diff options
| -rw-r--r-- | src/invidious/user/imports.cr | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/invidious/user/imports.cr b/src/invidious/user/imports.cr index 98a62c17..2ae1dcb1 100644 --- a/src/invidious/user/imports.cr +++ b/src/invidious/user/imports.cr @@ -4,7 +4,15 @@ def parse_subscription_export_csv(csv_content : String) rows = CSV.new(csv_content, headers: true) subscriptions = Array(String).new + # Counter to limit the amount of imports. + # This is intended to prevent DoS. + row_counter = 0 + rows.each do |row| + # Limit to 1200 + row_counter += 1 + break if row_counter > 1_200 + # Channel ID is the first column in the csv export we can't use the header # name, because the header name is localized depending on the # language the user has set on their account |