cubicweb: skeleton/hooks.py.tmpl@b84a233cb8b0 (annotated)

[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110) Today, it is possible to call .related and get a huge unlimited database-dos-inducing resultset that will be nevertheless limited a bit further in pure python in the `autolimited` view. While we cannot completely avoid potential denial of services such as these we mitigate the problem with the default ui settings: if the inner vid is `autolimited`, then the relation result sets is computed using the user-defined limit. This change respects the semantics of the `autolimited` view and shouldn't break anything.

8207 c04676b16c59 ([config] add file encoding information to python files (closes #1942655) Katia Saurfelt <katia.saurfelt@logilab.fr> parents: 5423 diff changeset	1	# -- coding: utf-8 --
5423 e15abfdcce38 backport default into stable: stable is now cw 3.8 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5184 diff changeset	2	# copyright %(year)s %(author)s, all rights reserved.
e15abfdcce38 backport default into stable: stable is now cw 3.8 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5184 diff changeset	3	# contact %(author-web-site)s -- mailto:%(author-email)s
e15abfdcce38 backport default into stable: stable is now cw 3.8 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5184 diff changeset	4	#
e15abfdcce38 backport default into stable: stable is now cw 3.8 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5184 diff changeset	5	%(long-license)s
e15abfdcce38 backport default into stable: stable is now cw 3.8 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5184 diff changeset	6	"""%(distname)s specific hooks and operations"""

author	Aurelien Campeas <aurelien.campeas@logilab.fr>
	Tue, 19 Mar 2013 15:30:06 +0100
changeset 8736	b84a233cb8b0
parent 8207	c04676b16c59
permissions	-rw-r--r--