diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-06-18 12:15:46 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-06-18 12:15:46 +0200 |
| commit | 4303ae9ae6910d848af92a50bf51c4e43accae73 (patch) | |
| tree | 3c5160f079b6287ee1b1263731bea8c71122d812 /phpBB/phpbb/search | |
| parent | 1c4f49249ffe8457914372b08b15056ad5d38085 (diff) | |
| download | forums-4303ae9ae6910d848af92a50bf51c4e43accae73.tar forums-4303ae9ae6910d848af92a50bf51c4e43accae73.tar.gz forums-4303ae9ae6910d848af92a50bf51c4e43accae73.tar.bz2 forums-4303ae9ae6910d848af92a50bf51c4e43accae73.tar.xz forums-4303ae9ae6910d848af92a50bf51c4e43accae73.zip | |
[ticket/security/124] Filter out disallowed search query items
SECURITY-124
Diffstat (limited to 'phpBB/phpbb/search')
| -rw-r--r-- | phpBB/phpbb/search/fulltext_mysql.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/phpBB/phpbb/search/fulltext_mysql.php b/phpBB/phpbb/search/fulltext_mysql.php index f8bda9ae81..64a63e83e0 100644 --- a/phpBB/phpbb/search/fulltext_mysql.php +++ b/phpBB/phpbb/search/fulltext_mysql.php @@ -272,6 +272,27 @@ class fulltext_mysql extends \phpbb\search\base foreach ($this->split_words as $i => $word) { + // Check for not allowed search queries for InnoDB. + // We assume similar restrictions for MyISAM, which is usually even + // slower but not as restrictive as InnoDB. + // InnoDB full-text search does not support the use of a leading + // plus sign with wildcard ('+*'), a plus and minus sign + // combination ('+-'), or leading a plus and minus sign combination. + // InnoDB full-text search only supports leading plus or minus signs. + // For example, InnoDB supports '+apple' but does not support 'apple+'. + // Specifying a trailing plus or minus sign causes InnoDB to report + // a syntax error. InnoDB full-text search does not support the use + // of multiple operators on a single search word, as in this example: + // '++apple'. Use of multiple operators on a single search word + // returns a syntax error to standard out. + // Also, ensure that the wildcard character is only used at the + // end of the line as it's intended by MySQL. + if (preg_match('#^(\+[+-]|\+\*|.+[+-]$|.+\*(?!$))#', $word)) + { + unset($this->split_words[$i]); + continue; + } + $clean_word = preg_replace('#^[+\-|"]#', '', $word); // check word length |