From 76348ce43f0dc657182746d185f9882d3349cd2c Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Sun, 8 Aug 2010 14:02:34 +0100
Subject: [PATCH] [ticket/9760] Remove unrestricted wildcards from search
 terms.

Wildcards without any further result restrictions will cause phpBB to search
for everything, potentially allowing a DoS attack against the DB server by any
user who can use the search system.

PHPBB3-9760
---
 phpBB/includes/search/fulltext_native.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php
index c89e92711e..727e3aaffb 100644
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
@@ -83,7 +83,9 @@ class fulltext_native extends search_backend
 	{
 		global $db, $user, $config;
 
-		$keywords = trim($this->cleanup($keywords, '+-|()*'));
+		$tokens = '+-|()*';
+
+		$keywords = trim($this->cleanup($keywords, $tokens));
 
 		// allow word|word|word without brackets
 		if ((strpos($keywords, ' ') === false) && (strpos($keywords, '|') !== false) && (strpos($keywords, '(') === false))
@@ -114,6 +116,15 @@ class fulltext_native extends search_backend
 					case ' ':
 						$keywords[$i] = '|';
 					break;
+					case '*':
+						if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0))
+						{
+							if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0))
+							{
+								$keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1);
+							}
+						}
+					break;
 				}
 			}
 			else