Commit 0f48341e authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Do not allow more than 20 terms in search queries



Specifying a huge number of search terms currently results in complex
SQL queries. In practice, queries with more than 20 terms are rarely
needed. Ignore everything apart from the first 20 keywords to prevent
from potential abuse.

Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent 20b838a9
......@@ -601,10 +601,21 @@ function pkg_search_page($SID="") {
}
else {
/* Search by name and description (default). */
$count = 0;
foreach (str_getcsv($_GET['K'], ' ') as $term) {
if ($term == "") {
continue;
}
$term = "%" . addcslashes($term, '%_') . "%";
$q_where .= "AND (Packages.Name LIKE " . $dbh->quote($term) . " OR ";
$q_where .= "Description LIKE " . $dbh->quote($term) . ") ";
$count++;
if ($count >= 20) {
break;
}
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment