From 4d9b106db2ccc6e15b4afd3fc2e69cf37fae81cf Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Sat, 11 Apr 2009 11:09:45 +0000
Subject: [PATCH] New search option: Maximum number of words allowed to search
 for. (the more words the more database load)

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9438 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/adm/style/acp_search.html           | 10 +++++++---
 phpBB/docs/CHANGELOG.html                 |  1 +
 phpBB/includes/acp/acp_search.php         |  2 ++
 phpBB/includes/search/fulltext_mysql.php  |  8 +++++++-
 phpBB/includes/search/fulltext_native.php | 11 +++++++++--
 phpBB/install/database_update.php         |  5 ++++-
 phpBB/install/schemas/schema_data.sql     |  1 +
 phpBB/language/en/acp/search.php          |  2 ++
 phpBB/language/en/search.php              |  2 ++
 9 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/phpBB/adm/style/acp_search.html b/phpBB/adm/style/acp_search.html
index 0879780749..5fd7a23d97 100644
--- a/phpBB/adm/style/acp_search.html
+++ b/phpBB/adm/style/acp_search.html
@@ -32,6 +32,10 @@
 		<dt><label for="min_search_author_chars">{L_MIN_SEARCH_AUTHOR_CHARS}:</label><br /><span>{L_MIN_SEARCH_AUTHOR_CHARS_EXPLAIN}</span></dt>
 		<dd><input id="min_search_author_chars" type="text" size="4" maxlength="4" name="config[min_search_author_chars]" value="{MIN_SEARCH_AUTHOR_CHARS}" /></dd>
 	</dl>
+	<dl>
+		<dt><label for="max_num_search_keywords">{L_MAX_NUM_SEARCH_KEYWORDS}:</label><br /><span>{L_MAX_NUM_SEARCH_KEYWORDS_EXPLAIN}</span></dt>
+		<dd><input id="max_num_search_keywords" type="text" size="4" maxlength="4" name="config[max_num_search_keywords]" value="{MAX_NUM_SEARCH_KEYWORDS}" /></dd>
+	</dl>
 	<dl>
 		<dt><label for="search_store_results">{L_SEARCH_STORE_RESULTS}:</label><br /><span>{L_SEARCH_STORE_RESULTS_EXPLAIN}</span></dt>
 		<dd><input id="search_store_results" type="text" size="4" maxlength="6" name="config[search_store_results]" value="{SEARCH_STORE_RESULTS}" /> {L_SECONDS}</dd>
@@ -130,9 +134,9 @@
 				<!-- END data -->
 				</tbody>
 				</table>
-			
+
 			<!-- ENDIF -->
-			
+
 			<p class="quick">
 			<!-- IF backend.S_INDEXED -->
 				<input class="button2" type="submit" name="action[delete]" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" />
@@ -142,7 +146,7 @@
 			</p>
 			{S_FORM_TOKEN}
 			</fieldset>
-			
+
 			</form>
 		<!-- END backend -->
 
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index e592031c14..782559bec2 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -149,6 +149,7 @@
 		<li>[Feature] Allow translation of custom BBCode help messages. (Patch by bantu)</li>
 		<li>[Feature] db_tools now support create table and drop table.</li>
 		<li>[Feature] Database updater checks for incompatible db schema (MySQL 3.x/4.x against MySQL 4.1.x/5.x/6.x)</li>
+		<li>[Feature] New search option: Maximum number of words allowed to search for.</li>
 	</ul>
 
 	<a name="v303"></a><h3>1.ii. Changes since 3.0.3</h3>
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index dc6f3d1c44..66edbd44ae 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -63,6 +63,7 @@ class acp_search
 			'load_search'				=> 'bool',
 			'limit_search_load'			=> 'float',
 			'min_search_author_chars'	=> 'integer',
+			'max_num_search_keywords'	=> 'integer',
 			'search_store_results'		=> 'integer',
 		);
 
@@ -216,6 +217,7 @@ class acp_search
 			'SEARCH_INTERVAL'		=> (float) $config['search_interval'],
 			'SEARCH_GUEST_INTERVAL'	=> (float) $config['search_anonymous_interval'],
 			'SEARCH_STORE_RESULTS'	=> (int) $config['search_store_results'],
+			'MAX_NUM_SEARCH_KEYWORDS'	=> (int) $config['max_num_search_keywords'],
 
 			'S_SEARCH_TYPES'		=> $search_options,
 			'S_YES_SEARCH'			=> (bool) $config['load_search'],
diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php
index 2a67b58246..e1e7951367 100644
--- a/phpBB/includes/search/fulltext_mysql.php
+++ b/phpBB/includes/search/fulltext_mysql.php
@@ -118,7 +118,7 @@ class fulltext_mysql extends search_backend
 	*/
 	function split_keywords(&$keywords, $terms)
 	{
-		global $config;
+		global $config, $user;
 
 		if ($terms == 'all')
 		{
@@ -167,6 +167,12 @@ class fulltext_mysql extends search_backend
 			$this->split_words = $matches[1];
 		}
 
