diff options
author | Yorhel <git@yorhel.nl> | 2010-12-22 19:23:50 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2010-12-22 19:24:00 +0100 |
commit | 81c1681ffc46044d902145e442464c069ef1df3e (patch) | |
tree | b17fa5b282b47676a0d4db435d9e609a0059e7c1 /lib/VNDB/Handler/Tags.pm | |
parent | fa403120fc7c5b417cc21e93ce2f5acb43b5ede4 (diff) |
Don't allow page > 100 or sorting on username or title on tag link browser
Performance. Those featues are hardly used, but they can block other
visitors when used in bad combinations.
Diffstat (limited to 'lib/VNDB/Handler/Tags.pm')
-rw-r--r-- | lib/VNDB/Handler/Tags.pm | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/VNDB/Handler/Tags.pm b/lib/VNDB/Handler/Tags.pm index 6e373d04..3d656728 100644 --- a/lib/VNDB/Handler/Tags.pm +++ b/lib/VNDB/Handler/Tags.pm @@ -358,12 +358,12 @@ sub taglinks { my $f = $self->formValidate( { name => 'p', required => 0, default => 1, template => 'int' }, { name => 'o', required => 0, default => 'd', enum => ['a', 'd'] }, - { name => 's', required => 0, default => 'date', enum => [qw|date username title tag|] }, + { name => 's', required => 0, default => 'date', enum => [qw|date tag|] }, { name => 'v', required => 0, default => 0, template => 'int' }, { name => 'u', required => 0, default => 0, template => 'int' }, { name => 't', required => 0, default => 0, template => 'int' }, ); - return 404 if $f->{_err}; + return 404 if $f->{_err} || $f->{p} > 100; my($list, $np) = $self->dbTagLinks( what => 'details', @@ -433,11 +433,11 @@ sub taglinks { sorturl => $url->(s=>0,o=>0), header => [ [ mt('_taglink_col_date'), 'date' ], - [ mt('_taglink_col_user'), 'username' ], + [ mt('_taglink_col_user') ], [ mt('_taglink_col_rating') ], [ mt('_taglink_col_tag'), 'tag' ], [ mt('_taglink_col_spoiler') ], - [ mt('_taglink_col_vn'), 'title' ], + [ mt('_taglink_col_vn'), ], ], row => sub { my($s, $n, $l) = @_; |