[aur-dev] [PATCH] aurjson.class.php: Limit number of RPC results
canyonknight
canyonknight at gmail.com
Thu Oct 18 16:52:11 EDT 2012
With no limit to the number of results, memory_limit set to 32M
can easily be exceeded for searches that have a large number of
results. This results in an HTTP error 500 for those queries.
Limit results to 5000 packages to avoid exceeding memory_limit.
Introduce new JSON error code for when the result limit is hit.
Fixes FS#31849
Signed-off-by: canyonknight <canyonknight at gmail.com>
---
It doesn't have to be 5000. That's just a safe arbitrary number
I came up with during testing.
web/lib/aurjson.class.php | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index fbdc711..5701697 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -149,6 +149,10 @@ class AurJSON {
}
}
+ if ($resultcount === 5000) {
+ return $this->json_error('Too many package results.');
+ }
+
return $this->json_results($type, $resultcount, $search_data);
}
else {
@@ -198,7 +202,8 @@ class AurJSON {
$keyword_string = $this->dbh->quote("%" . addcslashes($keyword_string, '%_') . "%");
$where_condition = "(Name LIKE {$keyword_string} OR ";
- $where_condition.= "Description LIKE {$keyword_string})";
+ $where_condition.= "Description LIKE {$keyword_string}) ";
+ $where_condition.= "LIMIT 5000";
return $this->process_query('search', $where_condition);
}
@@ -238,17 +243,19 @@ class AurJSON {
$where_condition = "";
if ($ids) {
$ids_value = implode(',', $args['ids']);
- $where_condition .= "ID IN ({$ids_value})";
+ $where_condition .= "ID IN ({$ids_value}) ";
}
if ($ids && $names) {
- $where_condition .= " OR ";
+ $where_condition .= "OR ";
}
if ($names) {
// individual names were quoted in parse_multiinfo_args()
$names_value = implode(',', $args['names']);
- $where_condition .= "Name IN ({$names_value})";
+ $where_condition .= "Name IN ({$names_value}) ";
}
+ $where_condition .= "LIMIT 5000";
+
return $this->process_query('multiinfo', $where_condition);
}
@@ -260,7 +267,8 @@ class AurJSON {
private function msearch($maintainer) {
$maintainer = $this->dbh->quote($maintainer);
- $where_condition = "Users.Username = {$maintainer}";
+ $where_condition = "Users.Username = {$maintainer} ";
+ $where_condition .= "LIMIT 5000";
return $this->process_query('msearch', $where_condition);
}
--
1.7.12.3
More information about the aur-dev
mailing list