diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-09-01 20:13:23 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-09-01 20:13:23 -0700 |
| commit | 03c5c117759aca8a3d898c6c4f03da6ddf67e81d (patch) | |
| tree | 04df721065e21eecd8085994593713d7f369583d | |
| parent | 295fc0c14ce938e02bf17c350a50d36b73802ad0 (diff) | |
Allow the RSS feed page size to be customizeable, up to 100 items (to
mitigate DoS attacks).
Have PicLens request a 100-item page to mitigate the bug where it
refuses to load the 2nd page.
Mitigates #23.
| -rw-r--r-- | modules/rss/controllers/rss.php | 5 | ||||
| -rw-r--r-- | modules/slideshow/helpers/slideshow_event.php | 52 |
2 files changed, 34 insertions, 23 deletions
diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php index e9dd9fff..b89bed40 100644 --- a/modules/rss/controllers/rss.php +++ b/modules/rss/controllers/rss.php @@ -26,13 +26,16 @@ class Rss_Controller extends Controller { url::redirect(url::merge(array("page" => 1))); } + // Configurable page size between 1 and 100, default 20 + $page_size = max(1, min(100, $this->input->get("page_size", self::$page_size))); + // Run the appropriate feed callback if (module::is_active($module_id)) { $class_name = "{$module_id}_rss"; if (method_exists($class_name, "feed")) { $feed = call_user_func( array($class_name, "feed"), $feed_id, - ($page - 1) * self::$page_size, self::$page_size, $id); + ($page - 1) * $page_size, $page_size, $id); } } if (empty($feed)) { diff --git a/modules/slideshow/helpers/slideshow_event.php b/modules/slideshow/helpers/slideshow_event.php index 77e296e8..ce26b189 100644 --- a/modules/slideshow/helpers/slideshow_event.php +++ b/modules/slideshow/helpers/slideshow_event.php @@ -31,36 +31,44 @@ class slideshow_event_Core { } static function album_menu($menu, $theme) { - $descendants_count = ORM::factory("item", $theme->item->id) + $descendants_count = ORM::factory("item", $theme->item()->id) ->descendants_count(array("type" => "photo")); if ($descendants_count > 1) { - $menu - ->append(Menu::factory("link") - ->id("slideshow") - ->label(t("View slideshow")) - ->url("javascript:PicLensLite.start(" . - "{maxScale:0,feedUrl:PicLensLite.indexFeeds()[0].url})") - ->css_id("gSlideshowLink")); + $menu->append(Menu::factory("link") + ->id("slideshow") + ->label(t("View slideshow")) + ->url("javascript:PicLensLite.start(" . + "{maxScale:0,feedUrl:'" . self::_feed_url($theme) . "'})") + ->css_id("gSlideshowLink")); } } static function photo_menu($menu, $theme) { - $menu - ->append(Menu::factory("link") - ->id("slideshow") - ->label(t("View slideshow")) - ->url("javascript:PicLensLite.start(" . - "{maxScale:0,feedUrl:PicLensLite.indexFeeds()[0].url})") - ->css_id("gSlideshowLink")); + $menu->append(Menu::factory("link") + ->id("slideshow") + ->label(t("View slideshow")) + ->url("javascript:PicLensLite.start(" . + "{maxScale:0,feedUrl:'" . self::_feed_url($theme) . "'})") + ->css_id("gSlideshowLink")); } static function tag_menu($menu, $theme) { - $menu - ->append(Menu::factory("link") - ->id("slideshow") - ->label(t("View slideshow")) - ->url("javascript:PicLensLite.start(" . - "{maxScale:0,feedUrl:PicLensLite.indexFeeds()[0].url})") - ->css_id("gSlideshowLink")); + $menu->append(Menu::factory("link") + ->id("slideshow") + ->label(t("View slideshow")) + ->url("javascript:PicLensLite.start(" . + "{maxScale:0,feedUrl:'" . self::_feed_url($theme) . "'})") + ->css_id("gSlideshowLink")); + } + + private static function _feed_url($theme) { + if ($item = $theme->item()) { + if (!$item->is_album()) { + $item = $item->parent(); + } + return rss::url("gallery/album/{$item->id}?page_size=100"); + } else { + return rss::url("tag/tag/{$theme->tag()->id}?page_size=100"); + } } } |