From 25c5edbebfc88cae145b934c5342ae409d0175b2 Mon Sep 17 00:00:00 2001
From: Nathan Glasl <nathan@symbiote.com.au>
Date: Thu, 13 Sep 2018 15:30:19 +1000
Subject: [PATCH] [SECURITY] The page limit now has a maximum.

---
 README.md                  | 2 +-
 code/pages/MediaHolder.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 79e99d8..9868ab3 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # [mediawesome](https://packagist.org/packages/nglasl/silverstripe-mediawesome)
 
-_The current release is **3.0.0**_
+_The current release is **3.0.1**_
 
 > A module for SilverStripe which will allow creation of dynamic media holders/pages with CMS customisable types and attributes (blogs, events, news, publications).
 
diff --git a/code/pages/MediaHolder.php b/code/pages/MediaHolder.php
index f4f7081..21fbdcb 100644
--- a/code/pages/MediaHolder.php
+++ b/code/pages/MediaHolder.php
@@ -196,7 +196,7 @@ public function getPaginatedChildren($limit = 5, $sort = 'Date', $order = 'DESC'
 
 		$request = $this->getRequest();
 		if($limitVar = $request->getVar('limit')) {
-			$limit = $limitVar;
+			$limit = ($limitVar > 100) ? 100 : $limitVar;
 		}
 		if($sortVar = $request->getVar('sort')) {
 			$sort = $sortVar;