[aur-dev] [PATCH] aurjson.class.php: Limit number of RPC results

canyonknight at gmail.com canyonknight at gmail.com
Thu Oct 18 18:41:15 EDT 2012 

On Thu, Oct 18, 2012 at 4:52 PM, canyonknight <canyonknight at gmail.com> wrote:
> With no limit to the number of results, memory_limit set to 32M
> can easily be exceeded for searches that have a large number of
> results. This results in an HTTP error 500 for those queries.
>
> Limit results to 5000 packages to avoid exceeding memory_limit.
> Introduce new JSON error code for when the result limit is hit.
>
> Fixes FS#31849
>
> Signed-off-by: canyonknight <canyonknight at gmail.com>
> ---
>
> It doesn't have to be 5000. That's just a safe arbitrary number
> I came up with during testing.

Loui suggested this should be configurable in config.inc.php That
sounds like a good idea, so I'll be re-submitting this one.

>
>  web/lib/aurjson.class.php | 18 +++++++++++++-----
>  1 file changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
> index fbdc711..5701697 100644
> --- a/web/lib/aurjson.class.php
> +++ b/web/lib/aurjson.class.php
> @@ -149,6 +149,10 @@ class AurJSON {
>                  }
>              }
>
> +           if ($resultcount === 5000) {
> +               return $this->json_error('Too many package results.');
> +           }
> +
>              return $this->json_results($type, $resultcount, $search_data);
>          }
>          else {
> @@ -198,7 +202,8 @@ class AurJSON {
>          $keyword_string = $this->dbh->quote("%" . addcslashes($keyword_string, '%_') . "%");
>
>          $where_condition = "(Name LIKE {$keyword_string} OR ";
> -        $where_condition.= "Description LIKE {$keyword_string})";
> +        $where_condition.= "Description LIKE {$keyword_string}) ";
> +        $where_condition.= "LIMIT 5000";
>
>          return $this->process_query('search', $where_condition);
>      }
> @@ -238,17 +243,19 @@ class AurJSON {
>          $where_condition = "";
>          if ($ids) {
>              $ids_value = implode(',', $args['ids']);
> -            $where_condition .= "ID IN ({$ids_value})";
> +            $where_condition .= "ID IN ({$ids_value}) ";
>          }
>          if ($ids && $names) {
> -            $where_condition .= " OR ";
> +            $where_condition .= "OR ";
>          }
>          if ($names) {
>              // individual names were quoted in parse_multiinfo_args()
>              $names_value = implode(',', $args['names']);
> -            $where_condition .= "Name IN ({$names_value})";
> +            $where_condition .= "Name IN ({$names_value}) ";
>          }
>
> +        $where_condition .= "LIMIT 5000";
> +
>          return $this->process_query('multiinfo', $where_condition);
>      }
>
> @@ -260,7 +267,8 @@ class AurJSON {
>      private function msearch($maintainer) {
>          $maintainer = $this->dbh->quote($maintainer);
>
> -        $where_condition = "Users.Username = {$maintainer}";
> +        $where_condition = "Users.Username = {$maintainer} ";
> +        $where_condition .= "LIMIT 5000";
>
>          return $this->process_query('msearch', $where_condition);
>      }
> --
> 1.7.12.3
>

More information about the aur-dev mailing list