0001-ContribsPager-Max-limit-500-not-5000.patch
Anomie
Actions

Authored By

	Anomie
	Oct 22 2019, 2:37 PM

Size

1 KB

Referenced Files

None

Subscribers

None

0001-ContribsPager-Max-limit-500-not-5000.patch
View Options

	From 219f8b8ee5db1c77ec2872b0332dbf37c34fb12b Mon Sep 17 00:00:00 2001
	From: Brad Jorsch <bjorsch@wikimedia.org>
	Date: Tue, 22 Oct 2019 10:34:17 -0400
	Subject: [PATCH] ContribsPager: Max limit 500, not 5000

	To reduce the chance of DoS by hitting the relatively expensive query
	done by this special page many times, reduce the maximum allowed limit
	from 5000 to 500.

	Bug: T234450
	Change-Id: If2f6c0cc650884281458a7cd23978b482b1d9842
	---
	includes/specials/pagers/ContribsPager.php \| 12 ++++++++++++
	1 file changed, 12 insertions(+)

	diff --git a/includes/specials/pagers/ContribsPager.php b/includes/specials/pagers/ContribsPager.php
	index 95749ba9a8..53236fd5c2 100644
	--- a/includes/specials/pagers/ContribsPager.php
	+++ b/includes/specials/pagers/ContribsPager.php
	@@ -145,6 +145,18 @@ class ContribsPager extends RangeChronologicalPager {
	$this->mDbSecondary = wfGetDB( DB_REPLICA ); // any random replica DB
	$this->mDb = wfGetDB( DB_REPLICA, 'contributions' );
	$this->templateParser = new TemplateParser();
	+
	+ // Call setLimit() to apply our lower limit (see comment there for details)
	+ $this->setLimit( $this->mLimit );
	+ }
	+
	+ function setLimit( $limit ) {
	+ parent::setLimit( $limit );
	+
	+ // T234450: Lower limit for this special page because the query can be a bit slow
	+ if ( $this->mLimit > 500 ) {
	+ $this->mLimit = 500;
	+ }
	}

	function getDefaultQuery() {
	--
	2.24.0.rc0