From 75915d081ba165ca535726333eef1e21dfc408f3 Mon Sep 17 00:00:00 2001 From: xiaomlove Date: Fri, 23 May 2025 10:32:43 +0700 Subject: [PATCH] api per_page limit + revert login username case insensitive --- app/Repositories/BaseRepository.php | 7 ++++++- public/takelogin.php | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/Repositories/BaseRepository.php b/app/Repositories/BaseRepository.php index 9a37752a..b4122781 100644 --- a/app/Repositories/BaseRepository.php +++ b/app/Repositories/BaseRepository.php @@ -23,7 +23,12 @@ class BaseRepository protected function getPerPageFromRequest(Request $request) { - return $request->get('per_page'); + $perPage = $request->get('per_page'); + if ($perPage && $perPage > 100) { + do_log("per_page: $perPage > 100", "warning"); + $perPage = 100; + } + return $perPage; } protected function handleAnonymous($username, $user, User $authenticator, Torrent $torrent = null) diff --git a/public/takelogin.php b/public/takelogin.php index 2d8f65e9..398f4b07 100644 --- a/public/takelogin.php +++ b/public/takelogin.php @@ -29,7 +29,7 @@ if ($useChallengeResponse) { } } -$res = sql_query("SELECT id, passhash, secret, auth_key, enabled, status, two_step_secret, lang FROM users WHERE BINARY username = " . sqlesc($username)); +$res = sql_query("SELECT id, passhash, secret, auth_key, enabled, status, two_step_secret, lang FROM users WHERE username = " . sqlesc($username)); $row = mysql_fetch_array($res); if (!$row)