diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-07-16 08:27:46 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-07-16 08:27:46 +0200 |
| commit | c1d835b6b4a8d1cc987842725e3442b627f81796 (patch) | |
| tree | f39f659f1c48bb8466c56fe46d399cf54356b1b5 | |
| parent | a5d83e12ec0624673ecd237e53eced4f2b8fefd5 (diff) | |
| parent | 4303ae9ae6910d848af92a50bf51c4e43accae73 (diff) | |
| download | forums-c1d835b6b4a8d1cc987842725e3442b627f81796.tar forums-c1d835b6b4a8d1cc987842725e3442b627f81796.tar.gz forums-c1d835b6b4a8d1cc987842725e3442b627f81796.tar.bz2 forums-c1d835b6b4a8d1cc987842725e3442b627f81796.tar.xz forums-c1d835b6b4a8d1cc987842725e3442b627f81796.zip | |
Merge pull request #36 from phpbb/ticket/security/124
[ticket/security/124] Filter out disallowed search query items
| -rw-r--r-- | phpBB/phpbb/search/fulltext_mysql.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/phpBB/phpbb/search/fulltext_mysql.php b/phpBB/phpbb/search/fulltext_mysql.php index f8bda9ae81..64a63e83e0 100644 --- a/phpBB/phpbb/search/fulltext_mysql.php +++ b/phpBB/phpbb/search/fulltext_mysql.php @@ -272,6 +272,27 @@ class fulltext_mysql extends \phpbb\search\base foreach ($this->split_words as $i => $word) { + // Check for not allowed search queries for InnoDB. + // We assume similar restrictions for MyISAM, which is usually even + // slower but not as restrictive as InnoDB. + // InnoDB full-text search does not support the use of a leading + // plus sign with wildcard ('+*'), a plus and minus sign + // combination ('+-'), or leading a plus and minus sign combination. + // InnoDB full-text search only supports leading plus or minus signs. + // For example, InnoDB supports '+apple' but does not support 'apple+'. + // Specifying a trailing plus or minus sign causes InnoDB to report + // a syntax error. InnoDB full-text search does not support the use + // of multiple operators on a single search word, as in this example: + // '++apple'. Use of multiple operators on a single search word + // returns a syntax error to standard out. + // Also, ensure that the wildcard character is only used at the + // end of the line as it's intended by MySQL. + if (preg_match('#^(\+[+-]|\+\*|.+[+-]$|.+\*(?!$))#', $word)) + { + unset($this->split_words[$i]); + continue; + } + $clean_word = preg_replace('#^[+\-|"]#', '', $word); // check word length |