+		// We limit the number of allowed keywords to minimize load on the database
+		if ($config['max_num_search_keywords'] && sizeof($this->split_words) > $config['max_num_search_keywords'])
+		{
+			trigger_error($user->lang('MAX_NUM_SEARCH_KEYWORDS_REFINE', $config['max_num_search_keywords'], sizeof($this->split_words)));
+		}
+
 		// to allow phrase search, we need to concatenate quoted words
 		$tmp_split_words = array();
 		$phrase = '';
diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php
index 1c6a64d07c..ee36039454 100644
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
@@ -167,6 +167,13 @@ class fulltext_native extends search_backend
 		);
 
 		$keywords = preg_replace($match, $replace, $keywords);
+		$num_keywords = sizeof(explode(' ', $keywords));
+
+		// We limit the number of allowed keywords to minimize load on the database
+		if ($config['max_num_search_keywords'] && $num_keywords > $config['max_num_search_keywords'])
+		{
+			trigger_error($user->lang('MAX_NUM_SEARCH_KEYWORDS_REFINE', $config['max_num_search_keywords'], $num_keywords));
+		}
 
 		// $keywords input format: each word separated by a space, words in a bracket are not separated
 
@@ -693,7 +700,7 @@ class fulltext_native extends search_backend
 				$sql_where[] = 'f.forum_id = p.forum_id';
 			break;
 		}
-		
+
 		if ($left_join_topics)
 		{
 			$sql_array['LEFT_JOIN'][$left_join_topics] = array(
@@ -1110,7 +1117,7 @@ class fulltext_native extends search_backend
 
 		// Get unique words from the above arrays
 		$unique_add_words = array_unique(array_merge($words['add']['post'], $words['add']['title']));
-		
+
 		// We now have unique arrays of all words to be added and removed and
 		// individual arrays of added and removed words for text and title. What
 		// we need to do now is add the new words (if they don't already exist)
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index 18a1162c41..e164e5442c 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -11,7 +11,7 @@
 $updates_to_version = '3.0.5-dev';
 
 // Enter any version to update from to test updates. The version within the db will not be updated.
-$debug_from_version = '3.0.4';
+$debug_from_version = false;
 
 // Return if we "just include it" to find out for which version the database update is responsible for
 if (defined('IN_PHPBB') && defined('IN_INSTALL'))
@@ -896,6 +896,9 @@ function change_database_data(&$no_updates, $version)
 
 			set_config('confirm_refresh', 1);
 
+			// Maximum number of keywords
+			set_config('max_num_search_keywords', 10);
+
 			// Hash old MD5 passwords
 			$sql = 'SELECT user_id, user_password
 					FROM ' . USERS_TABLE . '
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index dd187d6958..f5e7b2a4c1 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -160,6 +160,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_filesize', '26
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_filesize_pm', '262144');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_name_chars', '20');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_num_search_keywords', '10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_pass_chars', '30');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_poll_options', '10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_post_chars', '60000');
diff --git a/phpBB/language/en/acp/search.php b/phpBB/language/en/acp/search.php
index 8d7efa3308..88eed9d948 100644
--- a/phpBB/language/en/acp/search.php
+++ b/phpBB/language/en/acp/search.php
@@ -72,6 +72,8 @@ $lang = array_merge($lang, array(
 
 	'MAX_SEARCH_CHARS'						=> 'Max characters indexed by search',
 	'MAX_SEARCH_CHARS_EXPLAIN'				=> 'Words with no more than this many characters will be indexed for searching.',
+	'MAX_NUM_SEARCH_KEYWORDS'				=> 'Maximum number of allowed keywords',
+	'MAX_NUM_SEARCH_KEYWORDS_EXPLAIN'		=> 'Maximum number of words the user is able to search for. A value of 0 allows an unlimited number of words.',
 	'MIN_SEARCH_CHARS'						=> 'Min characters indexed by search',
 	'MIN_SEARCH_CHARS_EXPLAIN'				=> 'Words with at least this many characters will be indexed for searching.',
 	'MIN_SEARCH_AUTHOR_CHARS'				=> 'Min author name characters',
diff --git a/phpBB/language/en/search.php b/phpBB/language/en/search.php
index 8e376b2602..4618a585b3 100644
--- a/phpBB/language/en/search.php
+++ b/phpBB/language/en/search.php
@@ -54,6 +54,8 @@ $lang = array_merge($lang, array(
 
 	'LOGIN_EXPLAIN_EGOSEARCH'	=> 'The board requires you to be registered and logged in to view your own posts.',
 
+	'MAX_NUM_SEARCH_KEYWORDS_REFINE'	=> 'You specified too many words to search for. Please do not enter more than %1$d words.',
+
 	'NO_KEYWORDS'			=> 'You must specify at least one word to search for. Each word must consist of at least %d characters and must not contain more than %d characters excluding wildcards.',
 	'NO_RECENT_SEARCHES'	=> 'No searches have been carried out recently.',
 	'NO_SEARCH'				=> 'Sorry but you are not permitted to use the search system.',