external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not allow more than 20 terms in search queries

Browse source 
Specifying a huge number of search terms currently results in complex
SQL queries. In practice, queries with more than 20 terms are rarely
needed. Ignore everything apart from the first 20 keywords to prevent
from potential abuse.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2015-05-22 13:29:59 +02:00
parent 20b838a90c
commit 0f48341ed6
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
web/lib/pkgfuncs.inc.php
View file

@ -601,10 +601,21 @@ function pkg_search_page($SID="") {
}
else {
/* Search by name and description (default). */
$count = 0;
foreach (str_getcsv($_GET['K'], ' ') as $term) {
if ($term == "") {
continue;
}
$term = "%" . addcslashes($term, '%_') . "%";
$q_where .= "AND (Packages.Name LIKE " . $dbh->quote($term) . " OR ";
$q_where .= "Description LIKE " . $dbh->quote($term) . ") ";
$count++;
if ($count >= 20) {
break;
}
}
}
}