From 8b035281824c5d7f1a6bd685e39a53f5fd2bb430 Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Tue, 11 Sep 2007 10:20:55 +0200 Subject: [PATCH] Fix a DOS on too large quick searches (too many tokens ==> very large SQL query) Signed-off-by: Florent Bruneau --- ChangeLog | 3 +++ modules/search/classes.inc.php | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index 19003a9..39d752a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,9 @@ Bug/Wish: - #708: Fix title (fix by Laurent Penou from Gadz.org) -FRU - #710: Adding grade do not degrade the database -FRU + * Search: + - Fix DOS on too large quick searches -FRU + * Xnet: - #694: Color of 'Promotion' groups -ALK diff --git a/modules/search/classes.inc.php b/modules/search/classes.inc.php index edebc8c..c682e1e 100644 --- a/modules/search/classes.inc.php +++ b/modules/search/classes.inc.php @@ -252,6 +252,11 @@ class QuickSearch extends SField $s = preg_replace('!\d+!', ' ', $s); $this->strings = preg_split("![^a-zA-Z%]+!",$s, -1, PREG_SPLIT_NO_EMPTY); + if (count($this->strings) > 5) { + global $page; + $page->trig("Tu as indiqué trop d'éléments dans ta recherche, seuls les 5 premiers seront pris en compte"); + $this->strings = array_slice($this->strings, 0, 5); + } $s = preg_replace('! *- *!', '-', $r); $s = preg_replace('!([<>]) *!', ' \1', $s); -- 2.1.4