[aur-dev] [PATCH v2 2/3] Do not allow more than 20 terms in search queries

Lukas Fleischer lfleischer at archlinux.org
Fri May 22 15:29:28 UTC 2015


Specifying a huge number of search terms currently results in complex
SQL queries. In practice, queries with more than 20 terms are rarely
needed. Ignore everything apart from the first 20 keywords to prevent
from potential abuse.

Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
 web/lib/pkgfuncs.inc.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 8fd629f..11ca591 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -601,10 +601,21 @@ function pkg_search_page($SID="") {
 		}
 		else {
 			/* Search by name and description (default). */
+			$count = 0;
+
 			foreach (str_getcsv($_GET['K'], ' ') as $term) {
+				if ($term == "") {
+					continue;
+				}
+
 				$term = "%" . addcslashes($term, '%_') . "%";
 				$q_where .= "AND (Packages.Name LIKE " . $dbh->quote($term) . " OR ";
 				$q_where .= "Description LIKE " . $dbh->quote($term) . ") ";
+
+				$count++;
+				if ($count >= 20) {
+					break;
+				}
 			}
 		}
 	}
-- 
2.4.1


More information about the aur-dev mailing list