diff options
Diffstat (limited to 'core/Controller/ProfilePageController.php')
-rw-r--r-- | core/Controller/ProfilePageController.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php index 8638da1f4af..73a6be5f65c 100644 --- a/core/Controller/ProfilePageController.php +++ b/core/Controller/ProfilePageController.php @@ -11,14 +11,16 @@ namespace OC\Core\Controller; use OC\Profile\ProfileManager; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\AnonRateLimit; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\Attribute\FrontpageRoute; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\EventDispatcher\IEventDispatcher; use OCP\INavigationManager; use OCP\IRequest; -use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; use OCP\Profile\BeforeTemplateRenderedEvent; @@ -49,6 +51,9 @@ class ProfilePageController extends Controller { * @NoSubAdminRequired */ #[FrontpageRoute(verb: 'GET', url: '/u/{targetUserId}')] + #[BruteForceProtection(action: 'user')] + #[UserRateLimit(limit: 30, period: 120)] + #[AnonRateLimit(limit: 30, period: 120)] public function index(string $targetUserId): TemplateResponse { $profileNotFoundTemplate = new TemplateResponse( 'core', @@ -58,7 +63,11 @@ class ProfilePageController extends Controller { ); $targetUser = $this->userManager->get($targetUserId); - if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) { + if ($targetUser === null) { + $profileNotFoundTemplate->throttle(); + return $profileNotFoundTemplate; + } + if (!$targetUser->isEnabled()) { return $profileNotFoundTemplate; } $visitingUser = $this->userSession->getUser(); |