XFMG is missing pagination

S

stromb0li

Well-known member
Affected version
2.3.7
When calling /api/media-category/{id}/content all photos for that category load; none of it is paginated, even if passing the page parameter.

For categories/albums with hundreds or thousands of images, this can be abused as a way to attack the server, as it generates enormous responses on request. Currently with just under a thousand photos, I can spike memory utilization to ~100MB+ per request.
 
Last edited:
Fixes (it looks like ablum load is missing as well):
/src/addons/XFMG/Api/Category.php:104
Replace $finder->fetch() with $finder->limitByPage($page, $perPage)->fetch() (fix for loading albums)

/src/addons/XFMG/Api/Category.php:157
Replace $finder->fetch() with $finder->limitByPage($page, $perPage)->fetch() (fix for loading media)
 

Similar threads

B
open graph missing pagination
Replies
0
Views
36
briansol
B
K
Fixed report_view is missing parameter defaultname
Replies
1
Views
34
XF Bug Bot
XF Bug Bot
K
Fixed E-Mail templater is missing params
Replies
11
Views
621
stromb0li
S
K
Fixed \XFMG\Service\Media\Creator is missing method setIsAutomated
Replies
1
Views
3K
XF Bug Bot
XF Bug Bot
Back
Top Bottom