[aur-dev] [PATCH] aurjson.class.php: Limit number of RPC results
With no limit to the number of results, memory_limit set to 32M can easily be exceeded for searches that have a large number of results. This results in an HTTP error 500 for those queries. Limit results to 5000 packages to avoid exceeding memory_limit. Introduce new JSON error code for when the result limit is hit. Fixes FS#31849 Signed-off-by: canyonknight <canyonknight@gmail.com> --- It doesn't have to be 5000. That's just a safe arbitrary number I came up with during testing. web/lib/aurjson.class.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index fbdc711..5701697 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -149,6 +149,10 @@ class AurJSON { } } + if ($resultcount === 5000) { + return $this->json_error('Too many package results.'); + } + return $this->json_results($type, $resultcount, $search_data); } else { @@ -198,7 +202,8 @@ class AurJSON { $keyword_string = $this->dbh->quote("%" . addcslashes($keyword_string, '%_') . "%"); $where_condition = "(Name LIKE {$keyword_string} OR "; - $where_condition.= "Description LIKE {$keyword_string})"; + $where_condition.= "Description LIKE {$keyword_string}) "; + $where_condition.= "LIMIT 5000"; return $this->process_query('search', $where_condition); } @@ -238,17 +243,19 @@ class AurJSON { $where_condition = ""; if ($ids) { $ids_value = implode(',', $args['ids']); - $where_condition .= "ID IN ({$ids_value})"; + $where_condition .= "ID IN ({$ids_value}) "; } if ($ids && $names) { - $where_condition .= " OR "; + $where_condition .= "OR "; } if ($names) { // individual names were quoted in parse_multiinfo_args() $names_value = implode(',', $args['names']); - $where_condition .= "Name IN ({$names_value})"; + $where_condition .= "Name IN ({$names_value}) "; } + $where_condition .= "LIMIT 5000"; + return $this->process_query('multiinfo', $where_condition); } @@ -260,7 +267,8 @@ class AurJSON { private function msearch($maintainer) { $maintainer = $this->dbh->quote($maintainer); - $where_condition = "Users.Username = {$maintainer}"; + $where_condition = "Users.Username = {$maintainer} "; + $where_condition .= "LIMIT 5000"; return $this->process_query('msearch', $where_condition); } -- 1.7.12.3
On Thu, Oct 18, 2012 at 4:52 PM, canyonknight <canyonknight@gmail.com> wrote:
With no limit to the number of results, memory_limit set to 32M can easily be exceeded for searches that have a large number of results. This results in an HTTP error 500 for those queries.
Limit results to 5000 packages to avoid exceeding memory_limit. Introduce new JSON error code for when the result limit is hit.
Fixes FS#31849
Signed-off-by: canyonknight <canyonknight@gmail.com> ---
It doesn't have to be 5000. That's just a safe arbitrary number I came up with during testing.
Loui suggested this should be configurable in config.inc.php That sounds like a good idea, so I'll be re-submitting this one.
web/lib/aurjson.class.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index fbdc711..5701697 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -149,6 +149,10 @@ class AurJSON { } }
+ if ($resultcount === 5000) { + return $this->json_error('Too many package results.'); + } + return $this->json_results($type, $resultcount, $search_data); } else { @@ -198,7 +202,8 @@ class AurJSON { $keyword_string = $this->dbh->quote("%" . addcslashes($keyword_string, '%_') . "%");
$where_condition = "(Name LIKE {$keyword_string} OR "; - $where_condition.= "Description LIKE {$keyword_string})"; + $where_condition.= "Description LIKE {$keyword_string}) "; + $where_condition.= "LIMIT 5000";
return $this->process_query('search', $where_condition); } @@ -238,17 +243,19 @@ class AurJSON { $where_condition = ""; if ($ids) { $ids_value = implode(',', $args['ids']); - $where_condition .= "ID IN ({$ids_value})"; + $where_condition .= "ID IN ({$ids_value}) "; } if ($ids && $names) { - $where_condition .= " OR "; + $where_condition .= "OR "; } if ($names) { // individual names were quoted in parse_multiinfo_args() $names_value = implode(',', $args['names']); - $where_condition .= "Name IN ({$names_value})"; + $where_condition .= "Name IN ({$names_value}) "; }
+ $where_condition .= "LIMIT 5000"; + return $this->process_query('multiinfo', $where_condition); }
@@ -260,7 +267,8 @@ class AurJSON { private function msearch($maintainer) { $maintainer = $this->dbh->quote($maintainer);
- $where_condition = "Users.Username = {$maintainer}"; + $where_condition = "Users.Username = {$maintainer} "; + $where_condition .= "LIMIT 5000";
return $this->process_query('msearch', $where_condition); } -- 1.7.12.3
participants (2)
-
canyonknight
-
canyonknight@gmail.com