News:

Support the VirtueMart project and become a member

Main Menu

How to set a hard maximum limit for items per page? vm2.0.6

Started by randomdev, October 25, 2012, 04:20:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

randomdev

October 25, 2012, 04:20:35 AM
I have a category with over 12,000 products and want to make sure a malicious user could not just set &limit=1200 on the url and use this to DOS the site fairly easily.

How would I go about setting a hard $limit? I tried to edit router.php in components/com_virtuemart/ as below but this didnt seem to have any effect?
Code Select

if ( isset($query['limit'] ) ) {
$limit = $query['limit'] ;
                                if ($limit >= 36) { $limit = 36 ;}
unset($query['limit']);
}

randomdev

#1
October 25, 2012, 04:29:20 AM
After a bit of mucking around I found the modification should be in vmmodel.php

Code Select

$limit = $mainframe->getUserStateFromRequest('com_virtuemart.'.$view.'.limit', 'limit',  VmConfig::get('list_limit',20), 'int');
if ($limit >= 36) { $limit = 36;} //added to hard limit products
Print
Go Up Pages1
User actions