From ac56b71c3ede46ab839ff77a0b324ef746d90cb0 Mon Sep 17 00:00:00 2001
From: Josh Woody <a_jelly_doughnut@phpbb.com>
Date: Thu, 29 Jul 2010 10:13:17 -0500
Subject: [ticket/9749] Fulltext mysql unexpected behavior on entering a dash
 in query

The Fulltext_mysql class had different behavior when a dash was entered in the
search query than the fulltext_native class.  Specifically, a dash was
automatically turned into boolean NOT even when the user wanted to search for
legitimate hyphenated words like farty-pants

PHPBB3-9749
---
 phpBB/includes/search/fulltext_mysql.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/search')

diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php
index da3833754e..0be3a10e5f 100644
--- a/phpBB/includes/search/fulltext_mysql.php
+++ b/phpBB/includes/search/fulltext_mysql.php
@@ -122,7 +122,7 @@ class fulltext_mysql extends search_backend
 
 		if ($terms == 'all')
 		{
-			$match		= array('#\sand\s#iu', '#\sor\s#iu', '#\snot\s#iu', '#\+#', '#-#', '#\|#');
+			$match		= array('#\sand\s#iu', '#\sor\s#iu', '#\snot\s#iu', '#(^|\s)\+#', '#(^|\s)-#', '#(^|\s)\|#');
 			$replace	= array(' +', ' |', ' -', ' +', ' -', ' |');
 
 			$keywords = preg_replace($match, $replace, $keywords);
-- 
cgit v1.2.1


From 76348ce43f0dc657182746d185f9882d3349cd2c Mon Sep 17 00:00:00 2001
From: Chris Smith <toonarmy@phpbb.com>
Date: Sun, 8 Aug 2010 14:02:34 +0100
Subject: [ticket/9760] Remove unrestricted wildcards from search terms.

Wildcards without any further result restrictions will cause phpBB to search
for everything, potentially allowing a DoS attack against the DB server by any
user who can use the search system.

PHPBB3-9760
---
 phpBB/includes/search/fulltext_native.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'phpBB/includes/search')

diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php
index c89e92711e..727e3aaffb 100644
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
@@ -83,7 +83,9 @@ class fulltext_native extends search_backend
 	{
 		global $db, $user, $config;
 
-		$keywords = trim($this->cleanup($keywords, '+-|()*'));
+		$tokens = '+-|()*';
+
+		$keywords = trim($this->cleanup($keywords, $tokens));
 
 		// allow word|word|word without brackets
 		if ((strpos($keywords, ' ') === false) && (strpos($keywords, '|') !== false) && (strpos($keywords, '(') === false))
@@ -114,6 +116,15 @@ class fulltext_native extends search_backend
 					case ' ':
 						$keywords[$i] = '|';
 					break;
+					case '*':
+						if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0))
+						{
+							if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0))
+							{
+								$keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1);
+							}
+						}
+					break;
 				}
 			}
 			else
-- 
cgit v1.2.1