makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/9760] Remove unrestricted wildcards from search terms.

Browse source 
Wildcards without any further result restrictions will cause phpBB to search
for everything, potentially allowing a DoS attack against the DB server by any
user who can use the search system.

PHPBB3-9760
This commit is contained in:
Chris Smith 2010-08-08 14:02:34 +01:00
parent 4ac5d5e352
commit 76348ce43f
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
phpBB/includes/search/fulltext_native.php
View file

@ -83,7 +83,9 @@ class fulltext_native extends search_backend
{
global $db, $user, $config;
$keywords = trim($this->cleanup($keywords, '+-|()*'));
$tokens = '+-|()*';
$keywords = trim($this->cleanup($keywords, $tokens));
// allow word|word|word without brackets
if ((strpos($keywords, ' ') === false) && (strpos($keywords, '|') !== false) && (strpos($keywords, '(') === false))
@ -114,6 +116,15 @@ class fulltext_native extends search_backend
case ' ':
$keywords[$i] = '|';
break;
case '*':
if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0))
{
if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0))
{
$keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1);
}
}
break;
}
}
else