diff options
author | Kim Alvefur <zash@zash.se> | 2017-10-15 18:59:37 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2017-10-15 18:59:37 +0200 |
commit | 0ea0b246fad902465b8ee4d6ef24291eb8f3eedc (patch) | |
tree | 0ee03715357214bb5fff8ce47257c4835c913ce3 | |
parent | 669ab5ba133701fa1fae09e5356a9164d42f1cb8 (diff) | |
download | prosody-0ea0b246fad902465b8ee4d6ef24291eb8f3eedc.tar.gz prosody-0ea0b246fad902465b8ee4d6ef24291eb8f3eedc.zip |
mod_pubsub: Limit number of items to fetch from archive storage to pubsub#max_items to prevent unbounded query (thanks Martin and lovetox)
-rw-r--r-- | plugins/mod_pubsub/pubsub.lib.lua | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index 0394c41f..fd3e3768 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -2,6 +2,7 @@ local t_unpack = table.unpack or unpack; -- luacheck: ignore 113 local time_now = os.time; local st = require "util.stanza"; +local ti = require "util.iterators"; local uuid_generate = require "util.uuid".generate; local dataform = require"util.dataforms".new; @@ -340,20 +341,23 @@ local function archive_itemstore(archive, config, user, node, expose_publisher) module:log("debug", "Creation of itemstore for node %s with config %s", node, config); local get_set = {}; function get_set:items() -- luacheck: ignore 212/self - local data, err = archive:find(user); + local data, err = archive:find(user, { + limit = tonumber(config["pubsub#max_items"]); + reverse = true; + }); if not data then module:log("error", "Unable to get items: %s", err); return true; end module:log("debug", "Listed items %s", data); - return function() + return it.reverse(function() local id, payload, when, publisher = data(); if id == nil then return; end local item = create_encapsulating_item(id, payload, publisher, expose_publisher); return id, item; - end; + end); end function get_set:get(key) -- luacheck: ignore 212/self local data, err = archive:find(user, { |