diff options
| author | Chris Smith <toonarmy@phpbb.com> | 2010-08-08 14:02:34 +0100 |
|---|---|---|
| committer | Chris Smith <toonarmy@phpbb.com> | 2010-08-08 14:02:34 +0100 |
| commit | 76348ce43f0dc657182746d185f9882d3349cd2c (patch) | |
| tree | 533f481efa6a4d9b8ccb68d2ea8303e4efc72c28 | |
| parent | 4ac5d5e3527da561c37e24e778bd6dad23e1bf83 (diff) | |
| download | forums-76348ce43f0dc657182746d185f9882d3349cd2c.tar forums-76348ce43f0dc657182746d185f9882d3349cd2c.tar.gz forums-76348ce43f0dc657182746d185f9882d3349cd2c.tar.bz2 forums-76348ce43f0dc657182746d185f9882d3349cd2c.tar.xz forums-76348ce43f0dc657182746d185f9882d3349cd2c.zip | |
[ticket/9760] Remove unrestricted wildcards from search terms.
Wildcards without any further result restrictions will cause phpBB to search
for everything, potentially allowing a DoS attack against the DB server by any
user who can use the search system.
PHPBB3-9760
| -rw-r--r-- | phpBB/includes/search/fulltext_native.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index c89e92711e..727e3aaffb 100644 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -83,7 +83,9 @@ class fulltext_native extends search_backend { global $db, $user, $config; - $keywords = trim($this->cleanup($keywords, '+-|()*')); + $tokens = '+-|()*'; + + $keywords = trim($this->cleanup($keywords, $tokens)); // allow word|word|word without brackets if ((strpos($keywords, ' ') === false) && (strpos($keywords, '|') !== false) && (strpos($keywords, '(') === false)) @@ -114,6 +116,15 @@ class fulltext_native extends search_backend case ' ': $keywords[$i] = '|'; break; + case '*': + if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0)) + { + if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0)) + { + $keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1); + } + } + break; } } else |