From 339c8f013319f812629bb9a294fb235ada1e888d Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Thu, 14 Jan 2016 10:22:02 +0000
Subject: [PATCH] Clamp pagination limits to at most 1000

---
 synapse/streams/config.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/synapse/streams/config.py b/synapse/streams/config.py
index 8c082bf4e0..4f089bfb94 100644
--- a/synapse/streams/config.py
+++ b/synapse/streams/config.py
@@ -22,6 +22,9 @@ import logging
 logger = logging.getLogger(__name__)
 
 
+MAX_LIMIT = 1000
+
+
 class SourcePaginationConfig(object):
 
     """A configuration object which stores pagination parameters for a
@@ -32,7 +35,7 @@ class SourcePaginationConfig(object):
         self.from_key = from_key
         self.to_key = to_key
         self.direction = 'f' if direction == 'f' else 'b'
-        self.limit = int(limit) if limit is not None else None
+        self.limit = min(int(limit), MAX_LIMIT) if limit is not None else None
 
     def __repr__(self):
         return (
@@ -49,7 +52,7 @@ class PaginationConfig(object):
         self.from_token = from_token
         self.to_token = to_token
         self.direction = 'f' if direction == 'f' else 'b'
-        self.limit = int(limit) if limit is not None else None
+        self.limit = min(int(limit), MAX_LIMIT) if limit is not None else None
 
     @classmethod
     def from_request(cls, request, raise_invalid_params=True,