summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2010-12-22 19:23:50 +0100
committerYorhel <git@yorhel.nl>2010-12-22 19:24:00 +0100
commit81c1681ffc46044d902145e442464c069ef1df3e (patch)
treeb17fa5b282b47676a0d4db435d9e609a0059e7c1
parentfa403120fc7c5b417cc21e93ce2f5acb43b5ede4 (diff)
Don't allow page > 100 or sorting on username or title on tag link browser
Performance. Those featues are hardly used, but they can block other visitors when used in bad combinations.
-rw-r--r--ChangeLog1
-rw-r--r--lib/VNDB/Handler/Tags.pm8
2 files changed, 5 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index fac815eb..146cdcf9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,7 @@
- Added vnlists.status filter to /u+/list
- Pass VN tag filters by ID rather than name
- Don't send 'tagspoil' filter when 'tag_inc' isn't active
+ - Don't allow page > 100 or sorting on username or title on tag link browser
2.15 - 2010-12-15
- Removed expand/collapse from history browser and /u+/posts and switched to
diff --git a/lib/VNDB/Handler/Tags.pm b/lib/VNDB/Handler/Tags.pm
index 6e373d04..3d656728 100644
--- a/lib/VNDB/Handler/Tags.pm
+++ b/lib/VNDB/Handler/Tags.pm
@@ -358,12 +358,12 @@ sub taglinks {
my $f = $self->formValidate(
{ name => 'p', required => 0, default => 1, template => 'int' },
{ name => 'o', required => 0, default => 'd', enum => ['a', 'd'] },
- { name => 's', required => 0, default => 'date', enum => [qw|date username title tag|] },
+ { name => 's', required => 0, default => 'date', enum => [qw|date tag|] },
{ name => 'v', required => 0, default => 0, template => 'int' },
{ name => 'u', required => 0, default => 0, template => 'int' },
{ name => 't', required => 0, default => 0, template => 'int' },
);
- return 404 if $f->{_err};
+ return 404 if $f->{_err} || $f->{p} > 100;
my($list, $np) = $self->dbTagLinks(
what => 'details',
@@ -433,11 +433,11 @@ sub taglinks {
sorturl => $url->(s=>0,o=>0),
header => [
[ mt('_taglink_col_date'), 'date' ],
- [ mt('_taglink_col_user'), 'username' ],
+ [ mt('_taglink_col_user') ],
[ mt('_taglink_col_rating') ],
[ mt('_taglink_col_tag'), 'tag' ],
[ mt('_taglink_col_spoiler') ],
- [ mt('_taglink_col_vn'), 'title' ],
+ [ mt('_taglink_col_vn'), ],
],
row => sub {
my($s, $n, $l) = @_;