commit: 7c1d804554cd361753f4d6f2d0ac27a9281c885f
parent b686d68cdbe8465148aae4dfc21ec1ec151d04ab
Author: Alex Gleason <alex@alexgleason.me>
Date: Sun, 19 Dec 2021 17:30:52 +0000
Merge branch 'fix-search-dos' into 'develop'
Search: limit number of results (prevent DoS)
See merge request pleroma/pleroma!3563
Diffstat:
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/pleroma/web/mastodon_api/controllers/search_controller.ex b/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
@@ -17,6 +17,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
require Logger
+ @search_limit 40
+
plug(Pleroma.Web.ApiSpec.CastAndValidate)
# Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
@@ -77,7 +79,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
[
resolve: params[:resolve],
following: params[:following],
- limit: params[:limit],
+ limit: min(params[:limit], @search_limit),
offset: params[:offset],
type: params[:type],
author: get_author(params),