From: Morten Linderud <morten@linderud.pw> The current package search query is quite poorly optimized and becomes a resource hog when the offsets gets large enough. This DoSes the service. A quick fix is to just ensure we have some limit to the number of hits we return. The current hardcoding of 2500 is based on the following: * 250 hits per page max * 10 pages We can maybe consider having it lower, but it seems easier to just have this a multiple of 250 in the first iteration. Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- web/lib/pkgfuncs.inc.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 8c91571..8075800 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -619,7 +619,7 @@ function pkg_search_page($params, $show_headers=true, $SID="") { /* Sanitize paging variables. */ if (isset($params['O'])) { - $params['O'] = max(intval($params['O']), 0); + $params['O'] = bound(intval($params['O']), 0, 2500); } else { $params['O'] = 0; } @@ -771,9 +771,8 @@ function pkg_search_page($params, $show_headers=true, $SID="") { $result_t = $dbh->query($q_total); if ($result_t) { $row = $result_t->fetch(PDO::FETCH_NUM); - $total = $row[0]; - } - else { + $total = min($row[0], 2500); + } else { $total = 0; } -- 2.28.0