From d6a9fd1c32f07b993cb8ecc3c1b7c22f7a0ce848 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Sun, 22 Mar 2026 13:34:47 +0100
Subject: Add upload security: size limit, per-user and site-wide post caps

Reject base64 payloads over 10 MB, limit users to 50 posts each,
and cap total posts at 10,000 (~650 MB on disk). Document upload
security model in README.
---
 src/app/Models/Post.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/app/Models/Post.php')

diff --git a/src/app/Models/Post.php b/src/app/Models/Post.php
index 66c8c18..e82b0d9 100644
--- a/src/app/Models/Post.php
+++ b/src/app/Models/Post.php
@@ -42,6 +42,13 @@ class Post
         return $stmt->fetchAll();
     }
 
+    public function countByUserId(int $userId): int
+    {
+        $stmt = $this->pdo->prepare('SELECT COUNT(*) FROM posts WHERE user_id = :user_id');
+        $stmt->execute(['user_id' => $userId]);
+        return (int) $stmt->fetchColumn();
+    }
+
     public function findAllPaginated(int $limit, int $offset): array
     {
         $stmt = $this->pdo->prepare(
-- 
cgit v1.2.3