makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/17365] Prevent keyword limit being bypassed with the use of +, - and |

Browse source 
Provided `$countable_keywords` wherein the existing `$keywords` value is
modified so that any `-`, `+` and `|` characters without preceding spaces
is replaced with the same but with a space in front of each.

These spaces allow the string to be more accurately split when used instead
of $keywords inside the $num_keywords calculation.

This prevents the word limit being bypassed in search by the use of
operators without whitespace.

PHPBB-17365
This commit is contained in:
crowjake 2024-07-07 19:35:18 +01:00
parent c790e81fb6
commit 30144052da
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/phpbb/search/fulltext_native.php
View file

@ -299,7 +299,11 @@ class fulltext_native extends \phpbb\search\base
);
$keywords = preg_replace($match, $replace, $keywords);
$num_keywords = count(explode(' ', $keywords));
// Ensure a space exists before +, - and | to make the split and count work correctly
$countable_keywords = preg_replace('/(?<!\s)(\+|\-|\|)/', ' $1', $keywords);
$num_keywords = count(explode(' ', $countable_keywords));
// We limit the number of allowed keywords to minimize load on the database
if ($this->config['max_num_search_keywords'] && $num_keywords > $this->config['max_num_search_keywords'])