makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #36 from phpbb/ticket/security/124

Browse source 
[ticket/security/124] Filter out disallowed search query items
This commit is contained in:
Marc Alexander 2017-07-16 08:27:46 +02:00
commit c1d835b6b4
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
phpBB/phpbb/search/fulltext_mysql.php
View file

@ -272,6 +272,27 @@ class fulltext_mysql extends \phpbb\search\base
foreach ($this->split_words as $i => $word) foreach ($this->split_words as $i => $word)
{ {
// Check for not allowed search queries for InnoDB.
// We assume similar restrictions for MyISAM, which is usually even
// slower but not as restrictive as InnoDB.
// InnoDB full-text search does not support the use of a leading
// plus sign with wildcard ('+*'), a plus and minus sign
// combination ('+-'), or leading a plus and minus sign combination.
// InnoDB full-text search only supports leading plus or minus signs.
// For example, InnoDB supports '+apple' but does not support 'apple+'.
// Specifying a trailing plus or minus sign causes InnoDB to report
// a syntax error. InnoDB full-text search does not support the use
// of multiple operators on a single search word, as in this example:
// '++apple'. Use of multiple operators on a single search word
// returns a syntax error to standard out.
// Also, ensure that the wildcard character is only used at the
// end of the line as it's intended by MySQL.
if (preg_match('#^(\+[+-]|\+\*|.+[+-]$|.+\*(?!$))#', $word))
{
unset($this->split_words[$i]);
continue;
}
$clean_word = preg_replace('#^[+\-|"]#', '', $word); $clean_word = preg_replace('#^[+\-|"]#', '', $word);
// check word length // check word length