From 87b96560146f7ad6431c250a3e26dee0c8802fe2 Mon Sep 17 00:00:00 2001 From: Nathan Glasl Date: Thu, 13 Sep 2018 15:30:19 +1000 Subject: [PATCH] [SECURITY] The page limit now has a maximum. --- README.md | 2 +- src/controllers/MediaHolderController.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 510b7fd..a4eb5c0 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # [mediawesome](https://packagist.org/packages/nglasl/silverstripe-mediawesome) -_The current release is **4.0.3**_ +_The current release is **4.0.4**_ > This module allows creation of dynamic media holders/pages with CMS customisable types and attributes (blogs, events, news, publications), including versioning. diff --git a/src/controllers/MediaHolderController.php b/src/controllers/MediaHolderController.php index 776c2a9..d8efa96 100644 --- a/src/controllers/MediaHolderController.php +++ b/src/controllers/MediaHolderController.php @@ -66,7 +66,7 @@ public function getPaginatedChildren($limit = 5, $sort = 'Date', $order = 'DESC' $request = $this->getRequest(); if($limitVar = $request->getVar('limit')) { - $limit = $limitVar; + $limit = ($limitVar > 100) ? 100 : $limitVar; } if($sortVar = $request->getVar('sort')) { $sort = $sortVar;