From 9cecbcb89af7e86d00a4b9fc81db02d681721aa7 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Tue, 31 Dec 2019 19:54:45 +0100
Subject: [PATCH] add todos from github

---
 Controller/ApiController.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Controller/ApiController.php b/Controller/ApiController.php
index bae8c83..13977ae 100644
--- a/Controller/ApiController.php
+++ b/Controller/ApiController.php
@@ -82,13 +82,21 @@ final class ApiController extends Controller
         $filename  = '';
         $rnd       = '';
 
-        // todo: implement limit since this could get exploited
+        $i = 0;
         do {
             $filename  = \sha1(((string) $request->getData('image')) . $rnd);
             $filename .= '.' . $extension;
 
             $rnd = \mt_rand();
-        } while (\file_exists($path . '/' . $filename));
+
+            ++$i;
+        } while (\file_exists($path . '/' . $filename) && $i < 10000);
+
+        // protection against infinite loop
+        if ($i >= 10000) {
+            $this->fillJsonResponse($request, $response, NotificationLevel::ERROR, 'Draw', 'Draw failed.', null);
+            return;
+        }
 
         $fullPath = __DIR__ . '/../../../' . $path . '/' . $filename;