From 03c5c117759aca8a3d898c6c4f03da6ddf67e81d Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 1 Sep 2009 20:13:23 -0700
Subject: Allow the RSS feed page size to be customizeable, up to 100 items (to
 mitigate DoS attacks).

Have PicLens request a 100-item page to mitigate the bug where it
refuses to load the 2nd page.

Mitigates #23.
---
 modules/rss/controllers/rss.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'modules/rss')

diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php
index e9dd9fff..b89bed40 100644
--- a/modules/rss/controllers/rss.php
+++ b/modules/rss/controllers/rss.php
@@ -26,13 +26,16 @@ class Rss_Controller extends Controller {
       url::redirect(url::merge(array("page" => 1)));
     }
 
+    // Configurable page size between 1 and 100, default 20
+    $page_size = max(1, min(100, $this->input->get("page_size", self::$page_size)));
+
     // Run the appropriate feed callback
     if (module::is_active($module_id)) {
       $class_name = "{$module_id}_rss";
       if (method_exists($class_name, "feed")) {
         $feed = call_user_func(
           array($class_name, "feed"), $feed_id,
-          ($page - 1) * self::$page_size, self::$page_size, $id);
+          ($page - 1) * $page_size, $page_size, $id);
       }
     }
     if (empty($feed)) {
-- 
cgit v1.2.3