Allow the RSS feed page size to be customizeable, up to 100 items (to

mitigate DoS attacks). Have PicLens request a 100-item page to mitigate the bug where it refuses to load the 2nd page. Mitigates #23.
author: Bharat Mediratta <bharat@menalto.com> 2009-09-01 20:13:23 -0700
committer: Bharat Mediratta <bharat@menalto.com> 2009-09-01 20:13:23 -0700
commit: 03c5c117759aca8a3d898c6c4f03da6ddf67e81d (patch)
tree: 04df721065e21eecd8085994593713d7f369583d /modules/rss
parent: 295fc0c14ce938e02bf17c350a50d36b73802ad0 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php
index e9dd9fff..b89bed40 100644
--- a/modules/rss/controllers/rss.php
+++ b/modules/rss/controllers/rss.php
@@ -26,13 +26,16 @@ class Rss_Controller extends Controller {
       url::redirect(url::merge(array("page" => 1)));
     }
 
+    // Configurable page size between 1 and 100, default 20
+    $page_size = max(1, min(100, $this->input->get("page_size", self::$page_size)));
+
     // Run the appropriate feed callback
     if (module::is_active($module_id)) {
       $class_name = "{$module_id}_rss";
       if (method_exists($class_name, "feed")) {
         $feed = call_user_func(
           array($class_name, "feed"), $feed_id,
-          ($page - 1) * self::$page_size, self::$page_size, $id);
+          ($page - 1) * $page_size, $page_size, $id);
       }
     }
     if (empty($feed)) {
author	Bharat Mediratta <bharat@menalto.com>	2009-09-01 20:13:23 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2009-09-01 20:13:23 -0700
commit	03c5c117759aca8a3d898c6c4f03da6ddf67e81d (patch)
tree	04df721065e21eecd8085994593713d7f369583d /modules/rss
parent	295fc0c14ce938e02bf17c350a50d36b73802ad0 (diff)