You clearly have no idea what I’m reporting, do you?
The URL bar has the pagination products per page variable –
https://site.com/category/furniture-and-bedroom/?per_page=600&shop_view=list
“?per_page=600”
This variable in the header SHOULD NOT, EVER trust user-input.
If a product category has 1,000 products, then the user can set “?per_page=1000”. This should NOT be accepted.
The ONLY per_page variables, in the browser, that should be accepted, are the ones set within the admin panel.
If I set “Products per page variations” to: 8,16,32,64, the ONLY variables, in the URL, should be:
?per_page=8
?per_page=16
?per_page=32
?per_page=64
Any values OUTSIDE of these ranges, SHOULD NOT be accepted.
If I visit the link below:
https://site.com/category/furniture-and-bedroom/?per_page=600&shop_view=list
And open this same URL in more than 1 tab, I can easily cause the server/host CPU usage to max out.
DO NOT TRUST USER-INPUT.
Again, the ONLY URLs that should work should be:
https://site.com/category/furniture-and-bedroom/?per_page=8&shop_view=list
https://site.com/category/furniture-and-bedroom/?per_page=16&shop_view=list
https://site.com/category/furniture-and-bedroom/?per_page=32&shop_view=list
https://site.com/category/furniture-and-bedroom/?per_page=64&shop_view=list
NOT:
https://site.com/category/furniture-and-bedroom/?per_page=600&shop_view=list
https://site.com/category/furniture-and-bedroom/?per_page=1000&shop_view=list
This is a SECURITY issue and can cause the consumption of too many resources if the visitor sets the per_page to a ridiculous number, like 600-1000.
