[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110)
Today, it is possible to call .related and get a huge unlimited
database-dos-inducing resultset that will be nevertheless limited a
bit further in pure python in the `autolimited` view.
While we cannot completely avoid potential denial of services such as
these we mitigate the problem with the default ui settings: if the
inner vid is `autolimited`, then the relation result sets is computed
using the user-defined limit.
This change respects the semantics of the `autolimited` view and
shouldn't break anything.
"""This module compare the Schema on the file system to the one in the database"""fromcStringIOimportStringIOfromcubicweb.web.schemaviewerimportSchemaViewerfromlogilab.common.ureportsimportTextWriterimportdifflibviewer=SchemaViewer()layout_db=viewer.visit_schema(schema,display_relations=True)layout_fs=viewer.visit_schema(fsschema,display_relations=True)writer=TextWriter()stream_db=StringIO()stream_fs=StringIO()writer.format(layout_db,stream=stream_db)writer.format(layout_fs,stream=stream_fs)stream_db.seek(0)stream_fs.seek(0)db=stream_db.getvalue().splitlines()fs=stream_fs.getvalue().splitlines()open('db_schema.txt','w').write(stream_db.getvalue())open('fs_schema.txt','w').write(stream_fs.getvalue())#for diff in difflib.ndiff(fs, db):# print diff