[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110)
Today, it is possible to call .related and get a huge unlimited
database-dos-inducing resultset that will be nevertheless limited a
bit further in pure python in the `autolimited` view.
While we cannot completely avoid potential denial of services such as
these we mitigate the problem with the default ui settings: if the
inner vid is `autolimited`, then the relation result sets is computed
using the user-defined limit.
This change respects the semantics of the `autolimited` view and
shouldn't break anything.
frombase64importb64decode,b64encodetry:uri,newdn=__args__exceptValueError:print'USAGE: cubicweb-ctl shell <instance> ldap_change_base_dn.py -- <ldap source uri> <new dn>'printprint'you should not have updated your sources file yet'olddn=repo.config.sources()[uri]['user-base-dn']assertolddn!=newdnraw_input("Ensure you've stopped the instance, type enter when done.")foreid,extidinsql("SELECT eid, extid FROM entities WHERE source='%s'"%uri):olduserdn=b64decode(extid)newuserdn=olduserdn.replace(olddn,newdn)ifnewuserdn!=olduserdn:printolduserdn,'->',newuserdnsql("UPDATE entities SET extid='%s' WHERE eid=%s"%(b64encode(newuserdn),eid))commit()print'you can now update the sources file to the new dn and restart the instance'