fixes #12034 - disallow fetching more than 100 visits in the visitor profile

author: sgiehl <stefan@piwik.org> 2017-09-13 15:56:55 +0300
committer: sgiehl <stefan@piwik.org> 2017-09-13 15:56:55 +0300
commit: 9f861cc2019edf056d9e4a1f07dbb07da2960402 (patch)
tree: 1ffcf0af25777322d5a37542aa2afa6b8ab8ec3d /plugins
parent: 82c79d08a8ac29b01d8de413db4314abc3085bc5 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/plugins/Live/Controller.php b/plugins/Live/Controller.php
index cdcbea995c..7256eccdc2 100644
--- a/plugins/Live/Controller.php
+++ b/plugins/Live/Controller.php
@@ -144,6 +144,11 @@ class Controller extends \Piwik\Plugin\Controller
     {
         $filterLimit = Common::getRequestVar('filter_offset', 0, 'int');
         $startCounter = Common::getRequestVar('start_number', 0, 'int');
+
+        if ($startCounter >= API::VISITOR_PROFILE_MAX_VISITS_TO_AGGREGATE) {
+            return; // do not return more visits than configured for profile
+        }
+
         $nextVisits = Request::processRequest('Live.getLastVisitsDetails', array(
                                                                                 'segment'                 => self::getSegmentWithVisitorId(),
                                                                                 'filter_limit'            => VisitorProfile::VISITOR_PROFILE_MAX_VISITS_TO_SHOW,
author	sgiehl <stefan@piwik.org>	2017-09-13 15:56:55 +0300
committer	sgiehl <stefan@piwik.org>	2017-09-13 15:56:55 +0300
commit	9f861cc2019edf056d9e4a1f07dbb07da2960402 (patch)
tree	1ffcf0af25777322d5a37542aa2afa6b8ab8ec3d /plugins
parent	82c79d08a8ac29b01d8de413db4314abc3085bc5 (diff)