From 30144052dab979bd06a15aa9d0f0f837e6cb36e7 Mon Sep 17 00:00:00 2001
From: crowjake <jmirzaian@gmail.com>
Date: Sun, 7 Jul 2024 19:35:18 +0100
Subject: [PATCH] [ticket/17365] Prevent keyword limit being bypassed with the
 use of +, - and |

Provided `$countable_keywords` wherein the existing `$keywords` value is
modified so that any `-`, `+` and `|` characters without preceding spaces
is replaced with the same but with a space in front of each.

These spaces allow the string to be more accurately split when used instead
of $keywords inside the $num_keywords calculation.

This prevents the word limit being bypassed in search by the use of
operators without whitespace.

PHPBB-17365
---
 phpBB/phpbb/search/fulltext_native.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php
index 7fc5e002ba..a2d4dab98e 100644
--- a/phpBB/phpbb/search/fulltext_native.php
+++ b/phpBB/phpbb/search/fulltext_native.php
@@ -299,7 +299,11 @@ class fulltext_native extends \phpbb\search\base
 		);
 
 		$keywords = preg_replace($match, $replace, $keywords);
-		$num_keywords = count(explode(' ', $keywords));
+
+		// Ensure a space exists before +, - and | to make the split and count work correctly
+		$countable_keywords = preg_replace('/(?<!\s)(\+|\-|\|)/', ' $1', $keywords);
+
+		$num_keywords = count(explode(' ', $countable_keywords));
 
 		// We limit the number of allowed keywords to minimize load on the database
 		if ($this->config['max_num_search_keywords'] && $num_keywords > $this->config['max_num_search_keywords'])