mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 15:35:11 +02:00
Code Issues Releases Wiki Activity

[ticket/security/235] Only allow one wildcard in the search query to limit the database load

Browse Source 
SECURITY-235
This commit is contained in:
Derky 2019-04-26 00:56:48 +02:00
parent 8a73eb5f0f
commit da9910850a
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
phpBB/phpbb/search/fulltext_native.php
View File

@ -310,6 +310,15 @@ class fulltext_native extends \phpbb\search\base
$replace = '$1';
$keywords = preg_replace($match, $replace, $keywords);
// Only allow one wildcard in the search query to limit the database load
$match = '#\*#';
$replace = '$1';
$count_wildcards = substr_count($keywords, '*');
// Reverse the string to remove all wildcards except the first one
$keywords = strrev(preg_replace($match, $replace, strrev($keywords), $count_wildcards - 1));
unset($count_wildcards);
// set the search_query which is shown to the user
$this->search_query = $keywords;