View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0025492||mantisbt||printing||public||2019-02-19 15:19||2019-02-19 15:56|
|Target Version||Fixed in Version|
|Summary||0025492: Printing (print_all_bug_page) is a perf/security risk|
Live profiling of our server showed that 20,182 queries may be executed by the trivially achieved operation of printing out from "view all issues" when there's no filter. This was an intensive 40 second web request.
There needs to be some kind of control of this. I'd suggest implementing a maximum printable issues feature, that is controlled by access level. If set to zero for an access level then there would be no print button at all. The default config would set it 0 for guests to stop spiders hitting it.
|Tags||No tags attached.|