Fix a DOS on too large quick searches (too many tokens ==> very large SQL

query)

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/ChangeLog b/ChangeLog
index 19003a9..39d752a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,9 @@ Bug/Wish:
         - #708: Fix title (fix by Laurent Penou from Gadz.org)             -FRU
         - #710: Adding grade do not degrade the database                   -FRU
 
+    * Search:
+        - Fix DOS on too large quick searches                              -FRU
+
     * Xnet:
         - #694: Color of 'Promotion' groups                                -ALK
 

diff --git a/modules/search/classes.inc.php b/modules/search/classes.inc.php
index edebc8c..c682e1e 100644 (file)
--- a/modules/search/classes.inc.php
+++ b/modules/search/classes.inc.php
@@ -252,6 +252,11 @@ class QuickSearch extends SField
 
         $s = preg_replace('!\d+!', ' ', $s);
         $this->strings = preg_split("![^a-zA-Z%]+!",$s, -1, PREG_SPLIT_NO_EMPTY);
+        if (count($this->strings) > 5) {
+            global $page;
+            $page->trig("Tu as indiqué trop d'éléments dans ta recherche, seuls les 5 premiers seront pris en compte");
+            $this->strings = array_slice($this->strings, 0, 5);
+        }
 
         $s = preg_replace('! *- *!', '-', $r);
         $s = preg_replace('!([<>]) *!', ' \1', $s);