diff options
| author | Derky <derky@phpbb.com> | 2019-04-26 00:52:43 +0200 |
|---|---|---|
| committer | Derky <derky@phpbb.com> | 2019-04-26 00:54:14 +0200 |
| commit | 8a73eb5f0ff912454e6479539f972081e54baa1c (patch) | |
| tree | 1d9dd94f087f06170368a2e3b3dc259f01d7acf2 /phpBB/phpbb | |
| parent | fd195fba210c8625e968ef5553e61864747c8d44 (diff) | |
| download | forums-8a73eb5f0ff912454e6479539f972081e54baa1c.tar forums-8a73eb5f0ff912454e6479539f972081e54baa1c.tar.gz forums-8a73eb5f0ff912454e6479539f972081e54baa1c.tar.bz2 forums-8a73eb5f0ff912454e6479539f972081e54baa1c.tar.xz forums-8a73eb5f0ff912454e6479539f972081e54baa1c.zip | |
[ticket/security/235] Use whitespace instead of word boundary regex to remove wildcards
This fixes removing the wildcard in the following search query: *.test
SECURITY-235
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/search/fulltext_native.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 478fe5616d..1925623b80 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -306,7 +306,7 @@ class fulltext_native extends \phpbb\search\base } // Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index) - $match = '#\*(?!$)\b#'; + $match = '#\*(?!$|\s)#'; $replace = '$1'; $keywords = preg_replace($match, $replace, $keywords); |