aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-10-15 18:59:37 +0200
committerKim Alvefur <zash@zash.se>2017-10-15 18:59:37 +0200
commit0ea0b246fad902465b8ee4d6ef24291eb8f3eedc (patch)
tree0ee03715357214bb5fff8ce47257c4835c913ce3
parent669ab5ba133701fa1fae09e5356a9164d42f1cb8 (diff)
downloadprosody-0ea0b246fad902465b8ee4d6ef24291eb8f3eedc.tar.gz
prosody-0ea0b246fad902465b8ee4d6ef24291eb8f3eedc.zip
mod_pubsub: Limit number of items to fetch from archive storage to pubsub#max_items to prevent unbounded query (thanks Martin and lovetox)
-rw-r--r--plugins/mod_pubsub/pubsub.lib.lua10
1 files changed, 7 insertions, 3 deletions
diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua
index 0394c41f..fd3e3768 100644
--- a/plugins/mod_pubsub/pubsub.lib.lua
+++ b/plugins/mod_pubsub/pubsub.lib.lua
@@ -2,6 +2,7 @@ local t_unpack = table.unpack or unpack; -- luacheck: ignore 113
local time_now = os.time;
local st = require "util.stanza";
+local ti = require "util.iterators";
local uuid_generate = require "util.uuid".generate;
local dataform = require"util.dataforms".new;
@@ -340,20 +341,23 @@ local function archive_itemstore(archive, config, user, node, expose_publisher)
module:log("debug", "Creation of itemstore for node %s with config %s", node, config);
local get_set = {};
function get_set:items() -- luacheck: ignore 212/self
- local data, err = archive:find(user);
+ local data, err = archive:find(user, {
+ limit = tonumber(config["pubsub#max_items"]);
+ reverse = true;
+ });
if not data then
module:log("error", "Unable to get items: %s", err);
return true;
end
module:log("debug", "Listed items %s", data);
- return function()
+ return it.reverse(function()
local id, payload, when, publisher = data();
if id == nil then
return;
end
local item = create_encapsulating_item(id, payload, publisher, expose_publisher);
return id, item;
- end;
+ end);
end
function get_set:get(key) -- luacheck: ignore 212/self
local data, err = archive:find(user, {