mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-16 13:44:12 +02:00
Code Issues Releases Wiki Activity

Merge pull request #6684 from crowjake/ticket/17365

Browse Source 
[ticket/17365] Prevent search limit being bypassed with operators
This commit is contained in:
Marc Alexander
2024-07-10 22:45:09 +02:00
parent a0092bdd18 c0b81a1a48
commit 17b4838ee3
2 changed files with 85 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/phpbb/search/fulltext_native.php
View File

@@ -299,7 +299,11 @@ class fulltext_native extends \phpbb\search\base
);
$keywords = preg_replace($match, $replace, $keywords);
$num_keywords = count(explode(' ', $keywords));
// Ensure a space exists before +, - and | to make the split and count work correctly
$countable_keywords = preg_replace('/(?<!\s)(\+|\-|\|)/', ' $1', $keywords);
$num_keywords = count(explode(' ', $countable_keywords));
// We limit the number of allowed keywords to minimize load on the database
if ($this->config['max_num_search_keywords'] && $num_keywords > $this->config['max_num_search_keywords'])