aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/ProfilePageController.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/Controller/ProfilePageController.php')
-rw-r--r--core/Controller/ProfilePageController.php13
1 files changed, 11 insertions, 2 deletions
diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php
index 8638da1f4af..73a6be5f65c 100644
--- a/core/Controller/ProfilePageController.php
+++ b/core/Controller/ProfilePageController.php
@@ -11,14 +11,16 @@ namespace OC\Core\Controller;
use OC\Profile\ProfileManager;
use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\INavigationManager;
use OCP\IRequest;
-use OCP\IUser;
use OCP\IUserManager;
use OCP\IUserSession;
use OCP\Profile\BeforeTemplateRenderedEvent;
@@ -49,6 +51,9 @@ class ProfilePageController extends Controller {
* @NoSubAdminRequired
*/
#[FrontpageRoute(verb: 'GET', url: '/u/{targetUserId}')]
+ #[BruteForceProtection(action: 'user')]
+ #[UserRateLimit(limit: 30, period: 120)]
+ #[AnonRateLimit(limit: 30, period: 120)]
public function index(string $targetUserId): TemplateResponse {
$profileNotFoundTemplate = new TemplateResponse(
'core',
@@ -58,7 +63,11 @@ class ProfilePageController extends Controller {
);
$targetUser = $this->userManager->get($targetUserId);
- if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) {
+ if ($targetUser === null) {
+ $profileNotFoundTemplate->throttle();
+ return $profileNotFoundTemplate;
+ }
+ if (!$targetUser->isEnabled()) {
return $profileNotFoundTemplate;
}
$visitingUser = $this->userSession->getUser();