[SECURITY] Limit the search results per page 33/46833/2
authorBenni Mack <benni@typo3.org>
Tue, 23 Feb 2016 10:45:20 +0000 (11:45 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2016 10:45:55 +0000 (11:45 +0100)
commit8540f0b93cb84281645f61ca7e42104e02dc9383
tree82255e228d31cf4ccd23b48f5f827b21aa4fd8d0
parent83b9a8333c579dc4067631c4b4a0c5a518f06022
[SECURITY] Limit the search results per page

Indexed Search allows to show up to 100.000
entries per page by configuring the paging
entry via a GET/POST variable, leading to a
possible DoS attack.

The max limit is set to 100 entries per page,
as a reasonable limit for the website search
results.

Resolves: #73458
Releases: master, 7.6, 6.2
Security-Commit: 67574fa84acd54260cd824b759e5cd2e6d23e0d5
Security-Bulletins: TYPO3-CORE-SA-2016-005, 006, 007, 008
Change-Id: Ibec1ed2e35ebdca9f443b76ad59871622b230548
Reviewed-on: https://review.typo3.org/46833
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/indexed_search/Classes/Controller/SearchController.php
typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php