I have a category with over 12,000 products and want to make sure a malicious user could not just set &limit=1200 on the url and use this to DOS the site fairly easily.
How would I go about setting a hard $limit? I tried to edit router.php in components/com_virtuemart/ as below but this didnt seem to have any effect?
if ( isset($query['limit'] ) ) {
$limit = $query['limit'] ;
if ($limit >= 36) { $limit = 36 ;}
unset($query['limit']);
}
After a bit of mucking around I found the modification should be in vmmodel.php
$limit = $mainframe->getUserStateFromRequest('com_virtuemart.'.$view.'.limit', 'limit', VmConfig::get('list_limit',20), 'int');
if ($limit >= 36) { $limit = 36;} //added to hard limit products