fix(files_sharing): rate limit share creation 10 times per 10 minutes

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
author: skjnldsv <skjnldsv@protonmail.com> 2025-02-19 16:10:19 +0100
committer: Joas Schilling <coding@schilljs.com> 2025-04-15 08:45:25 +0200
commit: 338ab643657802c572f8515c8ecc354e34df17c7 (patch)
tree: d956038e203ea2d4253b295565c550ef56119727 /apps/files_sharing
parent: a75f47f216b480768249b0aa32e6321d741c1e66 (diff)
download: nextcloud-server-338ab643657802c572f8515c8ecc354e34df17c7.tar.gz
nextcloud-server-338ab643657802c572f8515c8ecc354e34df17c7.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 1e1d60aae25..cffe82beb1c 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -558,6 +558,7 @@ class ShareAPIController extends OCSController {
 	 * 200: Share created
 	 */
 	#[NoAdminRequired]
+	#[UserRateLimit(limit: 10, period: 600)]
 	public function createShare(
 		?string $path = null,
 		?int $permissions = null,
@@ -2150,7 +2151,7 @@ class ShareAPIController extends OCSController {
 	 * 200: The email notification was sent successfully
 	 */
 	#[NoAdminRequired]
-	#[UserRateLimit(limit: 5, period: 120)]
+	#[UserRateLimit(limit: 10, period: 600)]
 	public function sendShareEmail(string $id, $password = ''): DataResponse {
 		try {
 			$share = $this->getShareById($id);
author	skjnldsv <skjnldsv@protonmail.com>	2025-02-19 16:10:19 +0100
committer	Joas Schilling <coding@schilljs.com>	2025-04-15 08:45:25 +0200
commit	338ab643657802c572f8515c8ecc354e34df17c7 (patch)
tree	d956038e203ea2d4253b295565c550ef56119727 /apps/files_sharing
parent	a75f47f216b480768249b0aa32e6321d741c1e66 (diff)
download	nextcloud-server-338ab643657802c572f8515c8ecc354e34df17c7.tar.gz nextcloud-server-338ab643657802c572f8515c8ecc354e34df17c7.zip