diff options
| author | Derky <derky@phpbb.com> | 2019-04-25 21:51:04 +0200 |
|---|---|---|
| committer | Derky <derky@phpbb.com> | 2019-04-25 21:51:04 +0200 |
| commit | fd195fba210c8625e968ef5553e61864747c8d44 (patch) | |
| tree | f9d237b248152b3771d9ce46c5b488391d093877 /phpBB/phpbb/search | |
| parent | 56060caa4c44620929b6e17fe4622343750ad302 (diff) | |
| download | forums-fd195fba210c8625e968ef5553e61864747c8d44.tar forums-fd195fba210c8625e968ef5553e61864747c8d44.tar.gz forums-fd195fba210c8625e968ef5553e61864747c8d44.tar.bz2 forums-fd195fba210c8625e968ef5553e61864747c8d44.tar.xz forums-fd195fba210c8625e968ef5553e61864747c8d44.zip | |
[ticket/security/235] Remove non trailing wildcards from search keywords
Database indexes are only used if wildcards are used at the end.
SECURITY-235
Diffstat (limited to 'phpBB/phpbb/search')
| -rw-r--r-- | phpBB/phpbb/search/fulltext_native.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 9a6d62f9d8..478fe5616d 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -305,6 +305,11 @@ class fulltext_native extends \phpbb\search\base } } + // Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index) + $match = '#\*(?!$)\b#'; + $replace = '$1'; + $keywords = preg_replace($match, $replace, $keywords); + // set the search_query which is shown to the user $this->search_query = $keywords; |