1. Maciej Wisniowski Avatar Maciej Wisniowski
  2. django_datatables_view
  3. django-datatables-view
  4. Issues

max_display_length and length param ignored if greater than 10

Issue #65 invalid
Graeme Pietersz created an issue

limit = min(int(self.request.REQUEST.get('length', 10)), self.max_display_length)

Which means there is no way to load more than 10 items into a table.

I think it would be more useful to have

int(self.request.REQUEST.get('length', self.max_display_length))

Comments (3)

  1. Maciej Wisniowski repo owner

    I think you've missed something. Have a look:

    >>> max_display_length = 100
>>> REQUEST = {}
>>> print( min(int(REQUEST.get('length', 10)), max_display_length))
10
>>> REQUEST = {'length': 50}
>>> print( min(int(REQUEST.get('length', 10)), max_display_length))
50
  2. Graeme Pietersz reporter

    Yes, it works in the second example, but in the first max_display_length is just ignored.

    So you can load more than 10 by using the request parameter, but not by changing max_display_length in a subclass - so you if override max_display_length to be more than it does not work.

  3. Maciej Wisniowski repo owner

    max_display_length, as it name suggests, is an upper limit to the number of the records to be returned. It is not a default value and it is not ignored - as it is used by min(...). If you have a huge table with big number of records, then if some nasty attacker sends a request(s) with a length=99999999 then it would be possible to block your server.

    Number of records to be returned is determined by the 'length' parameter taken from the request - this is a parameter sent by DataTables (https://datatables.net/manual/server-side) which means changing the page size on the client side (datatables javascript) is a way to load more items into a table.

  4. Log in to comment
Assignee
Type
bug
Priority
major
Status
invalid
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!