Try to make some sense of the various CVSdb-related limitation
mechanisms, namely by removing the largely redundant "global" limit
and allowing the per-query row limit (which already exist, too) to do
its work.
While here, remove a poorly conceived (but thankfully unhighlighted)
mechanism for overriding the administrative limit on database rows
which was accessible via URL CGI params.
* lib/viewvc.py
(_legal_params): Remove 'limit' as a legal parameter.
(view_query): No longer allow an undocumented URL parameter to
override the admin-declared SQL row limit. That should have never
been allowed!
* lib/cvsdb.py
(CheckinDatabase.__init__): Remove 'row_limit' parameter and
associated self._row_limit member.
(CheckinDatabase.CreateSQLQueryString): No longer fuss with
self._row_limit. Let the individual query carry the row limit.
(ConnectDatabase): Update call to CheckinDatabase().
* lib/query.py
(form_to_cvsdb_query): Now accept 'cfg' parameter, and set the
query's row limit from the configured defaults.
(run_query): Update call to form_to_cvsdb_query().
* docs/url-reference.html
Remove reference to the 'limit' parameter.
Also:
* CHANGES
Note this change, referring to it as a 'security fix' due to the
ramifications of allowing folks to query your potentially monstrous
database while ignoring your configured response set limits.
git-svn-id: http://viewvc.tigris.org/svn/viewvc/branches/1.0.x@2549 8cb11bc2-c004-0410-86c3-e597b4017df7
53b96700ef