Merge branch 'fix-search-dos' into 'develop' - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: 7c1d804554cd361753f4d6f2d0ac27a9281c885f
parent b686d68cdbe8465148aae4dfc21ec1ec151d04ab
Author: Alex Gleason <alex@alexgleason.me>
Date:   Sun, 19 Dec 2021 17:30:52 +0000

Merge branch 'fix-search-dos' into 'develop'

Search: limit number of results (prevent DoS)

See merge request pleroma/pleroma!3563
Diffstat:
M lib/pleroma/web/mastodon_api/controllers/search_controller.ex 4 +++-

1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/pleroma/web/mastodon_api/controllers/search_controller.ex b/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
@@ -17,6 +17,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
 
   require Logger
 
+  @search_limit 40
+
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 
   # Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
@@ -77,7 +79,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
     [
       resolve: params[:resolve],
       following: params[:following],
-      limit: params[:limit],
+      limit: min(params[:limit], @search_limit),
       offset: params[:offset],
       type: params[:type],
       author: get_author(params),