
|
||||
list_options[:per_page] = params[:per_page].to_i if params.has_key?(:per_page)
|
||||
|
||||
if params.has_key?(:per_page)
|
||||
list_options[:per_page] =
|
||||
[params[:per_page].to_i, SiteSetting.embed_topic_limit_per_page].min
|
||||
end
|
||||
|
||||
if params[:allow_create]
|
||||
@allow_create = true
|
||||
|
|
|
@ -1702,6 +1702,9 @@ embedding:
|
|||
embed_post_limit:
|
||||
default: 100
|
||||
hidden: true
|
||||
embed_topic_limit_per_page:
|
||||
default: 200
|
||||
hidden: true
|
||||
embed_title_scrubber:
|
||||
default: ""
|
||||
hidden: true
|
||||
|
|
Loading…
Reference in New Issue
Block a user