diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-22 13:34:47 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-22 13:34:47 +0100 |
| commit | d6a9fd1c32f07b993cb8ecc3c1b7c22f7a0ce848 (patch) | |
| tree | 18e21d395cc4043b274b275eeb824d562556c808 /src/app/Models/Post.php | |
| parent | 6a2c38dff48529672411419e1f56df0671f40365 (diff) | |
| download | camagru-d6a9fd1c32f07b993cb8ecc3c1b7c22f7a0ce848.tar.gz camagru-d6a9fd1c32f07b993cb8ecc3c1b7c22f7a0ce848.zip | |
Add upload security: size limit, per-user and site-wide post caps
Reject base64 payloads over 10 MB, limit users to 50 posts each,
and cap total posts at 10,000 (~650 MB on disk). Document upload
security model in README.
Diffstat (limited to 'src/app/Models/Post.php')
| -rw-r--r-- | src/app/Models/Post.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/app/Models/Post.php b/src/app/Models/Post.php index 66c8c18..e82b0d9 100644 --- a/src/app/Models/Post.php +++ b/src/app/Models/Post.php @@ -42,6 +42,13 @@ class Post return $stmt->fetchAll(); } + public function countByUserId(int $userId): int + { + $stmt = $this->pdo->prepare('SELECT COUNT(*) FROM posts WHERE user_id = :user_id'); + $stmt->execute(['user_id' => $userId]); + return (int) $stmt->fetchColumn(); + } + public function findAllPaginated(int $limit, int $offset): array { $stmt = $this->pdo->prepare( |